Project HoneyPot

Yea so like me I am sure all of you are tired of getting spammed. One of my projects is building a nice database of spammers so I can use it to protect my customers. Any ways I am listing public email addresses here that I don’t check so feel free to send your spam to these if you want. I will keep adding to this list constant. Got a good name send me an email and Il add it 🙂

spambox@vmits.com
honeypot1@vmits.com
adkins@vmits.com
kenbuone4984367@vmits.com

Contact our Honeypot department if you are
desperate to get blacklisted.

Projects I am currently working on

So since I have been looking for backup solutions I decided to start building my own Virtual Backup Appliance. I am currently building a system based on Ubuntu Server using ZFS for my back end data store. All of these backups will be sent offsite to Amazon S3 for storage. I will keep this project updated as I move along.

HAPPY NEW YEAR!!!!!!!!

Why the cyber attack on Sony has opened Pandora's box

Many of you I am sure have read all about the attack on Sony all over the news lately and them pulling a film over North Korea. See the film was not the problem it was the act of cyber terrorism that occurred and the way it happened that makes this an even bigger threat to the world we live in. The fact that Sony supposedly pulled the video is a successful attack in itself. Sony didn’t pull the video the movie theaters did for fear of supposedly being blown up. What is wrong with people are we all cowards and let the world dictate how we live? This simple cyber attack has just now revealed our weekness as a country and brought us an even bigger problem to our doorstep. The success of this cyber attack campaign by North Korea has now shown the world how to target Americas pockets and tap into our thoughts and control them for that matter through terrorism. Here we are worried about Afghanistan, Iran, Iraq and the Middle East for that matter when the real threats are occurring at our doorsteps by socially engineering attacks. Wake up America and prepare for an influx of attacks. I predict 2015 to be the dawn of a new age and a new type of war against humanity for that matter. Sony should distribute the video on its own across the web to make a stand and protect itself from humiliation. No one should be able to dictate who and what we can do. The big companies want net neutrality stomped on? Think about the bigger picture here. It all comes together and plays a big role in keeping the world movig forward. If anything this should be a wake up call and the who’s who of companies should be buying into net neutrality because that is a layer of protection in itself and that is my opinion on the whole matter. 

Anyone care to comment? Feel free to.  to

The power of iTunes and why I love making music

So as I have been looking around and writing to a few fans on Facebook and responding to emails, someone pointed out to me that a couple of my more chill out productions are featured on a couple of compilations. I have verified that this is the case and I can’t be happier. I produced these tunes back in 2010 and like most music it tends to take a while to get traction especially in the electronic music arena. This is why I love making music and why I keep doing it for the love and not the money, because let’s face it if you are making music because you think you are going to strike it rich you are dreaming. It takes a lot of hard work and dedication to even get your music listened to. For me I make music because it keeps me sane and frankly I can’t stand half of the stuff that is out there now. It all sounds the same and it’s jut a bunch of noise to me.  Anyways I threw a link up on here If anyone is interested in checking it out. By the way in case you are wondering I produce under the name EE2 (EE squared).

Thank you all to my friends and family for supporting my passion all these years. 
Best Chillout & Lounge Music 2014 – 200 https://itun.es/us/hhdC4

Why are large Tech Companies Coming out against Net Neutrality? Things that make you go Hmmm.

It’s interesting to see the names that are in the list of companies who are coming out against net neutrality. There is one major thing in common between all of them. They all seem to make networking technologies. You think maybe they are really doing this for a different reason to push their agenda’s and seizing the opportunity to sell more products, without Net Neutrality?
Comments?

Original Article:
Thank you to Eric Duquene for sending this over to me.

Google pushing for a more secure internet globally | Why installing an SSL is important

Google is recommending to warn people when they search the internet or when ever they visit a webpage with Chrome stating that this page is not secure. Considering that only 33% of the worlds websites are secure that is a huge step forward in combating internet security issues. How many of you have already been hit by credit card fraud? There are two types of people those that have been hit by fraud and those that have not been hit yet. I for one have experienced it numerous times placing orders online at websites that aren’t trusted. Nothing is worse than having to deal with credit card fraud or identity theft.

Microsoft has already disabled fallback to SSL 3.0. Recently, Microsoft announced SSL 3.0 fallback blocking. Starting February 10, 2015, the insecure SSL 3.0 protocol will be disabled for Internet Explorer 11 by default. There is no due date for complete SSL 3.0 removal from IE and across all Microsoft online services. Google has already removed support for the fallback to SSL 3.0 in Chrome 39, which was released in late November. TLS implementations should make use of TLS_FALLBACK_SCSV. It will be supported by Google Chrome and Google servers beginning in February 2015, and it is expected that there will be no compatibility problems.
SSL 3.0 fallback must be blocked on all levels due to POODLE attack, a vulnerability that allows an attacker to decrypt data transmitted between a user and a website if a vulnerable version of the protocol is in use. SSL 3.0 fallback support allows an attacker to force an HTTPS connection to a website to use SSLv3. Disabling support of the outdated weak SSL 3.0 protocol is sufficient to mitigate this issue.

