iSD in the Tech Age!

Net-self-defense, we spend an exorbitant amount of time on our physical defense training and then we forget that our lives are in just as much danger of "Grave Financial Harm" or Financial ruin (Death) as if we are attacked by a street predator. Research and studies show, from the security experts in this field, that Anti-virus and Firewall suites only catch about 5% of the threats out there and those same folks tell us that it is in all probability worse at the Enterprise levels.

My goal here is to educate myself, and by proxy, pass on what I learn to others so that each individual who is connected at any level can take steps to achieve some semblance of security in their electronic on-line lives. We are so deeply imbedded in modern technology that to not take appropriate actions to learn iSD or internet self-defense in the technological age is just foolishness.

My goal is to provide enough of a foundation that readers, like me, can take the appropriate actions, i.e., apply those fundamental principles of technological methodologies to safeguard one of the more important, actually critical, strategies and tactics to defend ourselves from grave economical harm or even economical/financial death or ruin from nefarious predatory hacking processes.

Nothing in this blog is definitive, it is meant to set a foundation of knowledge, understanding and awareness so that you are not one day blindsided by some effort to steal your very life out from underneath you so fast you feel like you have been hit behind the ear and knocked into a daze of confusion, fear and finally anger where your tech-life falls apart and ruins your real life utterly, completely and with no light in sight down that dark, empty and black hole.

Wednesday, December 21, 2016

Cyborg Revolution

Demolocke’s Agenda Article/Post Caveat (Read First Please: Click the Link)

Cyborgs are officially defined as, “A hypothetical person whose physical abilities are extended beyond normal human limitations by mechanical elements built into the body.” In our most modern of the technological revolution we are inadvertently creating another type of cyborg I define as, “A person whose physical abilities are extended beyond normal human limitations by mechanical elements ADDED ONTO the body.”

We as a species long before the agricultural, industrial and technological revolutions had all we needed to navigate, live in and survive the dangers of our world, the planet earth. Let me suggest an example that I read in some past research finding, i.e., the humans natural ability to navigate the world.

It suggested through a theory that was tested through research that humans naturally connected to the planets electrical grid that created the types of forces, such as negative and positive, etc., that actually allowed us to know instinctively where we were and what directions we would go such as north, south, east and west, etc., in traveling naturally without add on’s such as techno-revolutionary GPS and associated satellites. When returned to a more natural state of life in the proverbial wild our bodies and brains would kind of reconnect to nature and through that connection actually know where you are at any point in time and in any location. It was erie to hear the testimonials because it truly meant that we are, as a species, are losing out connection and touch with nature. 

Remember, in our brains, if we don’t use an ability that ability will atrophy and sooner rather than later simply stop functioning altogether. In a recent article I wrote about awareness and environment, a virtual kind, I suggested that to be aware of and conscious of our environments we had to change our perspective, a paradigm shift, toward that virtual world where our senses provided input data signals to our brains, etc. (You can read that article HERE). 

What I am suggesting is that we have fallen over the cliff of technology and have left ourselves vulnerable to all sorts of dangers that expose us to grave harm and death. We have and are adding on technology to further distance ourselves from our true natures as a species. We put on earbuds and add loud sounds like music to block out all the sounds of our environment, both positive and negative sounds. We focus our eyes on the small screens of those same devices that are pumping sounds into our ears further blocking out the sights found in our environment so we no longer see all around us for inherent dangers that may cause grave harm or death. 

We further exacerbate our exposure by using obstacles to block our natural need and critical socialization by using virtual social media so that we are no longer exposed to the closeness of others that are also a necessity of human survival by the creation of groups, etc. We are assuming that liking someone with a click of a mouse is the same as being exposed directly to a person so that our sense systems can detect, find and create close relationships that are further supported and validated by things like body language and emotionally mature interconnections that are impossible through media programs like Facebook. It feels like we are but is it actually creating those relationships so endearing and critical to our species survival? 

This cybernetic-techno-revolutinary path is actually creating a human existence with no real meaning or substance even if if feels like it is real. We all end up like the borg in Star Trek, all cybernetic-like entities pretty much oblivious to our surroundings with added on devices that distract, distance and socially condition us so that when external stimuli not of the techno-sources hits us we are surprised, unprepared and inexperienced resulting in a freeze response that cannot be broken so external dangers can harm us or kill us. Since that distance and obstacle includes the collective association of a group with appropriate group survival dynamics we lose that collective ability to survive in our world, we become targets of any and all predatory hunters and hunting. You can bet your bottom dollar that predators both human and technological-humans are gearing up to take advantage of such juicy opportunities that are becoming more obvious and more prominent in our world both physical and technological. 

Technology is and has been about supplementing our way of life, it is not meant to replace human needs and interactions, etc. As a tool it helps us to achieve our human goals but today’s add-on cybernetic-like devices is quickly dominating our very ability to act and survive in the world. WE should be in CONTROL of technology and technology should not be taking control of US. 

Think about it! It is closing in on us and only a matter of time before the added on tech is to be developed, changed and created to be added in or built in to our bodies. Can anyone say, Borg: “Resistance is Futile!”

