Do You Have Drugs on Your Network?

Video

i-doser post

Recently I received a complaint about an extremely slow flow on a network. I conducted various scans on the network and did packet capturing analysis only to discover a unique and unusual case that I had never encountered before. I found a major bandwidth consumption by a few files trading on the network with the extension *.drg. I conducted a full research about this specific extension and its files, discovering that the .drg file extension is used for AllyCAD CAD design drawing files, AviSys bird watcher database files, Dyno2000 car design files,  VLBI and Tied Array drudge tasking document files. After contacting the client with my findings, I concluded that none of his users were using the software listed above. I ran a full software scan and analysis and discovered that three of the network users had an app called i-Doser installed on their iPhones, and they were connected through the corporate WiFi.

By now you must be wondering, “What is i-Doser?” I-Doser is an application for Windows and iOS that you can find on the Internet. It is used to achieve a simulated feeling of a “drug” through the use of binaural beats. There are well over one hundred “doses” or “dosers”, and some can be incredibly hard to find. Most of the doses are named after prohibited recreational drugs. In other words, it’s a brainwave synchronization software which is used for mood alteration purposes. The DRG files contain stereo audio tracks that are recorded using the binaural recording techniques used by the software. The DRG files also contain information about the “dose” file and a screenshot image.

I was extremely curious about i-Doser and its concept. What pushed these employees to use digital drugs in the work environment? How effective are digital drugs? Should employers be alarmed? According to research on i-Doser’s website, 83% of its users have had at least one simulated experience occur. There is substantial evidence and research to support i-Doser’s claim that binaurals can help simulate a specific mood or experience. But I was definitely a skeptic, so I decided to try this i-Doser myself. After-hours, of course.

I chose a dose called “Gates of Hades.” I looked up the reviews online for it, and what I saw creeped me out. People were saying that it was the most frightening thing they’ve ever experienced, e.g. near-death experiences, OBEs, distortion of reality, loss of body image, strong visual and auditory hallucinations… the works.  But, being the skeptic that I am, I decided to ignore all the talk and reviews. I said to myself, “People are just trying to scare each other.” So last night I plugged my HD headphones into my iPhone, laid in my dark room on my bed (as was recommended, in preparation for this specific dose), and proceeded to listen to “Gates of Hades.”

i-doserAs a veteran of the United States Army, I have been deployed to combat zones and have experienced some horrifying experiences. After my experience with I-Doser,  I have to admit the “Gates of Hades” dose is real, and it works.

After I finished listening to the full dose, I  experienced unusual sensations and serious anxiety that stayed with me for almost a full hour. Maximum depression-like sensations. I was seeing  colors darker than what they really are. This was like a living nightmare that I was trapped in for a full hour. This dose is very dangerous and shouldn’t be traded between people, especially teenagers. The brain-experience and reaction I had was totally horrifying and  accompanied by hallucinations.

The digital drugs are real, and they’re not as safe as most users claim.

After my horrifying experience with “Gates of Hades” and the reaction that I lived for a whole hour I wanted to understand more how this could possibly happen to me. I researched more in books and on the Internet about binaural beats. I found a logical, scientific explanation that I would like to share with you. Based on the Monroe Institute for Neural Science‘s research for binaural beats:

“The sensation of auditory binaural beats occurs when two coherent sounds of nearly similar frequencies are presented, one to each ear, with stereo headphones or speakers. The brain integrates the two signals, producing a sensation of a third sound called the binaural beat. For example, if a frequency of 100 Hz is played in one ear and 107 Hz is played in the other ear, a binaural beat of 7 Hz is created by the brain. Brain waves match or “follow” the binaural beat. If the binaural beat is 7 Hz, an increase in the brain waves of 7 Hz occurs. Binaural beats originate in the brainstem’s superior olivary nucleus, the site of contralateral integration of auditory input. The binaural beat is neurologically conveyed to the reticular formation which uses neurotransmitters to initiate changes in brainwave activity.

Brain Waves & Consciousness:
Gamma ( above 40 Hz ) Alert anxiety and could lead to hallucinations.
Beta ( 13 – 26 Hz ) Alert concentration and problem-solving.
Alpha ( 8 – 13 Hz) Alert relaxation.
Theta ( 4 -7 Hz) Deep relaxation and increased learning.
Delta ( 1 – 3 Hz ) Deep Sleep.”

I also discovered that the binaural beats have been used in the movie making industry since forever, recently on a more advanced level, which is known as sound effects. Have you ever asked yourself why, every time you are watching a horror or action scene there is always that super-surround, high-pitched sound effect in the background? Yes, that’s right, welcome to the Gamma Brainwave! These sound effects trigger the Gamma brainwaves causing instant fear and anxiety. Later on, you might even experience nightmares, not because of what you saw — it’s because of the high frequency rate that was triggered in your brainwaves. It usually takes time to discharge  its intensity to a lower level than 40 Hz. The reaction time lapse can differ from one person to another depending on the severity of that brainwave trigger they have been exposed to.

