You are currently browsing the category archive for the ‘Internet’ category.

Because I tire of looking up each time when I need to send a test message, I am adding this here for a quick reference.

Commands are bold
data is italics

telnet servername 25

helo somename

mail from:[email protected]

rcpt to:[email protected]
rcpt to:[email protected]


subject:your subject information here

Body stuff goes here and here and here, etcetera, etcetera…


In case you aren’t aware, you terminate an SMTP email with a period by itself on it’s own line.  That is not a typo.

Of course now that I think about it, I will have to look this up as well, Google is probably faster.  🙂


The other day our microwave quit working.  It was 10 years old, I wasn’t heart broken.  It is an over-the-range style microwave where there is just barely enough room above the range for tall pots.  To start my search for a new appliance I started looking at the local stores: Lowe’s, Menard’s, Home Depot, etc.  Our current unit is broke, it will be good to pick one up today and get it installed.

I quickly found out that microwaves seem to be bigger these days.  Most of the models are taller and deeper than our current model.  As I said earlier we are tight on space as it is, so a bigger appliance isn’t a great idea.  It’s not surprising the broken model is no longer made, thought there are similar models and they are basically the same size!  There we go I have found the model we are looking for.  Online inventories says they have one at Lowe’s and Menard’s, so off to Lowe’s we go.

I packed up the family and drove down the street to Lowe’s.  We get there, wait around for someone to be available to help us, and find out that they actually don’t have that model at the store.  Ugh.

We go back home and I leave solo to Menard’s.  The wait is longer at Menard’s.  There seems to be no workers around the appliance area.  The sign of no commissions I assume.  As I look up and down the isles I see the exact model we are looking for. This is a great sign. I continue to wait and wait.  Finally someone comes by who doesn’t work in appliances but offers to help anyway (thank you).  No units on the shelf and the computer says they have one, the floor display.  Damn.  There are two at the Morton Grove store, too bad that is 16 miles away through city traffic.  No thank you.

Sitting in the parking lot I do a quick search for the model on line.  I find one at good store for the same price as the local ones.  People always say to support your local communities , etc. so what the heck, lets stop at a few places on my way back.  Needless to say nobody has them in stock.  Many have display units and can order them, but none in stock.

This is just silly, why would I order this appliance from a local store, which comes to a higher total cost after tax and “brick and mortar” charge, when I can just order it online myself.

All in all, I probably spent two hours (on my solo trip) trying to find an appliance and found nothing.  To me that seems to be a great fail and a large reason why the local stores cannot stay in business.  It is just costs too much to keep a bunch of stock on hand.  What would be a better business model for say Sears, is, no, sorry we don’t have any right now, let me order one from our warehouse and have it shipped to your house for the same price listed here.  You should have it in three days.

Much better customer service.  I don’t want to order something, wait eight to fourteen days, and then also make my way back to the store.  A model like this doesn’t work any longer and the stores need to learn this.  You need to embrace online sales, make them part of your overall delivery method.

People still love to walk around stores, touch and feel the products.  Stores can’t remain competitive with all of the overhead required to keep these stores open.  So their business models need to change.  If any one of the stores I went to today would have given me the option to order and receive the unit in the mail, I would have done it and saved myself a bunch of time too.

The stats helper monkeys prepared a 2012 annual report for this blog.

Here’s an excerpt:

600 people reached the top of Mt. Everest in 2012. This blog got about 8,000 views in 2012. If every person who reached the top of Mt. Everest viewed this blog, it would have taken 13 years to get that many views.

Click here to see the complete report.

You Just Can’t Secure Them

As I dig deeper into IT security and am exposed to more and more about security I can’t help to think about things from a security point of view.  It is getting to the point where the security point of view to something is my first point of view.

As usual this time of year, I am involved in a lot of different audits and reviews.  While going through a clients requirements for their vendors I started to think about mobile phone.  Not any in particular, but all of them in general and how much the space has changed over the last five years.

What I am really curious about is why nobody seems to be leading the enterprise space for mobile phone and devices.  Sure it seems iPhone is taking over and are a huge presence in corporate environments; though from a security point of view its all a scary proposition.

What is missing is the ability force policy and lock-down mobile phones and devices.  I can’t set policies to say, all phones must have a password, and that password must be at least six digits long.  Sure these parameters can be set from the phone, but not being able to centrally control this stuff is a big fail.

