jump to navigation

The “Deep Web” in Tactics & Preparedness Magazine May 15, 2017

Posted by Chris Mark in cybersecurity, Uncategorized.
Tags: , , , , , , ,
add a comment

TacticsPrepDeepweb_smallDeveloped by the Naval Research Laboratory in 1994, The Onion Routing (TOR) protocol was originally designed to allow spies to communicate securely.  It is this protocol that ushered in the “Deep Web” which enabled Edward Snowden to bypass the NSA using an operating system called TAILS.  If you want to know more about the Deep web and how to gain access, please read my latest article in Tactics & Preparedness magazine.

Denver – Putting Illegal Criminals Ahead of the Lives of its Own Citizens February 20, 2017

Posted by Chris Mark in Uncategorized.
Tags: , , , , , , ,
4 comments

ever_valles_facebookOn January 30th, 2017 Denver’s Democratic Mayor Michael Hancock proudly proclaimed” “If being a sanctuary city means that we value taking care of one another, and welcoming refugees and immigrants, then I welcome the title,”8 days later, two known gang members (and illegal immigrants) who had been arrested…and released…by the Denver police killed a man.  On February 7th, 2017 Ever Valles (in Facebook pic to left..still up) and Nathan Valdez attempted to rob and ultimately murdered 32 year old Tim Cruz at a light rail station.  So why do I care?  According to reports: “Ever Andres Valles, 19, a citizen of Mexico, was encountered by ICE via the Criminal Alien Program following his arrest on local charges in October 2016,” According to ICE: “At the time of his arrest, ICE placed a detainer with the Denver County Jail. The detainer wasn’t honored, and he was released by the jail Dec. 20, 2016, without notification to ICE. Valles is a known gang member whose gang history is documented in the Colorado gang database. Due to his criminal history and gang affiliation, Valles is an ICE immigration enforcement priority.”  So what was the Denver Police Department’s response? They claim that they did, indeed notify ICE prior to releasing Valles.  Is this true?  Possibly, in a technical manner.  If  you look at the Fax (yes Fax) produced by the Denver PD as ‘proof’ of their efforts  you will notice that the Fax was sent at 11:35 PM on December, 20th, 2016.  According to ICE, Mr. Valles was released on December 20th, 2016.  So…the Denver PD FAXED a document to ICE 25 minutes before midnight to inform them that a dangerous felon was about to be put back on the streets.  In defense of their actions the Sheriff’s department did defiantly add: “We are part of the criminal justice system and do not hold people on civil matters,”…I am sure that helps Mr. Cruz’ family sleep better at night.  It is this ignorant, self serving attitude that ultimately cost the life of Mr. Cruz.  If you are so inclined, you can contact Mr. Hancock here:

https://twitter.com/MayorHancock

https://www.denvergov.org/content/denvergov/en/mayors-office/contact-the-mayor.html

*for those wondering why I changed the title…in reflection it occurs to me that this does not occur in a vacuum.  The Mayor alone did not create this situation.  As such, it is Denver’ government and not solely the mayor…

Yamaha FZ09 Review – WOW!..Awesome bike! January 27, 2017

Posted by Chris Mark in Uncategorized.
Tags: , , , , , , ,
add a comment

fz09_25Those who know me know I love motorcycles.  I have had everything from Ninjas to Buell’s to Harleys to Enduros…after my son was born I sold my highly modified and beloved (and fast) XB9SX (at right).  xb9_25

A few weeks ago I decided to buy another motorcycle.  After a lot of online research I decided upon Yamaha’s FZ09.  Since I am a speed junkie I figured a 900cc (well..850) streetfighter would be sane enough for me to ride without too much temptation to speed.  The price was right and the bike looked cool, as well.  I found one in Austin, TX and headed out to pick it up.  After 3 weeks on the bike (and over 400 miles) here is my review.

  • Power/Engine?  Yamaha claims about 115HP at the crank and roughly 70ftlbs of torque at 11,500 rpm. Stock Rear wheel is about 105HP.  With a full race exhaust and ECU tune, most are getting about 115hp at the rear wheel.  The bike is geared short for street riding and, as such, it has a ton of low end power.  The power curve is linear from below 2K all the way to the 12,500 RPM.  The power is smooth, and controllable.  It is aided by a 3 setting engine control setting.  A- max power or “track mode”, B- is a lower powered mode used for rain and around town.  Std Mode is good for street riding and around town.  You can switch modes on the fly.
  • Fun Factor?  That thing is FAST!…That motorcycle absolutely rips from 0-120!  Claimed 2.7 second 0-60 and 7 seconds from 0-100.  The upside?  Wheelies…wheelies everywhere!  Wheelies when you want them…wheelies when you don’t…grab too much throttle?  Wheelies.  I did  not realize the acceleration when I bought the bike.  The flat plane crank triple has tons of torque and makes this bike rip.  This bike is the most fun I have had on a motorcycle.  It sounds awesome, as well!  Here is a great video of a rider pulling a wheelie on his FZ09 at 100mph.

