Insights For Success

Strategy, Innovation, Leadership and Security

websites

Useful websites you need to know about

GeneralEdward Kiledjian

In this article, we will share a few useful websites that can save you time or money.

WIFIMap

If you are traveling or running low on LTE data, there are always a dozen good reasons to connect to a local free Wi-Fi network (just make sure you use a VPN). WiFiMap is an app and website that allows you to locate free Wi-Fi networks.

The service (and apps) are free and supported by advertisements. The pro subscription costs $25US and provides offline access to the offline database as well as an ad-free experience.

The online version displays the WiFi networks, but not the password (the password is only displayed in the app). The passwords for most of these free hotspots should be posted upon arrival (think Starbucks, Supermarket, etc). This application offers the most comprehensive and user-friendly experience available, so you should download it.


HouseCreep


Suppose that you are looking for a new home, looking to book an airBNB, or visiting a friend in a different city. You are a curious individual by nature, and you are interested to find out what kind of secrets those buildings hide, particularly what kind of crimes have taken place there.

Housecreep offers a crowd-sourced list of noteworthy events that have occurred in that area.

Is There Any Deal

You can find great gaming deals on this site. In the example above, I was looking for a discount on a game called Rimworld.

The service is available for the USA, Canada, Brazil, China, Europe, Russia and the UK.


Down For Everyone or Just Me

There are times when a website you are trying to access does not function properly. The question that you should be asking is, "Does it work for others, or is it only not working for me?". The site answers this question. It could be an issue with you, your ISP, or your region if the site isn't down for everyone.

The site is simple to use with a clean interface.


Down Detector

The website above provides a simple working or not working answer. DownDetector provides a more comprehensive response, including historical issues, types of issues, and the regions in which the problems are occurring.

The DownDetector covers providers of Internet Services, Wireless Carriers, major internet services, and much more (e.g. Duke Energy, Spectrum, COX, Reddit, Apple, AWS, etc)

There is a Canadian and an American version of the site.


Pixlr Online Photo Editor

Pixlr://pixlr.com could be a useful tool if you need a basic photo editor from time to time. It is an online photo editor (Pixlr X for easy editing and Pixlr E for more precise editing). For most users, the free, ad-supported version will provide all the tools they require.

Tip: If you use a good adblocker plugin for your browser, it may prevent the ads from showing on the free version.


NameCHK

Imagine you have a great idea for a new product or service. You are aware of how important branding is, so you want to select a name that has not already been taken (domain, social media, etc.). NameCHK is a free service that allows you to check 30 domains and 90 social networking websites quickly and for free,

Please be patient as the search will take a few minutes.

Above you can see my search for Kiledjian


Fast Internet speed test

Hundreds of internet speed testing websites exist, but Fast.com is easy to use, reliable, and managed by Netflix. Visit the site and you will receive one of the most accurate speed tests on the internet within minutes.

That big number is your download speed. Click on the "show more info" button to see your upload speed as well.

Fast.com works on any device with a modern web browser (no installation is required).


ScreenShot Guru

Screenshot Guru allows you to capture high-resolution images from any website. You can use it to archive tweets, news articles, save an item's price for a pricematch, etc.

The advantage of this service is that it does not require the installation of special software or plug-ins. It is completely web-based, which means you can access it from any device with a modern browser (laptop, iPad, iPhone, etc.).

  1. Please click on the I am not a robot button and complete the captcha.

  2. Enter the URL and hit enter

  3. The site is picky, so ensure that you enter the entire URL, including "https://".

ManualsLib

ManualsLib is an online repository of product manuals. As I write this, they currently have 5291595 pdf files in their archive, and it grows every day.

In addition to the product manuals, they often have PDF versions of the other materials included with the original product at time of purchase.

As you can see, an example of their material for the Mophie Juicepack is above.

This is a free site for people looking for manuals for products they own.

The hidden danger of using the SkyRoam global WIFI Hotspot

GeneralEdward Kiledjian

November 25 2016 update at the end of the article. TL;DR the service is still vulnerable.

