Basic Nmap Scanning

Hi, so I’m going to show you how to use nmap, the free port scanner, along with zenmap, the graphical front-end of nmap available at the same download page (the Windows self-installer includes everything). Ports are the little doors, so to speak, to your computer where different services run. Ports are numbered 1-65535 and certain port numbers are reserved for certain services, like http (webpages) at port 80 and https (secure webpages) at 443.

Below you need to enter the IP for the computer you want to scan (I entered the IP for the computer I am on: 127.0.0.1 (or “localhost”)). Then choose the type of scan you want under “Profile.” (I chose “Quick scan” for this demo.) Then click “Scan.”

Above you see the list of ports by number and the service running. Under “State” you will by default not see the state of that port on Windows. However, you can put these flags (options that start with “-“) to get better, more verbose results: “nmap -sT -T4 -A -v -Pn 127.0.0.1” My sample scan below.

Here the ports say “open” (green text) if they are responding completely.

Father’s Day

Father’s Day,

I’m different from my peers who are married with kids. I don’t have their obligations or problems. Though my generation has more kids than Millennials – 66% for GenX versus 55% for Millenial (2019 numbers), my life as a single, childless GenXer is not uncommon. Father’s Day is a day that makes me realize my lack of a family of my own.

Continue reading “Father’s Day”

Continuing Alarm for Children’s Mental Health in The Age of Covid

Rady Children’s Hospital here in San Diego is seeing a 25% increase in child mental health issues to their emergency room. Granted, the rate may have been going up in years prior to Covid, but it is worse since the pandemic started. Similarly, Children’s Hospital Colorado declared its first mental health emergency. Symptoms include suicidal ideation and attempts, perhaps due to isolation and stress about returning to school.

I wrote a post on mental health coping mechanisms. Please read them. I learned these lessons over 28 years and have been there. Also, feel free to leave a post here, too, if you are in need of some suggestions or an open ear.

If your kids or you are having any suicidal ideation, please contact the National Suicide Prevention Lifeline at 800-273-TALK (8255). People care about you.

Symptoms to watch for, from the National Insitute for Mental Health:

Continue reading “Continuing Alarm for Children’s Mental Health in The Age of Covid”

Win Friends and Influence People!

Dale Carnegie’s How to Win Friends and Influence People had the following key insights:

  • Criticism demoralizes and causes people to resent you, not respect you. Give encouragement and genuine appreciation, you will get positive results.
  • Listen and show interest in others if you want to be liked and respected.
  • Telling people they are wrong could turn them against you. Lay down your weapons and don’t argue.
  • Ask questions and you could gain common ground with others.
  • Let others take the credit; results matter more than you being recognized.
  • Strive for empathy and you can win hearts and minds.
  • Take into account that people are more motivated by self-interest if you want to persuade them.
  • Cultivate feelings of loyalty and gratitude by letting others save face when they fail or make a mistake.
  • Verbally compliment by acknowledging people’s potential and they will perform better.

No Negotiating!

After Colonial Pipeline (paid $5 million), JBS Foods, and some hospitals were hit by ransomware, the Biden administration has asked companies to be alert and do their part to prevent these attacks.

“A memo to business leaders said the administration is working with allies to shore up defenses, disrupt hacking networks and hold countries accountable if they harbor criminal organizations responsible for ransomware attacks.”

https://www.washingtontimes.com/news/2021/jun/3/white-house-companies-do-your-part-prevent-ransomw

Today’s announcement from the White House:

White House pushes for companies to take ransomware more seriously after high-profile cyberattacks – CNNPolitics

This is an excellent feature showing how ransomware evolved and why not to pay the ransom. Paying leads to a ~80% chance of a repeat ransom:
https://www.newyorker.com/magazine/2021/06/07/how-to-negotiate-with-ransomware-hackers

Attack or not attack?

