Skip to main content


Gonna Get You Sucka

So my 3rd grade daughter writes a note at the beginning of the year (last year). It says "I am coming to get you," and it's just a joke note as a group of the kids are doing this. They're young, 2nd graders, and they do dumb things. Zero tolerance is the policy at the school so she has to write an apology and go visit the principal's office and I had to pick her up from school. She's scared and crying. Another kid also writes a note, a boy, and he gets the third degree too. I looked at her cohort and he was mortified. He was 8.

Today, Alfonso Nevarez a Democrat legislator from Texas [1] makes a similar verbal claim that he is going to "get you" to a fellow legislator. What happens? He gets on CNN and denies it [2].

Apparently we hold our grade school children to a higher standard of behavior? Maybe the standards of behavior are lower in Texas. I won't speak for Texans, but if he were a California rep we'd be asking for his removal.

[1] https…
Recent posts

TLS 1.2 and PCI

As you may know, the payment card industry is moving quickly to adopt TLS 1.2 and get rid of less secure protocols.[1] To this end, Authorizet.Net has turned off TLS.1.2 on its sandbox environment as of April 30, 2017. [2]

The curious part about this change is how it impacts the developer world. We have some older projects built using VS2010 (msbuild) and old web deploy projects. Up until April 30, we could build those with .NET 4 and VS2010. So we happily and blindly did that, until May 1.

Starting May 1 we started to see those pesky communication disconnection errors. Darn, what is that? Well, that's the TLS 1.2 requirement in sandbox. So we apply the fix and discover that .NET 4 does not have the TLS 1.2 enum SecurityProtocolType. Well, double bummer.

When we move on to .NET 4.5.1 to get that SecurityProtocolType.Tls12 we discover that we can no longer use VS2010 msbuild. Why? Because that old VisualStudios can't build .NET 4.5.1. [3] How fun is that?

With one change from a…


Looking at a picture of my mother laying in her hospital chair taking her chemo medication makes me think about cyber. Our bodies are a network of connected computers. Blood and lymph are the communication channels that relay information between these computers. The mainframe, of course, is your brain, which is another highly connected network of computers.

When cancer invades it starts by infiltrating a system. The system is homomophic usually, which makes it easier for the cancer (cyber infiltrator) to gain its foothold. Sometimes the infiltrator moves fast and runs through multiple systems wrecking havoc. Yet there are those infiltrators who move slow, learning each system as it goes slowly through the entire system. Nonhodgkins Lymphoma is that slow hacker. That's what my mother has. She's had this for a very long time. Mostly ignored by her "doctors" 8, 12, maybe 30 years ago, finally they see the infiltration and recognize the need to respond.

Once the cancer b…

EzLynx Splunk regex

Looking to extract the EzLynx app and quote IDs from those referrer URLs in splunk?

Use this regex:


I still take coffee as payment.

Password Insecurity

I tried to change my password today on a contractors portal. My password is 20 characters long. It's pretty strong as far as I am concerned. So I enter a new one and what do I get?
The password does not meet the minimum requirements: password length cannot be less than 15 characters and greater than 50 characters and password must have 1 character of each of the following character types: upper case letter, lower case letter, number, symbol. In addition, your new password must be different than the previous 10 passwords, must have at least 4 characters different than your most recent password and cannot be changed more than once in 24 hour period.
That's a long message saying my password is not secure. What is particularly interesting?
must have at least 4 characters different than your most recent password 
Yup, that's the fun statement that says all passwords on this system are reversible. Maybe they use CryptDB [1]? I don't really know, but I highly doubt it. Yet, all…

Whiskey Tango Foxtrot

Today is one of those Whiskey Tango Foxtrot kind of days. I've been tracking a real November Sierra since December, and even reported it. I figured it was a bug, so I submitted it to the security folks. Their response? "We're not the team for this problem." ok.

Now today I see two data points, one weird-o one-timer kind of probe. Yup, for real, a solo IP in the gigabytes of logs that my splunk eats. Yet this IP correlates with another IP that has been on my radar.

So I get out my splunk and pull a "deny" query on this IP. Not only does it generate IPS hits from my desktop, outbound to destination, but I see inbound activity from this IP (also denied, of course).

(2017-03-29T17:56:44) firewall:msg_id="3000-0150" Deny1-Trusted0-External9840tcp2064 [desktop_ip]

Sprint and Asterisks

You can't use an asterisk in your password for Why? Because they use a regular expression test to validate the password field. The regex will fail with an uncaught exception if you put in an asterisk.

There's more though. I've seen so many sites that throw errors because their admins are not on the ball:

external_forgot_password.jsp?INTNAV=TopNav:SignIn:ForgotPassword:1 XMLHttpRequest cannot load No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin '' is therefore not allowed access.
The Access-Control-Allow-Origin header is an easy fix. Why a company like Sprint hasn't gotten around to that is incomprehensible. 
There's more, because still uses old-skool sync XMLHttpRequest:
sprint.common_all.js:170 Synchronous XMLHttpRequest on the main thread is deprecated because of its detrimental effects to the end us…

Stealing $92

We cancelled our 401k with Paychex. As someone with money in that 401k I had to move the money out, eventually. First they wanted me to open a new IRA with their 401k management service. I declined.

Then I started to get the bills for keeping my money in their account. $92.50 each month. Since January that's now $277.50 sucked out of my 401k money for the right to sit in an electronic account on a virtual server.

Their justification? It's the $133 401k participation fee (discounted, though).