Bill Ryan's Other Blog

I do quite a bit of work outside of my day job but most of it involves writing code or advising people on technology decisions.  Recently however, I’ve taken a job as a writer for The Examiner. One of the areas I cover is Fine Dining which is about as cool of a gig as you can get. 

I’ve completed a few projects which were big time consumers so I have a lot more time to write, and getting paid to eat at five star restaurants and write about them is something I will definitely find time to do more of. 

My first article just went live today – “Ruth’s Chris Greenville – Exactly What You’d Expect”

[tags]Fine Dining, Ruth’s Chris Steakhouse, Steakhouses, Greenville Dining, Examiner.com [/tags]

I do quite a bit of work outside of my day job but most of it involves writing code or advising people on technology decisions.  Recently however, I’ve taken a job as a writer for The Examiner. One of the areas I cover is Fine Dining which is about as cool of a gig as you can get. 

I’ve completed a few projects which were big time consumers so I have a lot more time to write, and getting paid to eat at five star restaurants and write about them is something I will definitely find time to do more of. 

My first article just went live today – “Ruth’s Chris Greenville – Exactly What You’d Expect”

[tags]Fine Dining, Ruth’s Chris Steakhouse, Steakhouses, Greenville Dining, Examiner.com [/tags]

As a big fan of HotChicksWithDoucheBags , I noticed early on that when a given highlighted douchebag was wearing a shirt and it wasn’t Ed Hardy, you could bank on it being Aeropostale.  The cheap price coupled with obnoxiously loud print come together for a perfect storm of Visual Atrocity.

The fact your brand appears consistently on HotChicksWithDoucheBags speaks volumes (I would rant about Ed Hardy but it’s so ghastly that nothing more can really be said about it).  But if you remain unconvinced I give you Mini Daddy – Adriansito

If I was in management at Aeropostale, I’d spend every penny I had firing off takedown notices and using every other means available to make sure my brand wasn’t ever ever ever associated with this.  Props to Adriansito though, now instead of wanting to barf each time I see it, I burst out into laughter (Ed Hardy still invokes nausea).  Watch this if you can.  And for the non-Spanish speaking members of the audience, he’s not saying he wants another Burrito, no matter how much it sounds like it.

Boing Boing has the details. I’ve been thinking about this post for a while.  As much as I dislike watching television and avoid doing so when I’m home, I’ll cop to watching tv before I go to bed when I’m on the road travelling.  Very few hotels have XM and AM reception is exceptionally poor even in the nicest of places.  Even though I use my down time to read or code, there’s something discomforting about complete silence.  So I break down, turn on the tv and then as much as I hate to admit it, I’m usually hooked.  NCIS and CSI Miami are the worst…NCIS just b/c its cool and CSI Miami b/c I still get nostalgic for all things Dade County.  When I see the First 48 on though, I’ll definitely watch it instead.

A few weeks ago, I purchased FlexYourRights and thought it was phenomenal and it really made an impression. I don’t want to do anything to discourage you anyone from buying it so I won’t go into too much detail (they have a free version on YouTube if you’re interested) but you can sum up a big portion of it as thus:  “Don’t talk to the cops.  Don’t submit to searches.  Ask if you’re being detained or if you are free to go”.  That’s a gross oversimplification but essentially, that’s the point.

It’s a really well done film from a legal perspective and if you watch if just once you’ll be converted.  They emphasize that if you actually did something wrong (other than some really minor traffic offense perhaps), you’re not going to talk your way out of anything.  While most cops are decent folks, they aren’t your friend. They’re not looking to help you out if you broke the law.  And besides, cops don’t prosecute cases, only Prosecutors do that.  People consent to searches all the time which can never help but can definitely hurt.  People talk and answer all sorts of questions, again, which can never help but can definitely hurt.  You get the idea.

Right after I FlexYourRights the first time, I replayed it a few times.  I wanted to make sure I completely understood it, but I always try to remain at least a little skeptical whenever I learn something ‘new’ especially when it’s something that could have a huge affect on my life.  I mean, the last thing you ever want to do is screw up big time or miss a huge opportunity b/c you accepted something uncritically.

If you’re unfamiliar with the First 48, the premise is simple.  According to the show, police statistics show that if there isn’t a strong lead developed within the first 48 hours of a murder, the chances of it ever being solved drop dramatically. As such, those first hours are critical.  B/c they have the luxury of showing whatever episodes they feel like it, you tend to see episodes where they actually catch the culprit or are at least are sure they know who the culprit is.  I’ve seen one or two where the perps got away with it but most of the time, they feature episodes with a resolution. 

ONE THING REALLY STICKS OUT THOUGH.  Whenever they get to the point that they know who the person is and can take the person into custody, they almost ALWAYS Confess. It starts out the same. At first the person doesn’t know anything. Then through talking or whatever, the cops get some more evidence. They play the Good Cop/Bad Cop with them and almost always get the guy to confess.

One case I remember vividly though was where a guy killed his ‘homeboy ‘ and his homeboy’s girl. After shooting them, he put them in the victim’s truck and set it on fire.  In most of these cases, the cops get a tip that starts things moving.  In this episode, all of the culprit’s friends turned on him. Three people turned on him.  He went into hiding previously and they sent a fugitive apprehension team to get the guy – which they did.  When they caught him, he had the murder weapon on him. There was a whole bunch of additional evidence too.  So assuming everything on the show was true, it was pretty clear they had the right guy. He was one of the only people I ever saw just shut up and ask to see his attorney.  He didn’t try to talk his way out of it, He didn’t hit the cops with some song and dance. He just shut up. And they commented that even with all the evidence, him not confessing would make things a lot more difficult to get a conviction with.

Every time the people won’t talk, the cops get really frustrated. They typically have a conference and do whatever they can to pressure the guy to talk (usually scaring him and telling him if he cooperates, they’ll go much easier on him – as though they cut deals with defendants or whatever).

Now, I just sit there with my mouth open wondering why people don’t catch on to this.  If you ask to see an attorney, the cops get really frustrated and do what they can to get you to talk before you can talk to your attorney. They discourage you to come in with an attorney.  They lie. They play games. They’ll tell you your friend ratted on you when he didn’t. They split you up and try to get you to play against each other.  And yet, people still fall for it.  When they say “Your friend just sold you out”  they always get mad and start blabbing.  They get the people emotional and brow beat them. They threaten and cajole. It’s so freaking predictable you’d think they took a class on all of this.  So why do people insist on trying to talk their way out of it? And if you think you don’t have anything to worry about if you’ve done nothing wrong, you simply must not read much b/c every single day there are multiple stories about Law Enforcement officers abusing their power, setting people up, lying , and virtually every other form of malfeasance you can think of. 

I don’t like to see predators and violent criminals get away with their crimes.  I regret that they can use this sort of information to help them break the law and prey on others.  I’m just shocked that people who engage in often times very sophisticated plots to commit crimes, can be so dumb when it comes to dealing with the police. If they just watched the First 48, they’d learn a whole lot about how cops operate and what not to do. 

[tags] CSI, CSI Miami, NCIS, The First 48, The 1st 48 Hours[/tags]

And each time I hear of a case of it, it’s more idiotic than the last.  The people attempting to stifle speech usually win a few short term victories, only to have the whole thing blow up in their faces. Apple is about to learn that lesson.  Sure, they’re not specifically trying to silence a blogger per se, but they are.  (Depending on who you’re listening to, there’s not a smoking gun sitting in the Apple corporate offices, but if you believe they aren’t, I’ve got some really nice land in scenic Homestead, FLA just south of Krome Avenue Detention Center for sale – there’s a water front view and all sorts of wildlife).  So while they aren’t trying to specifically shut up this blogger, they’re trying to make an example out of him so the next guy will think twice about it.

It’s 2010 and you simply can’t keep a lid on information.  And if the information is juicy, it’s going to get out. You can try all you want, you can’t stop it.  There are too many nodes for one thing.  Those nodes exist in way too many jurisdictions for any law or even law enforcement agency to have any teeth. And laws without teeth are violated.  It only takes one node to disseminate a story to the entire world and unless you can control every single node, you’re not able to do much about it.  Someday the powers that be will learn that lesson and if/when they do, they’ll stop having stories like this one blow up in their faces.