Thursday, December 15, 2016

Why Security is a Big Deal

Article/Post Caveat (Read First Please: Click the Link)

Yes, security is and always has been a big deal not just tech-wise but otherwise in all areas and facets of our economic and personal/social lives. I worked in the security industry for almost twenty-five years and retired as a GS-11 Security type in 1998 so I have some sense of the need and critical use of security necessity. 

The problem in security outside of industries and disciplines that take it seriously for both … wait for it … overall security needs but also to the ramifications not just monetary as to budget but to possible economic, security and survival reasons. This is also why folks who applaud persons like Snowden don’t realize or understand what it means when someone goes outside the security and classification arena to express their emotionally ignorant beliefs on what they release. 

Once again, private industries who gather our data and fail to apply good solid security to protect it has failed miserably, i.e., now Yahoo has not just once, but twice, failed its customers with horrible security. 

In the tech-revolution we have made our selves and conditioned our society to depend heavily on technology such as cloud services, data mining and data brokerage, etc., but in ignorance. 

Listen, in business one of the main departments that hardly ever show profit is the security side of the house as well as the administration side although this side has support services that can be seen readily as beneficial. Security tho, is often treated as the bastard child because it does not show profit and benefit … wait for it … until … security breaches rise up and slam them in the throat. So, often security is given lip service and most gamble that they will never have to lose money and profit if some security is breached.

Now, in our modern tech-revolution the fact that predatory actions happen in milliseconds because of the speed and wide coverage of data by the Internet and Iot or Internet of Things means that security breaches can happen instantly, surreptitiously and often undetected until some person/customer or other mindful person notices something hinky going on … usually months to years after the fact. This is just not good.

Then there is this, “Must be first” mentality found in the industry where software, apps and other bells and whistles have to be pushed quickly out into the wild to keep ahead of the competition and keep the board members fat, dump and happy with profits. This means something has to be set to the back burner so the product can be put out there fast and FIRST to gain advantage and edge against competitors. Security is often at the top of the list and properly mind-state QA testing especially in regard to security is second on that list. 

One huge reason this continues even in the face of the new money industry of data brokerage is there are no repercussions of note or significance to drive the business toward making and developing proactive security measures, postures and software. There is only one motivator of value to them, money! Hit them hard where they hold profit and make it significant enough they won’t just assign it as “part of business” so they are hurt and they suffer on the profit side when security is found - lacking and vulnerable. 

This brings up our current security posture in the tech area, we are much like the police in this country who are conditioned to react over being proactive in serving, protecting and to safety of our cities, counties and country. The minute you become reactive to any dangers or situations where grave harm can and does occur along with potential violence you are behind the curve. You have to be proactive and there is no reason why the industry cannot become proactive in security after all the “Dark Web” of nefarious evil-doers are proactive not just in their own security but in their methods of attack as well such as viruses and phishing efforts. 

No wonder Yahoo got whacked, they were complacent in their efforts to secure things properly and they got by for a lot of years but now that the predators of the dark web have such instant ways to garner resources and effect, if they wish, effect nefarious processes against anyone, anywhere and regardless of the physical securities out there such as police, neighborhood watches and home security systems (not going to start on this one since this product is now connected by the IoT, arghhh). 

It is time to require and enforce security measures at all levels of the technological industry and it is time to make the profits gained from such efforts as data mining to the data brokerages less profitable without adequate proactive security measures. 

Speak up to your representatives and let them know that you are tired and not going to put up with it anymore, you want adequate security measures at ever level of the industry possible from the IoT’s to your accounts and especially to your personal data. It is also time for us, the users, to take up our own personal responsibility in our own Tech-Sec (Technological Security) by learning about how security is breached and what personal actions we can take to support and reinforce our own security of data, etc. It is our responsibility as well as the industry, don’t buy or use any tech until you are assured of its security and remember, just like todays news media you have to fact-check, i.e., in other words seek out information as to the validity of such security measures such as reading KrebsonSecurity site. 

Read this: 14: Yahoo: One Billion More Accounts Hacked

Thursday, December 1, 2016

The Dangers of the IoT

Blog Article/Post Caveat (Read First Please: Click the Link)

It’s been out there for a while but, at least to my perception, until recently it has not gotten the press or attention it should have received. It just tells me, personally speaking, that almost every component, big or small, that relies on updates through the network via a back door by the manufacturer is vulnerable and usable by those nefarious predators out there hell bent on doing harm, they are either/or/and process and/or resource predators and they are a danger to all of us connected. 

Krebs on Security has provided, and suffered the slings and arrows because of the articles, another article that informs us once again to the dangers of the IoT, the Internet of Things. I suggest every person/reader/listener to contact their representatives to push for some form of effort to get those who make all those IoT’s to secure them by default and set up some secure method to use security to open/close when a need to patch or update. 

Here is KrebsonSecurity’s article, read IT HERE. And, so you may remain informed he also provides an initial list of who makes the IoT used for such nefarious attacks of predatory origins. 

Bibliography (Click the link)

“In order for any life to matter, we all have to matter.” - Marcus Luttrell, Navy Seal (ret)

Wednesday, November 2, 2016

I HAD a Great Software Product

But, thanks to the “Unusual Business Practices” of the software company that software is now gone. I paid a large sum of cash to purchase that software package and after a crash tried to reinstall the software only to find that the software company had not just taken the software off their market but set it up that when you try to install or reinstall it, it connects to their servers where you get a message that the license is no longer valid. What happens is if you want to get a replacement you have to shell out more money for a more complex and higher learning curve set of software programs. This really sucks.

