Steve's Views Rotating Header Image

Security

Security by obscurity…

Today I spotted this reply someone gave to how to secure something online:

I mean its secure, generally, but your best bet is security by obscurity. hide them (robots.txt), make them accessible from only certain ports / IP addresses.

I felt the need to enlighten the thread rather than leaving such a bad advice:

I’m sorry but security by obscurity is not security. No security consultant worth his salt would ever suggest obscurity is secure. True, it can be a layer on the security union, but you sure cannot rely on it.

It takes mere seconds to locate the unusual port or file name.

There are many common misconception and natural conclusion that people arrive at when they are not actually familiar with the details, and there are indeed very technical details behind computers, software and networking. And not to forget social engineering which is a very effective tool. I saw a survey which indicated that a large percentage of people would give away the company login for a piece of chocolate.

Security is one of the least understood subjects. For your own wellbeing read up on some well established professionals such as https://www.schneier.com.

Large corporations are, unlike popular belief, not automatically more secure. For one they usually have a much larger attack vector (more things open to attack) than a small operation. Take Microsoft, they had their Crown Jewels (source code to Windows) stolen by some hacker.

My stable rule is that if there’s something I really don’t want to share I don’t put it online at all. Before coming here I saw someone’s website advertising a tool to scrape web pages that are hidden behind a login wall.

That’s not to suggest you can’t put reasonable security on things online, but the operating basis you establish is how to deal with a break-in once it has occurred, not if but when.

If you don’t get violated – great! But you are well prepared for it.

As for reason to hack you is not an applicable logic. I often hear people saying that they don’t have anything worth stealing. For one the criminal hacker does not know what you have or not until after he’s broken in. Secondly you have something valuable to any hacker – a different online identity than his/hers.

That is valuable, nay vital, when you go about your criminal activities. Much better to put you in the middle. There is certainly a lot of organized crime and then you have the script kiddies (people who don’t know how to break in but relies on scripts that does it for them).

I have a great story from many moons ago on a security forum. A person, presumably a kid, was challenging people to give him their IP address, saying he would hack them. After a while we got fed up with the noise and one of us gave him an IP address. (Each computer has local IP address which is there so that you can test networking without having an actual network connection. That IP isΒ 127.0.0.1, also known as the loopback address.)

So the kid was given the loopback IP which he immediately fed into whatever script he was executing and he was announcing – Ah you have a E: drive. Watch it disappear. Ah a D: drive, C: drive… and then he was gone. He’d just wiped out his own computer. πŸ™‚

We got a lot of laughs from that one.

Why have leaders, or not?

It seems that there is confusion on what a leader is, or what makes a leader in the first place. We have over and over witnessed a failure to elect leaders, both in local friends to follow and all the way through the top job in the country at our own expense.

It is also visible through various misinformation campaigns created by various players in the local and world scenes that are having success in creating diversion and upsets that is threatening ours and others nations.

In this information rich environment where anyone can say anything from anywhere in the world, it is a big challenge to identify who is on what side of things and what their goal is. There are a few traps that we fall into but before diving into those I want to talk about leading and leadership.

For someone to be a good leader, and one could qualify that to mean who can help improving everyones living conditions and not bring about the opposite. Or, thanks to his/her actions we are surviving better and things keep improving. Happiness is within everyones reach.

A leader must have integrity, must have the family, group, company, councilman/woman, and every other level up through to the US president, have in their interest to forward the survival according to their sphere of influence. Must act unselfishly, and never sell out their responsibility to some vested interest that only think of themselves. Which means causes more harm than help and assistance.

I’m saying that regardless of your sphere of influence you need to also evaluate that with everyone in mind. Otherwise you may easily find yourself up against everyone else who are united and your actions could cause sever loss to your sphere of influence. As in the case of criminal acts where justice catches up.

So, how do you recognize a leader and indeed, separate out the ones that only speaks the speak but does not walk the walk? With all the noise from all the media outlets and everyone having an opinion however unqualified to promote it, how to tell them apart?

There is a saying Look, don’t listen. You need to observe what someone is doing and the results of those actions. You may need to look into their history and see what are the effects of their actions over long time?

You need to be able to evaluate these things to have any chance to make a decision which will increase your happiness, after all the purpose of life is in very plain sight. What do people seek, indeed the constitution guarantee? The pursuit of happiness.

Only a small percentage are in such a bad state that they have given up on surviving and are focused on complete failure – death. Most everyone else are seeking happiness. Starting already with the baby who repeats noises that makes you smile and laugh. Or the joy of having unselfishly helped someone through something.

To the degree your life is not filled with smiles and laughter to that degree you are not actually winning. Winning is not measured by money or power, indeed few people who gain these in quantity are privately happy.