Warren Buffet is often attributed with saying “It takes a lifetime to build a reputation but just a minute to destroy it”.  That principal applies all too well in cases like this. You can spend millions/billions whatever trying to construct a cool and likeably public image.  And one really bad misstep can destroy it.  I’m not saying Apple’s image will be destroyed by this, but put it this way, to cause the same amount of positive attention would have cost millions of dollars. Their guy screwed up. He dropped the ball. Once the story was out, it was out.  The cat was out of the bag.  All of this crap is just making them look really bad and from the reports I see creeping out, it’s going from bad to worse.

There’s one thing I can’t help but notice.  There have been countless attempts at shutting down bloggers.  There are a lot of people who are very invested in intimidating the blogosphere so that they can control the narratives.  In every single case I can think of, two things has happened: 1-  The people trying to shut down the story failed in keeping the story down although they frequently have won some short term victories.  2- All of their efforts to do so have blown up right in their faces.

But there’s another elephant in the room.  Where they’ve won their short term victories, it’s always b/c of someone on the legal/law enforcement side of the equation’s ignorance if technology and willingness to play fast and loose with the laws. As more cases come to light, more people see these abuses for what they are and corrupt/incompetent people in positions of power are being exposed for what they are.  And if you understand the dynamics here, you’ll understand that this is only going to get worse for folks trying to control other people’s speech.  “Public Safety”, “Intellectual Property rights” blah blah blah – they always have some noble high sounding excuse for crass bullying, but in each case, that’s exactly what it is – lame, pathetic bullying.  There’s only one way to deal with bullies and that’s to STAND UP TO THEM AND EXPOSE THEM FOR WHAT THEY ARE.  And thank God the technosphere is pretty much in unanimous agreement on how to deal with this stuff.

When we were talking about this earlier today, someone commented that my argument on this issue is a bit hypocritical.  After all, I run my mouth quite a bit defending intellectual property rights and according to my friend, that’s exactly what Apple is doing here.  Not so much.  If Apple sued Gizmodo that’d be fine by me. If they addressed this in the proper venue, namely a civil court, that’s their prerogative and I’d be the last person to criticize them for it  If they played the victim and made Gizmodo look like party crashers, that’d be their prerogative too and my response would be the same there.

What’s not ok is using inside connections with politicians and law enforcement to harass Chen.  they come in and seize his servers and computers as part of the investigation to recover the stolen property AFTER THE PROPERTY HAS BEEN RETURNED?  WTFEver. There are way too many people in law and law enforcement with just enough technical know how to be dangerous thinking b/c they deem it so, they’re on the right side of the law. And somewhere down this path, you’ll find a few smug attorneys and cops who think they ‘get it’ about tech, justifying the BS that’s going on now.  I can only hope their names become as prominent as Chen’s has by the time this is over – and I’d bet you lunch they will be.  I guarantee you this, before this story is over, it’ll be revealed that some people in positions of power (legal/law enforcement) abused the hell out of that power.  I know that never happens and the mere intimation of it is blasphemy blah blah blah, but I’d bet the house on it.
Andrea Roubal, Andre Roubal, Anders Roubal, Anders Roubillard, Anderson Cooper, Anderson Jones
[tags]Stolen iPhone, Apple, Gizmodo, Gizmodo iPhone, Jason Chen[/tags]

Who Deserves “Google Fiber” the Most? 30 Day Challenge Starts April 6 !

Greenville, SC Deserves Google Fiber!

Greenville, SC Deserves Google Fiber!

Greenville, SC Deserves Google Fiber!

Greenville, SC Deserves Google Fiber!

Greenville, SC Deserves Google Fiber!

Greenville, SC Deserves Google Fiber!

Greenville, SC Deserves Google Fiber!

Greenville, SC Deserves Google Fiber!

Greenville, SC Deserves Google Fiber!

Greenville, SC Deserves Google Fiber!

Greenville, SC Deserves Google Fiber!

Greenville, SC Deserves Google Fiber!

Greenville, SC Deserves Google Fiber!

Greenville, SC Deserves Google Fiber!

Greenville, SC Deserves Google Fiber!

Greenville, SC Deserves Google Fiber!

Greenville, SC Deserves Google Fiber!

[tags]Google, Google Fiber[/tags]

Bruce Schneier links to a story over at f-secure about a scam as brilliant as it is evil..  As far as scams go, it’s not ‘evil’ in the sense of taking you to the cleaners (it attempts at getting you to pay $400.00  so I guess the damage largely depends on where you’re sitting at the time) but it’s evil b/c as Schneier puts it, “the level of detail is impressive.”

What it does is basically pops up a warning indicating that you have software on your machine that violates copyright law.  It then demands $400.00 payment to clear up the matter.  There’s a very official looking website and for all intents and purposes, it looks ‘real’.  There’s no typos on it for one thing (I’ll never cease to be amazed at how few scammer ever bother to spell/grammar check their content or bother to get a native language speaker write the content.  It’s really not that hard to find someone who speaks English as their native language. And it’s a highly guarded secret  that there are different dialects of English and most of the major languages.  Typos, culturally incorrect spelling {realise vs. realize if you’re sending it to someone in the US}, usage errors and the like are commonplace in just about every scam I’ve encountered). The e-commerce components appear to work perfectly.  The folks at f-secure already went ahead and looked up the domain registration and while it’s registered to someone already well known in the scamming community, most lay people wouldn’t recognize the name.  All in all, they did their homework and paid a lot of attention to detail.

Then again, considering how little respect some in the law enforcement community regard copyright law, I’m amazed anyone’s actually paying them

[tags] ICPP Copyright Foundation [/tags]

While Kim was gone, I tried to get a bunch of stuff that’s been lingering finished. The hardest part was completely weeding the yard. I’ve ignored the weeds for a while and they were making the yard look a little ratty, so I went and dug up every weed I could find in the front yard and most of the ones on the sides. I also put up a few bird feeders.

The first few days were epic fail as far as the feeders went. No birds, no nothing. Then starting Wednesday, one of the BlueJays must have posted the new feeders on Digg or something b/c our yard was swamped with birds. There were Robins, BlueJays, even a few crows. It was amazing.

With all the new traffic, I’ve decided to install another cam to compliment our Doggy Cam. We’ll load another Cisco WCV210 and point it at the front yard. Mounting it outside has been a little troublesome just b/c I’m so inept at such things, but it’s coming along . Thank God the WCV210 is Wireless. Anyway, we should have it up a little later today when I get home from work.

[tags]Cisco, Video Surveillance, Cisco WVC210, Internet Video Camera, DynDNS, BlueTooth, X10, Home Automation [/tags]

If someone actually had to balls to pull any of these off, they’d deserve even more props.

1. I am currently out at a job interview and will reply to you if I fail to get the position. I may be a little moody so be prepared.

2. You are receiving this automatic notification because I am out of the office. If I was in, chances are you wouldn’t have received anything at all.

3. Sorry to have missed you, but I am at the doctor’s having my brain removed so I can be promoted to our management team.

4. I will be unable to delete all the unread, worthless emails you send me until I return from vacation on 4/18. Please be patient, and your mail will be deleted in the order it was received.

5. Thank you for your email. Your credit card has been charged $5.99 for the first 10 words and $1.99 for each additional word in your message.

6. The e-mail server is unable to verify your server connection and is unable to deliver this message. Please restart your computer and try sending again.

( The beauty of this is that when you return, you can see how many in-duh-viduals did this over and over.)

7. Thank you for your message, which has been added to a queuing system.
You are currently in 352nd place, and can expect to receive a reply in approximately 19 weeks.

8. Hi, I’m thinking about what you’ve just sent me. Please wait by your PC for my response.

9. I’ve run away to join a different circus.

10. I will be out of the office for the next 2 weeks for medical reasons. When I return, please refer to me as ” Sharon ” instead of “Steve”.