I had used this piece of software for over a decade. It was simple, easy to use and the learning curve was the shortest I have ever encountered in my time testing out such software programs. What piece is it, well it is a simple program in the same area of other like programs such as Photoshop. It is NOT photoshop because that is still out there but it was a program that when coupled with other like development programs made life easy, fast and productive.

I found a open source program that some say is similar to the one taken from me unawares but it isn’t, it is not the simple, easy and short learning curve, it requires a lot more work to use in creating certain types of graphics.

I can’t help but wonder why the company decided to trigger the license as no longer valid for an old program they no longer sell or support except I can theorize that they wanted everyone to buy their new, improved and yet most difficult to learn programs. It seems that a deliberate programming effort was created to force people to upgrade but here is the rub, the old software was all I needed “ever” and would have served me for many more years so it bothers me that they would create a license killer sub-routine. It pissed me off so much that I went open source for a replacement and all the other programs on my work machine (the old program was on my personal machine), we use the same vendor for work, that I refuse to use those packages and refuse to lead them on my workstation (I removed them all from the machine after my old program was killed by the vendor).

I have seen or observed other vendors going this way by using the cloud installer where they check, it appears to check your machine for old software, then possibly kill your bought and paid for life licenses. That sucks! It is a bad business practice and when it becomes more prominent in software purchases I hope the buyers protest vehemently. 

Monday, October 10, 2016

IoT Security

Take a read at KrebsonSecurity for the article HERE. I recommend reading it then I also recommend taking a look at the devices you have at home and/or at your business. Since certain sources are selling less than secure devices, some that I feel were deliberately created to allow surreptitious access, to our companies who are using the devices as a part of a package puts us at risk.

If we as individuals, for it is us the individuals most at risk and who will pay the highest price of such insecurities, speak up and have both those companies as well as our legislatures, etc., take a positive role in making the IoT more secure and those that fail pay large sums of money, the sums that really hurt in relation to the offender be it individual or large business, then we will have gone a long way to create a more secure, a more safe and a more profitable Internet environment, both the surface we all see and the U-verse hidden underneath. 

The idea is to hinder all those fly-by-night predators that rely on the more nefarious ones who create ways to use and circumvent security in software, hardware and all the related IoT’s. 

Just sayin!!! Oh, and those nefarious dudes who are making IoT products the way they are, all such devices being imported must past rigorous testing before being allowed and then having a tariff like tax added to pay for it all. Just sayin!!!

Wednesday, October 5, 2016

The IoT or Internet of Things

Things being the operative word, things that are usually not secured or controlled well. These are things that help us with the Internet but are often not accessed or utilized by humans, they sit once installed and do their work while we spend our time on our computers doing stuff that travels through these things. 

Note that the source code that powers the “Internet of Things” (IoT) botnet responsible for launching the historically large distributed denial-of-service (DDoS) attack against a variety of businesses and others. 

Here is a list, short or terse, that will allow you to fully understand what the IoT’s are:

ACTi IP Camera, ANKO Products DVR’s, Dreambox TV receiver, HiSilicon IP Camera’s, Panasonic Printer, Various Routers, Xerox printers, or in other words, “The Internet of Things (IoT) is the network of physical objects or "things" embedded with electronics, software, sensors and connectivity to enable it to achieve greater value and service by exchanging data with the manufacturer, operator and/or other connected devices.”

Our drive to become connected requires a certain speed of manufacturer and along with even speedier research and development the products must by this nature reach the Internet and us as fast as inhumanly possible leaving humans in the lurch and under their control, a control that comes from the manufacturers, businesses, and etc., that drive the data mining and data broker business and drives other ancillary businesses and all outside our control and with little or no security other than theirs to protect them while leaving us, the customer and humans, out in the wild exposed to predatory predators.

It is becoming so pervasive and intrusive that soon criminal activity will migrate from the real world and into the virtual one because predatorial-criminals will no longer need to expose themselves to grave harm, death or other repercussions because finding them, arresting them and the prosecuting them due to technological wonder they are obscured from those seeking to find and arrest. 

The IoT is connected to you, your house, your devices like DVD’s and Televisions; also all the new devices like frigs, microwaves and all other persona accessories will be connected. Your medical and medicinal information is connected. Your personal activity connected, monitored and data-mined by the data-brokerages; remember that when your home is connected there is always the ability of “Someone watching you”; all sorts of devices connected to your phone that control things like your money, your identity, and things like heating, ovens, automobiles and even your plants - all connected and exposed as a part of the IoT, the Internet of Things. 

Remember how in the movies, like Tom Cruise’ in “Minority Report” where his every move was trackable resulting in so-called eye surgery to fool the IoT. Remember a more recent movie with Pierce Brosnan in “I.T.” where a nefarious emotionally disturbed employee used all his connectivity, through installed IoT, to wreak havoc on Mr. Brosnoa’s character Mike Regan. We used to think watching such “Science Fiction” that this would be both cool and horrible and now with today’s tech and the IoT, it is happening today and we are oblivious simply because our nature, triggered by certain influence manipulation professionals, has us feeling we need, need, need all this before anyone else like “The neighbors, the Jones” syndrome.

