Internet Storm Center Infocon Status

Intro to Qubes OS – a reasonably secure operating system

This is just to put it on your radar, I haven’t tried Qubes OS yet, but plan to.

ePrepper is going offline this month and will likely be offline before the end of January 2017, unless I can find someone to either take over the site or migrate its content to. Properly maintaining the site has been taking up too much time and cutting into my family. I would like to see the content of ePrepper get absorbed into a larger site. If you run a blog and are interested using content from ePrepper, please email dan [dot] michaels [at] eprepper [dot] net.

FOX NEWS REPORTS: Russia-linked malware found on US electric company’s laptop

 

I received a notification from US-CERT regarding GRIZZLY STEPPE two days ago, prior to the release of the Fox News story.  See this PDF to find out more about GRIZZLY STEPPE and APT’s like this one work (ATP: Advanced Persistent Threat).  https://www.us-cert.gov/sites/default/files/publications/JAR_16-20296A_GRIZZLY%20STEPPE-2016-1229.pdf

ePrepper is going offline this month and will likely be offline before the end of January 2017, unless I can find someone to either take over the site or migrate its content to. Properly maintaining the site has been taking up too much time and cutting into my family. I would like to see the content of ePrepper get absorbed into a larger site. If you run a blog and are interested using content from ePrepper, please email dan [dot] michaels [at] eprepper [dot] net.

Blackberry DTEK50 – Deciding to Go Back to a Smartphone After 100+ Days Without One

Since moving to a dumbphone over 100 days ago, there have been few times that I have really missed having access to a smartphone.  The Nokia X3-02 has awesome sound quality, holds a great charge, and is so small that you hardly know you have it in your pocket.  However, there are some times when having a smartphone is critical to my job and the Nokia has to take a back seat when I am required to remotely reboot a system or solve some problem that falls outside of the boundaries of making a simple phone call or texting.

So, about three weeks ago I restarted my smartphone research.  Immediately in my research I was faced with a significant dilemma.  On one hand, there’s the iPhone.  Being somewhat secure (or at least some secure apps available) and receiving regular updates is highly desirable for anyone that works with technology and security.  Even though Apple seems to have stood up to the FBI with regard to unlocking an iPhone this past year, Apple has fallen incredibly short with its newest hardware and software releases.  In speaking directly with an Apple rep, it appears that I am not alone in my hardware and software concerns (comment if you want to know more).  Compounding Apple’s issues is a closed ecosystem, slow patches, and a high price point.  It looks more and more like the Apple I once loved has established its path in releasing sleek devices that are both underpowered and costly.

On the other hand, you have Android which represents a terribly splintered market.  Some devices on the cheap side hardly ever see updates.  Then you have “middle of the road” devices like the Moto G series, which may actually receive updates, but not necessarily in a timely manner.  Then you have higher end devices which will likely cost $600+ which will likely receive updates, but still not in as timely a manner as a security professional would prefer.

The top end of Android devices, like the Pixel, are sure to receive timely updates, but at a price point which rivals the cost of a decent laptop.  Personally, I can’t imagine dropping over $600 for a cell phone.

A Windows phone would be pretty inexpensive, would see timely updates, and includes a solid foundation for security (yes, I’m as surprised as you are that I am writing this… but research shows that the current Windows mobile platform is actually pretty good).  However, I was not going to go with a phone that has less compatibility.  The simple fact is that Windows phones have far fewer apps.

Blackberry… oh, how I long for the platform that brought me my first smartphone.  I once had an 8830 “world phone” by Blackberry and loved it.  It was so solid.  Then I think, “Oh, how RIM betrayed it’s users by using the same key on all consumer devices.”  Additionally, Blackberry’s BB10 OS is probably five years behind when it comes to available and compatible apps.

Yet, something striking now stands out from the company that betrayed its consumers.  Blackberry is realizing that they can offer multiple things that the splintered Android market cannot.  Security, timely updates, and a competitive price point.

