Distributed Denial of Service Attacks have doubled in Q2

September 17, 2016GeneralEdward Kiledjian

Image by thierry ehrmann used under creative commons license

Akamai, the 800lb gorilla of internet security, has published its Q2 2016 State of the Internet Security Report. DDoS attacks seem to be a prefered attack vector and have doubled in number over the past 12 months.

In Q2, The security teams at Akamai have counted a 129% YoY increase in the number of DDoS attacks translated to 4,919 attacks being mitigated in Q2. Beyond just absolute number, we are constantly looking for the size of the attacks and the report does not disappoint. The largest DDoS they saw targeted a media company with a 363Gbps attack. It is also important to note that 10 other attacks were 100Gbps or larger. It seems bad actors are particularly fond of gaming and software companies.

Anyone want to take a guess at which country originated the most DDoS attacks? Anyone? China... Followed closely by the USA then Taiwan.

Another "fun" trend is that Web Application Attacks have increased 14% in Q2 (Q2 compared to Q1). Local File Inclusion taking the lead at 45% of WebApp attacks followed closely by an oldie but goodie, the venerable SQL injection.

Your browser will betray your identity

September 16, 2016GeneralEdward Kiledjian

Image by Lisa Brewster used under Creative Commons License

Without doing anything wrong, your browser sends out information that makes you unique on the internet. This basically betrays your efforts to stay anonymous (unless you know what you are doing).

Every time you visit a website, your browser sends (or makes available) information about your browser configuration to the site. This information includes content such as fonts, browser type, elements supported, etc. In many cases, this will allow a site, network or bad actor to track you across the internet without cookies.

Prove it

Open another browser tab and visit Panopticlick from the EFF. It will perform browser fingerprinting and tell you how unique you are in a sea of web citizens.

So what can you do to stay anonymous?

Every prepper knows that the best defense is blending in. Blending into the crowd means you are less likely to be targeted. When you travel, don’t look like a tourist waiting to be pickpocketed with a giant dSLR hanging from your neck.

The same holds true in the digital world. When a security professional wants to blend in, he/she will make his computer look as normal as possible. Using common browsers, minimal plug-ins, etc. IF you want anonymity, don’t be a digital survivalist: running noscript, UBlcok Origin, turning off Java, etc.

Why

Modern browsers were designed for convenience and not for privacy.

What's the best SD card?

September 12, 2016GeneralEdward Kiledjian

SD Cards are everywhere. Whether you are using them in your video gear or camera, choosing the right one can make all the difference in the world.I needed to find the best SD Card I could buy and am sharing it with you.

In tech, there is always something better if you are willing to pay more. So what I was looking for was the best value proposition.

What to look for in a SDCard ?

When evaluating any external memory, you will typically use the same evaluation criteria :

Speed
Reliability
Warranty
Price

Many android phones will test the SDCard speed while preparing it for use and will warn you if it is believed to be too slow. A slow SDCard can make the entire phone slow and sluggish. Also you should be saving your photos and videos directly to the memory card so a slow card mean slow click to click speeds.

The smartphone has become the primary camera for many users and since you are storing your important memories (photos and videos), reliability is important. Nothing frustrates more than losing your memories because of a technical issue. SDCards have become incredibly reliable but choosing a strong brand is important to protecting these memories.

Electronics die. Sometimes an SDCard will live for 10 years other times it will die within 90 days of first use. You just can't tell so it is important to chose a product that is backed by the manufacturer.

Price... Price...Price... When choosing the best SDCard, price was an important factor. You could always pay more to get better (faster, bigger, etc) but most people want a card that is good enough.

The tests

I tested 12 of the best known brands (Including Toshiba, Transcend, Samsung, PNY, Lexar, and some lesser known Amazon brands).

The SanDisk Extreme Pro came up on top every time. It tested as the fastest, when reading and writing from a desktop, which means your camera will spend less time writing and your post photo workflow will be much faster.

Most modern cameras will take pictures faster than SD Cards can record them (typical dSLRs save pictures at 200MB/s and some point and shoots in the low 100MB/s.) Obviously the faster the card the faster your camera will be able to offload pictures from its internal memory to the card thus preventing the dreaded slow shutter to shutter issue.

As for videos, most device record at between 30-100 MB/s, so you should be ok with this card even at 4K resolution.

What I especially liked about it is its weather proofing. I snapped pictures then dunked the card in water (outside of the camera of course) for 1 minute. Lat the card dry up and it worked like a charm. I often use my Olympus Though waterproof camera so if the unthinkable occurred, I would likely be able to save my images (at least).

SanDisk also bundles its cards with a limited Lifetime warranty.

My second pic would be the Samsung PRo Plus (if the SanDisk is not available).

How many SD Cards should I buy?

The other question I get asked is regarding what size of card to buy. I typically recommend that you carry multiple cards and rotate between them. Nothing would ruin your day more than losing all your pictures because of a malfunction. Buy the largest size you can afford as long as you can buy at least one-2 extra cards of the same capacity.

Most of my cards are 32-64GB in size and on a multi day trip, I will typically have 1 card per day. If the unthinkable happens, I only lose 1 day of memories.

How to watch Apple's iPhone event tomorrow

September 6, 2016GeneralEdward Kiledjian

It's that time of the year again when we all gather around our web browser and watch Apple's masterfully choreographed launch of the next iPhone (we believe the iPhone 7). It is safe to assume that with the Phone, they will also launch some ancillary products like the Watch or maybe even a new Macbook Pro.

Regardless of what they launch, you should be planning to watch the livestream starting on September 7 at 10 am PT (1pm ET).