When the pursuit of some goal, of a leader, does not include those around him/her, then that person is not a leader but someone just looking out for themselves. This does not mean you cannot look out for yourself, we all need to, but when a leader is not acting in the interest in those who depend on him/her then that person is not acting as a leader.

Being a leader sometimes includes making decisions that are not immediately appreciated by all, especially when most of us have our own goals and desires that may not always have others best interest in mind. The harder things are, the less we tend to think of anyone but ourselves. This is normal, but not actually the optimum way, and I’m being very gentle in my description.

We live on a planet that is buzzing around in space, and instead of seeking to find agreements and common goals we are sidestepped with misinformation that turn us against each other.

The USA became the super power thanks to the united actions of the whole nation. The single largest contributor to the survival of many other countries who depends on her. Yes, we have also through people pretending to be leaders gotten into wars and caused a lot of damage around the world.

But that which made America so great is almost broken in half. In a matter of a few years the US is not united but split into fighting with each other.

You have to ask yourself who benefits from this?

Regardless of any insight you may or may not have this is the bottom line, are we as a nation stronger or weaker? Where have we been going from election to election? Are we as a country getting happier or more upset on a daily basis?

As people we are, well, people. And people makes mistakes, that too is normal. What you do after the mistake is more telling and more important. A leader have no problems with transparency and will acknowledge the mistake and take corrective measures.

If this all seems a but much for you, a bit too hard to deal with – I sympathize.

But you still need to know that the only way out of this is to be part of the bigger group in some capacity, that means at a minimum taking some time to get familiar with who are those that claims to be a leader and who is not. That cannot be done by listening to any one source on the political spectrum but as many as possible.

Don’t be too hasty to make your decision. There are usually so many factors involved in these peoples lives that it boggles the mind. Discovering them is a very tough job.

Know that there are many many special interest groups in this and other countries that have their own agenda and are NOT working to make America the best it can be. These players often have huge budgets and plenty of people to create good and false impressions of people. You could ask yourself who are most threatened by a united USA?

Congress today are going through a change whereby many are not really standing for anything in particular but are simply pushing whatever line, say and do anything they think will get them what they want. All at the expense of the greater good. Not how a leader behaves.

Also, remember this: you get the government you deserve!

If you don’t participate then you cannot complain.

One more thing. This is the US of A where the political balance ALWAYS swings back and forth from side to side. It’s never “over”. Take your win or loss and prepare to educate more people about your vision of a great country and what makes it so. Never result in violence or overthrow of the government.

If you pursue some activity that is illegal at least ensure that you actually can accomplish the goal and not end up in prison because you, yourself, did not ensure you knew what the legal outcome could be.

Try to set the good example that you want others to follow. Take responsibility of mistakes and try to not repeat them. πŸ™‚

And please, get over the basic facts that all humans are humans regardless of skin color etc. If you are white then know that soon you will not be the majority, and if you are not caucasian see how wrong people can be about skin color and try not to make the same mistake.

Someone living deep in a jungle are no doubt surviving easier and are happier than most people in the concrete jungle. People are pursuing happiness to their best of their abilities all around the world. They are likely to have drastically different views than you do, and frankly from a purely survival viewpoint, since we are sharing this planet, it is in our interest to find solutions that works for all and not limited to the few. Doing otherwise will not work out in the long run.

Get educated and lose the insecurity and join the new civilization. πŸ™‚ Because it is coming as surely as any has in the past. Change is the only constant.

Should Police Help People?

I just watched a YouTube video of a woman with two children around 4-6 years old get fatally shot by a police officer, in a small city in Nevada.

The officer acted as he’s been trained which is why this became a fatal shooting. The woman was clearly not operating with the current scene but as if there were dangers lurking behind any person. Many would call her crazy.

There were two officers on the scene and she had a knife in her hand yelling to the police to not touch her children. A 911 caller had reported that she was afraid that something was going to happen to her children.

The complete failure and reason this turned deadly was due to the training of officers to basically treat anything dangerous as if it was a military assault. Which is very effective if the people you deal who are mentally there.

If you want to calm down a situation the last thing you do with an irate person is to oppose their view. The best thing to do is to play along with them and try to understand what demon/situation they feel they are dealing with. You can only calm them down when they feel understood. Opposing them, yelling and acting threatening is not very workable. This is true to anyone upset.

The first thing you want to do is to get in communication, this means thoughts are being exchanged with understanding, without force, threats or demands. Simply act is if you care about them and try to understand their problem/situation.

Once the person feels someone else is on their side they can then start calming down. Be a ‘safe person’, don’t seem to threaten them but be their ally. It is surprisingly simple and easy to do if you have any compassion for others.