So some irresponsible jackass loses his phone. Someone finds it and decides to make a buck. I’m not defending them, I would have given it back to Apple but that’s another issue. Apple gets its panties in a bunch so what do they do? What any crybaby would do. Call the cops. That’s not surprising either.. What’s surprising is that “Computer Crime” investigators are taking the case Un-f****cking believable.

With all the spam, malware, identity theft, kiddie porn etc etc , there’d be no way the staff we have now could ever put a dent into the computer crime industry. But when crybabies go running to them over BS, and they take it, it’s even worse. This is just a disgrace from top to bottom. Apple should fire the guy. They should sue Gawker if it’s warranted. But causing a criminal investigation? Are you freaking kidding me? Anyone out there understand the state of computer security these days? If you’re a bad guy, it’s yours for the taking. Instead of tightening controls and preventing stuff, instead of bringing awareness to counter measures, we’re wasting our time investigating bs like this.

I can’t say I’m surprised, but I can say I’m disgusted. God knows I’ve seen bigger wastes of investigative resources. But I better shut my mouth of some guy with a vendetta will come and try to make my life miserable AGAIN!

[tags]iPhone, Stolen iPhone, Gizmodo Stolen iPhone[/tags]

I’m a big fan of Ruth’s Chris Steakhouse and was really stoked when we got one in Greenville.

Sarah and I were planning on going to Ruth’s four our last night out before her mom came home. It’s pretty difficult to get in b/c they stay really busy. Knowing that, I made reservations for later in the evening. When I called to make reservations, they asked for my email address. A few minutes later, I received a really cool email with all the details, instructions on how to get there etc.

We had to push back out original reservation by 10 minutes which they accomodated with no problem. We arrived, ordered and the apps came our shortly thereafter. Everything was perfect. We were seated immediately, the food was great, there was nothing that wasn’t done to perfection.

About an hour later, we left and all was good. shortly thereafter, I recceived a Thank You email from them which was a nice touch. The next day, on the way to school, Sarah noticed her purse was missing. She didn’t worry about it b/c she figured it was at home. When we got home later, I asked her to find it b/c her phone was in it. She couldn’t find it and I suspected it was at the restaurant.

Well early this morning, I received an email confirming that. They let me know they had it and would hold it for me. Very nice touch

On a scael of 1-10, I’d have to give it a perfect 10 b/c they handled everything perfectly. Kim and I are regulars at Ruth’s but this wwas Sarah’s first time and she loved it. I’ve been to sevearl Ruth’s all over the country and have always had an excellent experience. I’m a big fan of Morton’s and the Capital Grille too, but you can’t go wrong with any of them. Unfortunately, we don’t have a Morton’s or Capital Grille in Greenville, yet.

[tags]Ruth’s Chris, Morton’s of Chicago, The Captial Grille, Ruth’s chris Steakhouse, Ruth’s Chris Steakhouse Greenville, SC[/tags]

Never Be Peace is one of Tupac’s best songs – and with Pac that’s saying a lot b/c everything he wrote was hittin. Outside of the sheer awesomeness of the song, the lyrics are amazingly astute. Pac was truly a genius

[Verse 1: Tupac]

Now of course I want peace on the streets
But realistically
Painting perfect pictures ain’t never work
My misery was so deep
Couldn’t sleep through all my pressures
In my quest for cash
I learned fast
Using violent measures
Memories of adolescent years
Their was unity
But after puberty we brought war
To our community
So many bodies dropping
Its gotta stop
I want to help
But still I’m stepping
Keeping my weapon
Must protect myself
The promise of a better tomorrow
ain’t never reach me
Plus my teachers were to petrified in class to teach me
Sipping thunderbird
And grape kool-aid
Calling Earl since my stomach was empty
It seduced me to fuck the world
Watch my ‘lil homies
Lose there childhood to guns
Nobody cries no more
Cause we all die for fun
So why you ask me if I want peace
If you cant grant it
Niggas fighting across the whole planet
So we can never be peace

[Chorus]

Will there ever be peace?
Or all we all just headed for doom,
Still consumed by the beefs,
And I know there never be peace,
That’s why I keep my pistol when I walk the streets
Cause there can never be peace

[Verse 2: Kastro]

Somebody owes me
Will they control me?, nah
I ain’t a hater playa
But I want all you got
Your babies have babies
Now we fighting each other
My dogs got rabies
They biting each other
‘n’ it ain’t hard to find a friend like mine
Big fully is a bully
And he don’t mind dying
And I gotta be bright
Miss sign after sign
Time after time
After time after time
And I don’t like nobody
They don’t like me more
And I’m cool with that finally
But they heard it before
Dog
We living in a prison
Losing our religion on em
Thanks given when thankful just for living in hell
Damn homey I don’t mean to be harsh
But it’s the devil in the ghetto trying to tear it apart
And if we make it up out
We still stuck in the dark
Will there ever be peace?
Just the peace in my heart
Never

[Kastro talking]
The only peace we got
Is the peace in our heart
Or the peace in our mind
Right there in piece that we hold in our waste line
Feel me dog?
Cm’on

[Chorus]

Will there ever be peace?
Or all we all just headed for doom,
Still consumed by the beefs,
And I know there never be peace, (never)
Thats why I keep my pistol when I walk the streets
‘Coz there can never be peace

[Verse 3: Napolean]

Things are changing
Nigga you better fantasize
I’m only concerned about me and mine in these times
The world is a ghetto where peace is not a part of it
We all goin’ need God if we plan to get out of this
Niggas spending too much time hating on each other
Niggas buyin’ guns
Load em up
Aim at each other
And the victim is you and me
The secret is true indeed
The good die
Mostly over bullshit
Repeatedly
Deep in me there’s a part that wants nothing but love
But the rest of me knows war is what’s waiting for us
So I stays ready
Keep my pay heavy and boss up
Stack my funds and my guns
Never rely on luck
Asking God to point out the imposters
Never let no weapon formed against me prosper
Cause they’ll never be peace
So don’t rely on it
Soldiers die for
And in the ghetto, they trying for it
FUCK PEACE

[Chorus X3]

Will there ever be peace?
Or all we all just headed for doom,
Still consumed by the beefs,
And I know there never be peace,
That’s why I keep my pistol when I walks the streets
Cause there can never be peace

[Tupac Talking]

Shit, fuck peace
On the strength till my niggas get a piece
We cant have peace
How the fuck we gonna live happy if we ain’t got none?
You motherfuckers is smiling, but I’m mean mugging
Why? Cause gotta be thugging
I’ve seen drugs done turned this motherfucking hood out
All us niggas acting up
Wild ass motherfucking adolescents
These niggas ain’t even got no childhoods no more
How the fuck can you have a childhood and you have a funeral every motherfucking weekend
And you motherfuckers talking about peace?
Nigga, it ain’t no motherfucking peace
You ain’t seen the news motherfucker?
You ain’t heard?
Little babies getting smoked
Motherfuckers killing there whole family
‘Lil kids getting thrown off buildings
Motherfuckers gettin abused
Peace? Niggas you out your motherfucking mind?
Fuck peace
We can’t never have peace, till you motherfuckers clean up this mess you made
‘Till u fucking clean up the dirt u dropped
‘Till we get a piece
Fuck peace
Westside
Lyrics provided by AZLyrics

[tags]Tupac, Never Be Peace[/tags]

Seriously, if this can’t get your head right, nothing can. Rahz hasn’t put much else out, but Nevah is as epic as it gets.