Browser

You can go to the Apple Events page and watch the livestream there. As long as you do it from an IOS device running IOS 7 or better, a Mac using the Safari browser of a Windows PC using the Edge browser (this last one still perplexes me).

After the fact

If you miss the event (and you really have no excuse to miss it), then Apple will make the livestream available later on the same link of via the Apple Events podcast channel (which should work in most podcatchers).

The Trackr Bravo Review

September 5, 2016GeneralEdward Kiledjian

The Trackr Bravo is a small watch battery sized Bluetooth Low Energy (LE) device that promises to help you locate your lost or misplaced items. The device costs about $US29 each and you attach it to your keys, put it in a bag, wallet or anything else you may want to locate (think pet collar).

You can use the Trackr apps to locate the item on a map and make it ring (if you are within Bluetooth range). You can also press the tiny button on the Trackr and make the app ring (even if the phone is set to silent) to locate it.

The final trick the Trackr Bravo can perform is initiating a separation alarm (if you enable it). As an example, you can set the separation alarm to on when in a restaurant so if you walk away without your keys, it will ring.

The last promise Trackr makes is that if you do lose an item and it comes within range of any other user with the Trackr app open (even in the background), you get a location ping for your lost device.

Its main competitor is the Tile and I'll also draw some comparisons.

Let's get physical

I bought a 3 pack from Best Buy Canada for $50 (was on special - regular price was $79). It is a small plastic disc that measures 1.2 inches in diameter and is 0.2 inches thick. It weighs a mere 0.3 ounces.

It is smaller and lighter than the Tile.

The Trackr Bravo has a small ring on top to attach it to a keyring and comes with round double sided tape if you want to attach it to something like a bicycle or other belonging.

There is a Trackr logo on one side (in the middle) and a small pairing / alert button under it.
I paired it with my trusty iPhone 6s Plus using the Trackr apps and it took all of 30 seconds.
The device is expected to run for one year on the included CR1616 battery (which is user replaceable). Unfortunately my 6 Trackr Bravos came with dead batteries. I sent a support request via email (following the directions on their site) and never received a reply.

“3 weeks after sending my first support request (and sent another one 2 weeks ago) The Trackr support has never responded.”

This is my first big issue. I sent them a tweet and 2 emails. Nothing. So I bought replacement batteries from Amazon which cost me $20 (for 10 batteries). This was my first annoyance. We are not over 1.5 months since I made my support requests providing proof of purchase and I have not received a response.

The apps did not warn me that the batteries were low (even though it does provide battery level in the device settings tab). I was able to paid my devices but they soon stopped responding. This is problematic if you batteries are low when you misplace or lose your item.

Tile does not allow you to replace the batteries but does warn you when the batteries are running low.

Because the Trackr has a user replaceable battery, it is not waterproof. My 3 pack included a plastic sleeve to make it more water resistant but this is a cheap flimsy plastic and my wife's Trackr fell out somewhere (before I had a chance to replace its battery) and we couldn't find it. How ironic. We lost the Trackr which is supposed to help us find lost items.

Usability

The separation alert (if enabled) does warn you if one of the paired items goes missing. I had a trackr in my wallet and enabled separation alert. When I purposely left the wallet with a friend and walked away in a restaurant, the alarm on my phone rang. The opposite also worked. I took my wallet and left my phone, my wallet started ringing.

Here is my second problem with The Trackr Bravo : The alarm is very weak.

There is an alarm and it does work but you may have trouble hearing it in a noisy restaurant. You can also set a custom alert tone using any MP3 on your device.

The Tile has a much louder alarm that makes locating lost items easier.

If you press the black pairing button the Trackr, it will sound the alarm on your phone (to help you locate it) and you can ring the trackr token from your phone's Trackr App.

As a test, a colleague hid my keys somewhere in the office (which is large enough to be out of bluetooth range). As soon as I opened the app, it showed me the last location if key the Trackr token was in but showed it greyed out (aka out of range). The bottom of the map screen shows the Bluetooth strength which is used to indicate how close or far the token is from the phone.

The Tile and Trackr are about the same here but the Tile has a more granular strength meter which is more useful.

As I walked around the office (and got closer to my token) the app started to show I was getting closer and switched the dull grey location to a green one. I then force the alarm (using the app) and I heard it sound but it was so low I had trouble identifying the location.

The Trackr says the alarm is 85db but it sounds much more muted to me. The Tile has a 90 db alarm but the sound is sharper and easier to identify.

I know the trackr website says a community of trackr users will help me find my lost items but I couldn't figure out how this works. A tweet requesting clarification just said "It works automatically". What does that mean? How? How do I ask the network of user to "search" for my lost item. Not much information is provided and Twitter support was less than useful. Again an email to support requesting help for this feature went unanswered. Surprise... Surprise...

Conclusion

Having used it for close to 1.5 months and having shared it with family, what do I think? It is worth the investment? The idea is good and I love the fact the battery is user replaceable but it had a tone of shortcomings.

My biggest complaint is the lack of response from support. Why did I have to buy replacement batteries for something I just picked up? Why is documentation so scarce and features like the global lost and found not clear?

The alarm is low and the location information is often too wishy washy to be useful. They have a home pluggable device called the Atlas which is supposed to help you locate the tokens with more accuracy but I couldn't get my hands on one to test it.

If you check out the Amazon reviews from verified buyers, you will see that many echo the same complaints I had. Poor battery life. Poor support. Low alarm. Slow reconnect when you do get close to the token. So my conclusion is to pass on The Trackr Bravo. Maybe the next iteration will be good enough to justify the $US29 price tag but this version certainly isn't.