Fri. April 12, 2019 – finally Friday, or is it too soon, I can’t remember

61F and 70%RH in the swamp this morning. It stayed overcast most of yesterday everywhere I went. Got some rain too.

I’m hoping for a dry weekend, despite the forecast, as I have Girl Scouts at sleepaway camp this weekend…

Didn’t get much done this week on the prepping front.

I did get 8 bags of soil for the raised beds that is still sitting in front of one bed.

The grapevines have a foot or more of new growth. The blueberry bushes are mostly in fruit, that is a very pale blue. Time to get the bird net out. The Meyer Lemon has multiple lemons started on every branch. It looks like a bumper crop of lemon this year. The potted lime has some fruit starting. The potted orange is still flowering. The mature orange and grapefruit never flowered. The apple trees continue to struggle to put out leaves, and the peach has finally got some leaves and a few flowers. Lots of kumquat ready to pick in the neighborhood, and second daughter wants to pick and eat it all. I may have to find out what the heck you do with kumquat, and ask for some.

I did start taking things to the auction house. This is a big step and hopefully broke the mental logjam….

I haven’t been to any civic meetings this last month, but the CPA and ham networking lunch are both getting me out of the house and my comfort zone. That’s good, right? Speaking of ham radio, the wind blew over my new eggbeater antenna. I knew the mount was weak for one with that weight, but gave it a try. I’ll be trying something else I guess. And speaking of ham, the grocery store was blowing out home curing salt, so I’ve got a lot ready for the next time the ‘country’ hams go on sale. It’s cheap, lasts forever, and doesn’t take up too much space. Perfect for the prepper.

With that, breakfast and tired moppets call. What did you get done this week to get ready for whatever is ahead??

N

39 thoughts on “Fri. April 12, 2019 – finally Friday, or is it too soon, I can’t remember”

  1. Official brief on GandCrab ransomware-

    https://content.govdelivery.com/attachments/USDHSCIKR/2019/04/05/file_attachments/1187435/TLPWHITE_UNCLASSIFIED_20190228_GandCrab_V5_Update.pdf

    “If you are in the healthcare or public health feld it may be a case of when, not if,
    your workplace is affected by ransomware. Kaspersky, a company specializing in
    antivirus software, found one in four healthcare organizations were attacked by
    ransomware in 2018. Another troubling statistic: 88 percent of all ransomware
    attacks were against the healthcare industry
    during the second quarter of 2016″

    Official FBI report on Active Shooter events 2018-

    https://www.fbi.gov/file-repository/active-shooter-incidents-in-the-us-2018-041019.pdf

    FBI Report: Active Shooter Incidents in the United States in 2018
    The FBI released its “Active Shooter Incidents in the United States in 2018” report
    this week. There were 27 active shooter incidents in 2018. Ten incidents met the
    federal “mass killing” defnition, “three or more killings in a single incident.” 2018
    active shooter fndings of interest:
    -There were 27 incidents in 16 states, including four in California and three in
    Florida.
    – 85 people were killed and 128 wounded.
    -6 law enforcement officers were killed or wounded.
    – 16 of the incidents occurred in areas of commerce, almost 60 percent.
    Citizens confronted the shooter in fve incidents.
    Soft targets and crowded spaces remain a prime target in the eyes of those planning
    these types of crimes. The FBI states “it is vital that citizens be afforded training so
    they understand the risks they face and the options they have available when active
    shooter incidents are unfolding.”
    This is also true of other attacks, such as vehicle
    rammings or knife attacks.

    n

  2. Going through the logon motions but when returning to page not logged in.

    added…
    Tried three time then made this comment and manually entered my information. Comment posted and then showed me logged in. Edited with this part added.
    Not normal behavior.

    Had to edit twice as it just stuck on ‘Saving’

  3. Beautiful day today, sunny and high of 68f.
    Forecast for the weekend is rain and rain and rain interrupted by the occasional thunderstorm. So the wife has decided that we will do a thorough house cleaning since we have to stay inside. Starting with a scalding mopping of the floors. Boiling water and Lysol, just the way her mother used to do it. By the way … when she says “we” will do it she actually means that I will do it as her health doesn’t allow her to do much heavy lifting or mop pushing these days. She swept the kitchen last Monday and is still complaining about her back. Oh well, it must be done.