After my firsthand experience with this digital drug, or  i-Doser, I can see that the use of this program during work hours should be a concern for employers. While some employees may just be trying to de-stress, the use of any “drug” to alter their states (and possibly their judgments) is alarming.

There are lots of opinions about this new i-Doser digital drugs. Some are skeptics, some are believers, and some are addicted to i-Dosing. It’s clear that these type of digital drugs should of concern in the work environment. The user must isolate himself from the surrounding environment — in other words, breaking away from the work team and allowing himself to fade into the background. This would affect the general production of any company. Further, the i-Doser application uses a very specific file extension that is dependent on on live broadcasting from different servers, which consumes a great amount of bandwidth on any network. It’s very similar to the music broadcasting software called Spotify, which most companies currently ban using the corporate firewall and the security policies on their Active Domain Servers.

The Oklahoma Bureau of Narcotics has issued numerous warnings about i-Dosing and its dangerous side effects. Some countries in Europe,  such as, France have issued new laws to ban i-Dosing. U.A.E and Lebanon in the Middle East have similar bans. These countries have taken serious counter measures against this new trend of Digital Drugs. Don’t you think it’s time to stop being skeptical and realize that it’s a real threat?

If you are concerned about the possibility of digital drugs on your company’s network, please call us at Everon (888-244-1748). Our team can review your network and recommend next steps for your systems.

Sonicwall Registration Issues

Standard

 

Hi all,

I have never used my blogging to complain about anything. I believe blogs should be helpful and should allow you to learn something new that you may never have known before. The blog I am writing now hopefully doesn’t come off as complaining, but maybe more as a way for me to get this information out there for others to review — and maybe we can discuss solutions. Because unfortunately, at the end of this blog, there is no resolution.* But I want to discuss Sonicwall Registration issues.

I am not talking about what to do when you have a Sonicwall, and you need to register it for your account. I am referring to registering for a mysonicwall.com account. I have had the unfortunate experience of having to deal with this, and I want to get some myths and facts squared away.

First off, a little background here: I am a Watchguard guy. I was originally trained on Watchguards, I love the interface, and in my time in Florida it was 90% Watchguard, 10% Sonicwall. We had one client who had a Sonicwall, and I dreaded it. Until I realized they had the Public Server Wizard in the upper right hand corner of the webpage, creating simple rules was as difficult to me as an ASA (I won’t even get into that right now). I have always been a server guy, never strong on networking, so I didn’t understand why Sonicwall needed all of the various components to open a firewall rule. Watchguard made sense to me. You created everything right there with your system manager. I loved it, but upon moving to Colorado, much to my horror, I found that Everon is almost primarily Sonicwalls.

Nevertheless, I took this in stride and began to learn everything I could about these devices. Sonicwall, which was acquired by Dell a few years back, is a good product. It definitely can go toe-to-toe with Watchguard and Cisco ASAs. It is at the forefront of firewall security, so it was something that I needed to learn. I ended up getting a chance to take a Sonicwall home and connect it to my home network. I have a TZ 200, and I wiped it, uploaded the latest firmware at the time, and modified it to match what I wanted out of a firewall.

Flash forward: Everything is working great, but now I want to go further. I want to open some ports and play around a little bit. But first, since it’s been several months, I want to register it as my own. I want a mysonicwall.com account, and I want to update its firmware.

I initially went to mysonicwall.com and began the registration process. Everything seemed right in-line. It looked like I would have my firmware updated by the weekend.

Hold on…. it says my password is poor, with this error:

This password is publicly available in hacking/security forums and can be easily compromised. Please use a different password.

Wow that sounds intense. I really hope the password I chose isn’t available in some forum! I believe it’s a very secure password: I used capital letters, symbols, numbers, and didn’t follow a pattern. It’s over 15 characters! I figure I am going to have to review this later and see if I can find out if I have been compromised in any way. For now, let me input another password….

Same result. (?) How about a different browser…?

Same result. (?!) How about if I VPN into my office at work and try, using a different public IP (because what if, for some weird reason, maybe my IP is blocked)…?

Same result!

Here is a screenshot of the error in all its glory:

Sonicwall

I decided to call Sonicwall to discuss. After all, I am sure they want me as a customer, right? I have called Sonicwall probably at least 100 times before with client issues, so I know that, yes, it can take a while to get someone on the phone. But once I do they are great and will help me out.

Once I got a technician on the phone and explained the issue, he said this can only be taken care of through their Customer Service team, by emailing: customer_service@sonicwall.com. OK, that was fine, it sounds like I am not getting to work on my Sonicwall at this time, but whatever, as long as we are moving along. I emailed that address, and a ticket was created immediately, and a response came within 24 hours, so progress. The response that was given was simply:

Dear Customer,
 
You should not use special characters while creating an account.
 
Regards,
DELL SonicWALL Customer Support

OK… pretty sure I had tried without special characters, but let’s go at this again and see what happens. Yep, tried without special characters and I still got the error message. So I emailed Sonicwall back to state this and to see if they will set up the account, or what further can I do. Unfortunately here is where the trail goes cold….

…crickets…

It’s been 5 days now, absolutely no responses. I have tried the registration 3-4 times a day, and responded back to the original ticket requesting assistance, and nothing.

Today I thought about the idea, “What if I just click on ‘Register?’ Will it allow me to somehow register an account?”

NO. (This time the error is that my security question/answer has errors in it. The registration page just gives me two blank fields to fill in whatever I want, so I created a question, and filled in an answer! How could there be errors?! I even tried clicking on the question marks to the side of the fields, assuming those are helpful hints, but even those are not clickable.)

At this point I wrote a “less than happy” email back to Customer Support, because I am at the end of my rope. Even when you Google this Sonicwall error message, you don’t really get anything, so that is one reason I decided to write this blog. Am I the crazy one, or are others out there having the same issue?

I found one response on superuser.com, stating that the reason that error exists is because they are reviewing the password in rainbow tables, and if it exists, they are throwing it out. This made me feel a little more secure, like the password I created was not stolen. To further give myself solace, I created an EXTREMELY long and miserable password by typing random letters, numbers, symbols — everything you could think of — into this registration process… and still nothing. (The password was akin to looking something like this: !@We340rj58tr7j&%#$F093jd938de%^&* That looks pretty secure, but apparently not secure enough for Sonicwall.)

Also, just to state, before I get to my conclusion: if/when I get this resolved with Sonicwall, I will let you all know. I know someone, somewhere in that company will resolve this, and I will continue to be a very happy customer of Sonicwall’s. Just right now we are not on the best of terms.

So, In the end, the point of this blog is really to reach out to the world and state a few facts:

  • This is a big part of being a remote engineer. We are constantly having to contact 3rd party companies all the time, and when they drop the ball it’s tough to relay that information to the client. Because even though you know you have done everything you can, when your client is wanting you to get info from a 3rd party, and they drop the ball, you can’t help but to feel for your client. It’s like you’ve failed them in some way.
  • Sonicwall’s devices are amazing, they are great products, and I recommend them.
  • Dell’s customer service for Sonicwall is less than desirable. If anyone has figured out how to create a registration for mysonicwall.com, please email us at info@everonit.com, subject line: Sonicwall.
  • And lastly… Watchguards RULE! I still love those devices!

245845c*UPDATE [Two weeks later]: I have resolved this issue, and I have my Sonicwall account created finally! I almost gave up, but I decided that if the original engineer who was assigned to my ticket was not going to get back to me, I was going to email in again separately and create a new ticket. I know how their CRM works — just like at Everon — where when you email in to a specific email address, a ticket gets created and assigned out to an engineer. My thinking is that I received an engineer who didn’t care to help me — unlike at Everon. But this situation does happen at some companies sometimes. So if I email in again and a new ticket gets created, maybe I would get an engineer who cares.

So when I emailed in and a new ticket was created, I did get a response — albeit it took 2 days, and they requested a screenshot of the issue. I sent them a screenshot with my phone number, and they actually called me and set the entire account up! They didn’t sound too happy on the phone, and I am sure they were nervous about talking to me since I sent a very nasty email beforehand. Regardless, the issue is resolved, and I have my account. I hope to never have to use Dell Sonicwall’s customer service center ever again. I will say this as well: my password I ended up using has special characters, so the original technician who suggested I could not use special characters was flat-out wrong.

I hope this helps anyone else who might have been going through the same issues, as this was a nightmare for what honestly should have been a very easy, and quick issue. Good luck!

 

 

What is SFC and what does it do?

Standard

 

Hello. Today I am going to take a techie subject, break it down in a nontechnical way, and try to explain it at a level that is understood by many people. There is a built-in command within Windows that is called SFC (System File Checker).  Most times, this will be run if you are getting error messages and popups stating a .dll file is missing or could not be found.

SFC is a scanning tool that runs within the command prompt and is used to scan all the protected systems files. It is usually run from an administrator command prompt and will replace all the corrupted system files with a clean version that is pulled from a safe place on the hard drive. This location is not one that can be accessed normally, as it is a compressed folder located at %WinDir% \System32\dllcache (“%WinDir%” is just a way of saying the operating system folder, such as C:\Windows).

SFC will run through a series of checks (and corrections, if it finds any corruption). During this whole process the command prompt will stay open and then state that it is 100% completed. If there is no action that needs to be taken from the scan, you will get a message that says “Windows Resource Protection did not find any integrity violations.” If it did find violations it will fix them, and then you will get a message saying it was successful. Afterwards, you will want to reboot your computer.

sfc

Microsoft’s WinShock Bug Exposed!

Standard

Microsoft-Logo_4

In what may come as a surprise to some, IBM just announced that it has worked with Microsoft to patch a security exploit found in its OS called WinShock — and the scariest news is that this has been a vulnerability through all Windows operating systems since Windows 95!* This bug has been a part of all of our beloved Microsoft OSes for 19 years!

IBM initially discovered the bug back in May. However, Microsoft chose not to go public until a patch was in place. Microsoft has just released 14 patches as part of its ‘Patch Tuesday’ updates (Tuesday is when Microsoft releases patches for its OSes) to address the WinShock bug. Another two patches are also on the way. To get the latest updates, type ‘Windows update’ in your search bar (if you have anything Vista or later) and install the important patches.

If you would like to read Microsoft’s Security Bulletin on the WinShock bug, you can do so here: https://technet.microsoft.com/library/security/ms14-nov

The bug is introduced through Microsoft’s schannel, which is Microsoft’s way of securing the transfer of data. However, WinShock not only affects the OS, it also affects Microsoft Office products and Microsoft servers. If you are hosting a website that sends encrypted traffic, you are going to want to update as soon as possible. Even though there is no proof that this bug has affected anyone, it was still rated 9.3 out of 10 on the CVSS, so all server administrators should consider this just as important and severe as the latest bugs that have been identified (i.e. Heartbleed, Shellshock, etc.)

For more information on how to protect your environment against the WinShock bug, call Everon at 1-888-244-1748.

*The WinShock bug does not affect Windows phones or tablets, as they do not use schannel.

Excel Power Users: Don’t Be Scared – Use Arrays!

Standard

array

 

As a frequent user of excel, at what I would consider advanced-level expertise, I spend my days flying through data connections, pivots, all kinds of complex formulas, and even a dash of VBA. But there was still one hurdle I hadn’t jumped. For some odd reason those squiggly brackets { } (technically I believe they’re called “braces”) had intimidated me from dabbling in the world of arrays. Something felt unnatural about hitting ctrl + shift + enter before exiting a formula. What magic would happen behind the scenes if I pushed those buttons simultaneously? I understood the logic and language of Excel, so asking it to “work differently” just seemed bizarre. I found myself working around actually using arrays by means of  extra columns, pivots, and very elaborate lookups and formulas.

This past week, however, I faced my fear and jumped in… three keys at a time!

Game changer!

Imagine you have a list of contact dates and clients. You want to figure out how recently each person has been contacted by running a quick summary on the data. Sure, you could throw a pivot on the data, but what if you needed it in the table format? There is not a “MAXIF” formula to perform this action. In fact, for all its strengths, there is a gap on available “IF” formulas in Excel. Enter-in arrays! Arrays give you the power to combine formulas that analyze data in tabular form without having to pivot the data.

Here’s how it works:

Let’s say you have a list of sales, and you want to be able to reach out to clients with whom you haven’t spoken in a while. Knowing the last contact date alongside their YTD sales will help you make sure that you are staying on top of communication with your best customers. Here’s a list of sales with contact dates. We can easily throw a “SUMIF” formula in to calculate the running total, per customer, per line. But finding out the most recent (or “max”) date is not so easy, because you cannot make a “MAXIF” formula. Instead, we can “nest” them with an array.

image1

In everyday language, we need the formula to perform the following tasks:

=MAX(number1, number2,…)

where the numbers are all in column A, “Contact Date.” If we just do MAX, it won’t take the customer into account. We need to add a criterion to also look for the max date of that customer.

image2

In theory it should be this:

=MAX(IF(Customer Name = This Row’s Customer Name, THEN return the Max date from column A, OTHERWISE return a 0)

image3

Unfortunately it doesn’t wrap the IF with the MAX and it produces a result that is the max overall. So let’s jump into those scary squiggly braces and see what we can do.

When you use the exact same formula — but before hitting enter at the end — instead, hold down CTRL + SHIFT + ENTER. You’ll see that Excel adds braces { } around the formula. When you copy this down, the formula magically evaluates both conditions across all the data you’ve selected. Voila! You have now added analytics to your table.

image4

NOTE:  You cannot simply add braces to your formulas to make this happen. You have to hit ctrl + shift + enter to make Excel perform the array formula.

So… What’s the takeaway? What can this do for you? By performing this array formula and quickly sorting my list… looks like I better reach out to Examples R Us. They’ve spent the most and it’s been the longest since they’ve been contacted.

image5

Imagine what arrays can do to inform your business!