Now Windows phone 6.5 was a big piece of crap, I know this, but what it had that most others do not is the ability to set policy on the phone from active directory.  Exactly what you need to do in an enterprise.  If you are running a Blackberry server you have some good controls around the phone, though I know fortune 500 companies who are dumping their BES servers for Blackberry Express Servers because it’s just too much money to maintain the BES server for an ever-dying space.

I guess I understand why Microsoft jumped after the consumer phone space, wanting to jump on iPhone bandwagon, but they left a huge space untapped.  I saw a tweet today that only 6% of Chinese have cell phone, and what a space to get into.  I guess there is a lot of potential there, but personally I find it easier to make money closer to home, and here in the States we need enterprise class phone.  Top functioning iPhone, Windows Phone 7 class phones with a solid ability to set policies on them and restricting users from overwriting those policies.

I am not sure who will be first but I can’t wait.  Whomever it is, they will produce billions in revenue, billions.

Perhaps what needs to be done is not rely on the phone development companies but third parties to develop controls for mobile phones, so a whole gamut of phones can be locked down by central policy.  The company would need to build apps for the different phone types and be able to lock those apps down so they cannot be uninstalled by users, or if they are the needs to auto-wiped at the same time.

It’s not horrible that phone development companies are concentrating on the user experience, there are a lot of really great phones being produced.  Someone needs to move on the security space around these phones as the continue to infiltrate deeper and deeper into corporate America.

A Software Application Idea

I work in a Windows world, so this idea is from a Windows Server view. Build an application which installs in active directory which allows you to register users phones with their user accounts.  On the phones an application is installed which is used to force the policy on the phone.  I wonder if there would be issues controller password, and other security aspects of a phone.  Meaning, will the manufactures allow you access to those parts of the phone with their SDKs.

Load the application on the phone, register the phone with AD and allow the system to lock down the phones based on the policies you have set.  As long as the application is found on the phone (plus verification through certificates) the phone may be used and send/receive email, etc.

If the application is removed from the phone, the phone is auto-whipped.  This application can also provide encryption services for the phone.  PGP verify emails on your phone anyone?

This can’t be an original idea, but I do like it.  It is a great way to allow the phone development companies to concentrate on UX and someone else enterprise security.  Hardware support for this would be useful too.

Tell me what you think of this idea, or if it already exists, point it out to me, I would love to check it out.

3/11/2012 Update:

So my new employer is using a company for this exact purpose,  Good technology which interacts with the companies Exchange server instead of the phone.  It allows the removal of service without having to wipe everything on the phone when an employees leaves.  To me not a great solution, but a solution nonetheless.


█ ███ ██████████ █ ████ ████████████ ██████████████████  ███████████████ ██████ ████████████████████   ███████   ██████ ████ ██████████ ███████████████████████

████████████████████ ████████ ████ ████ █████████ ███ ████ ████████ ████████████ ████ █████ ██████ ██████████ ██ ███ ████ ███████ ███ ████ ██ █████ ███ ███ █████ █████████ ███████████ █████████████████ █████ █ █ █ ████ ███ ████ ███ ██████ ████████████  ██████  ███████████ ███████ ███ ██████ ███ █████ ██ ████████████ █████ ██████ ███ █ ███████████ ███ ██ █████ ██ ████ ███ ██████ ███████████ █████ ███ ████████ █████ ███ ███████ ██████ █████ ██ ████ ████████ █████ █████ ███████ ██ ███████ ██ ████████ ████ ██████████ █████ ██████████████ █████████ ██████ █████ ███████████

████ █████ ████████ ████████████████ ███ ███████  █ █ █ ██ █████ ███████ ███████████ █████ ███ ██████ ██████████ █████████ ████████ ████████ ███ █████ ████████████

██ █████ ██████ █████████ ███████████ █████ █ ████ █████ ███ ███████ ████████ █████████████

█████ ███ ███████ █████████ ███████████ █ ███████ ██ ███████ ███ ██████  ██████ ██ ████████████

██████ ███ █ ███████ ███ ████████ ████████ █████ ██████ ██████ ███████ █████ ████ ████ ████ ██████ █████ ██ ████ ███████ ████ ██████ ███ ████ █████ ██████ ███████