So, go ahead, jump on out there, become the person everyone envies who has everything, create that internet technological status but remember, there are nefarious predators out there that will use such as the IoT to attack you, take everything you have and leave you wondering and looking guilty as hell to everyone else who was previously envious of your status. 

Good Luck out There or as an old show would say when the police officers were headed toward the street, “Be careful out there!”

“In order for any life to matter, we all have to matter.” - Marcus Luttrell, Navy Seal (ret)

Wednesday, September 7, 2016


In the world of security often those who are unable to see the criticality of such security tend to lean heavily toward convenience over security. Security takes effort and it often places extra requirements when working with sensitive information and most don’t want to take that time or effort to achieve that goal so they tend to dismiss, avoid and circumvent such security measures for extra convenience when performing duties involved in daily work. 

Convenience is a killer of security, the bottom line for profit is also a killer for security and security generally is ignored because it reduces profits rather than increase profit. It isn’t until security is compromised and data/information, etc., is stolen that suddenly the bottom line is adversely effected then causing those in positions of influence to suddenly scream about ‘where is the security’?

Even in the dark underworld of the Internet where security is taken seriously and from the start there is no true secure system as shown from a recent article where bit-coin services were hacked and robbed with not one iota of a chance those who had those coins can be redeemed. The only true security is to unplug from the Internet and because of the invasiveness of inter-connectedness that is no longer a guarantee. 

The only way I can see that security can even achieve a modicum of protection is by those in charge making security the highest priority in the creation, development and coding of all Enterprise Applications, etc. It is also necessary to provide harsh repercussions when the code is compromised even at the lowest levels. Gratification, convenience and profit must take a back seat to security for if not security breaches of the future will be so costly that no one can make a decent profit except those who are on the receiving end of such predatory thievery. 

For instance, even apps for the phone or that ‘rented cloud based software program’ we use daily, if you are compromised while using it the coders who created it must be harshly fined by their parent company and the parent company must be harshly fined at levels commensurate to their levels of profit - the real profit and not the obvious presented profits. Enforcement shall be harsh enough where actual jail time is possible starting at the highest levels of said parent company. 

Failure to provide adequate security is just plain stupid and irresponsible and that irresponsibility and stupidity shall be harshly dealt with from the highest levels on down to the actual coders. Everyone at every level shall “OWN” the security of their work, write out in long hand their responsibilities and then frame, hang in a position to read daily and then live the acceptance in all they do - security is foremost in their minds and the first thing they work on at the beginning of every days work. This starts with the CIO/CFO and trickles down to the fledgling coder in every software and associated company. 

The actual hand writing of the contact of promise to security shall be televised so that every customer or potential customer can bear witness then the hand written personal contracts are to be stored in original form electronically and displayed prominently on the company web sites and other such ‘company face’ and used to remind the individual they own security in all they do for they control the screens, control the code and control the Internet for good and evil. 

Only when such responsibility and ownership is created, assumed and witnessed can security become secure through diligence, effort and ownership of every person, persons and leadership. Until that is achieved such security breaches as at the OPM recently addressed at Kreb’s on Security can such compromises be, at a minimum, mitigated and prevented. 

“In order for any life to matter, we all have to matter.” - Marcus Luttrell, Navy Seal (ret)

Tuesday, August 30, 2016

Hyper-mobility and more

In a recent finding, the below pdf link gives you the excerpt, I came across the following while researching human pattern recognition. You may find this … enlightening!

Wednesday, August 10, 2016

Information becomes

Information becomes increasingly accessible via the internet, so, too, does misinformation. Conspiracy theories and pseudoscience, which might otherwise be relegated to fringe publications, permeate Facebook and Twitter feeds. But connectivity can also provide quicker explanations – if NORAD had email in 1967, the "solar scare" probably would have been over before it began.” - Joseph Dussault

Wednesday, July 27, 2016

It’s a Hassle, It’s a pain and it Plain Old Sucks

Blog Article/Post Caveat (Read First Please: Click the Link)

But it is the way of our modern world, you have to take responsibility for your own financial security. DO NOT RELY on others to safeguard your financial stability and security. Yes, use the services but don’t just join up and then forget about it because in the end it will be your ability to remain aware of your security status and it will be your ability to remain aware that will stop the attack long before the others can and will do it for you. 

I use security software but I also know that the software security driven safeguard models are just like all coded models, they are full of holes and glitches and other points in the code that any good hacker can exploit. That includes all those services who rely almost solely on the coded programs to run their security businesses. Again, not saying don’t use them but am saying, “Make it your mission in life to keep tabs on all your financial sources, banks, cards, and other financial stuff that are exposed to the Internet and to those coders who know the flaws and understand that the code is coded by humans and humans are flawed. 

Yes, the world today is controlled by the code and the coders but remember that there are good coders and bad coders and nefarious coders out there. Remember, one major operating system always uses the selling point of how secure their next O/S is until about an hour after its release that nefarious coders communicate and broadcast the flaws that allow security breaches.

So, yes it is a hassle, it is a royal pain in the arse and it does just plain old sucks but if you want to secure your financial stability then take on the responsibility by learning how it is done, how you can protect yourself and then monitor, monitor and yes once again - monitor all your finances, etc. 

Credit Cards: As an example I use a type of statement ledger to track every credit card expense as I make the change and when my statement arrives I match them all up and ANY anomaly I call the credit card company to get feedback on who, what, when, where and how a charge is placed on my account. There are many things you can do above and beyond those service companies who preach how they will go the distance for you and remember that the distance they go will only go as far as their bottom line - they are a business and making/keeping their money is their goal. 

I advocate layered security models. As a retired physical security manager/specialist I can tell you that layered security models work best. Start with the effort you put into your personal eSecurity posture both on and off the Internet. Then find those security models you can add on the enhance our overall security posture both on and off the Internet. Then monitor, monitor, monitor, monitor, and monitor some more. The faster you discover the security breaches the faster you can stop the flow out of your pockets and the faster you get your financial security and stability back. 

Having the ability to lay blame on others when your money disappears is fine on an emotional egoistic level but it won’t stop and put back the money you are bleeding out while hoping, praying and assuming that others will get it all back right for you. 

p.s. Keeping informed is one way to remain aware and as an example I recommend Kreb’s on Security, you can go to his site HERE (, because he has consistently provided me, personally as a daily reader of his blog, information I have implemented to safeguard my financial world. Just remember, it is not the only thing and layer your education sources as well to get a more rounded and complete picture of the danger out there. 

“In order for any life to matter, we all have to matter.” - Marcus Luttrell, Navy Seal (ret)

Don't let your finances get caught in the pull of that black hole!

Tuesday, July 26, 2016


Honestly, if your email service is not on the DMARC wagon maybe you should find one that is AND if you are a business then whoa, what the ? If you are a user like I am and concerned about things email then at least go to the two sites below and get a better understanding of how this can help. 

Friday, July 15, 2016

The Dark Web - the darker side

Blog Article/Post Caveat (Read First Please: Click the Link)

Since criminals also make use of the benefits of secrecy to prey on us in the regular WWW it seemed apropos to say that when hit by those predators it means pretty much that our money, our economic status as well as wealth, is caught up in a dark-web ‘black hole.” Nothing escapes once the gravitational pull of that black hole latches on to you and yet most of us surfing the White Web tend to remain ignorant to the dangers luring below the surface, that division between the White and Dark Webs because the dark side has the skills and abilities to reach up through that surface that hides, latch on to you and pull you toward its black hole where the black, the darkness, will consume and absorb you and your life as if you never existed.

The reason I use this analogy is because our protectors and enforcers of the legal and rightness of our way of life are ill equipped, lack appropriate knowledge and understanding and remain with their heads hidden in the sand to the dangers of such predatory efforts hidden and protected by the very same things that should be here in the White Web protecting us against them.

Beware the Ghost in the Code!
Now, that may sound like I advocate a focus on “others” protecting us and please don’t take this personally but I am not, they should be an intricate part of a layered security of the White Web where the first line of many levels should be YOU, the USER and the actions YOU TAKE when using computers and when surfing the Web. 

Here are a few links to what I consider the best security blog on computers and the iNfrastructure of the electronic age, the iRevolution. Kreb on Security:

If you find his articles above of interest consider following his blog, KrebsonSecurity, on a daily basis. As an IT expert of over twenty years I find his information refreshing, current, beneficial and critical to my personal online and computer safety and security.  

Hat tip to KrebsonSecurity as the inspiration for this post.

Tuesday, June 28, 2016

WWIII - eWars

Blog Article/Post Caveat (Read First Please: Click the Link)

I was quite surprised when studying Boyd’s modern art of war, his discourse on winning and losing, that even in his time long before data mining and data brokers took such dominance in our electronic world he developed the art of war to cover the Internet Electronic Frontier. The only issue I was able to detect, limited and inexperienced view, was his tendency to couple such electronic wars to the more conventional maneuver type of warfare. In my humble opinion, the future eWars well be totally and completely electronic while repercussions will be felt in the physical world.

In my humble opinion we are already at war with the dark-web, i.e., the more nefarious efforts of those who would remove us from our hard earned income through spam, phishing and other electronic predatory efforts. They are already crossing over from pure electronic warfare to one that hits in the physical world as well.

Yet, that ain’t all folks because the efforts of those who would and desire to free us from the bonds of our physical economic and governmental trappings would create an electronic world that is just as susceptible to the faults of man and human greed. In lieu of those who have control of the economic world trough the trappings of wall street would become the eWall Street thieves, those who control the code. 

Things like bitcoin and other such efforts while commendable and seemingly beneficial even spread throughout the code by dispersed coopted coding efforts still puts that power in the few in lieu of the many because not everyone can be coders or experts in such electronic worlds. The masses will still be subjected to and controlled by the whims of the governing eBody of the internet, the one we see and use and the dark web seen and used by others. 

As we continue to be connected and become totally dependent on those electronic worlds the old world may disappear and lose its control on humans but only to the effect that the power structure will shift and barely change. It will be the code and the coders who will now rule and dictate and you can bet your bottom bitcoin those powers will be used in pretty much the same way the old power structure use their power base to control and profit, etc.

If I had to bet against a military electronic driven fense in eWars vs. the Coders my bet would be on the coders because the most talented of the talented are the very people leading the change in the dark world of coding, that secret society that is there and slowly taking over the Internet Foundation Economy that is growing by leaps and bounds under the false belief that when said and done will allow the masses control and removing the yoke of governments. 