  4. If you are in the healthcare or public health field it may be a case of when, not if, your workplace is affected by ransomware

    My firm makes health care products, wound treatment devices, and orthopedic devices (hips, knees, etc). We had been hit by ransomware pretty regularly from 2015 – 2017 but nothing in the last 2 years. The attacks stopped when we put in a decent web filter tool. We are dramatically upgrading our security tools and policies this year as we are seeing LOTS of spear-phishing attacks and recently a denial of service attack on our Director of Information Security coming from China. We have replaced our bog standard Cisco ASA firewalls with Palo-Alto next Generation devices and implemented full multi-factor authentication. Next step will be to replace aging McAfee AV & anti-intrusion technology with Palo Alto TRAPS. Busy year all around.

  5. We had been hit by ransomware pretty regularly from 2015 – 2017 but nothing in the last 2 years. The attacks stopped when we put in a decent web filter tool.

    What the heck are your employees doing on company time?

  6. All the ransomware attacks I’ve seen personally came from email. All involved opening an attachment. How does a very smart dentist fall for opening something? Mention money.

    ——–
    logged out again – less than an hour. 500 error on first try to post. Comes up as logged in afterwards

  7. Unable to log-in through the “Meta – Log In”, at the bottom of the right column. Yesterday’s, and prior, entries not accessible. There is something afoul afoot here and some immature scumbag needs to leave this site alone and go pleasure “it”-self in the woods.

    Several tech YouTube sites I follow have been “hacked” and one was even SWATTED while he was doing a live-stream, very interesting, not (the SWAT Team was obviously poorly trained and clueless regarding what SWATTING is, the victim considers himself lucky that his dogs were not shot).

  8. What the heck are your employees doing on company time?

    Just about everything. Our previous CIO had told us not to block any WEB access because VIPs “needed” unrestricted access. New CIO has more backbone. We are blocking just about everything non business related. It’s amazing the number of people who complain they can’t watch sports on their workstation any more. I recently had a finance officer request access to the on-line magazine GQ. When I asked him the business reason he needed to read a mens fashion magazine on company time, he pointed out that they had some excellent articles on Brexit and how it may affect manufacturing. I checked and indeed they did so I granted him an exception.

  9. One thing I learnt as IT manager director etc etc etc was, NEVER EVER in the position to allow/restrict web sites, always you are culprit of something.

    Do you need this? please have your boss sign those forms, after that we will allow, and, please remind him that on the next round of upgrading your department will be on the list (better, it must be writing on the memo).

    but NEVER EVER say no, yes, or commit, you are blind, you belongs to the peon class that never will be able to understand C suite needs, marketing needs or waht ever.

    best

    alas I have to much time free due stents

  10. ayj: hope you are getting on OK.
    And you are right, all WEB filters MUST be made to implement policy approved by the board. That way when people complain we point to the policy and say, take it up with the board, not our decision.


  11. We had been hit by ransomware pretty regularly from 2015 – 2017 but nothing in the last 2 years

    When I worked at the engineering honor society the organization piggy backed on the university of Tennessee network. It was quite robust with redundant paths and some really huge pipes, multiple T-4 circuits directly into AT&T offices. Their network security was actually fairly good. All students laptops had to have software installed that prevented malware before they were allowed to connect to the network.

    There were no web restrictions and very limited firewall due to the research nature of the university. At my place we had AV and intrusion detection on the firewall, all inbound ports blocked except for 25, 80 and 443. There was AV software on the servers, the email server and on the desktops. We were using ESET which gave us very good rates because of educational and non-profit. I think something like $200.00 a year for four servers, email and 25 desktops.

    Each year when school started up the logs would show lots of attacks against the firewall and the servers. But nothing every got through.

    The outside world needed to get to applications that ran on the server and that was a concern. Everything was routed through the ColdFusion processor. All requests had all HTML stripped out leaving nothing but web text. The applications that ran all had SQL injection protection. The actual structure of the website and applications was never apparent as everything ran in a frame. Thus the URL never changed from page to page.

