What mom didn’t want you to know about the Android OS!

When mom said no!

It probably made you wonder why?   I am going to talk about some things that will make your mom angry at me.   I am going to tell you secrets that will make your jaw drop and even make your mom probably curse at me!  Let’s not forget that this is an educational blog post so please keep that in mind!

Pesky Child locks!

For the most part, child locks are a good way to keep kids safe but the one thing most people do not know is Reseting the android device is probably the easiest thing you can do to get rid of them.  Here are a few Child Lock apps that would be gone if you did that!

I’ve only named off a few because when your child gets to that certain age of wanting more they will figure out ways and this way is the easiest to get the device back to factory settings without much effort from them.

Hide Pictures!

With android, anytime you have a photo or picture on your phone.   Android will index and put in into the gallery.   Well sometimes you really do not want  your mom see them and a few good apps to do that for you such as:

As you can see those videos, Files, or even text messages that you do not want anyone to see can be easily encrypted to prevent anyone such as your mom from seeing.   It also helps keep your privacy safe because do yo really want people to know you have a naked female picture on your phone!

Quickly call a favorite!

If your like me you have several people you call on a daily or even sometimes more than twice a day.   You do not want to go through the contacts to call them.   You can easily and simply put an icon on your home screen and every time you tap it, and you’d be calling them.   This however can be dangerous because of the possible hit dial while in your pocket so take not and maybe put it off one or two screens from the home menu just to be safe.

With Some older version you simply have to find a blank space on the page and just do a long press hold to have it come up to say Shortcuts > Contacts but with newer version.  You just have to go into the Widget screen and hold the contacts icon and it will make a contact shortcut.   You can do that with both calling and texting.   It is a really quick way to text to someone without having to type in their name or number.   This is the best thing to swiss cheese.   I love it!

As you can see these are just a few that will get your mom upset with you.   You can also us a VPN to help keep parental eyes off what your doing online, but it cost money and I am sure it is something you will have to consider when your at McDonald, Starbucks, Chick-Fil-a, and the library.   You really should use a VPN when possible but that is just my opinion!

3 Reasons Why I host on Bluehost servers!

bh_620x203_04Disclosure:  I am now affiliated with Bluehost in both the website and I also earn money every time someone clicks on my Bluehost links.   You pay no more than before but I get a commission every time you use the links to buy a hosting plan!

The Big Story!

A few weeks or I should say at least 2 months ago, I had Google give me the infamous warning about “Unnatural outbound links” and I finally had it with Squarespace.   I was pretty much fed up with not supporting Squarespace 5 anymore and since they didn’t have way to easily upgrade to 6 and of course Google.  I took the leap to going back to WordPress.  I had great success with WordPress in the past.  I knew I wanted WordPress but I really didn’t want to go back to those hosting providers that gave me the hardest time to cancel my account like Justhost and Hostgator.  I am sure I’ve missed one or two but those two were the worst with payment methods and hidden fees.

Cheaper than SquareSpace!

I paid $71.40 for a whole year with Bluehost.   Which is far better than Squarespace, which was easily 120$ a year if you bought them over a year at the premium level and I do not remember the exact amount for the basic level which was 10$ a month.  I should say I am really impressed with the ease of buying the hosting and updating my DNS to go here.  It was almost effortless but it was a hard decision non the less!

Domain Verification!

Bluehost verifies the domain by calling you and going through even more hoops to make sure the domain belongs to you.  It was a pleasant surprise when that week someone called me to verify that the domain that I used to set up was actually mine.   It can help thwart thieves and people from taking control of your domain without your knowledge.   So this verification was really nice to know it was there.   I am sure they didn’t have to call me and verify it but it was a nice change.

Increase in Ad Revenue!

The most important reason for me, was the simplest one.   It was the need to be able to do what I want with the themes and to change it as I see fit.   I can do what I want to my blog and not have to be constrained by no one or nothing.   I thought it was a great benefit with Squarespace but I found out that I couldn’t do as much or earn as much.   I’ve noticed that when I came back to WordPress.   I started earning more from Amazon and Adsense.   Like I was held back by Squarespace.  I do not know this for sure but I am glad I went back to WordPress.

I dare you to try Bluehost and give them a try because you’d be amazed as much as I was when I started the process.

 

Comparing the Samsung Galaxy III to The RCA A1 Unlocked Phone!

Before we start, I must disclose that I will be using Amazon Affiliate links to help me pay for the price of the RCA A1 4.7″ Unlocked Phone. Using my amazon links will not increase your out-of-pocket cost but a small commission will be given to me every time you click and buy using my links!

Samung Galaxy S3 (Amazon.com)

From Phone Area

From Phone Area

The Phone comes in several different speeds but this seems to be the average hardware for the phone itself.   As you can see this is a quite a speedy and quite nice.   Although I have not had a Samsung Galaxy, I have though had friends let me borrow theirs for a day or two to play around with it.  I like it if I could afford to buy one, you’d bet I would jump on it like wildfire.

RCA A1  (Amazon.com)

Screenshot 2014-05-04 at 2.20.28 PMTo the best of my ability, I searched and searched for the which chip set this phone was using and I just couldn’t find any information on the phone or online.   If I would have to guess it would be a dual core (See picture) low powered Arm Chip set.  It wouldn’t surprise me on that one but I do not know.  I do not know how long it will be available.   I am sure Samsung will be making problems for RCA in the coming months, if not sooner.  It however is really nice for the lower price, but you shouldn’t expect to much from this phone.

A quick review!

So I have it, for almost a whole week and I’m really enjoying it.   I can now tether without any troubles.  I even talked about how to get the phone to work with Straight Talk.   It seems to be working wonderfully and the SMS seems to be work once you put in the RIGHT APNS for the phone.

Some of the things that I have found with this phone is quite simple.   You do not have any notification lights on the phone.   So you do not know until you turn the screen on if you missed a call.  It seems to be a problem to some and others like me really do not care because I hardly ever get a phone call.   So it might hinder some of you from buying this phone.   I bought this phone for the size of the screen and that it looks like the Samsung Galaxy S3 to a point.   I for some strange reason can’t install Netflix on this phone but I might have done something to cause this.   I’ll explore more and let people know if it is a major problem or if it is just me!

Here is what I think so far.   The RCA A1 is a Good phone for those who are looking for the size and the look of the S3 but you’d be cutting the price because you will not get as many good feature or speed.   The speed on the phone is really not bad compared to ones that I have used in the past.  It will vary from person to person on how they like the phone but it is a GOOD phone for the price of the phone and being able to use it with Straight Talk.  I am personally liking the phone now and will encourage anyone to at least try it out and see for yourself!

Doubling Down is risky business with Chrome CRLSets and Adam Langley!

Anyone want to drink that Kool-Aid?

When Steve Gibson first started talking about revocation, I never knew it would be such a hot topic right now.   Then he decided his next thing he needs to do is talk a bout the CRL’s (Chromium Browser or Chrome).   Now before we get into the problem at hand, we first have to understand what CRL’s (Chrome Revocation List’s) are and how they deal with Chrome.   I think Steve did a fantastic job at discussion it but we probably are not done with the subject.   The Adam Langley decided he needed to talk about what Steve posted.   I guess he felt like he was being attacked but he also said stuff that purely got me thinking:

“Since we’re pushing a list of revoked certificates anyway, we would like to invite CAs to contribute their revoked certificates (CRLs) to the list. We have to be mindful of size, but the vast majority of revocations happen for purely administrative reasons and can be excluded. So, if we can get the details of the more important revocations, we can improve user security. Our criteria for including revocations are:

  1. The CRL must be crawlable: we must be able to fetch it over HTTP and robots.txt must not exclude GoogleBot.
  2. The CRL must be valid by RFC 5280 and none of the serial numbers may be negative.
  3. CRLs that cover EV certificates are taken in preference, while still considering point (4).
  4. CRLs that include revocation reasons can be filtered to take less space and are preferred.”

Breaking down that statement!

I figured this is all about details and we should have a little fun and read between the lines.   The first thing that jumps out at me is that the CRLSet’s must not get to big, I’m guessing it has to do with size and they probably are trying to keep it under a certain amount of space.   I can only guess it would be close to 10 megabytes but that is just a guess.  It isn’t unconventional to say the least but it would be phenomenal if it was better than the revocation checks.

So the Second thing that really makes my eyes pop out is that it can not be encrypted?  Which means that if it can not be encrypted then we have a man in the middle attack possible where someone could almost prevent Google from telling browser that a site has revoked their certificates.   It is highly unlikely but someone could come along and snatch that CRL before it gets to the browser and easily change it to prevent you from knowing any the wiser.  Which means it is a MITM (Man in The Middle Attack) although it is highly unlikely I am going to have to say it is possible!   I can not understand the concept of this.   You can have bots go to sites that are 100% HTTPS and not have any problems.   I am amazed and quite concerned that it has to be HTTP and HTTPS.   So it begs the question about why he thinks this is an ideal situation.

I could go on about just that list but I better get to my other points

Soft-Fail revocation

And yet, GRC managed to write pages (including cartoons!) exposing the fact that it doesn’t cover many revocations and attacking Chrome for it.

They also claim that soft-fail revocation checking is effective:

I’m pretty sure, I’ve talked about soft-fail revocation the last few weeks but I am not the only one who has talk about this.   Steve has talked about it in depth on his site also.  He seems to think that it will not help and it is not effective but I find that the CRLSet is also very ineffective and should be avoided at all cost.   I though did like the cartoons that Steve or I should say GRC posted about the CRLSets and what that means to you!

Revocation is still KEY!

Even though I believe revocation is the heart of the problem, it is still the best we have.   I think it will go out the window in the next few years and something better will come but until then we have to come up with a best way to trust that if the certificate is revoked we can know that it isn’t being used.  This is where OCSP  Stapling comes into play.  We can cut out most problems and attacks if we do not allow the connection to refuse a certificate look up.   I can’t seem to come up with any other way.  Again if you haven’t enabled SSL revocation check, it is time to fix that in Chrome.

How To Get the RCA A1 4.7″ (unlocked) to Work with Straight Talk

The Low Down!

If your like me, and you have bought the Unlocked RCA A1 4.7″ Smartphone and you need to use Straight Talk (Affiliate Link).   Then you’ve come to the right place.   I’m going to tell you how I got it to do send and receive Multimedia Messages Services (MMS), Voice, and Data.  If your like me, this should be “a walk in the park” but I’ve heard some people say they couldn’t get it to work with Straight Talk.   I’m here to help transition you to the service easier.  First off, you will need the AT&T Compatable Straight Talk Sim Card (Affiliate Link)!   I will be doing more down the road.

If No Sim found Message

First off after you get your SIM card installed and you turn on the phone you get the dreaded no SIM card found then you will need to do some things.  First off pull the back off and see if your SIM, is placed, in the right way in either SIM 1 Slot or SIM 2 Slot.   You should notice that the Sim should have the cut facing the battery and it needs to be in the Lower Right hand corner!  Once you have placed the SIM correctly in the Phone, reboot the phone and it should bring up saying it has found the SIM!

Access Point Names and Activation!

If you have not activated the sim by going to Straight Talk (Affiliate Link), you will need to do that now.   Once you’ve activated the SIM, you can now turn on the phone and let it boot up.  Access Point Names (APN’s) are used to tell the phone how it should communicate with the Cell Towers.  If done right the Phone will work on all AT&T Cell Towers with no problems.  I’m going to walk you through the process and help you get your new phone to work with Straight Talk.

Go into SETTINGS  (Either through the APP itself, or by pressing the book with 2 lines (To the left of the button) and selecting System Settings!)

Select  ( More… ) then Mobile Networks and Finally Access Point Names.

Once there, you should see one already been made by Straight Talk & AT&T it should be called (Cingular 410) already selected and used!

You will need to create a new APN by pressing the book with 2 lines and selecting NEW APN.

Once Done here you should add these to the new APN.   Do not add more or less and make sure you spell everything correctly or this may not work properly for you!