Since I traveled a lot in the past, I am always looking for new tech to make travel simpler,. easier or more enjoyable. Since smartphones are indispensable travel tools, I was very excited when SkyRoam was released and wrote several articles about it. 

But as a security guy, there is a hidden danger that I wanted to share with my audience. The danger is present even before you take your first trip and is related to how to you add day-passes to your account.

When you visit their portal, you are greeted with this login page

Notice that the page you are on is not encrypted

This means that anyone can easily intercept your username/password as you type it in. 

The page does not even temporarily switch to encrypted during the login. Everything stays plain text. This  is completely unacceptable on a modern web where WIFI attacks are easy and fast. Certificates to encrypt the connection are cheap and readily available (even free with services like LetsEncrypt) . So companies have no excuse not to encrypt the connection: its either incompetence or a complete disregard for the security of their users (in my opinion). 

I recommend you go in and delete your default payment info on file. To  do this, click on the Account tab and then choose payment options and delete it.

I have daypasses which I will consume but wont add any more due to their lax stance regarding security, particularly the security of my credit card and login information. Even the credit card entry page is not protected.

This is pretty bad and I'm not sure how Visa and Mastercard aren't intervening. To be transparent, I have tweeted this issue multiple times over the last 3 months. When I didn't receive a response, I called their helpdesk 3 weeks ago and told the agent to open a ticket. When I did not receive a confirmation email (about a ticket being opened), I opened another ticket myself with a screenshot and clear description a week ago. I never received a response and the issue was never fixed.

Look for alternatives

I am anxiously waiting for the arrival of the GeeFi global hotspot which is expected to provide LTE service for $9.99 with unlimited bandwidth. Based on everything I have read, I am relatively sure GeeFi will take better security precautions and will be a better custodian for my confidential information. 

November 25 2016 UPDATE

Some people messaged me that the site was protected so let me check

The login page is still unencrypted

Main account page still unencryped

When you visit the page to add a credit card, they show a lock logo while its loading 

but that entire page is unencrypted

Even though someone from SkyRoam promised the issue would be resolved (9 days ago), it is still unprotected and I therefore I would still urge caution.

What is Tor and should I use it

GeneralEdward Kiledjian

Image by Justin Mathews used under Creative Commons License

Ive written about TOR a few times but  I regularly receive emails from "newbies" asking me to describe what it is in general terms. That's what this article is about. To get things kicked off, let me share an important quote from everyone's favorite whistle blower, Edward Snowden:

I think Tor is the most important privacy-enhancing technology project being used today. I use Tor personally all the time.
— Edward Snowdem, TheIntercept, Nov 12 2015

In an effort to grab reader/viewer attention, every-time the media mentions Tor, it is usually done in the context of a report about the "evil" & "bad"  dark-web. The truth is Tor was created by the US State Department to help global activists communicate freely while in repressive locales. 

It takes all of the data leaving your computer (or coming back), creates bundle, encrypts each one multiple times to hard code the path it will take through the TOR network until it reaches its destination. Each node that receives a bundle destined for it, will unencrypt its layer of the bundle which tells it where to send the bundle next. This layered approach is why it is called The Onion Router. Each node only knows where it will send it to next, the receiving node only knows the previous node it came from,  which makes eavesdropping or de-anonymizing TOR much more complicated. 

Tor Hidden Services are what the media calls the Dark Web. Think of a Tor Hidden Services as a website on the Tor network. When using one of these sites, the request never leaves the TOR network (never touches the normal world wide web) so it is considered even more secure. 

You can use the TOR network to browser the Dark Web or to browse the normal regular everyday world wide web

Many popular sites, understanding the need and desire for a more private web browsing experience have started creating Tor hidden services for their popular websites (The Intercept, The Guardian, ProPublica, WikiLeaks, Facebook, etc)

Tor does make your browsing experience a little more complicated. First you will notice a drop is performance (i.e. pages load noticeably slower). This slowdown is a side effect of all of the encryption/decryption and the number of hops a packages is forced through to protect your identity. Some sites mark all TOR traffic is potentially malicious and constantly challenge users to "prove their are human" using CATPCHA or a very small group of sites block inbound TOR traffic completely. 