    Security as far as I could do without spending some big bucks on equipment and security firms. In 14 years never had a breach from that method. We did have one computer that got infected because the office worker tried to install some software that she downloaded at home and brought in on a thumb drive. It got isolated quickly to that system, she got terminated (it wasn’t her first, second or third major screw up).

    The labs in Oak Ridge have all their desktop computers USB ports filled with epoxy. Thus no external access to anything. They also had everything very tightly locked down so I figured they were good. But no. When I was still working on a contract with them I received a floppy (this was in 1993) that was infected. I contacted them and told them it was infected. They said impossible, they were experts. OK I said. Three days later their entire network was shut down because an infection was spreading among the computers.

    The biggest danger to infection is stupid people. That is impossible to fix.

    How does a very smart dentist fall for opening something?

    That is a good question. People that supposedly are intelligent have some real bone headed lapses in intelligence. They know better but I guess that naked image of Hillary Clinton is just too much to resist.

  12. RAY:

    The biggest danger to infection is stupid people. That is impossible to fix.

    So True! Modern firewalls and AV software are fairly hard to crack. The easiest solution is to get the insiders to GIVE you the data or access you want. Phishing and Spear-Phishing via email is what we see most often. We have even had incidents where the phisher was calling the target on the phone to follow up on his email. Social engineering is MUCH harder to counter than cyber intrusions.
    We have had several cases in the last couple of years where attackers got inside the email systems of a supplier and forged email to our company telling the finance department to direct future payments to a new bank account. Because of these losses we have instituted education and procedures to confirm out-of-band any changes. It’s amazing the stuff I see every day. Emails pretending to be from the CEO saying he had just completed a secret negotiation and needed $500K wired to a bank ASAP. Even phone calls from attackers trying to get the service desk to change the password of the CFOs account. Most of our automated attacks come from China while the hands-on stuff seems to originate in Russia or affiliated countries.
    Remember, you aren’t paranoid if they ARE out to get you.

  13. Spear Phishing has happened here as well. Makes me nuts. Smart people with little understanding of social engineering or how email works are good targets. They’re NOT dumb people. But they are naive and vulnerable. All we can do is warn people about the dangers.

    Lately, it has been ACH / Direct deposit changes for employees. Fortunately, our HR manager is the former engineering manager and understands email & social engineering fairly well. That doesn’t often get far.

    Now it is common to call the person on their cell phone any time such a request comes through.

  14. RE:

    ACH / Direct deposit changes for employees

    Before we implemented Multi-Factor Authentication, our users were giving away their credentials to every Phishing scam that came along and the criminals were using those credentials to access users mailboxes over OWA, sending SPAM, Phishing attacks, etc. One attack was using the users mailbox to masquerade as the user requesting a change to ACH direct deposits. We saw several users impacted this way and had to work with our payroll vendor to put in a verification process for each change. Cyber criminals are very very smart and persistent. We are dealing with highly organized and trained teams run by governments and criminal syndicates.

  15. Fun with networking!!111!!1!

    Yesterday the new ISP posted on Facebook they were about to climb the tower ” to get our gigabit radios to knock out one of the old generation backbones on Burnet Main which will drastically clear up the old spectrum. And the backbones since they are in a completely different one will no longer be subject to all tha tin town noise and should dramatically improve everyones service in the effected area. ”

    Kind of hard to read. But doesn’t affect the radio my radio talks to… just the next radio up the chain. Backbone. Got it.

    And after a few hours the various speed tests said my top speed was 9.5 down. The same today. Well, let’s power-cycle the radio. But first, I tried the test on the EDC machine and it’s running 27 with peaks of 45. AKA “normal”. Well, my radio to the tower isn’t the problem.

    Back in the house I logged into the NanoBeams. They look ok… bouncing between 90 and 130. But at the very bottom of the page it says EDC is connected to the LAN at 100. House is connected at 10.

    My switch sort of crashed. I used the handy power switch to turn it off for a moment and we’re back to 28Mbps down and 6+ up.

  16. Right rear mower tire is mounted and ready to install.

    $20 to have it mounted. Sheesh. For a $30 tire.