[Talking]
Nev-ah
Me, lose?
C’mon now, c’mon man
How can I lose
I’m the best

Chorus: Rowdy Rahz

I will nev-ah lose, nev-ah fall
Nev-ah hate, nev-ah give up
Nev-ah snitch or rat on my dogs
I will nev-ah fall victim to the law
Nev-ah run from a brawl
I know they say nev-ah to say nev-ah, but I will nev-ah

[Talking]
This is my year
Losin’, is just not in my vocabulary
You understand who I am?
I’m rowdy
The son of the God
I can not be touched

[Verse 1]
How can I lose when I was born to win
Some say nobody’s perfect
So can you tell me what the hell is wrong with them
The supreme, I deal beam, beyond compare
Ghetto works, team with Queen, and shock them, compare
A master mind, design the perfect crime, so to facinate the ghetto
And crush those who oppose
I shall nev-ah lose, my name is Rahz, so I’ma rise
And I shall nev-ah fall, so just call my the son of God
Double R rip constant, lose nev-ah that
Flow sicker than leukemia, can’t get rid of that
Y’all might as well call the cops
See me I play to win, if not, I’ma ball non-stop

Chorus: (2x)

[Verse 2]
I used to know one
You talk slick, I’m quick to blow one
Stop the yappin’
And take it down for Rahz start to actin’
And shit happen here
Losers, to the rear
Head home, Dunn
When it stay on, losers gone
Scornin’, keep movin’, regulate
Decimate, the fake who perpitrate
Kid, facts is provin’, niggaz saw me ball, niggaz saw me brawl
Niggaz saw me hittin’ chicken’s walls
Niggaz saw me shake him ’til he fall
Need I say more, nah fuck that , rough cat
Brick City thoroughbread, darrowhead, feel that
Feel the real illness, my nick name is the abyss
Take the wrong step and fall, in some deep shit

Chorus: (2x)

[Talking]
See, I’m tired of you fake ones hatin’ on Rah
Y’all don’t understand Rah
This is Rah year
’99-2000, it’s mine I’m takin’ over
It’s not a game

[Verse 3]
My whole life I been the gifted one
Had ups and downs, but still I came out the victor one
See even if you say I lost, they gon’ say I won
‘Cause I’mma make sure your bruises is worser than mine
Opps, and I’m squirtin’ the 9, nev-ah losin’ I’m workin’ a dime
Takin’ the L to me, is foriegn, I’m far beyond the level of the norm
Call me concieted, cause is this game, my rap flow is undefeated
Ask Joe Jacks, he couldn’t beat it
I’m Newark’s best kept secret
Slick talker, thick chick stalker
If you spit, I spit harder
Dope with the rhymes, when it’s beef I’m holdin’ the 9
If I get knocked I ain’t snitchin’ I’m servin’ the time

Chorus (repeat until fade)

[tags]Rowdy Rahz, Nev-ah, The Takeover Soundtrack[/tags]

My homie Mike Gatlin has some awesome videos on YouTube. This one is of his uncle in a Infiniti G35 Drifting. Talking to Mike, I quickly found out I’m not the only one to break 130mph on I-85. Hopefully I can get some vids of that up soon

[tags]Infiniti G35, Drifting[/tags]

Not much to say but Yikes

[tags]Stephen Hawking[/tags]

When I first read about How to be Invisible by J.J. Luna in a Playboy article, I couldn’t wait until it came out. If you judge a book by the cover you might be turned off thinking its one of the many shady books “get a new identity” genre.  They are usually written for people who criminals and they are basically some derivation of “Find some dead person and get their birth certificate”. 

Luna is very serious about privacy and his book is for people who are on the up and up who want privacy.  He makes it very clear that he wants nothing to do with people who are trying to use his techniques to facilitate law breaking or tax avoidance.  Luna lived under General Franco and if you read his bio, you find out the following:

     In 1959, J. J. (Jack) Luna sold his outdoor advertising business in the Upper Midwest and moved with his wife and small children to the Canary Islands off the coast of West Africa. Outwardly, he was a professional writer and photographer. Secretly, he worked underground in an activity that was at that time illegal under the regime of Generalissimo Francisco Franco.
�
     In 1970 Franco, yielding to intense pressure from the western world, moderated Spain’s laws, leaving Luna free to come in from the cold. By that time, however, privacy had become an ingrained habit. In the years that followed he started up various low-profile businesses, built them up and then sold them. 

The book starts out with a Quote, “Governments keep secrets from citizens, why shouldn’t citizens be able to keep secrets from governments.”  And that sets the theme for the rest of the book.  I highly recommend this book (make sure you get the updated version which deals with a Post 9/11 world).  He makes it very clear that there are a lot of folks out there who assume that just b/c you want privacy or keep things a secret, you’re doing something bad (and trust me – such people not only exist particular in law enforcement).  I reject that assertion and it’s easy to tear such an argument apart, but you’ll never convince people who like invading other’s privacy that they’re in the wrong.  And you can count on it, the more someone gets mad about someone else keeping things private, the more someone will use their position to invade other people’s privacy, the more butthurt they’ll get when someone does the same to them.  And the “If you keep secrets you have something to hide” crowd will cite every example like the one I’m about to use to back up their lame arguments.  They’ll claim that people like Luna are encouraging criminal behavior by pointing out how people could have gotten away with it.  Luna condems the law breaking in his example and so do i for the record, but that doesn’t invalidate his analysis.

Did you hear about Tiffany Tehan and Tre Hutcherson?  They were both married and living in Ohio but they weren’t married to each other.  Tiffany was in love with Tre and decided to disappear and start over with her lover.  the problem is, she didn’t tell her husband – she just said she was going to the store with their child and then took off, making it look like she was kidnapped.  Before long, she was caught. In a nutshell, here’s  what they did wrong according to Luna:

     1.  They allowed themselves to be caught TOGETHER in a surveillance video from an Ohio convenience store before they took off.
�
2.  Tehan used her ATM card and was also caught on camera there.
�
3.  Hutcherson traded in his VW the day before, and apparently put the new car in his OWN NAME rather than using a corporation, a trust, or an LLC. (Note to those in a hurry to buy a car—If Rosie Enriquez is paid online, she can often e-mail a scanned image of a shelf LLC within the hour.)
�
A fourth error may have been to check into a motel in Florida that required photo ID. And a possible fifth error would be to carry a cell phone without removing the battery.
�
I am of course not in favor of their actions but it’s always interesting to note how easily many such persons can be tracked.  Too bad for their sakes that they didn’t leave a false trail to the Canary Islands

So what would I have done? In addition to Mr Luna’s suggestions, I would have planned in advance. I’d start withdrawing a few hundred dollars a paycheck and stashing it in cash.  It’d have to be small enough your spouse wouldn’t notice but large enough that it could accumulate into a significant amount of money before long.  I’d also make sure I kept the money in small denominations for the most part.  One of the people should have purchased another car, a cheap but reliable one registered exactly as Mr Luna specifies.  I would load up on food and water and would even get two or three full gas cans which I’d put in the car before I left. neither of us would get out of the car for any reason until we were a few states away.  I’d make sure we only got gas (after our supply ran out) at old fashioned, out of the way stations.  I’d also don a subtle disguise, like a Gas Station attendant shirt or something that would make me look very ‘run of the mill’.  I’d opt to camp out for a while b/c national parks and trails are the perfect place to disappear for a while.  If no one was looking for your car, and you didn’t go into any big stores, you could easily disappear for a while and no one would think anything of it when they saw you.  After a few weeks, the hype would wear down and you wouldn’t be front and center on Nancy Grace. At that point, you could start re-integrating into society.  That’s why it’s key to have cash, and a lot of it, so you could hold yourself over for at least a month or so, the longer the better obviously. when you first started to come back in, you can find cheaper motels (which aren’t often very secure but they are low profile).  Then you could start working at one of the work pools or similar service that lets you work off the books.

At that point, I’m not sure where you’d go.  I can’t see any long term strategy that would work.  taking the kid is unforgiveable but it also greatly complicates things. Like it or not, the cops just don’t worry too much about missing adults especially when there’s no clear evidence of wrongdoing.  If you have a missing child though – not only does it attrack more attention in terms of being more conspicuous, it makes cops look a lot harder.  you could stay in some hellhole motel for years without being discovered if it was just two adults.  But throw in a kid and someone would probably call child protective services at some point (although Florida CPS is pretty  pathetic so they’d likely either lose your kid or turn the kid over to some sicko pedophile).  If you didn’t have the kid, you could easily skip over the border and live it up in Mexico for a while.  Or you could get over the border and then use your passport to get to Costa Rica or somewhere a little more liveable.  While there’d be a record of it, if you waited long enough, it’d likely not set off any flags that would get back to start (think about the Atlanta Attorney who had Tuberculosis – even with the flagging system in place, post 9/11, he was able to get through multiple airports).