The easiest way to try TOR on a computer is to download the TOR browser bundle directly from the TOR project website. It is a customized version of the Firefox browser that is designed not to leak data and is configured to use Tor correctly.

If you are on an Android device, then I recommend you use to create the TOR tunnel then use their customized TOR browser called OrFox

I realize most people care more about ease of use (instead of privacy). I tried Anonabox hoping it would be a good hardware TOR solution but that didn't turn out too well. I am now waiting for the Invizbox and will review it when it finally ships (another delayed project).

I believe privacy is important. If you have questions, feel free to post it in the comments section or send me a note.

 

Related:

Would you like some malware with your dental cleaning?

GeneralEdward Kiledjian
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a law that was created to protect millions of working Americans and their family members with medical problems.
— American Cancer Society

Most working professionals have an association they can call their own. Dentists have the American Dental Association. The ADA represents 159,000 dentists across the USA and most received a "gift" recently in the form of a USB key with new dental codes.

It turns out of of the recipients is also technically competent and he decided to take a closer look at this "gift" (check out Mike's post on DSLReports.) Re-read that HIPAA description at the top of this post, it applied here.

He checked out the contents of this magical key and realized one of the files tries to open a bad bad webpage known for hosting malware (don't go here : http://ntkrnlpa.cn). Virustotal flags the site as bad. 12/67 detected it as badware day 1. When I asked VirusTotal to rescan the site for malware today, 13/67 detect it as bad. Symantec says the site contains threats. ScanURL recommends you not visit this site. So overall it is pretty safe (no pun intended) to assume this is a bad place and you shouldn't be wondering its streets alone.

The ADA says "some drives" contain malware and believes your antivirus should catch anything nasty on it or linked by it. Anyone involved in cybersecurity knows not to trust antivirus with their safety. Remember that out of 67 major antivirus vendors, only 13 today detect the site as malicious when it is known to be very bad. Antivirus is not a good replacement for good security hygiene. Obviously the ADA says if you haven't use this key, don't.

I don't want to be too harsh on the ADA. This isn't the first time "things" manufactured in China have been loaded as malware. In 2009, we had an outbreak of picture frames loaded with malware. 

Every time you add another step to a digital process, you add additional attack vectors and increase your risks. Instead of sending out USB keys, the ADA should have made the files available for download. By removing the USB key process:

  • sending files to the Chinese manufacturer
  • Infection is possible by the manufacturer of the USB keys
  • infection is possible by the company that turns the keys into promotional cards
  • infection is possible by the company that loads the content onto the keys using a duplication machines (which is likely how the ADA mailer was infected)

By making the files available for download, they reduce (but don't eliminate) the possible attack vectors. Additionally companies need to add much more stringent security controls around their digital product production process. I would also recommend that the ADA periodically sensitive its members on HIPAA, their obligations under HIPAA and provide guidance on good security hygiene. 

See how that webpage looked years ago

technologyEdward Kiledjian
Geocities website December 20 1996

Geocities website December 20 1996

The Internet Archive (link) was started in 1996 to catalog and preserve the web. Today it has saved 435 billion webpages and makes this massive historical collection easily searchable. the site is constantly updated with new snapshots and every couple of years the sites platform is upgraded to keep is modern and working. 

For those of us that have been on the web from very early on, there is something heartwarming and nostalgic seeing the early versions of Geocities, AOL, Compuserve and even Facebook.

There is also a business use to this site and it has to do with research and brand protection. Research because academics can use it to analyze historical changes to the web. The brand protection  aspect comes in because you can check what the domain name was used for before you bought it (porn site, medication sales, SPAM site, etc).

If you bought a site that Google considered questionable and was therefore blocked by the search giant, you can use their reconsideration form (link). 

So go and enjoy the web as it was and think of what the next generation will think of our current sites.

Kiledjian.com Feb 13 2003

Kiledjian.com Feb 13 2003