Imagine one of your family members being the other person and treat them with the same love and respect, you will be surprised how easy it beome to defuse situations.

I’ve never failed to handle any person with the above, and I’ve talked down gang members, a cop killer, run of the mill nut cases who were really unhappy and ‘charged’ up. One threatened me with a knife in close quarters outside my apartment door demanding access. I relaxed, leaned to one side of the door frame on one leg and said ‘One one condition, that you owe me an apology when you see that that person is not here.’ as perfectly calm and friendly completely ignoring the threat (knife yielded by a much bigger person than me).

He turned out to be a cop killer on the run. He was taken back by my smile and total lack of displaying any indication of being in danger. In fact he did not dare passing next to me, I had to step away from the door before he stepped in, only to realize this was not the place. He tried to pay me off but I insisted on the apology, which he could not easily fathom. He had screwed up and he knew his word had never meant anything, so the idea that he would just say sorry was utterly unreal to him. It took a couple of minutes before he finally did, but he did say sorry and melted like butter when I said OK, thanks! At that point he told me his life history as if in a confession.

But you see what I did, I handled the situation with complete calm and care. His problem was my problem, and we solved it together. Threatening and putting him in a defensive mode would not have worked out well. Sure I could have just shot him but on principle I only use force if needed and that was not it. (Though many would say if any situation was that this was it. And that would just demonstrate their inability to handle it gently. You can take it to the bank that this guy never forgot me, and being treated well in spite of.)

Another time a woman whom our office security could not handle was in our reception interrupting things. I told security to leave us and got in communication with her. She was on about aliens and spirits and what not in some garbled version. I simply demonstrated an interest in her and her situation, and acknowledged everything she said. I suggested we get away from these other people (the staff in the office) so we can talk uninterruptedly, which she liked, and walked her outside. Spent a few minutes with her and she ended up walking away looking happy.

The whole ‘trick’ is to honestly care about others and wanting to understand them and help solving their problem. Caring is a secret weapon that can solve so many situations. Yelling to people is a method of force. It is not being in very good communication but more out of communication. So if you want to get others to do or not do something it makes a big difference if you are duplicating each other and have a good understanding.

In another situation a woman was really upset and yelling on the phone about the alleged problem some employee of ours had caused. I got the call transferred to me and I asked her what happened? Hearing her loud upset and accusations I simply acknowledged her really good. I said

‘WOW! That’s HORRIBLE!!’ she immediately stopped, was quiet for a few seconds and said Thank You!

So that’s another ingredient, proper acknowledgment. That is the sign that you have understood what they said. If someone says ‘And then the truck rolled over the baby!’ You would not calmly say OK.

You see a drunk and disorderly, how do you handle it?

Be a friend, care and try to understand them, then give a proper acknowledgment. A little over acknowledgment might be needed if their attention to the the environment is lowered, drunk or upset for example. But always in a friendly tone.

If you don’t want to shoot and kill some mother in front of her young children that’s how you do it. Police Academy are you listening? Your officers are dealing with any number of threatening situations each day. Meanwhile society is anything but pleased with the amount of police shootings. Demand that your officers are able to communicate with strangers in a friendly voice, and not oppose everyone as the immediate go to solution. It does not instill respect as it simply shows an incompetence in dealing with people. Your officers should not only drill all the other things they do but drill handling people in various stages of upset and ‘out of it’.

Manners is one of those thing kids used to learn at an early age. And if the adults set a good example themselves then the kids usually saw that it works.

The officer that drew his service weapon on a young girl needs to train in how to handle kids and probably people in general.

A police office is not a soldier. He may feel it when citizens shoot at him, but something has gone wrong long before those bullets come his way.

Groups get along and win when manners are applied from the beginning. When you treat people with respect above all, people feel safe and are less prone to pull a weapon on you. When equality rules the day and compassion is in use, society becomes a good place to be in and you will want to be part of it.

The Declaration of Human Rights is what should govern the day. All talk about how some people are less, or not people, is only made by people who are basically insecure. If a four year old tries to make fun of you I suspect you would not feel threatened. I simply agree and laugh along. In fact if anyone is making fun of you the best response is to simply agree and laugh along. You will not remain a target of ridicule for long.

It has long been proven scientifically that all the human races are human and are no more nor any less than anyone else. Individuals are different and a small number have a problem in dealing with things.

They may be and often are different in some way. That should make life more interesting, getting to know and understand someone from some other background than your own.

If you are in a group which is not treating you with sincere respect then you might not be in the right group. Same goes for work, if you cannot win there then maybe you should not be there? Why slave somewhere where you cannot be happy and winning?