I know some say we shouldn’t use the phrase cyber attack at the risk of hyperbole (This public service website lets you see whether an event in the news is a cyber attack The Colonial Pipeline Ransomware Incident | Is This a Cyber Attack?), but I think there is not enough alarm sometimes. Here’s another big one: https://www.washingtontimes.com/news/2021/jun/1/jbs-usa-major-meat-producer-reeling-from-organized

What’s your opinion, is there enough education for the general population for cyber?

Gadgets 06/02/2021: Oura ring, versatile projector, cycling nav, great Fathers Day tool, camping bug killer

My new tech days are comprised of today’s deals and then upcoming tech that I think kewl.

This has over 12K high ratings, with support for PC/laptop, TV, smartphone, camera, USB, amp, tripod and games:
https://www.amazon.com/Projector-Video-Projector-Multimedia-Compatible-Smartphone/dp/B07MTCMHZX

I like the community aspect of this:
https://www.kickstarter.com/projects/ridebeeline/beeline-velo-2-better-cycling-routes-navigation-and-tracking

All in one tool for Father’s Day, with the hammer as a great addition:
https://www.amazon.com/Daughter-Christmas-Birthday-Stocking-Multitool/dp/B08CZKSZ79/

My sister and her boyfriend have these. Low weight and size of a regular ring with a some cool functionality:
https://ouraring.com/product/balance-black/step1

I know this isn’t exactly a new product, but I do still want to try one:
https://www.amazon.com/AGS-Wireless-Projection-Bluetooth-Smartphone/dp/B00MR26TUO

I need to go camping again:
https://www.amazon.com/Thermacell-MR-BPR-Backpacker-Mosquito-Repellent/dp/B077ZMVMGD

Some Common Grammar Errors #2

Finished reading the grammar book.

ADJECTIVESADVERBS
EasyEasily
GoodWell
QuickQuickly
SlowSlowly
RealReally
A predicate adjective is in the part of the sentence after the verb (predicate):
WRONGCORRECT
I feel badly.I feel bad.
DUE must be a predicate adjective.
WRONGCORRECT
We were late due to the tire failure.We were late because of the tire failure.
OR Our lateness was due to the tire failure.
PRIOR TO – Prior must also be a predicate adjective.
The letter came prior to the box.The letter came before the box.
OR The arrival of the letter was prior to the box.
SENSORY VERBS
Sensory verbs (“look,” “taste,” “smell,” “feel,” “appear”) oftentimes can be either an adjective or an adverb.

WRONGCORRECT
She looked differently when she returned.She looked different when she returned.
LINKING VERBS do not refer to something the subject does or experiences, but link the subject to other words, e.g. “to be,” “seem,” “became,” “turned,” “grew,” “proved.”
She became strong and quiet.
Harry proved steady and consistent.
-OTHER ERRORS-
WRONGCORRECT
This is the reason why I am reading.This is the reason that I am reading.
What did you paint the house red for?Why did you paint the house red?
Where is the dog at?Where is the dog?
I was angry at my sister.I was angry with my sister.
He is not as tall as his dad.He is not so tall as his dad.
OR He is as tall as his dad.

Gadgets 05/20/2021: Fingerprint sensor lock, portable car powerpack, ENABOT, WattAnt power station

My new tech days are comprised of today’s deals and then upcoming tech that I think kewl.

These seem good, but I wonder how accurate they are. Sometimes the fingerprint functionality is a little sketchy.
https://www.thegrommet.com/products/benjilock-fingerprint-sensor-lock

This is sweet. I used to have a car powerpack that eventually died:
https://www.thegrommet.com/products/junojumper-junojumper-ii

ENABOT created the EBO, a smart companion that allows you to communicate remotely with it to interact, communicate and connect with your entire family, including your pets.
https://www.kickstarter.com/projects/enabot/ebo-your-smart-and-interactive-family-companion-robot

WattAnt is a quiet power station with interchangeable batteries.
https://www.kickstarter.com/projects/wattant/wattant-innovative-power-station-with-swappable-batteries

Some Common Grammar Errors #1

Been reading a book on grammar.