Boyd does have a great plan and modern art of war called the discourse but to truly win this one you have to change human needs and human flaws that seem to take us back again and again into the same old yoke but with a different collar to disguise the same obstacle and flaws that nature and evolution may never be able to shake and change. It is our nature and it is how it will be yet with different leaders, same of sheep following and with seemingly different yet the same old human crap that has haunted societies for centuries, since the dawn of man. 

Bibliography (Click the link)

Tuesday, June 14, 2016

ATM Self-Defense

Blog Article/Post Caveat (Read First Please: Click the Link)

With more and more banks resorting to technology to do bank business, i.e., not only teller’s becoming just another teller machine in the bank but fees when you do use a human teller along with other fees to make MORE money by banks, it has created an industry of what one reporter is calling “Deep Insert Skimmer w/Hidden Camera” scams.

So, as stated in the article, there are some things you can do to thwart those skimmers such as first and foremost take defensive actions against the hidden camera’s. When you push in and remove your card you often just punch in the pin numbers but in reality you should use one hand to cover up the pad before you enter the pin. Take a look at the machine you are using, the article talks about the false overhead panel for the hidden camera so obscure the pad as best you can to hide your entry from a many angles as possible. Also, move in close like I do so your head and upper body obscures the pad not just from the above hidden camera but any camera that may be located in proximity to the machine that could capture your entering your pin.

Now, as to a general self-defense methodology use the above as well as the following:
  • Keep your wits about you when you’re at the ATM, and avoid dodgy-looking and standalone cash machines in low-lit areas, if possible. 
  • Stick to ATMs that are physically installed in a bank. 
  • Be especially vigilant when withdrawing cash on the weekends; thieves tend to install skimming devices on a weekend — when they know the bank won’t be open again for more than 24 hours.
  • Covering the PIN pad with your hand defeats the hidden camera from capturing your PIN — and hidden cameras are used on the vast majority of compromised machines (see the above paragraph for a reminder on obscuring the pin pad, etc.)
Remember, relying on technology to provide you the security and peace of mind against such trickery is just not good. You need to remember that the best security you can depend on is, “Yourself,” and that means reading articles like, “KrebonSecurity,” and my blog because the best security you can achieve is knowledge and understanding along with a concerted effort to live and work that security model. Every single new technological security method, model and code is only as good as the human programmer(s) who create it and since humans are inherently flawed so are the programs and software and hardware they create. Humans also are very clever and creative so once a new technological security program, etc., is released there are about twenty times more creative people out there finding ways to crack that very software. 

For us humans who are diligent in our security our greatest strength is our due diligence and continuous effort to learn and understand and implement while our greatest weakness is our social conditioning that leaves us susceptible to social engineering so - ‘Be careful out there!’

Bibliography (Click the link)


The previous article has a link to a more comprehensive one about skimmers and you should note that this is just not bank machines but also other card reading devices to include a portable one some waitresses will use for your credit cards, i.e., read the magnetic strip and then write down the three digit security code on the back. Read Article HERE

Simple but effective security precaution of covering his hand when entering his 4-digit code. The last few minutes of the following video show how to cover the pad with your hand to enter your pin:

It’s a good idea to visit only ATMs that are in well-lit and public areas, and to be aware of your surroundings as you approach the cash machine. If you visit a cash machine that looks strange, tampered with, or out of place, then try to find another ATM.

Tuesday, May 10, 2016


Blog Article/Post Caveat (Read First Please: Click the Link)

I thought I had heard a lot of things on the Internet being an IT guy but not until I read an article in the news today where someone mentioned the term, “Click-bait.” I wondered if that were something created to sensationalize the article but I found it defined when doing a search.

Click-bait is content (on the internet), especially a sensational or provocative form, that has a purpose of attracting your attention and to draw you and others toward particularly gifted web pages, i.e., the kind of gifts that keep on taking while you sit there clueless and dumbfounded trying to figure out what you missed and why you are not reaping benefits you may have thought you would get. 

I quote, “Clickbait is a pejorative term describing web content that is aimed at generating online advertising revenue, especially at the expense of quality or accuracy, relying on sensationalist headlines or eye-catching thumbnail pictures to attract click-throughs and to encourage forwarding of the material over online social networks. Clickbait headlines typically (eye-catching headlines that include exaggerations of news events, scandal-mongering, or sensationalism) aim to exploit the "curiosity gap", providing just enough information to make the reader curious, but not enough to satisfy their curiosity without clicking through to the linked content.”

When I see or hear of this I think on the old show, “Madmen,” that infers that those who create the hooks tend to make them so enticing and so that they trigger certain parts of our brains that we find it very difficult to see them for what they are and to avoid them. 

We have come to instinctively click our mouses when your hindbrain, our monkey/lizard brains, perceive outside our conscious mind something like clickbait we have already clicked the link - toooooo laaaatttteeee!

The only way to combat this type of baiting is to teach ourselves a bit of click-discipline. We must remove our hands from the mouse when we enter a web site, analyze the page and all its content both obvious and hidden in surreptitious links and then decide, like counting to ten before clicking, whether to go somewhere or ignore or leave the site. 

Bibliography (Click the link)

Don't take the bait!!!!