With regard to security, I initially worried that the updates wouldn’t come as fast and often as the Google Pixel and other Android flagships, but a little research put my worries to reset.  I read over and over that Blackberry’s updates for their Android line of phones (including DTEK50/60, and Priv) often come faster than Google’s own updates for Nexus devices.  That is comforting news.

The most informative review I found was from Crackberry.com.  See here: http://crackberry.com/blackberry-dtek50-review.  That review has great pictures and really cuts to the heart of what Blackberry is trying to achieve with the release of this device.

Two weeks ago, I received a DTEK50 at just $229 (yes, that’s new) from B&H Photo.  I also ordered the smart cover.  Reviews were hard on the DTEK50 with regard to battery life.  I put that concern aside as I really couldn’t find any other viable options (sub $300).

In the last two weeks, I must say that I am quite impressed.  Battery life wasn’t nearly as bad as I worried.  Especially since I am a light user, I can get over a day out of the device no problem.  If you bury your head in your phone for hours on end, you will most likely have different results.

I’ll get to some of my thoughts in a follow up.  But for now, just know that I am very pleased with my decision to give Blackberry another shot.

ePrepper is going offline this month and will likely be offline before the end of January 2017, unless I can find someone to either take over the site or migrate its content to. Properly maintaining the site has been taking up too much time and cutting into my family. I would like to see the content of ePrepper get absorbed into a larger site. If you run a blog and are interested using content from ePrepper, please email dan [dot] michaels [at] eprepper [dot] net.

ALONE TV SHOW – You think: I’ll turn to God when the going gets tough… don’t count on it.

Last week, my household just finished watching season two of Alone (from the History channel).  We enjoyed the series and I think it is an eye opener of how people react when things really start getting tough.  If you have never seen the series, I will try not to spoil it for you.  Just imagine… you are alone in the woods… you have nothing but a few survival tools… you have to hunt, fish, scavenge and fight to stay alive.

So many people are self-deluded about how they will survive in such a situation.  People tend to think that they are resilient enough to make it.  Many think, “I can just rely on my skills.”  Christians tend to think, “God will take care of me, I just need faith.”  Yes, though I believe God will take care of me, it is impossibly difficult to imagine how bad things could be.

I must say, I have the utmost respect for all those that stick it out past the first couple weeks.  Then, you get into a much deeper respect for contestants as they show willpower and muster past the 30 and 45 days benchmarks.  Think about it, 45 days with no human contact.  Ever day, having to provide everything for yourself.  Boil water.  Find and prepare food.  Do everything “Alone” and without any outside help.

One of the participants, Larry Roberts, has an incredible breakthrough on day 58.  As Larry leans over a bucket on his knees, he sobs and sobs and cries out to God, “God, please help me.  I can’t do this by myself.  I need your help.” (not verbatim, but you get the idea).  He cries out repeatedly on the footage.

Catch this, don’t miss it.  It took 58 days for Larry to get to that point in his life.  It took nearly two months worth of grueling days, looking for food, creating fires day after day, eating the squander of what the wilderness left him for sustenance, and hanging by his very last thread, and finally he called out to God.

People don’t tend to want God’s help.  Alone brings us proof of it.  People will continue to try everything in their own power.  Then, when they fail, they will find another thing to try.  Then another.  Then another.  Then wallow in self-pity.  Then try something else.  God tends to come in dead last.  Only when there is no other option does one want to finally call on God.  I definitely respect Larry.  But if I could ask Larry one question, I would ask, “Larry, why did it take you so long?”  I wonder if God asks that question Himself.

Thankfully, we serve a God that doesn’t have to take us to the woods and drop us off alone to get our attention.  He can do that through our daily circumstances.  Those that think they can wait to ask God for help will most likely be severely disappointed in themselves when they discover they have let life completely slip through their hands like sand and stand before Almighty God with no Savior.  God won’t be saying, “What took you so long?”  He will be saying, “Depart from me, you that work iniquity.”