No  matter how I try to slice it though – I can’t see how you could pull this off long term without a ton of money.  And even with a lot of money, I don’t see how you could do it with the kid unless you had enough money you could buy off border /customs agents.  In this case, every one of those wasn’t applicable so at some point, I think they were destined to fail.

Nonetheless, let’s say she and her husband wanted to skip town for legit reasons. Luna’s points would be totally applicable here and they’d be the difference between  getting away and getting killed (or whatever the reason was that would make you need to skip town). Just out of curiosity, if you wanted to skip town permanently and start over, assuming you had 10k saved up as of today and you didn’t have any kids – can you think of how you’d be able to do it long term?).  One thing I hope is that folks doing this will use Privicy and pay for it a few years in advance

I wonder what Evan Ratliff would have done differently? If you’re interested in reading about what it takes to disappear these days, make sure you read my post on it:

The other argument I typically hear is a reference to Evan Ratliff.  If you’re unfamiliar with him, here’s the rest of the story in a nutshell. He’s a free-lance writer and blogger.  He took a gig for Wired magazine that entailed disapparing for a month.  He was to try to hide out and anyone that found him would simply need to say the magic word, and they’d be privvy to a $5,000.00 prize. Ratliff gave it a great go, but before long he was caught. 

[tags]Tiffany Tehan and Tre Hutcherson, Tiffany Tehan, Tre Hutcherson, How To Be Invisible, J.J. Luna, Privacy, Atavist, Evan Ratliff, Disappearing[/tags]

Ms. Andrea R. Mitchell; Mrs. Carol Wilk Roubal; Mr. Christopher M. Mitchell; Ms. Claire E. Mitchell; Mr. Gregory Allen Mitchell; Mr. James Alexander Mitchell Andrea S Lootens Andrew Alfano Andrew Burdi CPM Andrew Cinque REALTOR Andrew D Sicko Andrew Dirga Properties Andrew Giancontieri REALTOR Andrew J. Fama Dr. Ivan Roubal – Chino Hills, California; Dr. Glen Rouse – Loma Linda, California … Dr. Andrea Rothe – Johnson City, New York; Dr. Lewis Rothman – Valhalla, New York Andrea Brose Cindy Roubal : Rufa Mae Quinto Gabrielle Lazure Ellen Ten Damme Keira Knightley Rachel Scorgie : Seana Ryan Laia Marull Jacqueline Pöggel Alex Andrea —Juliette Andréa —Janice Andreas —Starr Andreeff —Lydia Andrei —Ursula Andress —Julie Andrews —Brittany Andrews —Jacy Andrews Andrea Boykowycz, USA Andras Szigeti, Hungary Petr Roubal, Czech Republic Zoltan Vass, Hungary Taras Slobodyanyuk, Ukraine Vitaliy Levchuk, Ukraine

A guy by the name of Carlos Simon-Timmerman is a New York native. He’s also a fan of my friend and ultra hottie Lupe Fuentes. He was vacationing and bought one of Lupe’s DVDs while in Venezuela. He stopped in Puerto Rico on his way home to New York and that’s where things get ugly. According to Radar Online (and a ton of other sources which verify the story) he was arrested and charged with illegal possession and transporation of images involving a minor. The problem is, the images he had weren’t of an underage girl, they were of Lupe Fuentes. Lupe is currently 20 years old. She’s done some suggestive modelling prior to 18 but nothing that constitutes as porn. The DVD in question is called Little Lupe the Innocent: Don’t be fooled by her Baby Face and was made when Lupe was 19. Simon-Timmerman spent 2 months in jail and was on the road to conviction. Hearing of his flight, Lupe flew to Puerto Rico to prove beyond any question that she was of age and that she had been of age for over a year when the DVD in question was made.

You might think, how could this happen? I mean, it’s pretty easy to look her up on the Internet (I mean, she only has a few thousand twitter followers for instance). Anyone concerned with the truth could determine that she was of age by spending about 2 minutes on the internet. So how exactly did this happen?

An Immigration and Customs Enforcement agent was the problem.  From what I understand, being an Immigration and Customs Enforcement agent makes you an expert on all sorts of things which apparently includes Knowing the Ages of Porn Stars. The agent in question

had testified that Fuentes was “definitely” under the age of 18 in the video, as well as testimony from a pediatrician that had deemed her 100% underage; both of which Fuentes proved wrong when she showed up in court.

The agent was the one that caused the arrest and the agent’s testimony is what did him in.  The agent then went out and found an ‘expert’ to back up his story (Honest, I’m absolutely shocked that an agent would find some hack with credentials to help engage in a witch hunt).  Based solely on the statements by the Agent at first, Simon-Timmerman was arrested and once the agent dragged in his expert, the stage was set for this guy to go down. 

Lucky for Simon-Timmerman, his attorney was able to find Lupe and being the humanitarian that she is, she immediately flew down to help him out.  For the record, the Agent in question wasn’t the one who found her and the Agent never bothered to contact her or anyone representing her.

Think about what your life would be like.. You take a vacation and are scheduled to be back a week later.  You don’t return.  All that gets back to your office is that you were touring Latin America and were arrested for possession of child pornography.  What would you think if that’s all you heard and you were his boss?  What if all you knew was that he was arrested and there was a Federal Agent from Immigration and Customs Enforcement who repeatedly verified that your employee was in possession of child porn?  You’d no doubt fire the guy.  Now imagine being stuck in another country arreseted for a very serious crime. At the same time, you’re not able to keep your job and bring in any income. You could claim you were innocent but with a Federal Agent forcefully testifying you were in possession of child porn, who would believe you? Even if you got free after 2 months, you’re still in a world of crap.  You spend 2 months without work and a ton of money on attorneys just to keep from spending the rest of your adult life in jail.

The Agent in question easily could have checked into this. It’s plainly obvious when the DVD was produced.  Before ruining a guy’s life with what’s probably the worst accusation you could make against someone, you’d think the agent would have at least done a little bit of homework.  In the entire 2 months of time, the Agent had plenty of time to follow up on this.  But no, he didn’t.  If Simon-Timmerman was poorer and couldn’t afford such a good attorney, he never would have been able to contact  Lupe and would almost certainly be doing time based on this agent and doctor’s enthusiastic testimony.  Thank God he wasn’t poor and helpless.

So let me see if I get this straight.  An Immigration and Customs Enforcement jumps to the wrong conclusion  and goes on a witch hunt against an innocent man.  The same agent trolls around until he could find an expert that would ‘agree’ with his statement.  The agent makes claims of certainty that Lupe couldn’t possibly be of age( based on his extensive education I’m sure) which could have cost an innocent man a good chunk of his life and the agent never bothered to follow up on any of it.

I’m absolutely shocked that ICE Agents are this arbitrary and capricious – shocked and amazed I tell you. I’m absolutely shocked an ICE agent would abuse his position to hassle someone – say it ain’t so.. an ICE Agent would never do any of this.  I’m absolutely shocked an ICE Agent would make criminal accusations against someone without even determing for sure that a crime had been committed.  I’m absolutely shocked that an ICE Agent would find some hack ‘expert’ to facilitate the witch hunt. I’m absolutely shocked the ICE Agent was willing to destroy someone by making definitive statements they never bothered to verify. And I’m really absolutely shocked that a private citizen would have to spend a bunch of money defending himself against a bunch of dishonest and idiotic charges made by a venerable agent of Immigration and Customs Enforcement.   The only thing missing is few legally meaningless cease and desist demands from the agent to each web site publishing information about this incident.  The mere mention of an Agent’s name no doubt endangers the agent’s life and the lives of the Agent’s family right? And look at all those spam links discussing this story – Simon-Timmerman must no doubt be behind it all. Radar Online better watch out or they’ll get hassled by cop friends of the Agent.

