All posts by Adam Thompson

A Word About Equifax and Security Best Practices

5 votes, average: 3.40 out of 55 votes, average: 3.40 out of 55 votes, average: 3.40 out of 55 votes, average: 3.40 out of 55 votes, average: 3.40 out of 5 (5 votes, average: 3.40 out of 5, rated)

Your credit information may be available on the dark web, but at least we’re learning about cyber security!

Before we get started talking about Equifax, I’d like to apologize for the brief interruption in our regularly scheduled programming, err… blog… posting? As you may know, our company resides in beautiful St. Petersburg, FL, which recently found itself in the path of Hurricane Irma.

We’re glad to say that we made it out safe and relatively unscathed. Most of us have power back by now. I actually had mine back shortly after the storm but continued to eat room temperature beans out of aluminum cans by candlelight while living without electricity for fear of looters.

Anyway, while we’ve been bailing water, a lot has happened in the world of cyber security. Namely, the Equifax Breach. So I figured this would be an excellent opportunity to go over what happened and what we can learn from this whole situation.idUSKCN1BN1WN

What is the Equifax Breach?

Equifax, an equestrian telecommunications company… [Editor’s Note: This was the point that we sent Carl back to do some more research] Scratch that. Equifax is one of the world’s largest credit reporting agencies. It keeps information on over 800 million consumers and over 88 million businesses worldwide.

On July 29th, Equifax discovered that it had been breached. Over the coming days and weeks, it was discovered that over 143-million consumer records – including full names, addresses, social security numbers and other personal identifying information – had been compromised. As more and more scrutiny has been applied to Equifax, additional troubling information has emerged that raises serious questions about the company’s security practices.

As far as data breaches go, this could be the motherload. Per a report by Reuters, verified credit card information – meaning a card that has been tested and is still active – can fetch 10-20 dollars per card on the dark web. Full ID dossiers – which include all the information to carry out identity theft – can fetch up to $10. It may seem like a trivial amount, but when you’re pulling down 143-million records it can turn into a nice haul. Some experts are already calling this the worst breach in history.

What Happened with Equifax?

From the sounds of it, Equifax really needs to overhaul its security policies and practices. A lot of what occured comes down to gross negligence. The vulnerability that was used against Equifax is called Apache Struts CVE-2017-5638. Apache Struts is an open-source framework for developing Java web applications. Researchers identified the vulnerability that was used against Equifax on March 6, 2017. It was patched a week later.

Now, if you do the math, Equifax had roughly four and a half months to patch its own systems and remove this vulnerability. It clearly didn’t. Now, 143-million consumer records have been exposed.

And that just appears to be the tip of the iceberg. Hold Security, a Milwaukee-based security firm was able to crack one of Equifax’s Argentinian database and harvest employee information with little more than guesswork. In this case, Equifax was using “admin” as both a username and the accompanying password for the database. Let’s pause for a second and appreciate a major international credit monitoring agency that has secured its database with the same level of sophistication as the average internet user sets up a router with—using just the default settings.

Let’s just put it this way. I’ve been tricked, duped and ripped off on the internet so much that my coworkers have sarcastically taken to calling me “Cautious Carl.” I got ransomware my first day working here. To this day, I’m considered such a danger I have to ask permission just to use the internet at work. The point I’m making is that when I can look at your company’s security implementation and tell you it’s awful—it must really be bad.

What Can We Learn From Equifax?

There used to be a great baseball player named Gary Sheffield that had an amazing swing, which, ironically enough, was also a pretty textbook example of how not to swing a baseball bat. Commentators used to remark that you could look at him in action and teach a young player exactly what not to do. Equifax’s security is a lot like Gary Sheffield’s swing, except for rather than using it to mash 509 career homers like Gary did, Equifax just took a fastball in its daddy bits.

Actually, that’s probably a terrible analogy for a number of reasons, the least of which is that I’m trying to talk to the cyber security community using an example that includes the word “baseball.” (It’s the game with the bases and the outs and the wooden bats—no, not Cricket. Nevermind. Just nevermind.)

Anyway, the point I’m making is that we could probably write a book on how not to secure a company or organization just using Equifax examples. In fact, someone probably will. The infosec community is petty like that. For our purposes though, there is one big lesson we can take away from Equifax.

Always stay up to date on Security Updates

Apache Struts had been patched for months before Equifax was breached. This wasn’t some zero day exploit where nobody had any warning, this was a well-documented vulnerability that should have been dealt with immediately. Or, at least within four and a half months of its disclosure. Granted, this kind of feels like your newly eclipse-blind friend telling you that this was a great lesson about not staring at the sun – it’s that obvious – but it’s still good advice. Advice that goes unfollowed far too often, even in this day and age. You just can’t ignore patches and updates. I mean, I guess you can, but this is what happens.

Of course, there are other smaller, more specific lessons that you can glean from this fiasco as well. Like, for instance, don’t ever use admin as a password for anything. Ever. Especially if your username is also “admin.” Or how about maybe don’t offload $2-million worth of stock before your company has a chance to disclose a security breach. Again, that’s very specific but it’s sound advice.

A Final Word

Let this serve as a lesson to you. The next time you get a notification about updating new security settings, spend the minute or so it takes to implement them. Granted, chances are the personal data of 143-million consumers doesn’t hang in the balance, but don’t let that stop you from updating.

And hey, at at least if you learn this one lesson you’ll be able to say you gained something from this entire debacle when your identity inevitably gets stolen sometime around Christmas.

Thanks, Equifax.

The Purpose of Using an SSL Certificate on a Website

6 votes, average: 3.67 out of 56 votes, average: 3.67 out of 56 votes, average: 3.67 out of 56 votes, average: 3.67 out of 56 votes, average: 3.67 out of 5 (6 votes, average: 3.67 out of 5, rated)

As they say in Chernobyl: SSL isn’t a choice, it’s a lifestyle

Before I came to, I had no idea what SSL even was or what the purpose of using an SSL certificate on a website was. In fact, when I heard the word certificate I started picturing diplomas and participation awards—not digital files. But that’s just me, I’m a newspaperman in a digital apps world.

Continue reading The Purpose of Using an SSL Certificate on a Website

What to Do When Your SSL Certificate Expires

5 votes, average: 3.40 out of 55 votes, average: 3.40 out of 55 votes, average: 3.40 out of 55 votes, average: 3.40 out of 55 votes, average: 3.40 out of 5 (5 votes, average: 3.40 out of 5, rated)

Don’t run, don’t hide. Everything is going to be OK when SSL certificate expired.

What do you do when your SSL certificate expired? This is a surprisingly common question. In fact, in our line of work it’s right behind, “what’s the difference between DV and EV?” and “How Does an SSL Certificate Work?

Continue reading What to Do When Your SSL Certificate Expires

Public Keys, Private Keys, Batman and Some Stuff About Encryption

6 votes, average: 3.00 out of 56 votes, average: 3.00 out of 56 votes, average: 3.00 out of 56 votes, average: 3.00 out of 56 votes, average: 3.00 out of 5 (6 votes, average: 3.00 out of 5, rated)

Don’t ever let someone else touch your private key without your consent.

Today we’re going to discuss Public Keys, Private Keys and Encryption. Unfortunately, a lot of the literature on this topic around the internet is needlessly complicated. And when I say needlessly complicated I mean some developer or programmer wrote it using nomenclature that only another developer or programmer would know.

It’s kind of like how academics and modern philosophers write dense, difficult to understand texts as a way of both showing off their intelligence and to try and one-up their contemporaries. And in these philosophical personal pissing matches, the layman is just kind of caught in the middle saying, “whaaaat?” There may be some good information in those texts, but to most of us—we’re just getting rained on.

I am not like that. I am conscientious of my readers. Call me Conscientious Carl. And I’m going to explain these concepts to you in basic English, using terms you can understand. I don’t get off on using big words or fancy tech-speak like some people do. Though, now that I think about it, that would make for a good Silicon Valley phone sex line. “Yeah baby, tell me how you’re going to side-jack me by using your packet sniffer on my cookies.” [Editor’s Note: Carl…]

Anyway, let’s talk about Public and Private keys.

Batman, A Horse’s Rear and Two Types of Encryption

There are two kinds of encryption, symmetric and asymmetric. Do I need to explain symmetry? Would that be patronizing? [Editor’s Note: Only a little] Ok, I’ll just use an image. This is an example of symmetry:

Batman Logo is Symmetric

See how you could draw a line right down the middle and it would be the exact same (though mirrored) on both sides? That’s because the Batman logo is both bad ass and completely symmetric. And thank you for humoring me, I have been looking for an excuse to use this image since I took the blog over.

This is an example of asymmetry:


Notice how if you drew a line down the middle of this picture the two sides are not mirror images of one another? They’re not the same. You could say this is ass-ymmetric. This picture is actually doubly relevant because if you legitimately needed me to explain symmetry to you then you are indeed a horse’s [Editor’s Note: Yeah… I’m not going to let you finish this sentence, Carl]

Ok, we’ve gone too far into the weeds, something I would not advise doing around this horse lest you’re wearing boots. And even then… [Editor’s Note: CARL!]

So how does this apply to encryption? I’m glad you asked. As we already established, there are two kinds of encryption. The first type, symmetric encryption, occurs once a secure connection has been established. It uses symmetric session keys that can both encrypt and decrypt communication. That’s another discussion for another time, though.

Then there is asymmetric encryption, that’s what we’re going to be talking about today. This occurs during the SSL handshake and helps your web browser to authenticate the website’s SSL certificate in order to establish a secure connection.

Asymmetric Encryption is a lot Like My Marriage

Asymmetric encryption occurs during the SSL handshake and uses a Public Key and a Private Key. Here’s how it works:

  • Your browser reaches a website with an SSL certificate. After both say “Hello” – because browsers and servers are nothing if not polite – the browser receives a copy of both the certificate and the accompanying public key.
  • The browser then uses the public key to encrypt a small bit of throw-away data and send it back to the server. The server uses the corresponding private key to decrypt what was sent and send it back as plain-text (meaning in its unencrypted form). If the server returns the same data that was originally encrypted, it verifies the key pair to the browser.

Now, when I say the key pair, I mean that the public and private key match. This is just a portion of the handshake (again, another discussion for another day), but an integral one nonetheless.

Here’s another way to think about it. The public key, like my wife, does most of the talking. It says something, which it has encrypted in a way that it thinks will only make sense to me. It’s then my job to decrypt whatever it is she just said and repeat it back to her to make sure I got it right. If I didn’t, I get in trouble.

Public and Private keys are the same way, just far less passive aggressive. Public keys also fix a better casserole, but I digress.

Let’s Wrap This Up

So there you have it. Public keys and Private keys are an example of asymmetric encryption. One key sends data, the other decrypts it. This is done to verify that the keys match during the SSL handshake.

The actual communication that occurs after the handshake is done with symmetric keys that can both encrypt and decrypt. It’s really very simple, provided you have someone to explain it to you in a simple, if slightly chauvinistic [Editor’s Note: Slightly?] way.

Stay Cautious, My Friends.

Attn: Small Business Owner, You ARE Big Enough to Get Hacked

5 votes, average: 3.40 out of 55 votes, average: 3.40 out of 55 votes, average: 3.40 out of 55 votes, average: 3.40 out of 55 votes, average: 3.40 out of 5 (5 votes, average: 3.40 out of 5, rated)

74% of SMBs have been targeted by hackers

Your business is not too small to get hacked, trust me. We’ll get to that in a second though, first let me tell you a story. I used to have this friend named Jim. He had the same mindset. ‘Nothing’s going to happen to me.’ He did everything right. Crossed all his T’s, dotted every I. Successful at all levels of life. Beautiful wife. Good job. Then during his last week of work his spacecraft suffered critical power cell failures, started leaking oxygen and almost killed him.

Ok, so that’s actually the plot of Apollo 13, and as I reread it I’m not entirely sure how it relates to your website getting hacked except to say that anything can happen.

You may think nothing’s going to happen to you. That you and your small business fly beneath the radar and scope of hackers and cyber criminals. But the odds of Jim’s Service Module suffering a catastrophic energy failure were astronomically low, too.

…he never did get to walk on the moon…

Anyway, business owners who think their business isn’t at risk are misguided. The odds of a small or medium-sized business getting hacked are not small at all. In fact, according to a 2016 study by Symantec – the top security brand in the world – 74% of small and medium-sized businesses have been target by hackers and cyber criminals.

These Cyber Criminals Would Make John Dillinger Blush

A lot of people try to paint the internet like it’s the Wild West. That’s lazy and uninspired. Like the plot of a Hallmark Channel movie. Besides, it’s not nearly as lawless. No, the better comparison would be during the depression era when bank robbers and the FBI were constantly battling across the nation’s headlines.

To follow this metaphor to its absurd conclusion you should look at the MO of a lot of these bank robbers. Sure, you could knock off a big bank, but that took more planning, more resources. And the banks typically had security, the ability to investigate and possibly find the culprits, see? Sorry. (I didn’t mean to start writing in a James Cagney mobster voice right there.)

You see my point though, yes you can knock off a big bank but that could make things go sideways, fast. A lot of times it was easier to knock off a smaller bank in a rural county. It was a quicker job. Less security. Lower risk of getting caught. You could knock out several in a weekend without drawing much heat.

Sound familiar?

Don’t Let Your Business Become the Modern Equivalent of a Po-Dunk Bank

The fact of the matter is that small and medium-sized businesses make attractive targets to cyber criminals and hackers because they’re far less likely to have the resources to invest in good security.

Whereas large enterprise-level companies can afford to staff entire teams for cyber defense, a small or medium size business can’t.

Another advantage enterprise-level businesses have is that they’re far more likely to survive a cyber-attack. According to the National Cyber Security Alliance, 60% of the SMBs that suffer a cyber-attack go out of business within six months.

So, not only can you get hacked—it could also put you out of business.

It’s Time to Invest in Protection—And Not the Sopranos Type

You don’t wear a seat belt because you think you’re likely to get into an accident, you wear one because what COULD happen when you don’t is too serious to take any chances with. Hell, you even wear a seat belt on an airplane and there is NO WAY that’s going to help you in a crash—hey, at least they’ll know what seat to look for your corpse in.

The point is, even if you want to ignore the statistics and the likelihood you could be a target, the seatbelt logic still exists. What COULD happen if you aren’t staying current with security trends is your entire business could go up in flames. Remember, three out of five small and medium sized businesses that get attacked are out business within half a year.

Now, no one security product is a cure-all. You’re going to need to build a set of defenses to help you mitigate everything from eavesdropping to DDoS attacks.

An SSL certificate is a great place to start. It won’t solve all your problems, but it will protect your website’s sensitive data, encrypt all communication between your business and its customers and prevent anyone from tracking visitors on your site.

Some certificates even provide verified proof of identity, to help put your customers’ minds at ease. Adding SSL to your website is the perfect first step towards securing your business’ online interests.

And it’s never been more important. Granted, nowadays the robbers have names like “Fancy Bear” and “Guccifer” instead of “Machine Gun Kelly” and “Babyface” Nelson—but the stakes are the same: your livelihood.

So, don’t wait for one of these crooks to come waltzing through your bank lobby to think about security, see.

Stay cautious, my friends.

HTTP vs HTTPS – Don’t Let Your Car Get Pooped On

5 votes, average: 3.40 out of 55 votes, average: 3.40 out of 55 votes, average: 3.40 out of 55 votes, average: 3.40 out of 55 votes, average: 3.40 out of 5 (5 votes, average: 3.40 out of 5, rated)

If a website isn’t served over HTTPS, then your communication with it is not secure

When it comes to HTTP vs HTTPS, the devil is in the details. Not like, literally. He’s not waiting in the minutiae to plunge a pitchfork into your nether regions or anything—it’s just an expression. But it’s a good one. Especially in my experience. For instance, I used to think I was in a good parking spot, safe, under a tree, shaded from the hot sun—but those birds’ nests in the branches said otherwise. A pretty big detail to miss. That’s why it’s important to be vigilant, cautious. I wasn’t born that way, but I sure am now. My car has been pooped on a lot in life.

Continue reading HTTP vs HTTPS – Don’t Let Your Car Get Pooped On

There Are No $20 iPads… and Some Stuff About Site Seals

6 votes, average: 3.67 out of 56 votes, average: 3.67 out of 56 votes, average: 3.67 out of 56 votes, average: 3.67 out of 56 votes, average: 3.67 out of 5 (6 votes, average: 3.67 out of 5, rated)

Dynamic Site Seals offer immediate, indisputable assurance of SSL protection

Have you ever been so nervous about being robbed that you hid your whole wallet in your rectum? No? Me neither…

I am however convinced that Google planted a tracking chip in me during an airport cavity search in Atlanta back in 2003. How else does my smart phone know where I am, where I’m going and what the weather is like there? [Editor’s Note: By that logic, wouldn’t it always be 98.6 degr—just grossed myself out].

Continue reading There Are No $20 iPads… and Some Stuff About Site Seals

Artificial Intelligence is the Future of Cyber security (And Probably the End of the World)

6 votes, average: 3.67 out of 56 votes, average: 3.67 out of 56 votes, average: 3.67 out of 56 votes, average: 3.67 out of 56 votes, average: 3.67 out of 5 (6 votes, average: 3.67 out of 5, rated)

Seriously, the end is nigh.

Normally we reserve our discussions for SSL, encryption and how you can personally stay safe online. But sometimes I like to update you on emerging technology, too. So today we’re going to talk about how Artificial Intelligence (AI) is going to alter the cyber security landscape very soon.

In fact it’s already beginning to.

When I say Artificial Intelligence, your mind probably goes right to the Terminator movies and SkyNet. When I first saw that movie I ruined a good pair of pants and spent the next few months in adult diapers while I waited for the flashbacks to stop. So you can probably imagine how many Tide pods it took to rectify my reaction when I saw AI and Machine Learning (ML) in the news recently.

Granted, AI isn’t designed to turn murderous – just like cell phones aren’t designed to eradicate our social skills – it starts as a tool that humans design with the noblest of intentions. It’s just that at the end you wind up with an entire generation of fidgety kids that don’t know how to hold a conversation, much less make eye contact—in the case of cell phones. Or just mass human extinction in the case of AI.

But Carl, what does AI have to do with cyber security?

Sorry, started to go off on a tangent there, let’s get back on track. In the years before an AI wipes out humanity, we will be able to apply the technology to cyber security and use it to help make our networks safer. You see, at the heart of cyber security is a constant game of cat and mouse between cybercriminals and the brave men and women who protect our networks.

The problem is, if you’re a hacker all you’re looking for is a vulnerability to exploit. Whereas, for a cyber security professional, you’re attempting to holistically secure an entire network—a much broader task. Have you ever seen Star Wars? The very first one—there’s like ten of them now. The Death Star is a perfect metaphor for cyber defense. You built this whole big death star, and spent copious amounts of time on its defenses, but you totally forgot to cover that one hole in the trench over there and now the other guys have used it to blow you up.

At least they knew they had been breached right away at the Death Star. Notice came in the form of hot, fiery death. It takes the average organization 226 days to even detect a breach, and then 69 more days to contain it. That’s due to the human element being incapable of processing large amounts of data rapidly.

Enter AI and Machine Learning.

Artificial Intelligence
I swear it’s THIS big.

Currently, new products like Intruno , that use AI and ML to monitor your network 24/7/365, are emerging.

How is that different from other products that do the same thing? Well, over time these products get smarter. The Machine Learning aspect means that they analyze all of your network data and start to identify patterns of use. What employees are using what logins from what access points, what areas they typically access, what times they typically log on—everything.

Then it looks for deviations from those trends and notifies administrators when something is off.

You can probably see how that would help to mitigate threats. Suddenly, if Ivan the Russian hacker – or it could be China or some guy in his home in New Jersey – tries to breach your network, the AI will see an unfamiliar location, or that the compromised login is behaving differently than normal (for instance, trying to access new parts of your network). At that point it will work to mitigate the issue. This happens in real time, as opposed to the way things have typically be done—which takes much longer.

It’s an exciting development and one that promises to make us all much safer, but it’s worth noting that AIs are not going to be exclusively used for defense, either. No, eventually cyber security will shift from man vs. man to AI vs. AI as cybercriminals unleash AI technology that will help advance their own nefarious objectives.

So how does an AI that monitors network activity end humanity, Carl?

If the prospect of an AI vs. AI cyberwar doesn’t send a shiver down your spine, what inevitably comes next definitely will. Eventually, one of the AIs tasked with defending a large network will postulate that the only surefire way to keep its network completely safe from being breached by humans is to simply eliminate humans entirely. How it goes about carrying out that task is something I’ll leave almost entirely up to your imagination, though I picture it liquefying us.

Anyway, it’s just a matter of time before we go completely extinct.

But in the interim, we should enjoy vastly improved cyber security. And hey, the eradication of our entire species is a small price to pay so that Target can avoid another data breach. Totally worth it.

Stay cautious, my friends.

Deep Root Analytics: You Don’t Know Us, But We Lost Your Info…

5 votes, average: 3.40 out of 55 votes, average: 3.40 out of 55 votes, average: 3.40 out of 55 votes, average: 3.40 out of 55 votes, average: 3.40 out of 5 (5 votes, average: 3.40 out of 5, rated)

A political data analysis company has exposed 198 million US voter records

Chances are you’ve never heard of Deep Root Analytics, and in this case that may actually be a good thing. The fewer people that know of the GOP data analysis company—the lower the odds your voter records were compromised.

That’s because, according to security firm UpGuard, Deep Root Analytics left a database containing 198 million voter records exposed for the world to see.

To provide a little bit of context, according to US Census information there are approximately 200 million registered American voters. Carl wasn’t a math major, but 198 over 200 is… basically, ALL the voter records.

An UpGuard Cyber Risk analyst named Chris Vickery, who found the files, notified federal authorities who we can only assume wrote a sternly worded letter or some other bureaucratic foolishness.

What? I Read It for the Articles!

A Deep Root spokesman told the celebrity gossip blog, Huffington Post, “we take full responsibility for this situation.”

Deep Root also said that it believes only Vickery accessed the information, which is a lot like when you come home after a hard day’s work, open your son’s bedroom door to say hello and catch him trying to stuff an old Playboy under his mattress. Then when you ask him about it he tells you he only looked at it the one time.

You know, the one time you caught him.

I’m not saying I don’t believe Deep Root Analytics, I’m just—well, actually, yes that is what I’m saying. I don’t believe Deep Root.

Deep Rooted Analysis of Your Personal Information

What’s more frightening than the fact that your personal information – names, addresses, political affiliations – was potentially just compromised by a group whom you never even consented to having possession of your data in the first place?

How about the analysis they were performing on that questionably obtained information?

Vickery downloaded over 1.1 terabytes of unsecured information. What he found was staggering, Deep Root uses 9.5 billion (with a B) data points to build a terrifyingly accurate model of 198-million US voters’ political preferences using advanced algorithmic modeling across 48 political issues.

Not only does Deep Root have an obscene amount of data about you – data you never even agreed to let it have – that data has been used to profile you and segment you into demographics.

Ok, How Deep Are We Talking Here?

DEEP. Without getting overly political, there was even more valuable data on both the 2008 and 2012 elections available on those servers. This information is potentially way more dangerous than your voter records.

This is information from DataTrust, the “GOP’s exclusive data provider.” There are two sets of 51 files, one for each state and the District of Columbia. Each file, which is in .CSV form, contains 32-character RNC IDs – one for every voter in the database, regardless of affiliation – that link a number of data points together.

The IDs can be used to look up voters by name. For a frame of reference, here is a list of all the .CSV categories:

Deep Root Web Analysis

For those who don’t want to parse all of that, these data sets include things like: date of birth, addresses, phone numbers, party affiliations, racial demographics, religious leanings, registration status, income information—even if someone is on the federal “Do Not Call” list.

That data appears to have been used by another GOP analytics group, TargetPoint, to create a model for the 2016 election.

In a 50GB file, each potential voter is scored against 46 columns, each of which contains a policy or candidate that the voter may or may not be likely to vote for. The GOP then uses this information for micro-targeting (both parties do this, it’s not as if the GOP are the only ones performing this analysis).

Here’s a look at the issues you’re being modeled on:

Deep Root Modeling Data Points

Per Dan O’Sullivan, who wrote the UpGuard report and looked himself up: “It is a testament both to their talents, and to the real danger of this exposure, that the results were astoundingly accurate.”

When I read that last quote, I got so scared a little bit of pee came out. That’s a terrifying amount of information. And all that data was exposed online for who knows how long.

But it’s OK, Deep Root believes the only one who accessed it during that time is the guy who reported it.

How reassuring.

Stay cautious, my friends.

Welcome to Carl’s Corner

5 votes, average: 3.40 out of 55 votes, average: 3.40 out of 55 votes, average: 3.40 out of 55 votes, average: 3.40 out of 55 votes, average: 3.40 out of 5 (5 votes, average: 3.40 out of 5, rated)

I’ve taken over the RSO blog, shh… they don’t know yet. [Editor’s Note: We know]

Can you keep a secret? I noticed nobody was using this blog so I’m taking it over. Yep, consider this my first corporate takeover. Kind of.

Anyway, RSO – which is the shorthand I use for – isn’t really doing much but posting poorly written SEO articles on here so I figured we could touch it up a bit and I’ll start ranting posting missives a couple times a week.

Oh, I guess I should introduce myself. I’m Carl. I was born in the depression era and spent my early adulthood as a farm hand in California. I was lonely, save my good friend Lennie, a large, simple man who had no concept of his size or strength. One day, he accidentally broke a woman’s neck and I had to put him down myself, lest a mob get him. You know what they say, even the best laid plans of mice and men often go awry. [Editor’s Note: None of this is true]

Anyway, after that I moved East, had a family, bought a computer and now here I am today. I won’t lie, it’s complicated being the only cartoon in the office. There’s a lot of things you wouldn’t anticipate that end up being a problem. For instance, if I run anywhere I tend to kick up a cartoonish cloud of dust, which – cartoonish or not – irritates my co-workers. I can also only eat cartoon food, which makes Friday lunches a challenge since not many restaurants have a specialty menu. I can buy a gluten free pizza, but not a cartoon one—and everyone knows cartoon pizza looks way better than real pizza.

I’m getting distracted. My point in taking over this blog is to help you avoid making the same kinds of internet mistakes I make. I get fooled a lot, phished a lot, duped a lot. You know who else gets into a lot of trouble online? Al Gore. And considering him and I created the internet [Editor’s Note: Nope] back in the 90’s, that says a lot about the current state of web security.

I’m an expert in getting into trouble. But I learn… eventually. And I can teach you about web security and how to avoid the same pitfalls I’ve had. So join me as we delve into this crazy thing called the internet. And if you see Al, give him a hug. He’s spent the last ten years rambling on about emissions, which is ironic for anyone who farts in their sleep as much as Mr. Gore does…

Don’t ask me how I know that.

Stay cautious, my friends.