Here is one last observation about the show.  Your relationship with God does not change depending on physical proximity to other people.  Yes, I believe God designed us to be social beings.  The fact that He created male and female are example of that.  However, the one relationship that matters is the one we tend to overlook.  It is that one important relationship, that when it isn’t going well, we tend to hide and mask over and cover with the faulty relationships of this world.  The truth is, without the one important relationship with God, no other relationships can truly be held by us.  You are the same person both in the woods and out.

If you don’t learn to trust God in the midst of earthly relationships, you will probably never trust God in their absence.

ePrepper is going offline this month and will likely be offline before the end of January 2017, unless I can find someone to either take over the site or migrate its content to. Properly maintaining the site has been taking up too much time and cutting into my family. I would like to see the content of ePrepper get absorbed into a larger site. If you run a blog and are interested using content from ePrepper, please email dan [dot] michaels [at] eprepper [dot] net.

What do cyber attacks actually look like? Here… I’ll show you

Below are two denial of service attacks that have been caught in my honeypot recently (of the hundreds I’ve captured).  In each example, you see people people or systems unaware that they are in a virtual sandbox and can’t really execute live commands.  The first example is a someone pushing a script to my honeypot (you can tell because the commands are being pasted quickly).  The second is an actual person (you can tell due to misspellings of commands and the use of the backspace key).  Though a honeypot environment doesn’t actually permit the commands to run, these examples demonstrate how scripts are used to take control of systems and push DoS or DDoS attacks.

Example 1:

Example 2:

You may know that ePrepper.net has been under DoS/DDoS attack in the past.  WordPress is just about the best online blogging tool available, but it does fall under considerable attack due to the utilization of PHP code.  If you run a WordPress blog, here is my recommendation of plugin tools that will help keep attacks to a minimum:

  1. Wordfence Security
  2. Captcha by BestWebSoft
  3. IP Geo Block
  4. Simple IP Ban
  5. WP BackItUp
  6. WP Limit Login Attempts
  7. WP Statistics

Backup and patch often!

ePrepper is going offline this month and will likely be offline before the end of January 2017, unless I can find someone to either take over the site or migrate its content to. Properly maintaining the site has been taking up too much time and cutting into my family. I would like to see the content of ePrepper get absorbed into a larger site. If you run a blog and are interested using content from ePrepper, please email dan [dot] michaels [at] eprepper [dot] net.

Here’s a Message from a Passionate Preacher

I found this message online and thought it was spoken from the heart.  May it bless you that you may bless God.

ePrepper is going offline this month and will likely be offline before the end of January 2017, unless I can find someone to either take over the site or migrate its content to. Properly maintaining the site has been taking up too much time and cutting into my family. I would like to see the content of ePrepper get absorbed into a larger site. If you run a blog and are interested using content from ePrepper, please email dan [dot] michaels [at] eprepper [dot] net.

Are DDoS Attacks Being Scheduled?

Last week I noticed a spike of 15,000 hits.  This is probably a DDoS attack against some PHP code as WordPress is a huge target for such attacks.  As long as you keep systems patched, it usually isn’t an issue.  However, I find this follow up attack very interesting.  The hits match almost perfect (and could actually be the exact same hit count).

screen-shot-2016-12-05-at-5-55-32-pm

The second attack, exactly seven days after the original attack, may indicate that these DDoS attacks are following a schedule.

update:  More of the same today (12/05/2016)), except I’m at 25,000+ hits from a suspicious address (37.187.44.93):

ePrepper is going offline this month and will likely be offline before the end of January 2017, unless I can find someone to either take over the site or migrate its content to. Properly maintaining the site has been taking up too much time and cutting into my family. I would like to see the content of ePrepper get absorbed into a larger site. If you run a blog and are interested using content from ePrepper, please email dan [dot] michaels [at] eprepper [dot] net.

Could This Be The World’s BEST CODEBOOK?

pocketnewtestamentOver a year ago I was asked by PrepperRecon to join in on an interview regarding secure email systems.  In the interview I gave an overview of email servers in Israel, Switzerland, and Norway.  One of my recent favorites is ProtonMail (Switzerland).  I love that you can send a secure email message and password that message so that the recipient must know the password in order to see the contents.  Of course, this raises the question, “How do I come up with a password method that I can share?”