Luckily for a small fee you can secure your website with a SSL certificate that can be purchased from Godaddy, SSLs.com or any other site that sells SSL certificates. SSLs.com has a deal right now for 75% off all their certificates. For a little more than $7.00 you can secure your website and your customers.

I would be happy to help anyone who is need of getting an SSL certificate installed for their website. Feel free to contact me and I will be glad to assist. I do not charge for my assistance installing SSL certificates.

DARPA is at it again turning the tables one more time with EXACTO

Wasn’t there a movie that came out in the 1980’s called Runaway? I remember this movie growing up as a kid and how intrigued i was by it. Correct me if I am wrong but wasn’t the gun in this movie programmed to kill specific targets? How scary is it to know that science fiction turns into reality. This technology will revolutionize the way wars are fought, and reduce friendly fire and casualties.I love technology, lets just hope its used for the right reasons and not another abuse of power.

 
Thoughts anyone?

 

PCI Compliance doesn’t have to be complicated

If you are like most companies out there and you accept credit cards I am sure you have either faced PCI compliance or will be sooner than later. In today’s world PCI compliance is a must have considering all of the credit card theft that happens on a daily basis. I recently had a client that kept failing PCI compliance testing for their credit card processing and when you do a lot of transactions like these guys do it can be a make or break situation. There are now fines being issued to non compliant companies. One of the best tools I have used out there and why I even love it even more is because it’s FREE yes a free PCI compliant testing tool. I like to use Hacker Guardian by Comodo. They give you 5 free scans and up to 3 IP’s to check against. In as little as 2 free PCI scans you can get your network for the most part 99.99% compliant to the industry standard.

HackerGuardian PCI Compliance Testing
HackerGuardian Free PCI Compliance Scanning

One of my picks of the year for up and coming stars. Bonobo is one to follow for 2015

I just can’t stop listening to this guys mix. He had me at the London Grammar remix of “Hey Now”
If your at work and coding away or just working on an annoying problem this mix will calm your nerves. Check it out.

Maintaining Windows Server 2008/2012 the easy way

The processes and procedures for maintaining Windows Server 2008 systems can be separated based on the appropriate time to maintain a particular aspect of Windows Server 2008/2012. Some maintenance procedures require daily attention, whereas others may require only yearly checkups. The maintenance processes and procedures that an organization follows depend strictly on the organization; however, the categories described in the following sections and their corresponding procedures are best practices for organizations of all sizes and varying IT infrastructures.

Daily Maintenance

Certain maintenance procedures require more attention than others. The procedures that require the most attention are categorized as daily procedures. Therefore, it is recommended that an administrator take on these procedures each day to ensure system reliability, availability, performance, and security. There are three components to daily maintenance:

  • Verifying that Backups are Successful. To provide a more secure and fault-tolerant organization, it is imperative that a successful backup to tape be performed each night. In the event of a server failure, the administrator may be required to perform a restore from tape. Without a backup each night, the IT organization will be forced to rely on rebuilding the server without the data. Therefore, the administrator should always back up servers so that the IT organization can restore them with minimum downtime in the event of a disaster. Because of the importance of the tape backups, the first priority of the administrator each day needs to be verifying and maintaining the backup sets.

    Although the Windows Server 2008 /2012 backup program does not offer alerting mechanisms to bring attention to unsuccessful backups, many third-party programs do. In addition, many of these third-party backup programs can send e-mail messages or pages reporting if backups are successful or unsuccessful.

  • Checking Overall Server Functionality. Although checking the overall server health and functionality may seem redundant or elementary, this procedure is critical to keeping the system environment running smoothly and users working productively. Some questions that should be addressed during the checking and verification process are the following:
    • Can users access data on file servers?
    • Are printers printing properly? Are there long queues for certain printers?
    • Is there an exceptionally long wait to log on (that is, longer than usual)?
    • Can users access messaging systems?
    • Can users access external resources?
  • Monitoring the Event Viewer. The Event Viewer is used to check the System, Security, Application, and other logs on a local or remote system. These logs are an invaluable source of information regarding the system. The following event logs are present for Windows Server 2008/2012 systems:
    • Security log. The Security log captures all security-related events that are being audited on a system. Auditing is turned on by default to record the success and failure of security events.
    • Application log. Specific application information is stored in the Application log. This information includes services and any applications that are running on the server.
    • System log. Windows Server 2008/2102–specific information is stored in the System log.

    Domain controllers also have these additional logs:

    • File Replication Service.
       Any events relating to the File Replication Service are captured in this log.
    • Directory Service. Events regarding Active Directory, such as connection problems with a global catalog server or replication problems, are recorded here.
    • DNS Server. Anything having to do with the DNS service is cataloged in the DNS Server log.