Name:   STRAIGHT_TALK

APN:  tfdata

APN type: default, MMS, supl (Only select those three.   Do not select WAP or it will not work)

MMSC:  http://mms-tf.net

MMS proxy: mms3.tracfone.com

MMS Port80

MCC: 310

MNC410

Save these settings by hitting that book with 2 lines on it and selecting Save.

All Set!

Once Done you should have two APNS.   Now select the  STRAIGHT_TALK apn and reboot your phone.   If you have done it right the phone should now have a H right above the 4 bars and you should now have both data and MMS working.   I have used MMS and it working just fine with the phone.   I can send and receive movies, pictures, and even sound recordings.   It worked with my old phone wonderfully, the LG Optimus 3.   If you’re looking for even more help with Straight Talk, you should check out my other blog posts about them!

Adam Langley, You are dead to rights wrong. Why you should enable SSL revocation checks!

Don’t tell your think it is for the best!

After what seemed like a few hours looking over other blogs and what they were saying.   I came to this blog post from Adam Langley’s Blog  ImperialViolet.   He is saying we shouldn’t even check that box to check for certificate revocation.  I am going to try to explain why it is so vital that you enable it.   Even if it is a soft fail we will still be far better protected than not to even have it on in the first place.

So soft-fail is the only viable answer but it has a problem: it’s completely useless. But that’s not immediately obvious so we have to consider a few cases:

After reading everything he has to say about the subject at hand, I’ve come to wonder what he is trying to say.   Some of the things Adam talks about why not to enable SSL Certification check just seem moronic to say the least.   Here are a few things I read and want to talk about:

That’s why I claim that online revocation checking is useless – because it doesn’t stop attacks. Turning it on does nothing but slow things down. You can tell when something is security theater because you need some absurdly specific situation in order for it to be useful.”

It is more than useless, it was an old protocol that just needs to be retired but unfortunately we have had little reason to or even any want to.   We can not keep accepting that these revocation system do anything but help either the governments or even the highly efficient hackers to gain valuable information about users.   It isn’t like they have to do any more than write a script and be able to retrieve what ever they want.   The problem with SSL is quite simply it wasn’t designed around security or proper encryption.   It was designed for one purpose and one purpose alone to make people feel safe about giving out their credit cards and other such important information.   This one comment we both agree on but I also think that having a soft fail option is a better option than not having one at all.

Google Wants Money

Your just telling users that you are telling them what is best for your interest not theirs.   In one word, it really comes down to money and advertising.  We know you make money on searches and if you this go through then you are more likely to start loosing even more money because you will have constant hard fails from sites and you May not be able to serve up ads for sites because of the hard fail.  Users who do not even know about it will likely just go to sites that can’t be verified and think it is the their browser but it is the server that is causing the problem.

It’s all about numbers!

I am sure that OCSP Stapling isn’t all it is cracked up to be or even the perfect option.   If your saying that it will stop all possible attacks and keep your identity safe, then your probably going to be wrong.   I argue that nothing you do can keep your identity or even credit cards safe online.   There will always be some one who can come up with a way to get that information they are so desperately wanting.   Although by using this system we make it that much harder for them to sneak past the browser.   Yes we can probably come up with stories of how it happened when that box was check but I will say it is less likely to happen because people are smarter than they once were.   We’d also be able to keep track of newly discovered revoked certificates that were in the wild by using the OCSP Stapling along side a way to report to the browser developers that we have found an invalid certificate and we could strengthen our security even more.   It is just theory but I am sure it would at least keep more people safe than doing nothing at all.

Finally, it isn’t the fault of the users who are the problem but how browsers have dealt with users who either do not know better or have not been educated on how to properly protect their identity.   You should be making more impact on the end-user by teaching them about security and privacy settings than expect that you know what is best for them.

Why you should check your SSL settings!

My Heartbleeds for Chrome

When we first heard about the Heartbleed bug came out.  We had Lastpass create a test to see if a site is vulnerable to this bug.   Heartbleed is a vulnerability in which an attacker could gain sensitive information by asking the server some really simple questions.

