Friday, August 11, 2017

Electric cars and their effects on the local economy

I am on my 3rd electric vehicle.
First, when my wife was unemployed and still working on her drivers license I bought an electric bike. Not a motorcycle, that would be cool, but not as practical, but one of the Vespa scooter styled e-bikes. Basically a low powered (32km/h limited) electric moped. This got her to and from appointments and once she was licensed I started leaving my Jeep at home and riding the bike to work. The idea then was to have a cheap ~$1400 mode of transport that filled a need for something better than transit but less effort than a bicycle.

Next up, when she found a job in Toronto and needed a car we got a Chevy Volt. This let us benefit from overnight charging in the garage for pennies but still worked like a normal car for long distance travel. Originally I was going to drive this, so I was looking for something fun and comfortable for me to drive back and forth to work, and she would take the Jeep. She convinced me though that it made more sense for her to take the Volt as a daily commuting car, as she had a longer commute, so she should have the more efficient car. Plus, she had the opportunity to plug in in the staff parking garage at work to charge up for the return trip for free.

Now, this summer the Jeep hit 10 years old, and while I had upgraded the infotainment technology from AM/FM CD player and Aux input jack to an Android based stereo with AM/FM, Every type of Media file, Audio Books, podcasting, and of course GPS, it was time to give the old Jeep a new home and find something newer. I shopped around a bit and found a nice used Nissan LEAF from 2012. At first I was going to wait till next summer and get a Chevy Bolt or Tesla Model 3 or something, but I found that a used LEAF or Mitsubishi iMiEV could be had for a monthly payment of less than the Jeep's gas, so it was kind of a no-brainer to grab one of those as essentially a "free" upgrade to a 5 years newer car rather than continue to maintain the Jeep.

Anyway, on to the point of this whole post. As a new driver of a fully 100% electric car I've become much more of a user of PlugShare, and in thinking about how I might stretch the use of this low range EV to go places that are a little further away, I find that I am starting to feel like one of the early pioneers of automobile travel. You see back in the day when gas powered cars were kind of new, automobile associations popped up and started publishing maps and guides for travel in North America. These maps and guides brought people into small towns that didn't see a lot of outsiders, either for the sights, or for some good food that the travel guides recommended, or for a service station stop. PlugShare (and other similar EV charging map apps) fills the role of the automobile association maps and guides back then, but in a way that we are used to consuming info like that now. I find myself looking at routes to places I like to go that hit locations of Level 3 DC Fast charging stations. Then I find I'll hit Google Maps to zoom into a charging location and see what kind of restaurants and other things are in that area. Often these are areas that I would just drive on past in my previous gas cars, but because I'm a bit more limited in range and because there are not yet charging stations on every corner, it is interesting to see how my travel habits change and how it seems to echo those early days of car travel. Places I never would have thought to stop before are now destinations to explore. This is why small towns looking to boost their economy should invest in a 50KW or better charger or two. More and more people are hopping on the EV bandwagon, and with Tesla's Model 3 starting to come out and the blast of major manufacturers announcements that they are going to move seriously into EVs and plugin hybrids in the upcoming years, getting in on this now makes a lot of sense. The first wave of EV drivers are invariably upper middle class folks with a bit of extra cash to spend. The price of these vehicles has kind of forced that. Having these somewhat wealthy people stop in your town for a half hour or more on their way to somewhere else means that they are going to look around, at least grab a quick bite to eat, maybe explore some of the more unique shops your town has that they would never have noticed otherwise.

Forget the big switch from foreign oil to domestic electricity and how that effects the economy, there is a swing happening in how these new EV drivers think about travel and this more relaxed approach to it. Instead of driving like crazy along the fastest highway and only stopping if you have to at a highway rest stop to fuel up and maybe grab a sandwich, EV drivers are more likely to plan out a route that takes them down back roads and into small towns If you can get them to stop and fill up in your town you win. Unlike a gas station where the driver needs to stand watch over the pump while filling up, EV charging stations need the driver only to start the charge and then walk away and enjoy the sights and probably do some shopping for a while while the car fills itself up with power for the next leg of the journey.


Wednesday, July 19, 2017

Youtube replaces local TV

Just a quick observation. They have finally done it. I am starting to see the non skippable pre-roll ads on YouTube running the local made for TV ads I remember from my TV watching days. Local businesses that don't have the budget for anything wider than the local TV station and really don't want or need national advertising coverage. Go team Google! I am glad to see that these folks have a place to advertise in the era after the collapse of the news paper industry and soon to be collapse of local TV and perhaps even radio.

Saturday, August 06, 2016

Protect yourself against the HEIST + BREACH vulnerability



The new HEIST vulnerability demonstrated at Black Hat this week  makes it possible to use BREACH and/or CRIME vulnerabilities to decode HTTPS traffic (or HTTP/2) without the hacker having a man-in-the-middle position.

[EDIT: Just to be clear, This will not protect against all instances of the HEIST attack, but as it disables BREACH, it protects against the specific technique of combining HEIST and BREACH]

CRIME requires TLS compression which was dropped by most products that supported it in 2012. BREACH requires HTTP compression within the HTTPS session, which they manipulate to determine the plaintext contents of the encrypted message.

Many web site admins have been shutting off HTTP compression on encrypted sites for a while, but you cannot trust that everyone else is as diligent, so a browser based approach is best for protecting your own info.

In order for compression to work the browser and the server both need to support it, so the server relies on a request from the browser.

To prevent Google Chrome from requesting compressed pages it is required to modify the Accept-Encoding request header. There is a plugin for Google Chrome called ModHeader that will allow you to do that. simply install ModHeader and insert an entry for Accept-Encoding with a blank value as shown below:

Inline image 1



You can test this at the following site: http://www.whatsmyip.org/http-compression-test/

The drawback to turning HTTP compression off is that sites that do use compression (which is still perfectly safe for non-encrypted sites as there are no secrets to be revealed) will load up a little bit more slowly as the GZIP or Deflate compression can decrease size of sites by about 60%


Friday, August 05, 2016

Speeding up Windows 10

Windows 10 can feel a little sluggish if you have been using a fairly peppy system under Win 7 or 8.1

Here are a few things you can do to make it feel less sluggish.

first click on the notifications icon in the taskbar

Now click the "All Settings" button

I know, it's not the most intuitive place to look, but click on "Ease of Access"

Now click "Other Options"

At the top you will see this switch for play animations in Windows... turn it off.
Your start menu will come up as soon as you click it now, instead of feeling like the computer needs to wake up from it's nap first.


Now there is another place where animations that are not really necessary can be switched off. This is pretty much mandatory for old systems that have been upgraded to Win 10.

open up the System Control Panel (from the old control panel, not the new metro/modern system)
Click on "Advanced System Settings"

Click the first "Settings" button under Performance

Uncheck any animation features you don't care about.


Now this one is something I've done for every Windows install for ages, but not everyone knows it:
While you are in here, click the "Advanced" tab and click the "Change" button

Windows by default will have Automatically manage paging file checked, uncheck that box.
Now look at the recommended size near the bottom of this window, that will be different for your computer than it is for mine, but highlight one of your drives and enter the recommended amount of virtual memory (AKA page file, swap) space in both the initial size and maximum size.

Here you can see that I had a largish virtual memory space on my F: drive previously, but I have also added some space in the recommended amount to my C: drive. C: is only a 128GB SSD, so I had put this swap space on F: (a standard laptop HDD) initially, and that was fine, but putting some swap on the SSD really perked it up. I had to move the C:/Windows/Installer folder to one of my other drives to make some room (a lot of room) on C: to make this even possible.

If you have additional tips add them to the comments.

Thursday, July 14, 2016

Breaking news: Edward Snowden to Speak at SecTor 2016

Former CIA, NSA, and DIA intelligence agent and famed whistleblower Edward Snowden will be giving a keynote via video link from Russia at SecTor 2016. http://sector.ca/speakers/edward-snowden/

The keynote presentation will start at 9am on Tuesday, October 18 in the SecTor Keynote Hall on level 800 of the South Building in the Metro Toronto Convention Centre in downtown Toronto. If you don't already have tickets for the convention get 'em now. 

This will be the Infosec/IT event of the year in Toronto.

http://sector.ca/register/

Wednesday, June 01, 2016

Powershell tidbit of the week

Some of you are familiar with SSLLabs.com

Of those who have used it, some of you probably have run into at least one of these limitations:
It doesn't work for sites on your intranet. It doesn't work for sites with no DNS. It doesn't work with SNI sites (sites whit more than one site on a server under different DNS names). It doesn't work  for any port other than 443, and it has to be a web server, not a mail server. so no way to test TLS is working  on your SMTP server and what ciphers it uses.... but NMAP has that if you can remember what command line options to feed it.

I put these 3 lines in a file called testTLSCiphers.ps1 to make it easier for me to remember, and you might want to do that too.

$ServerName = Read-Host -Prompt 'Input your server  name'
$Port = Read-Host -Prompt 'Input your server TCP port number (443 is most common)'
nmap --script ssl-enum-ciphers -p $Port $ServerName



The output looks something like this:
PS C:\Users\rod> C:\scripts\Powershell scripts\testTLSCiphers.ps1
Input your server  name: internalsite.local
Input your server TCP port number (443 is most common): 443
Starting Nmap 6.49BETA1 ( http://nmap.org ) at 2016-06-01 15:29 Eastern Daylight Time
Nmap scan report for internalsite.local (192.168.1.6)
Host is up (0.0010s latency).
PORT    STATE SERVICE
443/tcp open  https
| ssl-enum-ciphers:
|   TLSv1.0:
|     ciphers:
|       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (dh 256) - A
|       TLS_DHE_RSA_WITH_AES_256_CBC_SHA (dh 256) - A
|       TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (dh 256) - A
|       TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A
|       TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (rsa 2048) - A
|       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (dh 256) - A
|       TLS_DHE_RSA_WITH_AES_128_CBC_SHA (dh 256) - A
|       TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (dh 256) - A
|       TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A
|       TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (rsa 2048) - A
|     compressors:
|       NULL
|     cipher preference: server
|   TLSv1.1:
|     ciphers:
|       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (dh 256) - A
|       TLS_DHE_RSA_WITH_AES_256_CBC_SHA (dh 256) - A
|       TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (dh 256) - A
|       TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A
|       TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (rsa 2048) - A
|       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (dh 256) - A
|       TLS_DHE_RSA_WITH_AES_128_CBC_SHA (dh 256) - A
|       TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (dh 256) - A
|       TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A
|       TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (rsa 2048) - A
|     compressors:
|       NULL
|     cipher preference: server
|   TLSv1.2:
|     ciphers:
|       TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (dh 256) - A
|       TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (dh 256) - A
|       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (dh 256) - A
|       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (dh 256) - A
|       TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (dh 256) - A
|       TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (dh 256) - A
|       TLS_DHE_RSA_WITH_AES_256_CBC_SHA (dh 256) - A
|       TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (dh 256) - A
|       TLS_RSA_WITH_AES_256_GCM_SHA384 (rsa 2048) - A
|       TLS_RSA_WITH_AES_256_CBC_SHA256 (rsa 2048) - A
|       TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A
|       TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (rsa 2048) - A
|       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (dh 256) - A
|       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (dh 256) - A
|       TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (dh 256) - A
|       TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (dh 256) - A
|       TLS_DHE_RSA_WITH_AES_128_CBC_SHA (dh 256) - A
|       TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (dh 256) - A
|       TLS_RSA_WITH_AES_128_GCM_SHA256 (rsa 2048) - A
|       TLS_RSA_WITH_AES_128_CBC_SHA256 (rsa 2048) - A
|       TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A
|       TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (rsa 2048) - A
|     compressors:
|       NULL
|     cipher preference: server
|_  least strength: A
Nmap done: 1 IP address (1 host up) scanned in 3.38 seconds

Thursday, January 09, 2014

So You Want To Be A CISSP?

This post is for those who've been doing some network security and want to make it official and get the CISSP certification.

ISC2 has a set of intro videos to get you started. They are about 15 minutes each. The first is an introduction and then there is one for each of the 10 domains. This is not a course on becoming a CISSP, just an introduction to the type of information you would need to be familiar with.

If you are at that point of your career that moving firmly into the domain of security is appealing to you, this is a nice little preview of what's ahead of you.

http://education.isc2.org/cissp-webcast-1/
http://education.isc2.org/cissp-webcast-2/
http://education.isc2.org/cissp-webcast-3/
http://education.isc2.org/cissp-webcast-4/
http://education.isc2.org/cissp-webcast-5/
http://education.isc2.org/cissp-webcast-6/
http://education.isc2.org/cissp-webcast-7/
http://education.isc2.org/cissp-webcast-8/
http://education.isc2.org/cissp-webcast-9/
http://education.isc2.org/cissp-webcast-10/
http://education.isc2.org/cissp-webcast-11/