Yah, honestly, this all just completely shocks me. It’s patently obvious this sort of stuff is freaking institutional at ICE  I really honestly can’t believe an ICE Agent would engage in behavior like this.

[tags]Carlos Simon-Timmerman, Lupe Fuentes, Little Lupe, Little Lupe the Innocent, ICE Agent Abuses, Immigration and Customs Enforcement Agent Abuses[/tags]

This post and all others on this site are subject to the current Copyright as well as the Sites Terms of Use. Any reproduction, duplication or publication without express written permission from the author is strictly prohibited.

Yesterday, I wrote a post describing a hypothetical situation where two adversaries were trying to gain intelligence on each other (Need someone’s email or access to their computer?). I would have written this follow up last night, but Sarah and I went to dinner a little late and by the time we got home, I was too tired to write. And when we arrived, there was a whole lotta Proliferating going on in our living room. So I spent the last 20 minutes of the evening engaging in some hard core counter proliferation of Poopy Nice Nice (I didn’t have time to conduct full Counter Proliferation i.e. Bungholian Analysis  so I have yet to identify the culprit but rest assured, it’s going down tonight) .  The Sausage Dog of Doom is a very evil Creature, but I digress.

In that post, I described a few different attack vectors and the +/- of each approach.  And I showed what one could accomplish if they loaded the right software on an adversary’s machine.  I did this without giving too many specifics to show people how easy this is to do. And I asked repeatedly, if you were the target, would this attack work on you?  I think in many cases it would.

Now, one of the key pieces isn’t technological, it’s Social Engineering. [Remember that humans are almost always the vulnerability that attackers take advantage of on successful exploits.  In all of Kevin Mitnick’s attacks, almost all of them were based on successful Social Engineering.  In The Art of Intrusion, he goes through a time when he actually used it to show some big shots at the Pentagon how vulnerable there were) A target might be reluctant to open any attachments that came  from you.  In this case, the ‘evil step mother’ didn’t respect the children’s privacy and would read through the kid’s email looking for information about the other parents or negative stuff the kids were saying about her.  So I showed how you might get someone like that to bite.  You put something intriguing sounding in the Subject line – something you know that would get the person’s attention. It should be enough to make sure they want to read more, but not bad enough it could be used against you.  Then, in the body of the message, reference some instructions in the attachment and make the contents sound like a smoking gun of sorts. Now, instead of trying to convince Maria to open the attachments, Maria will WILLINGLY and AMBITIOUSLY take it upon herself to open the attachment, which is how you could install the Keystroke Logger. B/c she has her eye on scandal stuff in the kid’s email, she isn’t thinking about possible infections. In fact, she’ll  likely bypass/ignore any warning the system puts up (assuming any were) b/c they really want to see what’s in the document. And b/c they took it upon themselves to do this, and b/c it’s the kid’s account they were looking through – they’ll be convinced it’s legitimate contraband and doubtfully will ever look back.  At this point, if you don’t put anything juicy in there, they’ll be mad and might smell a rat. On the other hand, if you give them too much red meat, they could use it against you. So meet in the middle. Come up with something that’s mildly offensive.  Something that you know will anger them (just b/c they get angry easy) but that a reasonable person would say Oh, come on, that’s really nothing to.  This gives them their pound of flesh and in this case Maria would be dying to get ANYTHING on Sallie, so she’d be satisfied with anything that she had where Sallie said something negative about Maria in.  Of course, you could just go nuclear, but remember that has the potential to be used against you.  If you don’t put anything in there, the target will wonder what’s going on and will be much likely to think long and hard about the attachment.  If you get them to do it themselves, and it conforms to their suspicions, they’ll never think twice about it. Remember, once you had the keystroke logger on their machine (Rather, I want you to think about what would happen if they got the keystroke logger on YOUR Machine), all of your passwords are probably theirs too. Any email or chat account is there. And God knows what can be mined from Email and Chat accounts.  Any Browsing. Any site passwords. Any banking passwords (heck, they’d even be able to see your challenge responses).  This is about as bad as it could get for most people.

While this is a hypothetical, you can see where stuff like this would really apply. what I was trying to show is the thinking you must engage in to get the other person to drop their guard. After all, once you got the keystroke logger, you’d be able to access their personal emails on external accounts like Yahoo, AOL, Hotmail or Gmail. You’d be able to see what sites they visited. You’d be able to see contents of Chats they engaged in. You’d be able to see documents they were typing.  In short, you would have a gold mine of information.  And if the target was indeed doing something underhanded, dishonest or immoral – you’d have all the details you’d need to crush them.  Even if it wasn’t admissible in court, you’d know enough information to help you ‘coincidentally’ send the right subpoenas or find the dead bodies and smoking guns. 

Let’s say you had the same case, but the adversary respected the children’s privacy. Or, let’s say there weren’t any children.  What would you do then?  One thing you could do is send a copy of a legitimate legal document to them (you could take a legit court document, insert the malware in there and be done with it. They’d be much more likely to ignore any warnings they got b/c it’s something they expect, from a source they ostensibly trust. And if it was discovered, the assumption would be that it started at the source, not with you). 

You could similarly send an ‘official letter’ to them with a title and subject that would make them really want to open it.  Or, you could spoof an email address pretending to be someone they knew (like a supervisor) and attach documents that look like something that might normally be sent.  Call their office and find out who is in charge of Payroll.  Look on the Contact Me form of their company to see the Email Address format that’s used (like FirstName.LastName@companyname.com).  Spoof that email and send a PDF with ‘Payroll Receipt for period ending XX.XX.XXXX”) And just put nothing in it.

If you used an exploit like this one found in Adobe PDF, the possibilities of what you could do are endless. Maybe instead of the boss, you could pretend to be their parents. And in the document, send it with a title that is something they might expect to get.  They open the document, it’s empty so they won’t think much of it, but they’re now infected and you’re able to log into their email accounts and read through everything. You could get extra clever and pretend to be a close friend or relative. Let’s say Maria had a brother named Bill – certainly her ex-husband would know this. Let’s say Bill normally used Bill.MariasBrother@hotmail.com – Sallie could create an account that’s Bill.MariasBrother@yahoo.com – she could spoof the From: part of the email so it comes from Hotmail.com. But she could use the Yahoo account for the Reply To.  Unless Maria is really savvy and pays close attention to this stuff, it’s doubtful she’d ever catch it (in fact, unless she hit reply, she wouldn’t ever even be able to see the Reply To)

Maria:

Hey, it’s me, Bill. I need a favor, Here’s a copy of something I wanted to get mom for her birthday.  (Common Friend) had some trouble opening it so if you open it up and it’s blank, try downloading the new Acrobat reader. If it still doesn’t open, I can resend it to you as an image format.  Let me know what you think. If you like it, I’ll go ahead and order it and sign all of our names.

Maria opens it and there’s nothing there. (Her machine is now infected and her worst enemy now owns her computer.) Because “Bill” already mentioned it as a possibility,  Maria isn’t suprised by the blank PDF document.  So she follows the instructions and downloads the latest Adobe reader and gives it one more try. Again, nothing. So she hits Reply on the email and says:

Bill, I tried opening the document, but couldn’t. I even got the new Acrobat but it still didn’t show up. Can you send me the picture instead?

This time though, it goes to the Yahoo account so the real “Bill” would never know of what happened. Maria already saw the email came from “Bill” originally, so it’s doubtful she’d pay attention the the Reply To address, especially when it’s so similar anyway.  Even if she noticed it, she very likely would just ignore it. ( I use a different Reply To address most of the time and have only had a handful of people ever mention it to me or ask about it. ) A few days later when they spoke, Maria would mention it to Bill. Bill would have no idea or think Maria’s talking about something else or that it got eaten in the spam filter.  When they synced up, chances are they’d just assume it’s spam when they couldn’t figure it out.

And even if they do, at this point, it’s too late. All the counter proliferation measures in the world won’t save them now. Even if they suspected something bad, it’d likely be at least a few hours later, and she’d almost certainly have checked her email by then. She almost certainly will have typed a password to the machine in by then.  So even if they suspected something – there’d be nothing apparent on the machine. By this time, the logger should be deactivated so it’d be really hard to detect (especially if they wrote it themselves, b/c it wouldn’t match any known definitions and even well known ones are good at hiding themselves). Even if Maria and Joe found it, they’d have no idea what it was or what it did and if it was homemade, they'd have to decompile it and have a savvy coder figure out what it did.  Doubtful.  But this would almost never happen. Most people just delete spyware assuming they can find it. How many people do you know that have spyware infections decompiled and looked through?  I’m a software developer and I wouldn’t even go through that hassle. In fact, I can’t imagine ever wasting that much time or energy on it.

Even if they did all of this, it would take forever. By then, the attacker would own their email accounts, chats and most other things.  Here’s the beautiful part.  Since the Logger is deactivated, there’s no indication it’s running (or very little indication).  Let’s say Maria decided to change her password (or just did it as a routine course of action).  Sallie tries to get in and it doesn’t work this time.  No problem.

Sakkue just goes to the configuration, tells the Logger to activate itself, and depending on the product, turn itself off once the file gets to X kb or shortly after the words http://www.aol.com or http://www.yahoo.com are typed.  While not 100% foolproof, this would be 99% foolproof and if somehow it turned off prematurely, Sallie could just try again.  If Joe and Maria cleaned the stuff off of there then it’d be game over temporarily, but it’s doubtful.  And once Sallie has the password, she can get into the email and do all sorts of things to help ensure the Maria’s computer gets reinfected.

Again, I ask you, if you were the target, how would you fare? If someone had a keystroke logger on your machine, what would they be able to discern? If they had all your email passwords, what would they be able to find?  If they saw your new passwords after you changed them, are you still hyper vigilant about checking the IP Addresses that access your accounts? What about the  PDF exploit? Would you think much about it if you got a blank PDF? What if you aren’t in a court case or criminal case.. well, do you think there aren’t criminals out there who’d love to clean out your bank accounts? If they had all your challenge question responses and passwords, what could they do?  Ask some of the victims of DB.Singles.Org who had their Paypal accounts drained (all b/c they reused passwords and ONE SITE THEY USED had weak security measures. Wanna bet at least one site you use has equally lame security?)

Take this stuff seriously and guard yourself against it, whether its a court case or your banking information, you don’t want to ever let yourself fall victim to this, especially when it’s so easy and essentially free to protect against. Spyware and malware are rampant and if you don’t take the responsibility for counter proliferation of spyware and malware on your machines, don’t expect anyone else to either. I know I make a lot of counter proliferation jokes but when it comes to proliferation of spyware, it’s not joking matter. Counter Proliferation of Dog Poop on the other hand, is definitely a joking matter – in fact, while Sarah and I were out at Dinner last night, we had a ton of proliferation  going on.

I have had a few people ask about consulting for them. I’m pretty busy but do have some availability to do assessment, audits and create a strategy to protect yourself with.  Contact me at blogcommenter@williamgryan.com to discuss this further. I’d be glad to help out with basic stuff for free, so feel free to post comments and I’ll do my best to answer them. If it’s more involved and will take some time, then just email me at the address above.

LET ME EMPHASIZE THAT NONE OF THE CHARACTERS DESCRIBED ARE REAL PEOPLE OR BASED ON REAL PEOPLE. THE ENTIRE STORY IS COMPLETELY FICTIONAL. THE ISSUES RAISED ARE REAL AND SO IS THE ADVICE (WHICH IS OFFERED FOR FREE, WITHOUT ANY WARRANTY BLAH BLAH BLAH) BUT NONE OF THE CHARACTERS ARE.  ANY RESEMBLANCE TO REAL PEOPLE IS PURELY COINCIDENTAL (THERE ARE PROBABLY MORE THAN A FEW FAMILIES OUT THERE WITH DIVORCED PARENTS, TWO CHILDREN, A REMARRIED FATHER AND AN EVIL STEP-MOTHER WHO HATES THE KIDS). THE NAMES, CHARACTERS, EVERYTHING – IT’S ALL MADE UP. AGAIN, EVERY CHARACTER AND THE SITUATION ARE JUST FICTION AND ARE NOT REAL PEOPLE OR BASED ON ANYONE REAL SO ANY SIMILARITIES ARE PURELY COINCIDENTAL)

This post and all others on this site are subject to the current Copyright as well as the Sites Terms of Use. Any reproduction, duplication or publication without express written permission from the author is strictly prohibited.

[tags]Email Security, Keystroke Logger, Internet Privacy, Internet Security, db.singles.org, Kevin Mitnick, The Art of Deception[/tags]

Bruce Schneier posted this earlier today and my draw hit the floor:

I really don’t know where to begin. Lock My PC 4 bills itself as a “better way to lock your computer”. The main product pages describes it as follows:

Lock My PC™ is an easy in use, powerful and compact tool to lock your computer from unauthorized use. When you leave your computer unattended, the program disables the hot keys (including Ctrl+Alt+Del), mouse, locks CD/DVD ROM doors and displays a lock screen. Nobody can access your system without providing the correct unlock password.

Unlike another similar computer lock software that cannot lock Ctrl+Alt+Del on a computer running Windows XP, our Lock My PC runs own keyboard driver to block such key combinations. Moreover, bulletproof startup lock guarantee that when your computer locaked at startup, this lock cannot be bypassed even in safe mode!

Why Lock My PC ?

You don’t like snoopers. They are always prying into your e-mail messages, programs, data, files, etc. Lock My PC allows you to lock your computer with a password while you leave it unattended. You can lock your computer manually, with a menu or hotkey, or set up auto lock when your computer is idle.

Hmmm, I guess one could overlook one typo on a corporate page, but looking through this, there are quite  few.   That alone might lead you to question their attention to details, something that’s absolutely critical for security software.

“Well Bill, they are probably from another country where English isn’t their first language. So just b/c they don’t have perfect grammar, it’s not fair to assume they are careless elsewhere.”

I buy that argument in principal, but either way I’d say it would make me look really carefully for other signs of carelessness. It might be unimportant b/c after all, English isn’t their first language or they’re computer scientists not English professors. 

This should clear up any confusion one might have as to how seriously they take security:

From: Bugs NotHugs <bugsnothugs () gmail com>
Date: Wed, 7 Apr 2010 04:23:55 -0600

---

Vendor: FSPro Labs [http://www.fspro.net/]
Product: Lock My PC 4 [http://www.fspro.net/lock-pc/]

---------- Forwarded message ----------

[request for help on locked PC]

Hello,

Please try engineering password:
19740619

Best regards,
FSPro Labs Customer Service

Technical Support  -- support () fspro net
Sales Department   -- sales () fspro net
Information Center -- info () fspro net

The support forum isn’t secure, anyone can browse directly to it.  And if you did, you’d be able to access a Master Password for their product that will let you unlock any version of it.  And I don’t mean unlock as in licensing – I mean Unlock as in Circumvent precisely what this product is supposed to protect against.

This would be patently irresponsible for a software company that sold software that had little in the way of security implications.  For a company that sells a security solution, it’s a sheer and utter disgrace.

I know people make mistakes. I know tech support people have high turnover so you frequently have new people with little product familiarity. I know tech support guys get gunned at all day by rude, annoying and/or idiotic people and often are willing to do anything to make customers happy.  But for this to happen, several things must be in place.

