In this short series here is the second video/song/clue for you. Clue 1 is here.
Here is a new series, but for only the next two weeks. I’m not going to give you the topic until the last post. It won’t be an every day thing, but I do have 8 songs picked out as clues.
Oh, and for those that know where this is going, don’t spoil it! So here’s the first video/song/clue..
‘Cause that’s about all we’ve had from this hurricane. But I’m not complaining. The folks in the Bahamas really got hit hard. Dorian was over Abaco and Grand Bahama Island for damn near 24 hours. The islands are devastated. This makes me very sad. I really like Freeport.
But here in #Floriduh, at least in my area, just some rain and wind. But then, isn’t that exactly what a hurricane is? Wind and rain?
So here I sit deep in an undisclosed location in the bowls of a dormant volcano, somewhere in.. uh.. can’t say where. Day 2 in the EOC. Yesterday was long. A full 12 hour shift on about 4 hours sleep. Almost felt like I was back in the Army. Just with air-conditioning. But the same old jokes and lousy food, but no MREs (YEAH!!!).
The storm is about 100 miles due east of us. It only took about 12 hours for it to reach us as it was stationary for a very long time, then slowly moved north west. It has picked up speed, but is still moving very slowly. Current speed estimate is 8 MPH.
No track today, but here is a radar shot;
I should say that we are currently just over halfway through hurricane season. This is the height of the season as well; as this image shows.
My house, and my brother’s house (he lives about 45 minutes west of me), have not any real issues. He did lose power for about an hour, but luckily bourbon doesn’t need refrigeration, so he made it through just fine.
Right now, our city manager says he hopes to close the EOC around 5 PM this evening, and we’ll return to a more regular schedule tomorrow. Sound good to me.
One thing I noticed on the way in yesterday and today was that almost every fast food place was closed. All the McDonalds, Dunkin’s, and Taco
Hell Bell were dark and gloomy. But the Subway was open. Yesterday the local “greasy spoon” was open, but not this morning. Roads are basically clear. Only a few scattered palm fronds here and there.
I picked out a video that actually goes with the topic. I was going to use Gordon Lightfoot’s Early Morning Rain, but choose this one instead. I used Lightfoot’s song for the title (call it a two-for-one). Enjoy!
On the way in to work this morning, I had great post in my head, even tied in with a video. Then I showed up and let’s just say, it all went to hell in a handbasket really quick.
But (and there’s always a but, isn’t there), it really started last week. During my younger days, back when I was active duty Army, we averaged 22 months between moves. You read that right. We moved on average, every two years. This meant two things; we lived out of boxes quite a bit, and we didn’t collect much stuff.
We’ve now been in this house just over 22 years. Not only is there crap everywhere, it’s falling apart. We have had the entire house repiped for inbound water already. Now we seem to have a drain leak under the slab as well. We only found this out after having the majority of the kitchen drain system replaced.
Luckily, our home owner’s insurance is working with us. Otherwise we would probably just walk away from the house and let the bank take it back. We’re that fed up with the whole situation.
But that has nothing to do with today. Well, not a lot about today anyway.
I had a task set for early this morning at work. I am usually the first tech in every morning, so I had set up to do some work on a computer before everyone else showed up. Shouldn’t take more than an hour tops. Cue the “best laid plans” meme…
Starts off, my tool kit was missing from my desk. I do have a second set, but the pieces are nowhere near as useful as this kit. The screwdriver bits are not exactly the correct size, and as I still have my wrist in a brace, it’s difficult to get hand tools to work correctly at any time.
The main task was to clone a hard drive. Not the most difficult thing believe me. We have hardware and software to make this as close to hands-off as we can be. Naturally, it was anything BUT hands-off.
To make this as quick and painless as I can for those not tech oriented, here’s how it went down.
I will say this once again – I hate Micro$oft! Windows is without a doubt the biggest computer virus of all time.
Early morning texts this morning with Wifey;
The “pig” is a local brewery, The Red Pig. In retrospect, I’m not sure beer will be strong enough for today. May have to go straight to the whisky!
But, it’s finished for now. Here is the video I had planned for today, even if I can’t remember what I was going to post! It’s my favorite Bob Dylan song Tangled Up In Blue. In a way, it’s still kind of fitting. I’ve been tangled up in something all day, and my language has been quite blue!
P.S. Feel free to send me a beer, or a scotch, or a bourbon.
Well, I’ve had these blog posts sitting here not being posted for quite some time now. All of these have been assigned to “I’ll finish this later”, or “Nobody wants to read about that”, or my fav, “Do I really want to post that?” categories.
An Anniversary (Of Sorts)
Today is the 30th anniversary of my vasectomy! I realize you don’t really care. But it’s important to Wifey® and me. The funny part was later.
We were stationed at Ft. Greely, Alaska. Four days after my getting fixed was son-the-elder’s birthday. Needless to say, we had a party. And as with most kids birthday parties, the adults consumed massive quantities of alcohol. The big toy that year was laser tag. I don’t remember how many we purchased, but we had several pistols, rifles, vests, and helmets. Many hours and batteries were spent running around in the playground and parking lot shooting at each other. Naturally, I was extremely sore for several days after. The beer kept me from hurting that day but did nothing after that.
Pro tip: Don’t go running around right after having your nuts cut!
Still Not The Song I Want To Hear
The posts I’m referring to are here and here. After dinner Sunday the family was sitting at our little bar in the kitchen (where we usually eat dinner) and within 10 minutes or so I had to change the station at least 5 times. Nothing but Skynyrd, Zepplin, Springsteen, U2, etc. Even son-the-elder noticed and said I was having a bad night.
Genealogy Still Sucks
If you missed the original post go here. Since everything I find on my Campbell side either has too many questions to lay claim to or goes back to King Arthur, I have decided to work on some other lines for now. Besides, I can’t get anyone to answer any requests on Ancestry.
I’m just happy that I haven’t found a “tree” that links back to Adam & Eve! Although I have to think that the Campbell’s would have sprung from Adam & Lillith, Eve was too prissy.
I have many DNA links on my paternal grandmother’s side, and my mother’s side (both her mother and father’s sides). I’m also going to start on Wifey’s® tree even though she has cousins with a lot of the family already there. But I have doubts about a lot of the historical family members.
It’s Almost That Time Of Year!
Samhain is right around the corner! Even though we don’t participate much in Halloween (unless we have the girls), I still enjoy this time of year. The Celt in me loves the traditions and once this day passes the next holiday is my absolute favorite of all holidays, Thanksgiving.
We have always enjoyed carving Jack O’Lanterns. But since this year Halloween falls on a Wednesday I think we’ll cut it back this year.
To Gym Or Not To Gym
Yeah… This post didn’t get very far…
Mental Health Day (Or Lack Thereof)
I’ve mentioned before that I am bipolar type II. I don’t post about it much because I really can’t. When those days hit the last thing I want to do is talk. Not that talking about it doesn’t help, it does. But, I am not one to talk about what’s going on in my messed up head. And to spit it out only relieves the pain for a very short time. And the roller coaster emotions that this causes is even worse than just dealing with it in my own way.
Then this meme came across my Facebook the other day and I think it may have some merit.
I can understand this. The universe has a finite amount of energy (E=mc^2 tells us this). And since we are all made of stardust (and to stardust, we’ll return) we are all connected. Maybe days when you are sad and can’t place a reason why the universe is signaling that someone needs mourning. I’m down with that.
So those are all the leftovers that have been ignored. And to continue the Still Not The Song I Want To Hear post, this morning on the way to work, it was either Starship, Aerosmith, or Rocket Man, easily Elton’s worse song. And while putting this post together, Michael Martin Murphy’s Wildfire just came on. There is nothing that will make me change the station faster than that “song”. Has to be the absolute worst thing ever written.
But fear not dear reader (both of you), the music world is still kicking! Saturday night driving home from dinner with granddaughter-the-younger I had the Beatles channel blaring in the truck. Both of my girls love the Beatles. As this song came on, and I was singing it to her, she was laughing the entire time. When we made it home we watched Beatles videos on YouTube. It was wonderful.
Hey, you there! Leave a comment why don’t ya!
So it’s been a while since I posted anything. So let’s catch up, shall we?
The reasons I haven’t posted are several. I had a killer head cold for about 2 weeks, that I couldn’t shake (same one I mentioned in my Celebrate Good Times (Come On)! post). My work issued laptop died on me, and I’ve been so busy at work that when I get home and I feel like crap due to the cold, I had no desire to sit in front of any PC. When you consider how much computer time I log at work, it’s rather surprising how much I use one at home.
But not everything was bad. I bought a new SiriusXM radio for my aging truck. It’s an external device that plugs in through the aux port on the existing radio. I also stream, mostly the “Classic” (oh, how I hate that term. Can we go back to AOR please?) stations. I like SiriusXM over the local radio because the DJs don’t think they have to be funny so they can get hired and go to a larger market. SiriusXM’s market is North America. Quite a bit bigger than any terrestrial market. Plus these DJs know what they’re talking about. I also like SiriusXM over most streaming services (Spotify, Pandora, iTunes, etc.) because they play the music the way it was recorded. One thing that always pissed me off with the various streaming services is they tend to cut apart songs the segue into each other. A classic example is Jackson Browne’s “The Load Out/Stay”. Streaming radio turns those into two separate songs. It increases the total number of songs in their library, but it totally screws up the listening experience.
My office replaced my very small Micro$oft Surface Book with a beautiful 17″ HP laptop. This thing is a beast! An i7 CPU, 16GB RAM, 256GB SSD, and this wonderful huge screen! These tired old eyes can see again!
Wifey® and I have planned, and made the deposit on, something that is on both of our bucket lists. A trip to Scotland, the land of our heritage. We’ve both did the Ancestry DNA tests. I’ve posted about this before. Turns out both of our DNA points directly to Scotland/Ireland/Land of the Vikings. I’d like to try to find the ancestor that made the trip over the pond to settle in America before we go. But that costs money, and right now we’re trying to save, not spend so we can blow the whole wad while in Scotland. I’m hoping the duty-free shop in the Edinburgh airport has a good selection of native scotches. I will have a separate post(s) about the trip as things get closer, and when we are in country.
We had a wonderful dinner the other night with my brother and his wife here at my house. I smoked three whole chickens. Not that I expected we would eat them all that night, I planned on leftovers so we (as in Wifey® and son-the-younger and myself) could make pot pies from the leftover chicken and other veggies we made that day.
I confirmed something I learned the last time I smoked chicken. From now on I’m only buying leg quarters. There were 4 and a half breast quarters left, but only one leg quarter. Seem we prefer the dark meat!
And I’ve read a couple of good books too. I won’t write any reviews. If you want book reviews, there are plenty of sites that have them (I recommend Once Upon A Spine).
I’ll leave you with a video. Has nothing to do with this post, but the opening line “Been away, haven’t seen you in a while”, fits with the theme. Plus it’s Dave Mason. I’ve been a fan of his since his days with Traffic.
So what have you been up to?
Last week I had the great pleasure of attending the KnowBe4 conference in Orlando. (Official hashtag: #KB4Con18). This was without a doubt the best tech conference I have ever attended. Not only were there absolutely dynamic speakers, all attendees were treated to the best food! I’m talking some of the healthiest stuff I have ever seen at any conference.
I’ve mentioned KnowBe4 before. This is the vendor we use at the city to train, test and generally harass our end-users (OK, maybe not harass). (KnowBe4 website) With just a small part of their product, I can train my co-workers on the latest ways the “bad guys” try to use social engineering to do well, bad stuff. I will admit that I enjoy sending out simulated phish emails. Why? Because it shows me where are weak links are. And this gives me the means to do targeted training to make our city network, and by association everyone’s home PC/Network, that much more secure. I don’t do it to shame someone or hold it over anyone’s head. Since I have been an instructor of some sort for very many years, I use this primarily as a training tool. But on to the conference itself.
Other than the hour plus, each way, drive on I4 (A.K.A. the devil’s highway), and being in Orlando (way too big and crazy for me), everything else went beautifully. The folks at KnowBe4 went above and beyond in this, their first ever conference.
The opening keynote speaker was Kevin Mitnick, or as he likes to call himself “The World’s Most Famous Hacker”, a title he lives up to. If you don’t know who he is, take a moment to read his Wikipedia page, even if it a bit light on his history. Kevin gave us many demonstrations of current hacks, all of which arrive via an inconspicuous email. And all of which are very nasty. But the one hack that scared me the most was when he showed how Google’s two-factor authentication (2FA) could be hacked. Google has always been one of the toughest to crack since they stay on the cutting edge of all technologies. As a big user of many Google services, this is troublesome.
The keynote speaker for the next day was Frank Abangale. I have to admit that I did not recognize his name. But once I heard his story I knew how he was. Here is his Wikipedia page for you to educate yourself. Frank is considered one of the foremost experts on imposters and forgery. Steven Spielberg made a movie “Catch Me If You Can” starring Leonardo DiCaprio as Frank and Tom Hanks as FBI Agent Carl Hanratty. I have not seen this movie, but I see it available on Amazon Prime so I will correct that error very soon. And if I caught his reference, he was also the inspiration for the TV show “White Collar”. His family story and subsequent talk on how to keep safe with online financial sources was very eye-opening.
Another fantastic speaker was Roger A. Grimes (he wants you to know he is not related to the Canadian political figure with the same name), the best-selling author of several tech books. KnowBe4 even included a copy of his “A Data-Driven Computer Security Defense” in the big ol’ backpack they gave every attendee. The big takeaway from his two talks was the point that you have to determine what your biggest exploitable problem is, and fix that first. Common sense, which as we all know, is always in short supply.
One thing that I really was happy to see was the inclusion of women speakers. KnowBe4 has several women in executive roles throughout the company, and that makes me very happy. Since I have two granddaughters, one of which is very interested in the sciences, I fully support women (and really anybody) in STEM (Science – Technology – Engineering – Mathematics). One of the first questions Wifey® asked me was if there were women presenters. I was so very happy to say yes!
There was one thing missing though. No vendor room. Every other conference I’ve been to there is always a room for vendors. Not only can one make some great contacts with products and services that one doesn’t know about, vendors always have cool swag (freebie gifts). I’ll have to check with my manager, but I think a conference is how we found out about KnowBe4. It may not have been in the vendor area, it may have been word of mouth from another attendee (word of mouth is ALWAYS the best advertisement).
Sorry, this is such a broad overview, but I could write about ten pages if I covered the entire 3 days. All I can say is “I’m ready for KB4Con19!”
Before I get into Facebook and its current issues, I’d like to pass along a portion of an email I received today from KnowBe4. KnowBe4 is the company I use at work to help test and train our users in email security. If you’d like read more about them click here.
I receive a “Scam Of The Week” email from KnowBe4 every week. Todays was very relevant, at least to me. The headline is “Fiendishly Clever Gmail Phishing You Need To Know About”. If you’re not sure what a “phish” email is, to sum it up, it’s any email that impersonates someone else. A good example that I bet a lot of folks have received, is one from FedEx claiming that they need you to click on an attachment or follow a link because they couldn’t deliver a package. The attachment or link is nothing but a malware-laden delivery tool. Either will infect your PC leaving you open to become a victim of a crypto tool (something that encrypts all the files on your PC, then the bad guys make you pay money, usually in bitcoin, to unlock your files. Most of the time they take your money and never decrypt your stuff). Or your PC becomes a “bot” under the control of the same bad guys, causing it do malicious acts without your knowledge.
Here is the quote from today’s scam;
“There is a new scam where hackers send you a text that asks you about a password reset on your Gmail account, and if you did not, text STOP. This is a scam. The bad guys asked for that password reset and now want you to send them the authorization code! Don’t fall for it.
Remember that Gmail or any other web email service will never ask if you *don’t* want to do something with your account. You didn’t ask for a password reset, so you shouldn’t be asked about one.
Do not reply to the text (doing so will tell the scammers that they have reached a valid number). And to prevent losing your account to bad guys, it’s a very good idea to have 2-step verification set up on your Google account.”
So what about Facebook? If you used an app called “My Digital Life”, you have not only allowed your information on Facebook, but you have also allowed anyone in your contact list to have a limited part of their data shared. Again without your knowledge.
This breach is so bad that Facebook founder Mark Zuckerberg is testifying in front of Congress as I type this. The impact of this event is that 87+ million people have had their information shared.
I cannot stress how important it is to NOT USE ANY FACEBOOK APPS this includes games. I would also strongly recommend that you DO NOT do any of the “surveys”, like What Animal Am I, or the ones that give you a list of months and days to make up a name of some kind. Just think what you just did if you responded to one of those. In the case of the ones that tell you to post your answer and you do, you just publically posted your birth date. So anyone watching these posts (and believe me, they do track this stuff) now not only knows your name but your birthday too. It would only take one or two more little pieces of information and next thing you know your identity has been compromised. It’s scary.
And as you can see at the bottom of this post, I use both Twitter and Facebook. I’m not saying you shouldn’t enjoy them. Just be careful, please.
So, a few tips to make things a bit safer;
These exploits are not limited to Windows PCs (although since Windows has the biggest share of users in the world they get targeted the most). There are exploits for Mac/Apple (including iPhones/iPads/iPods), Android, Linux, you name it. Someone has written an exploit for that operating system.
If you have any questions about PC security, please leave a comment!
So let’s be careful and happy internetting! (Yeah I made that word up)
EDIT: This link came across my Twitter this morning. It will give you a tool to see if your data was “shared” in the Cambridge Analytica breach. Click here for the link (you do need to be logged into your Facebook account for it to work).
(In case you are not aware of what a “phish” is, in broad terms, it is an email designed to make you click on a link, or open an infected attachment. Once the link is clicked or that infected attachment opened, your machine (and this works on Windows, Apple, and Linux) will become a “host” for a variety of nefarious activities.)
This information came from one of the vendors we use at the city, KnowBe4. We use the tools they provide to send simulated phishing attacks to all our employees. It’s one of the fun aspects of my job. Here is a very specific phish threat they sent a notice about. I felt it important enough to pass along.
I was alerted by a customer about a really difficult scenario that’s becoming all the more frequent. While there’s probably little that can be done in terms of tuning your spam filters and endpoint security tools, new-school security awareness training can make a difference. Here is the story:
“Over the past few months, we have been hit with increasing frequency with an attack that follows this 5-step pattern;
- A known vendor or customer falls victim to a phishing attack. Their email credentials are compromised, and the “bad guy” gets access to their email account.
- They start by changing the password, so that the victim no longer has control.
- They then comb through past email correspondence, and using the victim’s account, signature, and logo, send out targeted emails crafted to closely resemble legit correspondence they have had with our company in the past.
- Depending on the “bad guy’s” dedication to his craft, these could be fairly generic, or extremely specific. We’ve received one with an inquiry that referenced a specific real invoice # for that individual.
- The email always includes a spreadsheet or PDF. The name can be generic, or can be really specific. We’ve received one titled with a specific real invoice # for that individual.
Because these emails are coming from a real email account for a real business partner, they are very hard to identify, and in some cases they are literally impossible to detect, as they are carefully crafted copies of past legitimate emails. Naturally, there are a few that cast a wide net, so they are more generic and often contain corrupted grammar or spelling, but others are indistinguishable from real emails.”
What To Do About This Threat
Granted, this is a frustrating and dangerous situation, as the majority of the red flags users have been trained to watch for simply aren’t present if the scammer uses a highly targeted approach like this.
However, there is one cardinal rule that you need to stress with your users to protect against a scenario like this: DID THEY ASK FOR THE ATTACHMENT?
If they did not, before the attachment is opened, it’s a very good idea to double check using an out-of-band channel like the phone to call and ask if they sent this and why it was sent . There is little else that can be done.
Yes, that is a little more work. But also, better safe than sorry. You have to constantly work on and reinforce your security culture, anywhere in the world.
As you can see, this is very scary. Especially in a corporate environment. The biggest thing to take away from this is if you get an email with an attachment THAT YOU DIDN’T REQUEST, DO NOT OPEN THE ATTACHMENT! This holds true even if you recognize the sender. The sender field on an email can be spoofed very easily.
So, as I’ve said before, keep your antivirus/antimalware up-to-date, and scan your machine on a regular basis. One of the catchphrases of KnowBe4 is “Think Before You Click”. Wise words to live by.
Happy and safe interneting my friends.
But on 25 May 2021, I will turn the magic age of 62 1/2 years old. Provided ol’ 45 doesn’t change the retirement age, on Friday 28 May 2021 I am retiring (told the boss I’d finish out the week just to be nice). I’ve already done my 20 years in the Army, and quite frankly, I’m done. Stick a fork in me.
The current countdown (give or take a few seconds since I took the snip)..
But like I said, I’m not counting down or anything.
P.S. Yes I know it’s a long way off, but these “Stupid End Users” I deal with day in and day out required me to put the countdown on my PC so I can see the light at the end of the tunnel.
P.P.S. I’m always worried when I click the spell check button on the WP editor and it says “No writing errors found”. I think it’s just fucking with my mind…