██████ ██ ██ ██ ████ ███ ██████ ████ █████████ ███ █████ ███ ██████ █████ ████████ █████ ██████ █████ █████ ███ ███████ ██████ ████████████ ████████████████████████████████████████████████████████████████████████████ ███████ █████████ ██████ █ ███ ██ ██████████ ██████████ ███████████ █████████ ███████ ██████ ███ ███████ █████ █ █████ ████████████ ███████ ██████ ████ ██████████ ██████████████████ ██████████████████ ██████████████ ███████ ██████ ███ ████████ ████ ████████ ██ █████████ ██████ ████████████ ██████████████ █████████ ██████ ████ ██████

████████████ █████████████████ █████████████████████████ ███████████████ █████████████ ██████ ████████████████████████ █████████████████ █ ██████████

The stats helper monkeys prepared a 2011 annual report for this blog.

Here’s an excerpt:

A New York City subway train holds 1,200 people. This blog was viewed about 3,900 times in 2011. If it were a NYC subway train, it would take about 3 trips to carry that many people.

Click here to see the complete report.

After four or so years of using for my blog I finally figured out how to highlight code (prettify) in a blog post.

A thank you to @jasonclevine who sent me message on twitter on how to do this.

All you need to do is wrap your code with

There are a bunch of different languages supported and other options which can be defined.  You can find all the details here:

For some time now I have wanted to post to a blog from an email account.  Some blog engines these days have this functionality, like WordPress and TypePad.  Some through plug-ins and some built in.  I have used the WordPress plug-in on a test installation, and it works pretty well.  Though WordPress is probably my most preferred blogging engine, most of the time when I am installing blogs, it’s on a Microsoft stack and I am not big on running PHP on Windows.  On the Windows stack I really like using Blogengine.NET.  I find it to be a very capable blogging engine.  The only problem is, at least to date, I have not found a plug-in for it to post by email.  What it does support though is XML-RPC.

With the Help of the XML-RPC.NET library and a few hours away from the family, I through together a rough blog posting application.

I added in OpenPop.NET, a popmail client library I have used in the past, and now have a way to collect emails.  Now all I needed to do is tie them all together.

The outcome is Blog by Email (  An online service for setting up email accounts to post to blogging engines.  Besides looking like crap (I am using the generic MVC layout), it is functioning well. I am hoping my buddy will give me a hand coming up with a real design for the site.

The biggest challenge to setup posting to a blog is finguring out what XML-RPC entry point is, and what the blogging engine uses for the Blog Id.  The blog id is often the name of the blog, but I found in MovableType it uses the actual integer value assigned to that blog.  Bit of a pain to get that value.  A cool aspect of MovableType is that it generates a password to use for posting via XML-RPC.  A nice security feature.

Speaking of security, to protect the users entered credentials I am encrypting both usernames and passwords in the database.  Also, each user is given a unique key pair when the sign up with the service.  Little steps to make it harder to get this information in case someone does hack the application.


If you need to post to your blog from a POPMAIL email address, give Blog by Email a try.  The service is free (at least until it grows to the point where it needs a bigger web server).

While the site is getting off the ground and I get the code stable, registration is closed.  There is a form request an account.  I am looking for people to help test the system, so if you are interested please let me know.


I want to know, how often do you verify file hashes?

Most of us are continuously downloading files from the internet.  With many of these files there is a posted hash value to verify the integrity of the file.  How often do you actually make sure that the file’s hash value is equal to what is posted?

If you are using windows there is a really convenient, easy to use program called BD File Hash.  This super small, .NET based application will calculate and verify file hashes using MD5, SHA-1, and SHA-256 algorithms.  If there is a different type of hash you require, leave me a comment and I will see if can be added to the application.

BD File Hash:

BD File Hash has been found 100% malware free by Softpedia.

This is pretty nasty and will surly have a wide impact on home Internet users.  I just read about an exploit which has the potential of affecting millions of home internet users.  The exploit affects home routers and will be explained in detail next month at the Black Hat conference in Vegas.


Don’t think it really matters?  Well here is how easy it is to get a list of default passwords.

If you don’t know what to do, call someone who does know what to do.  If you don’t know who to call, call me (i.e. leave me a comment) I will be more than happy to help anyone secure their home network.

%d bloggers like this: