Erratum Er*ra”tum, n.; pl. Errata. [L., fr. errare, erratum,
to wander, err. See Err.]
An error or mistake in writing or printing.
[1913 Webster]

Don’t know anyone with COVID-19? I know three.

I live in Atlanta, I know people who have COVID-19

i know three people who have coronavirus

Coronavirus: Outlook not so great..

Don’t panic, Arthur Dent.

Look, I’m not here to fear monger or scare. But, the thing is, we didn’t do very well here, in the United States. My saying so does not make me anti-American either. You can criticize your nation. And, some times you should.

The main thing I have to say, is really the only thing to say: Please follow the guidelines, as best as you can.

It’s great that so many people are asymptomatic or only show few symptoms. That’s really awesome. But, it also means nothing to those at risk or who happen to develop severe symptoms.

If you know anyone who has contracted the novel coronavirus, then you know CoV-SARS-2 is not a joke. COVID-19 makes you sick for a long time, if you develop even just moderate symptoms, not to mention severe ones. It’s also extremely contagious, mostly spreading when you speak, cough, sneeze, etc..

My stepson has coronavirus currently, he seems to be fighting it very well. The brave little guy is only 13 years old and also not considered to be “at risk”. We’re confident he will recover quickly. One of my friends however has caught it, confirmed, twice. Quite a bit apart. He’s reduced immune, due to some injuries, surgeries and complications he’s had prior to the pandemic, but he has survived both of them.

Anyway, please wear your masks, even if it’s not required. I know it’s the hottest part of the year and it sucks. But, you do not want to be wishing you could be by a loved one’s side. My grandmother doesn’t operate video chat very well and it mostly frustrates her. So, we tend to visit in person, to see her at her assisted living facility. Unfortunately, they called recently to tell us that she’s tested positive for COVID-19. It is really, really hard not being able to be beside someone you love, when you know they’re fighting for their life.

I’ll try and catch up on some blog posts I have been promising. I know that I am only distracting myself from some feelings that I will need to be dealing with. But, believe me, I’m pretty exhausted at the moment.

Do not be scared, educate yourself and try to be as smart as possible. Social distancing and wearing a mask is how you show those that you care about that you both love and respect them, right now. So, let’s be strong and be safe.

2020-07-31T02:49:00-04:00July 27th, 2020|Categories: Errata|Tags: , , , |

Rising mobile threats – an open letter

The rising mobile threats accelerated again..

The rising mobile threat is bound to surpass traditional

Friends, family, colleagues, clients, associates and the rest of you, this is just an update that the threat landscape has shifted.

There’s been a well documented and growing trend of malicious mobile apps, gaping mobile app vulnerabilities, and etc.. etc..

The reason I write today is to let you know, outside of media hype and free from business interest, to be vigilant. You should have reputable anti-malware, intrusion prevention and detection on your computers and home networks, as you know. And, many of you already have the same protections for your mobile devices. Good.

The threat landscape has become vast, and while mobile platforms *seemed* more secure, the reality is different. Having homagenous targets like android and iOS is a bad thing. As well, keeping the every day user from being able to interact with lower level systems is a mistake.

There are already, at least, 5 pieces of malware for Android and 2 for iOS, that once infected, there’s no reliable way for the user to clean the device. Those unwanted programs simply hack beyond the user’s (or any legitimate app’s) permitted level of access. Which is why I’ve always advocated against such a “security” move in the first place.

I urge you, if you haven’t already, to invest a few bucks in mobile security and try to keep in mind it’s level of connectivity to your work and your private life. While I can help, I won’t advertise my services here, nor would I be upset if you chose not to consult me.

But, it’s going to get worse. The worrisome trend, that’s prompted me to act today, is actually a downward trend in malicious activity targeted at the traditional web browser. Those “advanced persistent threat” actors are shifting attention towards mobile apps (the majority of which are already simply responsive websites bundled into tiny package).

They’re not going to go away and while the security industry has a very large pool of talent, so too does the threat. And, if you haven’t noticed, too often the industry is stuck playing “catch up”.

You’d be prudent to allow new apps to be vetted and check reviews before installing. The official stores try their best to keep us from being exposed. But, that’s just a never ending game of cat and mouse. It’s already a mistake to depend on that filter.

The largest danger is always going to be a user simply being duped into installing something bad. So, like your desktop and laptop, if you did not intend to install or run something and it prompts you, make a habit of saying no. And, I’d urge you to find how that happened and block it.

There’s no reason to panic, but I felt a personal notice could potentially save some of my loved ones some pain. Thanks for your time and enjoy your weekend!

Stuart Gray

“Sniff packets, not glue.. ya bums.” – mootiny #unixpunx @EFnet

Freelance DevSecOps Contact Form:

Feel free to contact me, if you have a use for some devsecops work! I’m usually around. Most recently, I’ve been kind of “stuck” in some web development “hell”. Just kidding, it’s been fun to revisit some old skills. Email services have been sending inquerys, as well. Would love to find something with a larger security focus to work on soon. :)

    2020-07-24T18:09:45-04:00July 11th, 2020|Categories: Errata|Tags: , |

    Using OSINT for Competitive Research

    using osint for competitive research

    Pixabay at Pexels

    I love competition, but I hate spam.

    As a lover of the “free flow of information”, I also love debate and competition. But, something I cannot stand is spam.

    Spam can be so bad that it can make it impossible to find the actual information you’re looking for. If you’ve ever tried to research “ring-spun cotton” on Google, you know what I mean. I was writing an SEO optimized blog post, to try to drive semi-relevant traffic towards my girlfriend’s father’s t-shirt store and Wikipedia was all the way back on like page 13 at the time. Everything else was competition. I chose to write a different article.

    Don’t berate people, while you’re trying to sell them something.

    Aggressive sales tactics do work for a lot of people, but it’s risky. Because, people like me fuckin’ hate it.

    So, I’m digging through my inbox earlier today and I see a reminder from another business. Curious, as the sender had dropped the entire mail thread, and annoyed as the individual had decided to take a tone with me about my lack of action thus far. He complained that I had “promised to reply the other night”, which is fine. Except when you’re just sending a follow up email to a potential lead. And, doubly not fine, because wondering why I hadn’t replied, I dug up his original email.

    Turns out, the reason I hadn’t replied was that, the email was unsolicited. I didn’t require his services. He’d offered some keyword ranking services, which is something that I offer too. So, I had jokingly replied with a bunch of short-tail keywords that he would also want to rank for. I had, mistakenly, assumed that he’d notice this and not take me seriously. That is, until he responded with a proposal. I was taken aback. I assumed I’d missed something. So, I told him I’d look at it his original offering later that evening and then forgot about it entirely.

    At this point, we’ve come full circle as the next email I opened was the one I’m whining about above. Originally, I was going to kindly reply and inform him that he’s a direct competitor and wish him good luck. But, since he been aggressively foolish, I decided to go ahead and do my competitive research first. To me, this is fair, he’s had several opportunities to notice that I am not a potential client. The first one being that I didn’t sign up to receive mail from him in the first place.

    Who is the competition? Using OSINT for competitive research.

    While his site loaded quickly and looked pretty nice, it immediately stood out to me that I specifically didn’t setup my site like that because it’s disingenuous. There’s no real content on the page, it looks like every other business. And, it also kept listing this local United States contact number, but an address in India for the business address. I’m aware VOIP exists, but are you advertising towards India or the United States? I could tell something was up, there was also no mention of prices and the language was all broken English. I figured, it wouldn’t hurt to see if they could code at all or if they were just buying other themes and configuring them for clients. Turns out.. probably neither.

    /*
    Theme Name: Betheme (Shared on MafiaShare.net)
    Theme URI: http://www.mafiashare.net
    Description: Betheme – Premium WordPress Theme
    Tags: one-column, two-columns, left-sidebar, right-sidebar, custom-background, custom-header, custom-menu, editor-style, featured-image-header, featured-images, post-formats, responsive-layout, theme-options, translation-ready
    Author: Muffin group
    Author URI: http://www.mafiashare.netm
    License: GNU General Public License version 3.0
    License URI: http://www.gnu.org/licenses/gpl-3.0.html
    Version: 6.1

    All css files are placed in /css/ folder.
    If you want to add your own css code, please do it in /css/custom.css

    */
    @media screen and (max-width: 800px) {
    .tabswork{
    font-size: 15px;
    color: #212121;
    font-weight: 900;
    margin-bottom: 20px;
    }

    }
    @media screen and (min-width: 800px) {
    .tabswork{
    font-size: 36px;
    color: #212121;
    font-weight: 900;
    margin-bottom: 20px;
    }

    }

    using-osint-to-perform-competitive-research-wpscan.png

    using-osint-to-perform-competitive-research-wpscan.png

    And, I thought they had so much potential.. Turns out, they’re not competition at all. Just spammers who are using pirated themes to try and scam people. I should’ve picked up on that sooner. Even still, I was going to just mark the email as spam, delete it and be on my way, until one final detail brought out the gray hat hacker in me.

    https://www.sawebtech.com/wp-content/themes/sawebtech/css/custom.css
    /* If you want to add your own CSS code, please do it in this file */

    Yeah.. they don’t write any code, at all. It’s safe to assume their SEO services are worthless also. Don’t be hood winked by idiots and don’t mess with gray hats. They’ve been reported to their web host for both, spamming and using stolen software in a business setting. As well, I used my OSINT skills to go track down a proper email for the rights holder and informed them of this infraction. It’s unclear if they’ll bother sending notice to put a stop to this one individual. Clearly, they’d prefer to get their stolen theme taken down from where ever these scrubs got it. But, it never hurts to make a spammers life just a little more difficult.

    That being said. I do offer OSINT services to my clients, should you have a need for them. I just don’t advertise it, because it’s generally part of a larger service, like a penetration test or some kind of investigation.

    2020-07-07T02:15:22-04:00June 30th, 2020|Categories: Errata|Tags: , , , , , , |

    Okay.. I’m Back and Ready to Hack! :)

    What’s up everybody?

    First, I’m sorry for the lack of post updates recently. Without pouring over way too many coronavirus details, like everyone else. I’ll simply say that I live in Atlanta, Georgia and that my social circle accurately predicted Governor Kemp’s move to be a very bad one.

    My loved ones, as well as myself are all okay. We show each other that we love and respect one another by continuing to practice social distancing and trying our very hardest to follow the guidelines.

    That being said, we are still forced to return to dangerous working conditions against our will. So, I’ve been busy trying to finish the redesign. As well as ramp back up with clients, many of whom are still surviving off of relief funds.

    If you might have work for me, please fill out this form for a free quote. Or, email me.

    The belt is tight for a little while. But, in the interest of my sanity, I decided to subscribe to TryHackMe. I wanted something to play with, since work has had me stuck in ecommerce hell.

    Educational walkthroughs coming soon.

    2020-07-01T15:58:08-04:00June 28th, 2020|Categories: Errata|

    WooCommerce Makes a Mess

    Saying Goodbye to WooCommerce

    Regretfully, I have to admit that WooCommerce makes a mess of the WordPress database. And, since promoting partner products is not the goal of this website. I am separating it from this installation of WordPress.

    Do not misunderstand me. WooCommerce is a great and solid product. I enjoy working with it, as much as anything. But, since I need this website to drive leads more than partner sales. I’m giving my partners their own store, off-site.

    Sorry for the mess, recently. This will make things much more manageable for me and hopefully easier for you. Now, I only hope Google doesn’t ding me too hard for temporarily 301 redirecting all 404s to my front page (where this is sticky). It’s a price I will just have to pay for a month.

    woocommerce is back already
    WooCommerce is back already?!

    Saying Hello Again to WooCommerce

    You can find all of your Acer, TigerDirect and Tech4Less discounts at https://shop.grayhatfreelancing.com.

    That being said, let me make a few things clear about the store. The store is just promotional links to my partner’s products. I do not have access to your orders or payment information. The purpose is to allow my clients, potential clients and readers a chance to browse the offers my partners are wanting me to promote. A lot of them are very good deals for very solid products.

    Let me be very clear. The shop is NOT a drop ship. Clicking on the product will take you to a product page with a brief description and provide other useful information like prices. Clicking on any of the buy buttons will take you directly to their official store and automatically apply my partner code for you.

    I do benefit from the transaction. But, this is one of the few cases where it comes out of their end, not yours.

    Enjoy!

    2020-07-01T16:05:03-04:00May 27th, 2020|Categories: Errata|Tags: , |

    WordPress Deploy from Termux, Hilarious

    WordPress Deploy from Termux

    Here I am, using performing a wordpress deploy from termux. Using only my cell phone, I launch termux and SSH into my laptop. I create a linux debian virtual machine. Then I connect to that machine, update linux debian 9 aka “buster” to current, linux debian 10 aka “sid”.

    wordpress deploy from termux
    WordPress Deploy from Termux & Debian Buster Updated to Sid

    LAMP Installation and Configuration from Termux

    From there, I turn it into a LAMP server. This means I install Apache, MariaDB (a stand-in for MySQL) and PHP. I configure Apache for php-fpm and mpm_event (in a rough way), the I install all the PHP modules required to run WordPress.

    MySQL Administration from Android Linux

    I also lockdown MariaDB with mysql_secure_installation. I use mysql from command line to create a SQL database and a password protect SQL database user, give the SQL database user access to the SQL database.

    I proceed to downloading wordpress and extract it to web root. I set the write file ownership and file permissions for the Apache web server. Finally, I open a browser and configure wordpress’s install script and run it. Followed by creating an administrative user. Completing the first half of my adventure doing a wordpress deploy from termux

    wordpress deploy from termux

    wordpress deploy from termux

    WordPress Installation from a Mobile Phone

    I forgot my wordpress administrative password. So, I backup the files and database. Power down the virtual machine. Destroy it. And then I build a new one. But, this time I upgrade linux debian 9 “buster” to linux debian 10 “sid”, or the “bleeding edge”. It’s also known as the unstable branch. I, again, turn it into a LAMP server. And, finally I restore wordpress, from the backup that I made, in the exact same way that you’d recover wordpress from a disaster. Like, if you were hacked or suffered a similar disruption.

    WordPress Disaster Recovery

    Essential WordPress disaster recovery. And I do it all from my smart phone, using Termux on Android.

    https://www.youtube.com/watch?v=pD1piFpAmiY

    Network and Systems Engineering from a Linux Android device
    Freelance Gray Hat Hacker for Hire

    2020-09-02T05:50:39-04:00April 19th, 2020|Categories: Engineering, Errata|Tags: , |

    Jeet Kune Crypto

    Kung Foo: Jeet Kune Crypto

    Jeet Kun Crypto isn’t a real thing, just a term I’m applying a new section of one-liners that are strictly security related. In that sense, I mean to say they’re penetration test, or at least vulnerability discovery related. It’s a joke. A play on an old tendency to refer to skillfully written and security related code as “kung foo”.

    2020-06-19T12:26:31-04:00April 5th, 2020|Categories: Errata|
    Go to Top