Force yourself to smile in front of a mirror and see if you can keep that frown. Wish upon others that which you want for yourself.

πŸ™‚

How Fear and Force Undermine Each Other

The physical universe is based on force. There’s gravity pulling you down with force. There’s matter telling you how you better get out of its way or get hurt. There’s wind trying to push you over, earthquakes tossing you around. There’s the stronger guy in school not getting beaten up because he’s the strongest. Guns, batons are all saying use me and win! Over and over we are reminded how force rules the day.

Or does it?

The physical universe has no intelligence. Does not care nor is aware of who’s affected and is merely held together by a design which is based on the attraction matter has towards itself.

Man has actually conquered the physical universe to a very large extent. The bully is conquered by a combination of intelligence and force. Earthquakes are similarly imposing itself, but our buildings are designed to bend a bit and hold together. We have a group of people that keep an eye out for strong winds and issues warnings. We have planes that fly into the eye of the storm to see how it is made up to keep us abreast of what might be coming our way. We walk upright and do the most amazing motions in spite of gravity. The bully is simply insecure and is trying to shift attention away from himself and onto the impression that he should not be messed with, or questioned, which may reveal his insecurity.

Smart use of force between people is to only use it to the extent it is needed to get someones attention, then it serves no further positive value.

A child who has eaten a lot of sugar may not respond when you try to stop him from running on the walls breaking all in his way and may need to be physically stopped before you can get his attention. But once you got it you better back off, or you are simply telling him how you are bigger and stronger, which will not earn his respect, as you would just have become a bully in his eyes. That would teach him that force wins the day, and the cycle starts over.

To get out of the vicious circle we need to set a good example. Society is constantly showing itself by example how it needs to live in order to survive.

Fear is usually based on not being able to face the unknown, and will usually result in being afraid of something that does not exist. The fear itself will help create the condition of that which one is afraid of. Fear results in no inspection and less communication. And when man goes out of communication with man fear comes in to warn you of the threat of the unknown. If you were looking for a vicious circle look no further!

One of the most simple things ways of solving problems, by the way, is to look. For example, I had a air conditioner that stopped cooling. My immediate thought was it had run out of coolant. Now I was facing calling an a/c guy to come out and fix it. But before I got to the phone I thought I should look and see if there was anything obvious I could see. I opened the outside box and looked inside. It had a couple of relays and other components.

Triggering the a/c to start I noticed how one relay did not appear to fully close. Using a voltmeter I could see that it was indeed not closing. A quick visit to a store and $10 later I had a new relay and the a/c was working again. It took maybe 15 minutes of my time to discover what was wrong. OK, so I understand electricity, but that just tells me that what you don’t know you can be in effect of. In other words education is quite valuable as a general tool. And if you live life willing to look and learn you can handle more of life.

All I had to do was to be willing to look and see what I may see. In my mind I had drawn up a wait for a technician to come out and certainly a bigger cost to get it operational. You see how easy it resolved once I looked?

This is not a unique example, simply how it gave a live example of the value of looking. Take the child afraid of what may be lurking under the bed! Once you gather enough to look, and maybe a flash light or two, you can establish that there’s nothing there and you can rest.

Here’s another example of force. Have you ever held a child on your lap. When you do he or she, will squirm and try to get down. While it will be perfectly content simply sitting there if it can leave on it’s own self determinism.

That tells you something else of value. In dealing with humans, things work easier if they can have their own self determinism. Your only issue is getting compliance in some situations where some control of the environment is needed.

Most people then will respond well if allowed to execute self determinism, and are not controlled by force anymore than is needed and a bit of good positive communication.

Good communication is dependent on the ability to communicate which in turn require you to be there and be able to look and observe others and how things change. If you act with certainty and respect you can get almost anything you need from others. Most people are very willing to help. It is a basic trait of man, his willingness to help.

If you bypass his willingness then you are probably using force and not so much respect. A real authority is a person who can control the environment or the subject at hand. An apparent authority is someone who is taken at face value without inspection. Looking was missing to allow the observation of the person’s ability and knowledge of the subject or situation.

Man is actually a simple animal who’s sometime trying to be complex to appear more valuable than what he or she thinks of themselves.

OK, so we learn that treating others how we ourselves wish to be treated is a way to happiness. This is indeed needed by society at large to function well.

In a military situation the use of overwhelming force is a good practice which saves lives. However it is not a good tool to build a society for mankind.

When protecting people it becomes vital to have an understanding of man based on observation of proper application of force and respect, which with it needs a healthy dose of compassion. It does also require a bit of courage to look and deal with what is going on.

A man held down by overwhelming debt, maybe an equally upset wife from her goals being squashed and neither being able to look and discover what is behind their problems, might get disillusioned enough that he momentarily gives up. Which could manifest itself in loud and disturbing actions. Possibly with the show of force to counter the pressure he feels.

To calm down and stop the destruction such a person may demonstrate does not require more use of force as is so commonly done. Simply a proper acknowledgment usually does the job.

So what is a proper acknowledgment?

It is that which shows the person that he or she have been heard and have been duplicated. In other words the person feels he or she is understood. Once understood the person feels there is someone else who shares the burden. That can be a very big relief and should not be underestimated. In fact you can entirely disarm someone with a proper acknowledgment. I’ve single handedly, purely with a few words, handled a really large man that a number of bouncers could not handle. All I had to say was that he’s really large and the others are acting the way they are because they are afraid of him. He instantly stopped and got in good verbal (vs physical) communication with me.

You know force is not simply physical actions. Your voice can also demonstrate and at least threaten physical force. It depends on your ability to demonstrate intention in any one direction. You can enter a room full of with violent action and simply give a simple command with a strong intention and stop everyone in their step.

In fact you merely showing up with a calm presence and being there able to look and duplicate what is going on can stop violence. It looks like magic of some sort. But it is simply being a larger presence than the confusion. Being the stable datum that everything else can align itself with. You cannot be sucked into the confusion and have to be able to hold your position.

You hold a position with certainty and competence. Your competence will come from, you guessed it, being able to be there looking and observing. Knowing what you are doing and having demonstrated enough competence in the past. In turn that will give you certainty. Which comes right back giving you more ability to hold that position stably in spite of the tumbling confusion.

A confusion is only a confusion until a position, or viewpoint, can be held and be used to sort out the random particles in it.

That position is your certainty of self and the situation. If good enough would cover any situation.

The subject here is how fear and force undermine each other.

Fear undermines you and your ability to handle force. You will not look and observe what is going on. For example a fighter depends on being able to be there and look at the motion of others bodies and any particles involved, and take split second steps to handle them when they become a threat, or even before they can become a threat if you are good.

Fear depends on uncertainty and not looking or understanding, the present situation. It will feed on itself and if not handled ruin your day.

Force also depends on uncertainty and not looking or understanding the present situation. It too will feed on itself.

Compassion and love of your fellow man is actually your foundation that will make life a lot easier and return a lot of value to your life, and others in your environment. It too feeds on itself. Compassion breeds compassion. Care is part of that.

Indeed it looks like you will get what you put your attention on.

If all you look for is motion and your general attention is on finding and stopping motion before it moves too fast you will end up a miserable problem yourself.

Police and security people are at risk of falling into that trap. The way to stay well is to look at everything going on. Society has far more positive things going on than negative. When you see an upset or disorderly person don’t insist on immediately stopping him or her. Be willing to let the person be upset. Be willing to understand that person so that you can properly acknowledge them.

If you have enough care for your fellow man it will show. It will allow you to approach each person as a person with respect, which will make a positive impact, even if it is not immediately obvious. There might be more upset that you need to discharge. Simply be a safe terminal for the person to share his or her upset with. Presenting force does not make you a safe person. It simply adds more force, or promise of force which will simply escalate things.

True, you can scare people with enough force that they cave in and are subdued. But it is not a good general way of operating, again only use force until you get their attention.

So what do you do if you cannot get their attention?

You may need to have a good balanced use of enough force that you can control the person until such time that you can reach them. I’m thinking of drugs and maybe earlier show of force that made them hide so deep that you cannot easily reach them.

When a person is armed with deadly force it easily becomes a huge liability to society, unless that person is balanced enough and able to be there and communicate verbally and only use enough force to handle the situation. The first action cannot be an automatic draw and fire. If a person is afraid of other people and cannot be in their shoes and have care and compassion for them they are not suitable to keep us secure. They will end up being a bigger threat and undermine the people they are suppose to support and help.

If someone is upset they usually have a reason. Caring enough to hear and trying to understand them will make them hold you high long after you have left.

Let’s talk about criminals.

A child will as soon as they can try to contribute to the family. By not allowing them to contribute you will end up fostering criminal behavior. I believe man needs to be able to contribute to feel good and be happy. When a man cannot contribute he thinks himself not very valuable. If not valuable and you cannot make a positive impact then it does not matter what you do.

Add some experiences where some of those impacts will be actions against the common good of society. Robbing someone, for example. If they succeed then they have learned they can be good at something. It may be the only option they feel they have since they cannot or are not allowed to hold a job and have some common decent respect of self and others.

That child which is not allowed to help with dishes is being taught their contributions are not wanted. They are completely the effect of the much bigger bodies around them and can only try to upset you to get even. Bed wetting, breaking things, screaming are all indicators of having disagreements. You could ask yourself if some broken dishes are more valuable than the child?