Wednesday, April 13, 2016

Personal Internet Survival Actions

Steps you, as a user of networked devices like your computer, cell phone, iPads, etc., can take to reduce your exposure to criminal activity up to 85%. 
  • Application White List: allow only specifically authorized programs to run on your systems.
  • Block all unknown executable files and install routines.
  • Patch, patch and patch all devices automatically on a daily basis minimum.
  • Patch/update your Operating Systems automatically on a daily basis.
  • Restrict admin privileges on all your devices and spend your time as a basic user while emailing, surfing and shopping, etc.
  • Login as admin only you install new software or make system changes. 
  • Update frequently.
  • Make passwords long and complex.
  • Download from only known official sites. 
  • Use admin accounts with care.
  • Turn off your systems when you are not using them.
  • Encrypt your digital life. 
  • Protect your data both in storage and in transit across the web, encrypt.
  • Use common sense with all your e-mail. 
  • Don’t use USB from sources other than yourself.
  • Back up data frequently.
  • Cover up your camera features on your computers and other networked devices.
  • Sensitive browsing, i.e., do sensitive things like banking and shopping on computers that belong to you and avoid using wifi hotspots or unencrypted wifi at your home or work.
  • Think, before sharing on social media and networks. Think, before sharing on social media and networks. Think, before sharing on social media and networks.
  • Use the OS built in firewall. 
Bibliography (Click the link)
Goodman, Marc. “Future Crimes: Everything is Connected, Everyone is Vulnerable and What We Can Do About It.” Doubleday. New York. 24 February 2015. 

Surviving the Internet of Things

The list is partial and will grow but this is a good start. It will only come about when humans/users begin to realize, through eduction and understanding, the threat and grave losses all of us incur and will incur if we don’t take corrective actions very, very soon. 
  • Insist on secure software.
  • Require damages for non-compliance for secure software.
  • Reduce/Remove unsolicited data source storage and collection.
  • Secure those data sources with same damages for non-compliance.
  • Kill the password.
  • Encrypt code and apps by default and apply same damages for non-compliance.
  • Educate the users.
  • Required layered security involving technology and humans/users, apply damages for non-compliance.
  • Make cyber-security a lawful requirement with damages for non-compliance on all Internet Access, etc.
  • Make cyber-security a human-centered designed oriented thinking. 
  • Build more robust, responsive, and flexible defense methods for the internet, code, apps, programs, etc.
  • Practice good cyber hygiene by practicing safe tech, i.e., ways to teach, train and practice by users with reminders about practicing good computer skills.
  • Users take stewardship over their networks and devices, take personal responsibility and apply monetary fines when they fail.
  • Provide the public with proven methods of cyber hygiene to protect themselves.
  • Perform proactive network monitoring to detect infections and outbreaks of malware, etc. and apply damagers for non-compliance, etc.
  • Provide global incident responses by experts as required and coordinate globally efforts to isolate sources of criminal activity by Crime, inc. and the uVerse hacking predators then levy high monetary damages for failure to comply. 
  • Develop rapid-response systems for new dangers like a bioterrorism creating new biological viruses, etc. and apply monetary fines for non-compliance at levels commensurate to the business/systems funding, etc.
  • Create a worthwhile incentive program and competition for global security at a level at least commensurate to that of the criminal world. 
Return often to see additions to this list, mark it with a bookmark in your browser. 

Bibliography (Click the link)
Goodman, Marc. “Future Crimes: Everything is Connected, Everyone is Vulnerable and What We Can Do About It.” Doubleday. New York. 24 February 2015. 

Monday, April 11, 2016

So Little Effort

It used to be a predator had to assess their targets and would need to weigh the odds of whether they would have success or whether they would be caught.

All you had to do is use appropriate awareness, adequate knowledge and project an aura of competency, etc., that you are not an easy target and the predator would move on to easier pickings.

In our modern tech-crime era none of this applies. The ePredators just don't consider or care about the human equation, coding cannot see, hear, touch of FEEL the human conditions. There is no need to “other a target” because they already see thier efforts as a coding exercise and challenge and the humans behind those challenges in coding just don’t even exist in their minds. 

You can be a person of great skill, ability and experience in self-defense in our physical world and yet in the uVerse those traits mean nothing. The only challenge they face are getting caught and that is slim to none, in other words the rewards literally dwarf the chances of getting caught, prosecuted and jailed. 

It takes very, very little effort on a ePredator to build the code and make their move. They don’t even consider whether the protection is adequate or strong because it comes down to a matter of a few milliseconds of effort, in the code running that is no effort although it does require bandwidth and computing power, to a few seconds. 

Bibliography (Click the link)
Goodman, Marc. “Future Crimes: Everything is Connected, Everyone is Vulnerable and What We Can Do About It.” Doubleday. New York. 24 February 2015. 

Eagleman, David. “The Brain: The Story of You.” Pantheon Books. New York. 2015

Friday, April 8, 2016

Biometric Identification

Don’t be fooled by the ads saying biometric identifications are foolproof, that criminals cannot compromise them because it has been proven that you can compromise them, big time.

There are a variety of clever ways it can be done both tech-wise and sneaker-wise (using sneaker much like the old sneaker-mail meme, i.e., a non-tech method of copying and using your biometrics to circumvent security protocols for nefarious purposes. 

Hey, I wear hearing aids that use bluetooth to connect to iPhone apps to control how the function and guess what, bluetooth has poor security protocols and anyone with the appropriate software can turn on your bluetooth in the aids and hear everything you hear, talk about eavesdropping, yikes!