This is a problem as old as espionage.  Even Israelites used a password in the Old Testament, when a word was used which was difficult for Israel’s enemies to pronounce.  The word was Shibboleth (see Judges 12 and wikipedia:https://en.wikipedia.org/wiki/Shibboleth).

Over the course of history, various methods have been developed to share passwords.  The most secure method of encryption is OTP (or One Time Pad) – see this link.  Basically, two one time pads are created.  Each one time pad can be used to send or receive a message.  In order to maintain security, each one time pad must be destroyed after use.  One time pads are typically only used for very short messages.  (Note: One time pads are still in use today.  Broadcasts can be heard over various frequencies saying things like, “alpha, alpha, juliet, bravo, etc., etc.”  Agents in the field can receive the messages using receivers which are pretty much undetectable, thereby maintaining good security).

One time pads come with a slew of problems.  Creating messages can be time consuming.  If a one time pad booklet is lost, there is no way to recreate it.  Messages are short, so you are limited by what you can communicate with a limited amount of characters.  The one time pad booklets would need replacing when they run out, which means contact might need to be reestablished anyways (and that could breach security).

What if instead of a one time pad you simply used a codebook?  The codebook would need to be small.  It would need to be common enough that it can be obtained easily by all team members.  It would also need enough pages to keep passwords fresh.  I think a pocket New Testament would be ideal.  Of course, everyone in your group would need to obtain the very same version so that all the letters fall in the same place on every page.

The problem remains about developing a password method that can be shared.  So, here are some ideas.

First, identify a page.  This could be done in a multitude of ways, but basic ways include:

  • simply giving a Book, chapter, and verse.
  • use a page number
  • reference a verse that others would know where to find (this also enforces the value of knowing scripture)

Second, coordinate a pattern.  The pattern will give you the code.  There are thousands, or millions, of patterns that could be used.  Here are some ideas:

  • the letter on the top right corner of every page over the next 20 pages
  • the third line from the bottom backwards for 20 characters (be sure to confirm whether or not spaces should be used)
  • use a column of letters down or up (like the right column of characters moving up from the bottom)
  • every other character of a specified line
  • use the page number to develop a pattern (like page 143, could be the first character, then skip four characters, then skip 3 characters).
  • keep it easy enough that you can remember and use it easy!

When using a system like ProtonMail, you may just need to put a verse, or page number, in the subject line.  As long as the person you communicate with has the code book and knows the proper pattern, then they can use the password to decrypt your message.

Never ever use the same page twice unless you are using a new and unique pattern.  But, the good news is that you never need to destroy your pages like a one time pad.  You simply need to communicate a new pattern.

Besides all this stuff about codebooks, having access to God’s Word is most important.  In the pages we find strength, encouragement, and salvation.  It’s just smart to have access to the Word anywhere you go.

ePrepper is going offline this month and will likely be offline before the end of January 2017, unless I can find someone to either take over the site or migrate its content to. Properly maintaining the site has been taking up too much time and cutting into my family. I would like to see the content of ePrepper get absorbed into a larger site. If you run a blog and are interested using content from ePrepper, please email dan [dot] michaels [at] eprepper [dot] net.

Does Your Phone/Laptop Have a KILL SWITCH? Probably.

Last week I finished reading Tiger Trap by David Wise.  The book was good, but I’m not going to delve into a full review here.  However, I will mention that I was a bit disappointed that the book only barely mentioned “kill switch” technology that the Chinese may be putting into technology.  If the Chinese possessed the ability to kill our tech, they would probably do it.

The Chinese aren’t the only ones we need worry about killing our tech.  We can look to our own government and industry for additional concerns.  Laptops and phones are being built in a nearly unrepairable manufacturing process.  When you purchase your tech now-a-days, you purchase devices that cannot even have batteries replaced without sending it to the factory.  More than likely, when even just a battery needs replacing, you will receive a replacement device instead of actually having your phone repaired.

Devices are becoming more expensive, yet unrepairable.  Does that even make sense?  Security is even being built in using the “throw away” mentality as well.  Government has the ability, in many cases, to disable a cell phone (PoliceOne article here).  We simply value data security more than the device itself, which is logical.

That’s all fine and good, right?  I mean, we all know that no one else could possibly figure out how to kill your cell phone.  Well, that’s not really true.  Past experience tells us that building things like this into technology come back to bite us when the hackers figure them out.  Figuring out challenges like “killing” someone’s phone is part of the hacker’s playground.  Such a project could even be funded by state actors.

It would make much more sense to me that we would make better attempts at securing our data rather than just relying on a chip to do it for us, but people want everything easy.  Thus, we have chips that can make our phones and laptops inoperable.

Does your device have a KILL SWITCH?

Intel Processors?  Probably – Starting with Sandy Bridge in 2010 processors can be disabled using 3G cellular network even if the laptop isn’t powered.

AMD Processor?  Inconclusive – Could not find information verifying whether or not AMD uses kill switch technology.  It looks like they are not using it.

Apple iPhone?  Yes – Beginning in iOS 8.

Google Phones?  At least some, Qualcomm Snapdragon 810 does, but you have to check your specific model

One question you may be asking right now is “What can I do about this?”  Probably nothing.  It is part of the way the world thinks about security right now.  If you don’t need a powerhouse of a computer, then maybe you will think about researching AMD processors and pick one of those in your next laptop.  As for smartphones, you are pretty much stuck.

ePrepper is going offline this month and will likely be offline before the end of January 2017, unless I can find someone to either take over the site or migrate its content to. Properly maintaining the site has been taking up too much time and cutting into my family. I would like to see the content of ePrepper get absorbed into a larger site. If you run a blog and are interested using content from ePrepper, please email dan [dot] michaels [at] eprepper [dot] net.

Baofeng DM-5R – Should You Go Digital? (Digital DM-5R Instead of Analog UV-5R)

Those of us that are lucky enough to be surrounded by HDTV stations enjoy the benefits of a beautiful and mostly uninterrupted HD picture on our televisions.  The same technology was introduced in radio form many years before we ever saw an HDTV picture.  Sending digital instead of analog has a great benefit as you either have a fantastic copy of the audio or no audio.  So, if a signal is properly received, it should not just be copyable, it should be crystal clear.

Without a doubt, the Baofeng UV-5R has been the most popular radio for preppers.  It is cheap and it is rugged.  Four UV-5R’s can be purchased at the same price as a single Yaesu or Icom.  But, all this means you use easily readable analog.  Anyone can just tap into your signal.

However, those serious about communications may want to consider a step up into digital mode.  But digital is typically more expensive.  Should you invest in more than double the cost to obtain DM-5R’s from Amazon at $79.99?  That’s for you to decide, but here is some information and comparisons.

The DM-5R is nearly identical in appearance to the UV-5R, however the DM-5R delivers crisp clean audio at 1.5 miles whereas the same audio on the UV-5R would barely be readable.  This first video is a demonstration from HamRadioConcepts on YouTube.

Going digital isn’t the only thing you need to consider.  You also have to strongly weigh in compatibility.  The second video focuses in on the digital aspects of the DM-5R and shows how it may not be compatible with “all things digital.”

Quite honestly, you shouldn’t expect the DM-5R, at its cheap price point, to satisfy compatibility requirements.  However, at just 80 bucks a radio, the DM-5R is super cheap, appears to be built with the same ruggedness of the UV-5R and can help you move into the digital realm on a budget.

ADDED NOTE:  I found this web post giving some more information about the compatibility of the DM-5R: http://www.radioddity.com/us/blog/truth-about-dm-5r/

ePrepper is going offline this month and will likely be offline before the end of January 2017, unless I can find someone to either take over the site or migrate its content to. Properly maintaining the site has been taking up too much time and cutting into my family. I would like to see the content of ePrepper get absorbed into a larger site. If you run a blog and are interested using content from ePrepper, please email dan [dot] michaels [at] eprepper [dot] net.