  • Handling? At only 414lbs in stock form and wet the bike is light, nimble, and well balanced.  It is very easy to flick this bike through traffic and keep a line around corners.  Yamaha claims a 51 degree lean angle.  While I have not yet scraped a peg on the bike, I can say it does lean tightly.  With an upgraded exhaust and some other changes my bike weighs in at less than 400lbs dry.  It is very narrow due to the 3 cylinder engine and flicks well through twisties.  Unfortunately, the suspension is not great and the front end tends to dive in hard braking.  The rebound and damping are limited, as well.
  • Beginner’s bike?  It is NOT a beginner’s bike!  Read #1.  While only about $8K new, it is a wolf in sheep’s clothing.  This bike will punish you if you are not careful.  I would NOT advise a new rider to get an FZ09.  If you are not careful on the throttle or you dump the clutch you may find yourself bouncing down the road on your rear end with the bike on top of you.  In a corner, too much throttle and you may find yourself sliding out in a low side (if you are lucky) or being launched through the air from a high side if you are unlucky.  As a writer from RevZilla said: “It’s the best thing ever!”…“It’s absolutely incredible and blows everything else like it out of the water, and that’s before you factor in price. It’s also basically un-rideable and feels like it could be trying to kill me.” (Video below is a high side by not an FZ)

  • Safety? – The 2017 FZ09 comes with Anti-Lock Breaks and Traction Control which should improve the nasty tendencies.  I have never ridden with ABS or TC so I don’t think I am missing much but for less experienced riders, I have little doubt that the additions will help in the safety department.

Overall impression?  Most fun I have ever had on a bike.  Best bang for the buck and an amazing motorcycle.  Yamaha hit it out of the park with the FZ family.

A Lesson on Losing by Dominick Cruz – Former Bantamweight UFC Champion January 20, 2017

Posted by Chris Mark in Uncategorized.
Tags: , , , , , ,
10 comments

In light of the responses to the recent presidential election and the bombardment of media commentary and celebrities acting like petulant children who lost at a game of checkers, I felt it was appropriate to post a very insightful interview by a classy fighter.  Dominick Cruz has been a top tier fighter for over 10 years and was a two time bantamweight UFC champion until his recent loss.  During the interview Dominick showed immense class when asked about his loss.  This is a lesson for us all and for our children.  As Mr. Cruz so eloquently states: “Loss is part of life.  If you don’t have loss you don’t grow. This (losing) isn’t tough…this is life.” 

SwimOutlet.com Breached in 2016 – 51 days later..and after the holidays…we were notified. January 19, 2017

Posted by Chris Mark in Data Breach, Uncategorized.
Tags: , , , , , , , , , , ,
2 comments

swimoutletnoticeThis is a post to notify those who may be affected.  Yesterday I received the following letter in the mail.  It was sent in a nondescript envelope and nearly discarded as ‘junk mail’.  Upon opening the letter I was shocked to read that my wife’s credit card data appears to have been compromised at SwimOutlet.com.  It should be noted that the same infrastructure is used by YogaOutlet.com.  In reading the letter provided to the State of Oregon’s Attorney General, it appears that over 6,200 Oregon residents likely had their data stolen.

Within the letter there is a curious statement that says: “The information at risk as a result of this event includes the cardholder name, address, phone number, email address, card number ,expiration date, and CVV.  For those in the credit card industry the inclusion of CVV is very troubling.  Under the card brand operating regulations and PCI DSS standard, it is prohibited for a merchant to retain CVV subsequent to authorization of the charge.  This particular type of data (actually the CVV2 or equivalent data) is what is needed to authenticate a transaction.  In short, the likelihood of fraud increases exponentially when a criminal captures CVV2 type data.  It is certainly curious that this ‘prohibited data’ is listed as an element that may have been stolen.

In reviewing the SwimOutlet.com website I notice a conspicuous absence of any form of notification on their website.  Their blog is filled with helpful tips on swimming better and eating better but there is no mention of the fact that their user’s credit and/or debit card data was stolen.  A review of their Facebook page has the same conspicuous absence of any notification or information.  Their Twitter feed is also absent of any information.

If one looks at the timeline of events, there are some disturbing (to me, at least) items.  On October 31st, 2016 SwimOutlet.com “…began investigating unusual activity reported by (our) credit card processor.”  On November 28th, 2016 SwimOutlet.com received ‘confirmation’ that their systems were ‘hacked’ yet the notice states that data may have been compromised as late as November 22nd, 2016.  I have been involved in numerous data breach investigations and incidents.  “unusual activity” notifications by credit card processors are ‘notifications of fraud’.  This is a major red flag that the merchant HAS been breached.   The notice then provides a qualified statement in saying that the beach: “…may have compromised some customers’ debit and credit card data…”  Again, if notified by the credit card processor then the data ‘may not’ have been compromised it almost certainly was compromised.

What is most disturbing to me is that SwimOutlet.com had confirmation on November 28th, 2016 that they were breached.  They had confirmation as early as October 31st, 2016 of ‘unusual activity’ yet chose to wait until AFTER the holiday season to notify affected consumers.  Criminals are not stupid.  They steal credit card data before the holidays to be used over the holidays when the fraud systems are often ‘detuned’ by retailers and the volume of transactions creates noise in which fraud is often harder to identify.  By waiting until January 12th (we received the letter on January 17th, 2017) it created a situation in which we were blissfully unaware that our data had been breached.  If we had been notified before the holiday season, we could have cancelled the card immediately and been saved the inconvenience and possible cost associated with this situation.

In the notice SwimOutlet.com does: “…encourage (me) to remain vigilant against incidents of identity theft and fraud.”  This would have been sage advice BEFORE the holiday season.  It begs the question why a major online retailer would wait until after CyberMonday and after the holiday season to notify of a breach?

Finally, SwimOutlet.com reassures the recipient that “We take the security of our customers’  information extremely seriously…” and that: “…you can safely use your payment card at http://www.swimoutlet.com”.  In light of the method and delay of notification I am going to personally take my business elsewhere.

%d bloggers like this: