Nov 172014
 

I purchased a lavatube electronic cigarette from Volcano. It was the ecig I used until the end…..

I purchased the lavatube because I really wanted the “best” ecig and this was rated by many to be the best one made at the time. I would still say it is one of the tops. The only thing I did was about the same time I bought this (it was mid-2013), some local ecigarette shops started opening up. So basically, I started buying my ecig supplies locally. I replaced the original tank of the lavatube with a Innokin iClear 30 in Feb/Mar 2014. This was the ecig that I used until I finally stopped smoking entirely…..including stopped ecigs.

Part 1: how I started using ecigs
Part 2: Modern Vapor – My First Kit
Part 3: Modern Vapor – my second kit
Part 4: Addicted to flavor
Part 5: Traceable Costs
Part 6: The Lavatube
Part 7: How I successfully quit smoking

Nov 172014
 

I probably started smoking around 13 years old and after smoking cigarettes for nearly 30 years, I switched to ecigs. The first one was rather crude and was quickly replaced a couple weeks later. Once I finally did make the switch from real cigarettes to electronic cigarettes, there was a very noticable improvement in my breathing. Matter of fact, eventually I was able to go back to working out and doing cardio for long periods of time (within a year). Eventually I realized I had been using an electronic cigarette for almost 4 years and although I wasn’t ingesting the 4,000+ chemicals of real cigarettes, I was still ingesting nicotine. I made a plan in 2013 to be off of nicotine by the end of 2014. My plan was very simple: i was currently using 24MG ejuice and I would just graudally reduce it over a period of time until I got to 0MG. So, approx January 1 of 2014 i bought 18MG ejuice. I didn’t seem to “Want more” or “smoke more” or “crave more” after switching to the lower MG nicotine. It was then that I realized this was real and I would be able to do this. Around April 1, 2014 I switched to 12MG ejuice (all the dates are really just approximate because it really happened when I “ran out” of the current ejuice strength, however, my planned dates of “every three months” actually came sooner. So by saying april 1, what I really mean was sometime around the last week or two of march but before april 1). Around July 1, since i had had such great luck by reducing my current to a lower amount, I bought a 2x 6MG, 2 x 3MG, and 2 x 0MG all 30ML bottles. I decided that I would simply use them in order of strength and when I ran out….that was it. When I got to the 3MG, I would alternate between the 3MG and 0MG. Sometimes I would do 3 x 0 MG and then 1 x 3MG…..but I basically kept extending the time between when I had nicotine and when I didn’t. Around November 1, 2014 I was using only 0MG nicotine. However, I noticed something….even though I was using 0 MG nicotine, I would still freak out if things like “my ecig battery went dead” or “i ran out of ejuice” or “I left the ecig at home”. So I realized then that I was basically addicted to the “act of smoking” …. you know, “going through the motion” of smoking. This was actually harder to break than the reduction of nicotine. I just kept extending the time between “hits” and I would try to do things like “go to the store but don’t take the ecig with you” and I would extend that to “go to the mall but don’t take the ecig with you”. So, basically I was also able to break that habit too. Basically when I finally ran out of 0MG nicotine, I promised I wouldn’t buy anymore. The first day or two was hard…..I basically kept “pretending like I was still smoking” by using the ecig without any nicotine and without a battery. I was going “through the motion” of smoking, but I really wasn’t smoking….at all. Once or twice I “almost” bought a pack of cigarettes…..just in order to have 1 but I basically was able to get past that point. By day 3 those cravings to go through the motion of smoking subsided. Today makes day 6, no ecigs and no nicotine and no cigarettes. Today is November 17, 2014…….i quit smoking a full 6 weeks earlier than I had planned.

You can also see these articles i wrote on ecigs:
Part 1: how I started using ecigs
Part 2: Modern Vapor – My First Kit
Part 3: Modern Vapor – my second kit
Part 4: Addicted to flavor
Part 5: Traceable Costs
Part 6: The Lavatube
Part 7: How I successfully quit smoking

Mar 072014
 

I love irc.  I love tor.  I love freenode via tor.  But one thing I hate is that sometimes I can’t connect and I would have to open up my torrc file and change the MapAddress cname.  So, I created a script today which randomly cycles through the names and changes it for me…..it uses a bash array to accomplish this.

Continue reading »

Feb 262014
 

I generally do most everything from a shell. I also generally script things when I can. However, I wanted to see changes made to arachni web interface and it had been a while since I used it. I’m not sure if this is automated via the links included in kali linux or not, I just know that when I went to fire up arachni_web it failed and this is how I fixed it.
Continue reading »

Dec 122013
 

I have been using this script for a long time (maybe 13 years) with only very slight changes.  It was probably one of the first cool ideas I had for a way to track laptops issued to employees that might possibly be stolen.  Granted, today, we use full disk encryption and other cool things that almost makes this script obsolete….but in the event something does get stolen, we can always track it.

The script only requires a crontab entry and a way to send mail (I use ssmtp btw).

Continue reading »

Dec 042013
 

This is somewhat related to updating amazon group resource ip’s for dynamic ip addresses except it is a different concept.  How many times have you been on the road and needed to access your home computer?  Granted, there are many third party services that allow you to do that, like dynamic dns but that is behind my control.  I wanted something I could control.  Since I use linode, they have an api and a way to script ip updates.  So thats what we will do here.

Continue reading »

Dec 042013
 

I often review various vulnerability scanners.  When I review them, I look at several different things:

  • were they able to find a vulnerability I previously missed?
  • are they accurate in their findings?
  • how quickly do they complete an audit compared to “insert some other vulnerability scanner here”?
  • sometimes I will also grab the tcpdumps of the audits for even further analysis
  • how accessible and easy are they to use by “skiddies”?
  • based on the tcpdumps + noise generated on the server logs, are the audit signatures of wapiti easy to detect?

Continue reading »

Nov 212013
 

I work from home a lot.  My ISP used to never change IP addresses dynamically the first 3 years or so I was with them.  Now they change it often (more than once a week).  This creates a slower response time when I am at home, get a page, go to log in via ssh, and find out my ip has changed since we restrict our AWS environment via group policies.  The times I have needed to do this are relatively few, but still its a problem if there is an emergency.  Leave it to me to come up with a simple solution….

Continue reading »

Nov 182013
 

Openx has been a pain in my ass for some time now (5 years).  Even if you have the latest most up to date software release, you will still get append and prepend infections.  I’m not sure if it comes from client browsers when they log in or some other reason.  What I can assure you is that the file system in which openx resides is as secure as it can be while leaving openx functional (all files are owned by a different user than the web server process and are only readable by the web server.  All directories, except two, are also owned by a different process than the web server and are read only….while two have to be writable by the web server process.  The lamp stack is also up to date.).  Anyways, even with these restrictions, clean code, clean db, limited plugins, and even checked the meta data of all image files for backdoors (I first learned about this technique in approx 2010 but here is an article from 2011 detailing this – PHP Code into JPEG Metadata: From hide to unhide ) we still get an occasional append/prepend infection.

How to stop it?  This is pretty easy, I simply wrote a script that checks for append/prepend problems, logs if clean, logs and alerts if infected, and also disinfects.  This only works, if the append and prepend is NOT being used in your ads.

Continue reading »

Oct 272013
 

This is a really simple fix which will block the user enumeration on a wordpress site (like the method by wpscan).

Before I get into this, I am very well aware of the IfIsEvil page on nginx wiki.  But it also says on this page, “The only 100% safe things which may be done inside if in location context are:  return and rewrite as the last statement in a location block”  With that in mind, we are going to use ONLY rewrite as the last statement in our location block.

Continue reading »