1. Predicate Nominative is a noun or pronoun which is 1) located in the predicate (the sentence from the verb onward), 2) usually follows the verb “to be,” and 3) always renames the subject. Other names for the predicate nominative are subjective complement and predicate noun. When a pronoun is serving as a predicate nominative it must be in the nominative case.

Ex: It is I. That was Jane. This is him. That must have been he.

2. Object of a Preposition must be in the objective case. Pronouns serving as objects of the preposition must be objective case.

Ex: Incorrect – Between you and I this should be an easy game.
Correct – Between you and me this should be an easy game.

3. Subject of an infinitive is always in the objective case. Pronouns used as subjects of an infinitive must be in the objective case.

Ex: Incorrect – It was I who he wanted to come.
Correct – It was I whom he wanted to come.

4. A noun/pronoun used in apposition takes the case of the noun/pronoun with which it is in apposition.

Ex: Incorrect – The winners, Jack and her, treated the losers, they and we.
Correct – The winners, Jack and she, treated the losers, them and us.

5. If a gerund is modified by a noun or pronoun, the noun or pronoun needs to be in the possessive case if it stands for a person.

Ex: Incorrect – Mother objected to Jack talking.
Correct – Mother objected to Jack’s talking.

6. Maintain consistent use of tense.

Ex: Incorrect – Last year when I am up in town, she tells the boss a lie.
Correct – Last year when I was up in town, she told the boss a lie.

7. Don’t confuse the present perfect with the imperfect (past).

Ex: Incorrect – Did Jackie bring the car back yet?
Correct – Has Jackie brought the car back yet?

8. Errors in use of subjunctive mood. Correct usage is 1) with the expression of a wish or 2) to express a condition contrary to fact.

Ex: Incorrect – I wish I was as tall as my brother.
Correct – I wish I were as tall as my brother.

Incorrect – If Jackie was here now, she would show you how to cook.
Correct – If Jackie were here now, she would show you how to cook.

9. False conditional – If the conditional mood is to be used correctly, a condition contrary to fact must be involved. If no such condition is really present, the you have a false conditional.

Ex: Incorrect – Every day when I arrived, she would be in her chair.
Correct – Every day when I arrived, she was in her chair.

Gadgets 05/13/21: Solo emotional radio, Wireless charging with seek, new Amazon Echo Buds, Bar Mat, Bike lights!

My new tech days are comprised of today’s deals and then upcoming tech that I think kewl.

Uniform’s Solo takes a pic of you, sends that pic to a API that analyses your face’s emotion–which in turn sends that emotional rating back to Spotify’s emotional valence reading for choosing music: “Solo highlights an AI capability called atypical feature recognition.”
Solo is the smart + emotional AI radio « Kurzweil (kurzweilai.net)

I make a mess with my coffee area and this is a great mat, just like bartenders use:
Highball & Chaser Premium Bar Mat 18in x 12in. 1cm

Moving wireless charging from a distance with auto-seek!
GuRu Technology Sampler on Vimeo

I bought these for the Strand and Fiesta Island bike trails. Very cool USB charging and easily detachable.
Ascher USB Rechargeable Bike Light Set

Amazon’s redesigned the second-gen Echo Buds: 20 percent smaller, two grams lighter: “Four sets of tips and two sizes of wings give you several options to find the best fit. Plus, Amazon put an ear tip fit test inside the Alexa app so you don’t have to wonder if you’ve made the right choice.”
Amazon Echo Buds (2nd gen) review

 

Model Threats, Apply Controls, Assess, Repeat.

You cannot have 100% security or zero risk. So protecting your digital assets and privacy are never perfect either. Business goes on and you have to accept some level of risk on the internet (and in real life). You need a level of security that fits your needs, security controls that will vary according to your acceptance of risk.