First off, the company has a “Master” password for all of their products. This isn’t item dependent (which would still be bad. Would you still consider buying this product if you knew up front it had a backdoor in it?). Any disgruntled former employee could access it, put it on the web or do God knows what else with it. Next, the password isn’t even kept very secret. If you’re going to have something like this which could expose all of your trusting customers to serious breaches, you should at least safeguard the hell out of it (although I’d maintain you shouldn’t have it at all). Next, the tech wasn’t apparently trained well enough in security to even realize what he was doing was ‘really irresponsible and dangerous.  And no one up the chain of command apparently reviews what their people say in the support forums so it’s stayed up there for a while. You might argue this isn’t necessarily true, it’s possible a higher up reviewed this and found it ok.  That’s certainly true. But if it is the case, it’s infinitely worse than them not reviewing what their subordinates are doing.  It’s one thing for a new low level support tech to make a mistake like this, if anyone who’s been there a while or has any position of authority were to do this – they don’t deserve to be in a position of trust like this.

Sadly, this doesn’t surprise me.  It was just a few months ago I know of a commercial web site that was breached by employing a SQL Injection Attack.  Mind you, this was in 2010.  How anyone can leave an injection vulnerability open after all the publicity is beyond me.  I also know of quite a few companies that do the same thing as this, some of which deal with very sensitive data.  They use master passwords (some even use SA and ‘password’ or the company name ) for all of their apps.  Many don’t ever change passwords, even after employees who knew them are terminated or leave.  And some of them even tell clients the master password, just b/c it makes tech support easier.  I don’t know what’s worse, a security oriented software company or a software company that handles private data for the government/banks/hospitals.  Either way, there’s no excuse for this.

IMHO, this will be the biggest impediment to cloud computing. At first, everyone will be thrilled by the simplicity and value.  Then there will be a high profile breach and many people will second guess the whole thing.  If there are enough high profile breaches, adoption of cloud computing could be seriously hampered.  Having worked or consulted with many software companies and having many friends who do the same, the sad truth is that stuff like this is the rule rather than the exception.  It’s almost always driven by laziness or ego (“No one is ever going to attack our stuff, how would they even know where to begin” or my personal favorite “It’s on an INTRANET, so we don’t need to worry about security”.  Think about the DB.Singles.org debacle (and think about how they ‘responded’)

Ms. Andrea R. Mitchell; Mrs. Carol Wilk Roubal; Mr. Christopher M. Mitchell; Ms. Claire E. Mitchell; Mr. Gregory Allen Mitchell; Mr. James Alexander Mitchell Andrea S Lootens Andrew Alfano Andrew Burdi CPM Andrew Cinque REALTOR Andrew D Sicko Andrew Dirga Properties Andrew Giancontieri REALTOR Andrew J. Fama Dr. Ivan Roubal – Chino Hills, California; Dr. Glen Rouse – Loma Linda, California … Dr. Andrea Rothe – Johnson City, New York; Dr. Lewis Rothman – Valhalla, New York Andrea Brose Cindy Roubal : Rufa Mae Quinto Gabrielle Lazure Ellen Ten Damme Keira Knightley Rachel Scorgie : Seana Ryan Laia Marull Jacqueline Pöggel Alex Andrea —Juliette Andréa —Janice Andreas —Starr Andreeff —Lydia Andrei —Ursula Andress —Julie Andrews —Brittany Andrews —Jacy Andrews Andrea Boykowycz, USA Andras Szigeti, Hungary Petr Roubal, Czech Republic Zoltan Vass, Hungary Taras Slobodyanyuk, Ukraine Vitaliy Levchuk, Ukraine

[tags]Security, Software Backdoor, Lock My PC 4, Bruce Schneier[/tags]

This week, I’ve been doing the single father thing. My mom and extended family always get on me about not staying in touch better, so at least if I update my blog they can follow along a little better.

Kim is up at Microsoft working with Sharepoint 2010 so I’ve been here with Sarah. This week has been an absolute blast culminating with a near perfect evening tonight. Kim gets back at 6:00 AM Saturday morning (flying into Charlotte) so I have to get to bed early tomorrow so I can leave at 4:30). So tonight was effectively the last night for us.

• Monday was the “let’s get ahead on schoolwork and everything night” so Sarah and I worked on some housework and then finished her Earth Day project.
• Tuesday was when the fun started..Sarah’s friend Diane is one of the coolest kids I’ve met so I took them to see Kick Ass.  It’s been a good 30 years since I went to the movies with 11 year olds but we really had a blast.  I’ve received a bunch of questions on Facebook about the appropriateness of Kick Ass.  It is rated R for the record.  IMHO, there were two scenes that were a bit much for anyone under 13, but it was borderline inappropriate. By that I mean, there was nothing in the movie they hadn’t seen, hadn’t heard and haven’t talked about before.
• Wednesday Diane’s family took them out for a while then Sarah and came home and finished up the Earth Day project.  We went over to Hollister to do some shopping and then came home and wound things up.
• Thursday (Tonight) was almost perfect. I have a release upcoming so I’ve been putting in a lot of extra time at work.  I owed Sarah a night out and since I was getting out of work late,  I took her to Ruth’s Chris in greenville to celebrate.  My office is about a mile away from the Crowne Plaza Hotel where Ruth’s is located.  I’ve always been a big fan of Ruth’s but somehow, I had worked right around the corner from the one in Greenville for several months before I found out it was there.  We didn’t get there until 9:15 so we missed the crowds (We’ve tried going there a few times before and w/out reservations, getting in can be difficult).  This was Sarah’s first time at Ruth’s but suffice to say, she’s a fan.  We both ended up burning our hands on the 500 degree plates at least once, but honestly, it’s not a bad problem to have.

Tomorrow will be an early night so nothing much is on the radar.  I’ve taken care of Sarah for a day or two before but this is the first time it’s been for a week.  All I can say is that it’s been a complete joy.  We got a lot accomplished, we had a blast, her mom is going to come home to an immaculate house with all the weekly chores already done and all in all, it’s been a perfect week.  I’m a work hard/play hard type and I think it’s safe to say Sarah is moving in the same direction. 

Tomorrow morning is the Earth day ‘parade’ at her school and I’m sure she’s going to make a big splash with her display. She’s been studying about the Great Depression at school and has been asking a lot of questions about it.  We have a deal where she’s to read one non-fiction book for every three fiction books she reads (It’s awesome having a child that reads as much as I do.  She’s a book fiend and well, I couldn’t be more proud). So I’m going to try to encourage her to read The Forgotten Man – A New History of the Great Depression by Amity Shlaes which I finished a few months ago. She’s always been a very curious girl but school only goes into so much depth on most subjects.  So we try to encourage her to do some additional learning on  the more significant topics and I hope she enjoys The Forgotten Man as much as I did (As much as we studied The Great Depression in college and then graduate school Economics, I learned a ton by reading it).

While all of this was happening, my beloved wife has been Pimping Sharepoint 2010.  It looks like she’s already surpassed me on it and she’s coming right at my ‘specialities’ – Enterprise Search and Business Connectivity Services.  Then to add insult to injury, she’s been aggressively picking up Powershell.  If she outskillz me on Powershell, it’ll nuke my ego and from the sounds of all the trash she’s been talking, she’s intent on making that happen.  Just to really rub it in she started joking about making herself an admin on our home network, booting me as an admin and then taking away all of my privileges just for fun.  As far as I’m concerned, that’s a declaration of war.  Which will get interesting b/c Sarah wants in on the game.  When the gals team up on me – I don’t usually fare too well.

Anyway, that’s this week in a nutshell. Everything was as smooth as silk which is good b/c I have a feeling Kim will be doing a whole lot more Sharepoint work out in Redmond. Even though she’s talking smack and taking over ‘my’ areas, I couldnt’ be more proud of Kim, especially with her getting out of the gate so early on Sharepoint 2010. Just a week ago, Sarah came home with another report card full of straight A and outside of school, she’s reading 2-3 books per week consistently.  I couldn’t be any more proud of her if I tried.

I guess that’s why I have the Sausage Dog of Doom to offset all the kick a33ness the ladies are engaging in.

This post and all others on this site are subject to the current Copyright as well as the Sites Terms of Use. Any reproduction, duplication or publication without express written permission from the author is strictly prohibited.
[tags]The Forgotten Man, Amity Shlaes, Crowne Plaza Hotel, Ruth’s Chris, Ruth’s Chris Greenville, Enterprise Search, Sharepoint 2010[/tags]