Weekly Maintenance

Maintenance procedures that require slightly less attention than daily checking are categorized as weekly procedures:

  • Checking Disk Space. Disk space is a precious commodity. Although the disk capacity of a Windows Server 2008 system can be virtually endless, the amount of free space on all drives should be checked daily. Serious problems can occur if there isn’t enough disk space. To prevent problems from occurring, administrators should keep the amount of free space to at least 25 percent. This should be verified through manual methods, or with the assistance of automated alerting software such as Microsoft Operations Manager (MOM) 2005.
  • Verifying Hardware. Hardware components supported by Windows Server 2008 are reliable, but this doesn’t mean that they’ll always run continuously without failure. Hardware availability is measured in terms of mean time between failures (MTBF) and mean time to repair (MTTR). This includes downtime for both planned and unplanned events. These measurements provided by the manufacturer are good guidelines to follow; however, mechanical parts are bound to fail at one time or another. As a result, hardware should be monitored weekly to ensure efficient operation.
  • Checking Archive Event Logs. The three event logs on all servers and the three extra logs on a domain controller can be archived manually or a script can be written to automate the task. You should archive the event logs to a central location for ease of management and retrieval. The specific amount of time to keep archived log files varies on a per-organization basis. For example, banks or other high-security organizations may be required to keep event logs up to a few years. As a best practice, organizations should keep event logs for at least three months.
  • Running Disk Defragmenter. Whenever files are created, deleted, or modified, Windows Server 2008 assigns a group of clusters depending on the size of the file. As file size requirements fluctuate over time, so does the number of groups of clusters assigned to the file. Even though this process is efficient when using NTFS, the files and volumes become fragmented because the file doesn’t reside in a contiguous location on the disk. To minimize the amount of fragmentation and give performance a boost, the administrator should use Disk Defragmenter to defragment all volumes. Disk defragmentation can be manually performed or automated with the use of third-party tools or scripts that run on a designated basis.
  • Running the Domain Controller Diagnostic Utility. The Domain Controller Diagnostic (DCDiag) utility provided in the Windows Server 2008 Support Tools is used to analyze the state of a domain controller. It runs a series of tests, analyzes the state of the DC, and verifies different areas of the system, such as connectivity, replication, topology integrity, security descriptors, netlogon rights, intersite health, roles, and trust verification. The DCDiag utility should be run on each DC on a weekly basis or as problems arise. For more information on the DCDiag utility, google dcdiag.exe.

Monthly Maintenance

It is recommended that you perform the tasks outlined in the section on a monthly basis.

  • Maintaining File System Integrity. CHKDSK scans for file system integrity and can check for lost clusters, cross-linked files, and more. If Windows Server 2008 senses a problem, it will run CHKDSK automatically at startup. Administrators can maintain FAT, FAT32, and NTFS file system integrity by running CHKDSK once a month or during regular server maintenance cycles. For more information on the CHKDSK utility, google running Chkdsk.
  • Testing the UPS. An uninterruptible power supply (UPS) should be used to protect the system or group of systems from power failures (such as spikes and surges) and keep the system running long enough after a power outage so that an administrator can gracefully shut down the system. It is recommended that an administrator follow the UPS guidelines provided by the manufacturer at least once a month. Also, monthly scheduled battery tests should be performed. Many third-party UPS products automate this type of functionality, or you can develop scripts to run this as well.
  • Validating Backups. Once a month, an administrator should validate backups by restoring the backups to a server located in a lab environment. This is in addition to verifying that backups were successful from log files or the backup program’s management interface. A restore gives the administrator the opportunity to verify the backups and to practice the restore procedures that would be used when recovering the server during a real disaster. In addition, this procedure tests the state of the backup media to ensure that they are in working order and builds administrator confidence for recovering from a true disaster.
  • Updating Documentation. An integral part of managing and maintaining any IT environment is to document the network infrastructure and procedures

     

     

Quarterly Maintenance

As the name implies, quarterly maintenance is performed four times a year. Areas to maintain and manage on a quarterly basis are typically self-sufficient and self-sustaining. Infrequent maintenance is required to keep the system healthy. This doesn’t mean, however, that the tasks are simple or that they aren’t as critical as those tasks that require more frequent maintenance.

  • Checking Storage Limits. Storage capacity on all volumes should be checked to ensure that all volumes have ample free space. Keep approximately 25 percent free space on all volumes.
  • Changing Administrator Passwords. Administrator passwords should, at a minimum, be changed every quarter (90 days). Changing these passwords strengthens security measures so that systems can’t easily be compromised. In addition to changing passwords, other password requirements such as password age, history, length, and strength should be reviewed.
  • Maintaining the Active Directory Database. Active Directory is the heart of the Windows Server 2008 environment. Objects such as users, groups, OUs, and more can be added, modified, or deleted from the Active Directory database. This interaction with the database can cause fragmentation. Windows Server 2008 performs online defragmentation nightly to reclaim space in the Active Directory database; however, the database size doesn’t shrink unless offline defragmentation is performed. Offline defragmentation of the Active Directory database can only be accomplished by taking the domain controller offline, restarting into Directory Services Restore Mode, and running defragmentation tools against the NTDS.DIT database file.