    Well, beats paying $15 to mount an $80 tire on the left side. 🙂

  17. Just visited mom in the hospital. She is finally on the road to recovery since wednesdays 2nd surgery to remove the hematoma that was pressing on her leg nerve. This has been very tough on my mother. They may move her to rehab when they pull the drains on Monday. If not, who knows ?

  18. I’m enjoying watching ProgLibTurdian heads explode over tRump proposing dumping illegals in “sanctuary cities.” Stretch is crying hard NIMBY! lol!

  19. I’m enjoying watching ProgLibTurdian heads explode over tRump proposing dumping illegals in “sanctuary cities.” Stretch is crying hard NIMBY! lol!

    I think that ALL of the illegals should be dumped in SF.
    https://thehill.com/homenews/administration/438638-trump-says-he-is-considering-releasing-immigrants-into-sanctuary

    At 100,000 illegals per month and 50 illegals per busload, that is 67 buses per day, assuming that the buses run seven days per week. Shoot, everyone wants to vacation in San Francisco, right ?

  20. “A.F. Branco Cartoon – The Spy Who Hated Me”
    https://comicallyincorrect.com/a-f-branco-cartoon-the-spy-who-hated-me/

    “Democrats say there’s no proof of Obama officials spying on the Trump Campaign, but the proof is the FISA warrants obtained for that very purpose. Political Cartoon by A.F. Branco ©2019.”

    My man Comey may get to go to a federal jail for free ! After they bankrupt him in court first though like they did to General Flynn.

  21. BTW, Disney announced their pricing today.
    https://www.cnbc.com/2019/04/12/disney-shares-rocket-higher-after-unveiling-streaming-cheaper-than-netflix.html

    “Disney+ will roll out in the U.S. on November 12, and within the next two years, the platform will be available “in nearly all major regions of the world.” The pricing on the ad-free service is surprisingly low — $6.99 per month and $69.99 annually (or $5.83 per month). That’s lower than Netflix, which raised prices on its standard plan from $10.99 to $12.99 per month. Netflix’s basic plan is $8.99 a month.”

  22. Disney likes to have full control of their IP.

    They built out a massive (and I thought illconceived) web presence with go.com that they are still using.

    They’ve always been out in front tech wise, so I’m a bit surprised they are late to the streaming party, but really, the IP protection was an issue, and the bandwidth wasn’t there for most people.

    Now that Netflix proved the market, and the bandwidth is there, and people are cutting the cord, it’s time to move…
    n

  23. Picked up three hard drives at a sale today, one of which at least is a 460GB SSD. Currently recovering the deleted files, cuz I’m a jerk like that….

    Lots of porn, based on the file names.

    n

  24. @lynn, that is good news about your mom, I hope she continues to recover quickly.

    @ayj, it sounds like you are recovering from your stent placement. My dad hated the incision in his leg more than the parts put in his chest. Of course compared to his previous open heart surgeries, the stents were low impact. They made a big difference in his quality of life, and I hope they do the same for you.

    @harold, book the trip, take the trip. Treasure every moment.

    @paul, now you can get back to work cutting the grass… 🙂

    n

  25. Yep, cutting grass next week. Because it’s suppose to rain like a sum*itch tonight. That’s gonna be a lot of fun because Missy doesn’t like storms. And wants on the bed. All 95 pounds of her. Then the grass has to dry.

    While mounting the wheel with new tire, not only does the tread match the left tire, the brand and other markings match. Twins!

    I dunno. I bought the left tire about 5 years ago at Tractor Supply for $80. Plus $10 or so to have it mounted. The new tire was $30 from Big River plus $20 for mounting.

    I’m feeling sort of ripped off. Then again, who would have thought to look on Amazon 5 or 6 years ago for a lawnmower tire? Not me.

  26. BTW, all the tire companies ship bare tires UPS. For a very high end tire, it might be stretch wrapped too, but no boxes or anything.

    I shipped in boxes so I could be sure the label would stick to something, but I am a freak about packaging ebay stuff.

    n

  27. Picked up three hard drives at a sale today, one of which at least is a 460GB SSD. Currently recovering the deleted files, cuz I’m a jerk like that….