I won’t tell you how they bypass your own fingerprints, retina prints or other biometric venues used for security but remember, the moment you add the biometric function to any security model it is hackable. 

This brings me to how you can protect your biometrics, don’t allow them to be used in tech-security. But guess what, that won’t do the trick because, if they want you they will get you so the best security is to reduce the biometric recordings to a bare minimum. In my case, I have my phone locked down to the lowest security level possible and still be useful and I don’t use the biometric finger ID feature at all. 

This is one of those “Damned if you do, damned if you don’t,” things. You have to assess the threats you face and decide how far you are willing to go, to gamble your life from your money to your very life itself, it is that capable and bad. 

Bibliography (Click the link)
Goodman, Marc. “Future Crimes: Everything is Connected, Everyone is Vulnerable and What We Can Do About It.” Doubleday. New York. 24 February 2015. 


Thursday, March 31, 2016

Multiple vs. Singular Security Models

In a recent article one of the ads presented said, “Control the Chaos with a Single Security Solution.” Wow, that made me drop my bagel and choke on the drink of coffee I was partaking in when I saw the ad. 

It is a bit like the model the military started to take on when I was still the physical security person at a military installation, centralize their leadership into two “single” locations, one on the East Coast and one on the West Coast. I remember thinking about the art of war where to achieve a quick and decisive victory you cut the head off the chicken. In other words, put all your eggs in the East and/or West basket then let the enemy simply blow that leadership to hell and back. 

In the technological world a single source of security is convenient and easy but then the predators of the uVerse no longer have to spread out the attack to cover a variety of security models, they just focus o the one you just paid good money for - whalla, single point shopping for Crime, inc. What could be better.

It comes down to advertising to our laziness and comfort zone, to find just one way to supposedly have a “single” secure protection like that firewall and anti-virus program on your computer you think and “FEEL” is protecting your Internet presence. Guess what, according to some sources that firewall and AV barely protect us from about 5% or so of threats out there racing around our Internet searching, seeking and destroying our protections leaving us exposed and vulnerable. 

In a truly secure environment be it in the physical world, the inner brain world and the Internet electronic world, you need to have multiple layers of security to achieve some semblance of protection and safety and security. 

In the physical security world in which I worked you had to analyze and asses the threats you face and the value of loss toward your business, etc., to create a layered security that would not protect but rather make the effort to breach the security long and ardarous leaving the nefarious folks trying to break in wanting to move on to easier targets. Yes, I said not protect but slow the effort down because in truth there is not absolute protective security model, there is only creating a long delay to either redirect the thief’s efforts or to delay them enough that the models detection and alarms would give responders time to - respond effectively. 

Putting all my physical security into one central solution is foolishness nonsense. In my more high secure needs I had alarms, CCTV’s, Fencing, Human Security patrols (armed and authorized deadly force), human access controls, etc. to cause a great enough delay in attempts to circumvent so that armed security could respond, apprehend, detain and lock up criminals who attempted to gain access. 

Heck, even authorized access by employees had security layers beginning with background investigations, personal and professional references checks, legal investigations as to criminal records and activities then a dual badge system with entrapment areas for both human and vehicles, a badge verification and exchange by armed security and so on just to get to work. 

So, layered multiple security measures along with knowing who is maintaining and enforcing those security measures and an access control system to ensure that nefarious types are not allowed in. Yet, we will pay good money to have this unknown and completely strange human controlled SINGLE security solution to first, have the connection and social belief that will protect you as if you were family or a valued tribal member; second, who will exercise every possible way to protect you as if they were protecting themselves; third, whose agenda is not about money or company profit or board member profit margins, etc., and make you their sole reason for existence. 

So, we are going to pay strangers, complete and utter strangers who are selling a product for profit and strangers whose sole purpose is to sell the product at any costs maintaining profits, etc. regardless. Just send me five thousand dollars and I will personally guarantee it will remain safe and protected until you ask for it back. Now, just wait and see if you ever get that money back. 

It has been proven time and again that a single software program, like one very famous operating system, will protect you computer and data yet time and again the hackers of the world demonstrate, in short time (literally hours and minutes), that the so called secure OS can and is vulnerable and easily hacked. 

Isn’t that a single security source?

We want things simple, we want an easy solution and we don’t want to have to exert any real effort to achieve our security. We want others to do it for us yet we don’t want those others to have a close social and familia type relationship. We don’t want the effort and especially the responsibility, but we do want a disinterested and detached group of others to provide us protection and for little to nothing. 

We have to get real, we have to accept our responsibility and we have to take the actions necessary to achieve a layered security model and guess what, that begins with each and every one of us as individuals. We have to take responsibility for our actions as to what we do and how we do it or they are just going to clean us out and leave us broke and destitute. You cannot make others protect us with laws for those laws will simply make them angry and resentful, do you think they will go the distance for you - a complete and total stranger? 

Take a close look at what you do and how you do it using all those wonderful devices that make life so easy, because it is easy that gets us in trouble every single time. 

Nuff said … pull your head out of the sand and get layered!

Bibliography (Click the link)

p.s. there is a reason why software development needs a group to program over just one person; one person and even a group of persons cannot adequately program security all by themselves.