  1. Start with a list of assets you want to protect, e.g. a laptop.
  2. Determine what are the threats to those assets, e.g. theft or compromise.
  3. Determine the consequences of a successful attack/loss/compromise of assets (including privacy or anonymity), e.g. damage to reputation or identity.
  4. Select and apply security controls, starting with greatest risk, e.g. a hardware lock for the laptop, encryption of data at rest on the laptop, or using a VPN connection to protect your online activity on the laptop.
  5. Do the controls work? And how well? e.g. verify encryption is working, update VPN settings, apply patches. If there are weaknesses in the controls, go back to (1).

Take These Steps With Free Packages

The Amazon (or other retailer) brushing scam is going around a lot today(mainly since July 2020). Beware if you receive free Amazon packages. Your customer info (name, shipping address, phone, etc.) could be exposed and scammers can create bogus reviews for themselves. Worse, the scammer seller could send illegal materials and you could be charged. There could also be financial implications for you.

  1. Change your passwords, especially for banking or credit cards.
  2. Check your credit card and bank account statements
  3. Report the scam to Amazon or to the other retailer

Decide the Security Levels You Need

Do you want anonymity, privacy, pseudonymity, or some combination—and for what digital resources?

How important are your emails? How much privacy should your identification have? Are you off the grid? (Or think you are?) Whether you realize it, your digital assets all have security settings to them and possibly to different levels.

The security triad is Confidentiality – Integrity – Availability. Concerning the confidentiality of a resource (such as a file or directory), you will determine what level of access to your content you’re OK with, what level each person or group you know should be assigned, and which content to keep secret as a whole.

Continue reading “Decide the Security Levels You Need”

Taskforce to tackle the ransomware economy

The Institute for Security and Technology (IST) put together [a] coalition teaming up more than 60 software companies, government agencies, cybersecurity firms, financial services companies, academic institutions, and nonprofits to combat ransomware problem. Among the members, Amazon Web Services, Center for Internet Security, Cisco, Citrix, CrowdStrike, Ernst and Young, Deloitte, FireEye, Microsoft, and government organizations including the U.S. Department of Justice, Europol, and the U.K. National Cyber Security Centre(NCSC).

This follows the January takedown of the Emotet botnet by the FBI and law enforcement in Canada and Europe. A similar coalition was unsuccessful in permanently taking down the TrickBot botnet in late 2020.

China hackers target Southeast Asia militaries

Bitdefender has reported that APT group NAIKON targeted military organizations in Southeast Asia between June 2019 and March 2021. With cyber-espionage and data theft as its goal, NAIKON used a backdoor named Nebulae and the RainyDay backdoor as parts of the attack:
“NAIKON is a threat actor that has been active for more than a decade. Likely tied with China, the group focuses on high-profile targets such as government agencies and military organizations in the South Asia region.”

The Hacker News has reported on Chinese hackers targeting military orgs specifically in Vietnam.

https://thehackernews.com/2021/04/chinese-hackers-attacking-military.html

I have long thought China needs more focus in security. I hope to have a feature based on the threats posed by the CCP and corporate actors soon.

FBI sends exposed addresses to haveibeenpwned?

Back in January,  Europol, the FBI, the UK’s National Crime Agency, and law enforcement agencies from Canada, France, Germany, Lithuania, the Netherlands, and Ukraine collaborated in the takedown of the Emotet botnet. Emotet included several hundred servers managing a botnet consisting of over 1.6 million computers and devices. Now the FBI has forwarded a list of exposed email addresses to the Australian-built service, haveibeenpwned.com.

Emotet has usually been distributed in high volume malicious emails. The emails ask receivers to click a link or open harmful attachments disguised as invoices, shipping notices, and COVID-19 information. Enabling macros will install the malware on the device. The really nasty stuff deployed via Emotet is ransomware.

Just type in your email address and click to see if your email is among this and other breaches. Scroll down and view the specific services exposed with your email address.