    Lots of porn, based on the file names.

    Just be careful with the kiddie porn. Just possessing the drive with the files can put you in jail. NIST used to publish a list of known kiddie porn files and MD5 hashes for quick scans, but I don’t think they’ve been able to keep up with the tidal wave.

    If you want to have some real fun, learn how to use Sleuth Kit on Caine with a read-only forensic USB to PATA/SATA bridge (not cheap, but you seem to pick up the tech bargains).

    BTW, Pop! OS might give my 2007 MacBook Pro a reprieve. Most things seem to work except Nvidia’s proprietary drivers, and the upstream Ubuntu 19.04 release will bring Linux Kernel 5.0 along with other improvements.

  28. Looks like rips of commercial titles, based on filenames. I’ve never done any file recovery so this is mainly a test of what comes back using a simple tool (recuva) on a standard deleted disk. I’ll turn over the disks and the guy’s address if there is anything nasty on it. He was something to do with engineering at HP…

    Once I see what happens (and mainly so far it is SUPER long process) I’ll reformat and put the disks into lappys. I paid $5 for them so I’m good on expense, as the $15 total would have been a good price for the SSD alone.

    I would like to know what a crypto currency wallet looks like……

    n

  29. BTW, Disney announced their pricing today.

    That’s fairly cheap even if they just provided access to all of the animated flcks, classic live action movies, and the Disney Channel’s archives of original programming for the last 20 years.

    I’d love to see “Even Stevens” and “Kim Possible” again. Disney Channel really tried for a while.

    I wouldn’t be surprised to see Fox’s library on Hulu’s paid service. Disney is still odd about keeping the more adult things separate from the kiddie entertainment. OTOH, they put their name back on “Midnight Madness”.

  30. He was something to do with engineering at HP…

    I’ve written before about my theory on the correlation between IQ and kinks.

    At my first job out of college, the old school (pre Agilent) HP saleswoman used to stop by the office about once a month and work the boss in her tight skirts.

  31. Once I see what happens (and mainly so far it is SUPER long process) I’ll reformat and put the disks into lappys. I paid $5 for them so I’m good on expense, as the $15 total would have been a good price for the SSD alone.

    A standard USB-PATA/SATA bridge and the bootable Gparted ISO will let you do just about anything to a drive — bit-level copy, repartition, wipe, format.

    You really want to be careful hooking a drive up to a Windows machine.

  32. Format and overwrite.

    When I get rid of hard disks, I drill a hole through the platter first. It’s too difficult to be sure there’s nothing recoverable on a functional disk. SSDs will get a similar treatment – they’re nearly impossible to securely erase AFAIK.

  33. I actually had one of those forensic drive devices at one time. I sold it as it was missing the power supply and I don’t need more projects….

    Recuva went thru its thing, found 30000 files on the one drive, and I told it to recover them. Several hours later– it LOOKS like they were recovered, but only the text files are actually readable. The movies don’t play, they just fail. The jpegs fail with unhelpful messages. Win10 paint 3d says “something went wrong” — literally. irfanview says the header was unreadable. win8 image viewer says ‘can’t open the file, it’s too big or not an image file.’ On the other drive in the other machine, it found 800000 files, and I tried recovering a subset.

    So either recuva doesn’t actually work, or this guy had 2 drives with half a terabyte each of broken files. Which seems more likely? I’m open to recommendations for free file recovery/undelete utilities that run on windows…

    I’ll format the drives now. I never really wanted to actually WATCH the pron, just see if it could be undeleted, how long it would take, and how easy it was. (yes/sorta, long time, pretty easy but a waste if doesn’t work)

    n

  34. Lots of recovery tools will recover files that were deleted and had parts written over by other files. The directory entry still survives, but the released sectors have gotten reused. It’s a well known limitation of those tools.

  35. The only ones I tried to recover had noted “no segments overwritten” “Excellent” for recovery.

    Not one of dozens of nominal jpgs was readable.

    n

  36. We don’t use ssd’s at work. DoD’s official position is that you can’t secure wipe one. So, if you use one in a system and have a spillage, the drive must be destroyed. Kind of a problem on a production system, especially servers.

Comments are closed.