For that matter give them some plastic ones to clean. Maybe their own plates.

A gang member is a person who does not believe themselves able to contribute to society. A criminal is a person who have lost their self respect.

The way to turn both around is to allow them to get some respect back to learn they can contribute to our society and they will happily do so.

But it will require care and compassion to get there as the road may not be an easy one to walk down. It will also require a healthy dose of courage and belief in your fellow man. But it will ultimately be more rewarding than the other option.

I for one think a society based on care and compassion would be more pleasant than one based on fear and force. What do you think?

Networking 101

I’ll share some basics here:

All computers and devices on a network are each called a host. Each must
have a unique IP address just like each house has a unique address.

IP addresses are broken into the older IP version 4 (IPv4) which has
four numbers separated by a period ‘.’ like this 8.8.8.8.

Each number must be in the range of 0 to 255, but no host can have an IP
that ends on 0 or 255.

There are three main ranges of IP addresses which will not be routed
(forwarded) across the internet. These ranges are intended to be used in
local networks, which in practice means you can have a number of
computers with their own IP address on your network without it being
open to the world.

In other words these ranges will not work across the internet and is a
direct solution to not wanting to give up a “routeable” address for each
internal device. Otherwise the available IP addresses would be used up
very rapidly by large corporations. Plus, this way we have a layer of
security. There is a technology called Network Address Translation (NAT)
which ensures internal communication traveling from the inside of a
network to the outside is properly tracked.

The three ranges are:

10.0.0.0 – 10.255.255.255 with 16,777,216 IPs
172.16.0.0 – 172.32.255.255 with 1,048,576 IPs
192.168.0.0 – 195.168.255.255 with 65,536 IPs

There is an address for all computers to test networking without needing a
network card which is 127.0.0.1. It is called the loopback device.

The new IP version is called IPv6 and in theory allows for 2 to the
power of 128 (128 digits) versus IPv4 which only have about 4.3 billion
addresses. I’m not going into the details of it here.

A network that is under another one or is internal is generally referred
to as a subnet.

Each network reserves a few IPs for its own use:

For a network able to use all 256 addresses on a subnet , for example, 192.168.1.0 is called the network address, which obviously is the beginning of it.

Usable addresses then would be 1 through 254, except generally the first
usable one is usually the gateway to the network “above” it. So .1 is
usually reserved as the gateway IP.

Then the last IP is usually the broadcast address. The purpose with that
is when a device needs to reach another computer and does now know has
the IP sends out a broadcast asking “who has (IP)?” which is sent to the
.255 address. The gateway will then answer.

192.168.1.0 is the network IP
192.168.1.1 is the gateway
192.168.1.255 is the broadcast IP

We humans have a hard time tracking IP addresses so a system was
designed to allow up to use names instead. A server function called
Domain Name Server (DNS) translates the name to an IP address which is
needed to actually reach another computer.

Now for a computer to save time and not bother the DNS with questions
that it could answer a network mask was created which by its design can
tell if the computer you are trying to reach is on the local network or
needs to be sent to the gateway server to figure out. (And if it does
not know it sends it up to its gateway and so on.)

It is called subnet mask and for the above example it would look like
this 255.255.255.0. Thereby knowing that any host on 192.168.1.0-192.168.1.255 can be sent directly, anything else would need to be sent to the gateway, 192.168.1.1 for it to forward up the line.

Due to criminal elements online it is crucial that you have layers of
security. The first one is called a border firewall and is the first
layer of security. Other layers can be local firewalls on each computer,
educated users on what to do and not, log files that are monitored,
security patches applied in a timely fashion (immediately) and so on.

You do NOT need a separate subnet for VMs unless you WANT to have it. I
rarely do it. But if you do then simply assign IPs for the VMs that are
on the same subnet. If they need to go outside that subnet then make
sure you have a gateway assigned which sits across both subnets. That
will have port forwarding turned on which allows traffic to flow between
the network cards. (Google linux router.)

When you use virtual machines they too will each need an IP to talk to
any other host.

(You could create a subnet which does not have the ability to talk
outside that specific network, which could be handy when testing
something that could be interrupting other hosts on the main network.
Being totally isolated means it cannot be hacked nor leak something
outside that network.)

When you sit inside your subnet you may not allow random external (on
the internet) traffic to reach your internal computers unless there is a
hole on the firewall to allow some traffic in. For example, you might
have a web server which is reachable from the outside, which in turn
uses a database. Access to the database must be guarded to ensure it’s not reachable directly or via a flaw in the code.

You have to make the call if you can or should allow the VMs access to other networks.

First Amendment Rights?

Intended to those in charge.

As someone who has visited Auschwitz as a young man while traveling through Europe, who met people who were deformed from being concentration camp guinea pigs and saw the horrors that came because nobody would do anything about it before it became too late, I was utterly stunned to see how my all time favorite service appears to actually be taking a stance supporting extreme violence hate sites.

I’m guessing it has something to do with the 1st amendment which is generally a great thing to support, though one has to be aware that it only refers to what the government is not being allowed to violate:

“Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press; or the right of the people peaceably to assemble, and to petition the Government for a redress of grievances.”

Clearly free speech is a crucial part of society, but common sense can step in and say if, for example, you want to insult my wife in my own house, you must leave. If you want to proclaim death to my neighbors, you can’t stand on my stoop to do it from. If you try to promote violent rhetoric using my company – it will be removed.

Doing anything less is supporting what ultimately becomes criminal activities which at the very least is bad for business in the long run.

I also find it shameful. Certainly ignorance and stupidity alike can be very dangerous given the right situation. When I look myself in the mirror I much prefer to feel strength from doing the right thing, and not having acted from ignorance or misinformation.

There is a very real situation where people don’t bother to investigate what they are being told. They are commonly not very well versed with the world outside their own nor have a solid education. Thus being at a disadvantage frequently find themselves not finding any road to success but reasons to be unhappy. Some take advantage of that to misdirect their unhappiness towards people and activities that actually seek to help society. These “some” are stuck wanting to take the world down with them. Meanwhile the lesser educated and informed, but not automatically less valuable, fall pray to the lies and propaganda and with little to loose stand up ready to fight the false evil. Others even less educated about life become willing to meet the vestigial virgins supposedly waiting for them once they click the detonator. The price for freedom is constant alertness and willingness to fight back, not blindly supporting any activity or “right”.

Thus, I frequently assess who I associate myself with and as someone who has so far been a staunch supporter for a decade am now wondering what is your intention visa vie Nazi hate propaganda, and similar sites?

Google Suggests Reporting Their Charges as Fraud

In short I tried to cancel a commercial app service for my business but they claim unable to do so.

We had an account with Google which provided a few apps for us. Then that same functionality was moved in house and the use dropped to zero. The account sat there for about two years collecting the monthly charge with no use.

At one point I decided to cancel the service, which is when it got interesting. First I screwed up on how I canceled the service and in effect only killed the admin account. Then forgot about the whole thing while busy with some new and exciting things. After a while I did notice that the charge was still coming through from Google so I attempted to have them close it.

However they told me that the only way I could stop them from taking my money each month would be to login as that admin. Problem is I have a lot of different accounts and that one was cleaned up and deleted, a long time ago. There’s no way for me to recover that information.

However Google obviously have records of transactions and should be able to ask questions that would verify my identity and then stop taking my money for the service I don’t use. Not so, even after escalation to a supervisor, they still said they could not cancel the service.

Google does have a pretty good security record and maybe they only allow a very select few access to data that could authenticate me. But the idea that a company could not stop putting through a charge for a service I’m not using is, let’s be nice and call it odd.

In the end I was told to go to my bank and tell them the charges are fraudulent so the bank would no longer pay Google. That is supposed to lead to the account being suspended and stop the charges. Of course once I told the bank they simply don’t accept the charge anymore, solving my problem. I found the whole thing is pretty unusual. There must be a ton of people that made the same mistake and could not get out of it in a simpler way.

How To Give Away Your Bank Accounts To Criminals

Sherri Davidoff, Author of “Network Forensics: Tracking Hackers Through Cyberspace” has documented a real life example of someone giving away all their credentials which means someone else now have the same access to your identity and subsequently, money, that you have.

It is a very effective demonstration of what not to do, share it with others!

And not necessarily very hard to protect yourself from. The best is of course to never accept and use links in emails, IM, etc. Which can be hard when you think it is from your friend or family member, or in the above case, your bank.

A safer method would be to use a LiveCD (a CD which you boot and run programs from) which does not have the ability to be altered. Which means each time you boot it – it is completely untouched by any virus. But it means booting into it each time you want to visit your bank, or other sensitive websites.

Joanna Rutkowska is a Polish security researcher who released a modified Operating System called Qubes OS which I think is a great compromise, and the best I have seen. It accomplishes that by setting up virtual environments in a particularly nifty way. First the whole O/S have been modified to be hard to break into, then it uses dedicated virtual computers for each sensitive website (all according to your preference).

I created one environment for each bank, Paypal etc. Then I ONLY visited that one website using that virtual environment. In other words if you have Paypal you would use the Paypal virtual environment to only visit Paypal. And so on.

Now it requires that the banks website gets infected with the malware needed to infect my virtual computer but only for that bank. Not for any other. It is also particularly easy to fix. Remove it and add a new one.

Another virtual environment is used for casual browsing. Another for business, email etc.

This means an infected email cannot corrupt your other environments and you have a very effective tool against online malware.

Security is about balancing security and work-ability. Too secure and nothing can get done. Too easy and you’ve given easy access for criminals. You need to strike a balance. It took very little to get used to and is about the safest and best balance I’ve seen anywhere.

As you can see at the bottom of the above article LMG Security offers workshops and her book is a very good read.

Make the extra effort to be security aware and avoid being a victim while at the same time not being the tool used to wreck someone else’s life.

Abandon IT Dept for the Cloud?

People have some interesting affinity for the latest and greatest solution, which gets applied to any and all problems. The grass is apparently so readily seen to be greener on the other side, that even common sense is left behind. I’m guessing there’s frustration afoot, which might be because of a slow or inept IT dept. But could also be because not enough funds are allocated to properly run the IT dept. Just saying.

This urge to always jump on the latest new technology is often done as if there’s a great emergency. The idea behind the Cloud is certainly interesting. But is moving your IT into the Cloud the right move, or are you asking for even more trouble?

Your IT dept has physical control, are motivated by how you run your business. In other words you can hire, fire and make demands to ensure they are aligned with supporting your business plan.

The Cloud however, is ENTIRELY out of your control.

In-house you can observe and handle security issues. On the Cloud you are hoping that they don’t have a staff failure, upsets, or whatever, which results in them not caring properly for your data/information.

In the Cloud which you are part of, you are part of many others, which certainly makes the Cloud a bigger target as far as, in the eyes of the criminal hacker, having higher potential payoff to hack. It’s more worthwhile to break into the Cloud.

When that happens, how do you act to protect your data?

There are many ways to “hack” into something. For example, in social engineering, where by pretending to be someone else, you talk people into giving you knowledge that opens the doors you want “unlocked” A simple phone call, or email, and someone might hand out the “keys”. It is very popular and easy to succeed with. It could also very well be that the people working the Cloud know better than Your average staff, than to fall pray for it.

Ultimately you need to look at your budget, evaluate the business impact of not having much of an internal IT dept, versus handing it out to someone else, and hope for the best.

True, you might already be hoping for the best. That your computers don’t get broken into, that IT knows what they are doing, etc. Data loss, for example, are more often caused by an upset employee, than some outside body. Making an argument for the Cloud. In theory it looks like the Cloud can be viable alternative.

I just don’t trust my business information, to be kept completely safe where things such as motivation, competence, reliability, etc. is not only unknown, but mostly unknowable. Where you can’t take advance action to ensure that the person being fired will not be able to cause you harm in a vengeful moment. Where, if the internet is down, you can’t do anything because all your data lives elsewhere.

Simply jumping on the Cloud because it is the hot thing that “everybody” is talking about, is not a very well evaluated reason. Most of the time common sense is the most reliable tool you have. Use it!

Physical Security Maxims

Security whether physical, computer or any other area, is seldom understood. Arbitrary ideas that saves someone from doing something is usually chosen. It is next to impossible to overstate the amount of ignorance and stupidity demonstrated whenever security is considered. This list brings home the balance of secure vs insecure. Of course security is about balancing security vs useable and practical.

Here’s excerpts from a list of maxims produced and assembled by Roger G. Johnston, Ph.D., CPP in the Vulnerability Assessment Team at Argonne National Laboratory.

(You can see the whole list at  www.schneier.com)

Physical Security Maxims
Roger G. Johnston, Ph.D., CPP

Security Maxims
The following maxims, based on our experience with physical
security, nuclear safeguards, & vulnerability assessments, are
not absolute laws or theorems, but they will be essentially
correct 80-90% of the time.

Infinity Maxim: There are an unlimited number of security
vulnerabilities for a given security device, system, or program,
most of which will never be discovered (by the good guys or
bad guys).

Arrogance Maxim: The ease of defeating a security device
or system is proportional to how confident/arrogant the designer,
manufacturer, or user is about it, and to how often they use
words like “impossible” or “tamper-proof”.

Ignorance is Bliss Maxim: The confidence that people have in
security is inversely proportional to how much they know about it.

Be Afraid, Be Very Afraid Maxim: If you’re not running
scared, you have bad security or a bad security product.

High-Tech Maxim: The amount of careful thinking that has
gone into a given security device, system, or program is
inversely proportional to the amount of high-technology it uses.

Schneier’s Maxim #1: The more excited people are about a given
security technology, the less they understand (1) that technology
and (2) their own security problems.