Heartbleed explained

How it works!

Some people have a better grasp then I do on this subject but I will say Steve Gibson  on the subject if your really wanting to get into even more detail about this bug.   I won’t go into much detail about this bug or even if it is truly a vulnerability but I will talk about how you should make your Chrome OS browser have a hard fail for your certificates that is not be verified.   I know I’ve heard people say in the past that it may stop making sites being seen but I have yet to see this problem in detail and I think it is a good security idea because this will help prevent phishing attacks and maybe even save you from identity theft but I can’t guarantee it 100%.

The Chrome OS!

If your like me and using Chrome OS, you will need to go into your settings.  You can easily get into the settings by clicking the three bars on the far upper right corner of the chrome browser.   This will bring down a menu and you will then click on Settings.  Once there you will need to go all the way to the bottom and then click Show Advance Settings.

Screenshot 2014-04-26 at 3.53.05 PM

Go find the HTTPS/SSL and check mark it to look like his.   Once your done with that, restart your chrome os browser.   Simply exit out of the browser and then come back in and it should start working for you the way you are wanting it to work!  This will make all SSL certificates that are not verifiable become hard fails and thus you will not be able to view sites like http://revoked.grc.com which is what we call a hard fail.  You will then see this:

Screenshot 2014-04-26 at 4.23.40 PM

If you see this the next time you visit that site, you are now protected from some forms of possible phishing attacks and other forms of personal information being taken from you unknowingly.   This will not protect you all the way but it will allow you to at least make it harder for people to do a Man in the Middle Attack and other such attacks.

I am going to review the RCA A1 4.7″ 3G Unlocked Dual SIM Phone from RCAmobile!

41en96KC1tL._SL160_The RCA A1 4.7″ Phone!

The Phone has shipped and is coming my way in the next few days.  Some of the things that I will do with this phone is talk about getting it to work with Straight Talk.   It should work flawlessly when I get it, I will be going to buy the Straight talk Sim card in the next few days.   You are able to get it from Wal-Mart or even Amazon Directly!

Some of the things we will talk about when I get this phone is how will it work with Multimedia Messaging Services (MMS) with straight.  If I am able to send or receive picture or even video messages from friends and family.  I will explore how to get this phone to work with any Straight Talk provider.

Wi-Fi And Hotspot Capabilities!

I read and I know this phone should be able to have WiFi or even Hotspot capabilities so you can tether it to your laptop or even other mobile devices and not have to worry about data or speeds.   I remember Straight Talk talking about the speed reduction so I am unsure if it is still in effect!  With Virgin Mobile, doing the more aggressive solution by cutting speeds in half.   I’ve pretty much decided it was time to either use this phone with Straight Talk or even T-mobile and be able to use the phone the way I want, and when I want to!

Stuff I will do!

In the coming weeks, I will talk about installing Cyagen mods and other fun stuff to the device to have fun.   I’ll have to explore as much as possible but until then we will talk about which phones cases will work with this phone!  It looks to be only one now but I am hoping there will be more in the coming weeks and months.   It looks like an awesome phone for my needs and can’t wait to start playing with the phone in greater detail!  So stay tuned!

Why I switched back to WordPress from Squarespace!

I’m back WordPress!

If you have been an avid reader of my blog, you will have noticed the last week that my website has changed looks.  I even went with BlueHost (Affiliate Link).   I wasn’t really sure about these guys but I have been really pleased with them the last few days.  Very responsive with emails and when you asked for help they are always happy to help you out when possible.  I could go on and on about how easy it was to get this website started on WordPress but that wouldn’t be the reason I switched.

Constant change!

The need for my website to constantly change is one reason I just had to switch back to WordPress.   I have more customize-able settings and other ways to make this website rock.   I have just begun to start customizing this website.  when I am done. I am sure it will rock!  I can have anything I want with advertising space on my website.  I can easily have a way to have people buy advertising space without any involvement from me.   It isn’t going to happen any time now but I am sure it will develop in the next couple months.   If I get it working the right way.  I could always use comments and suggestions so you will see a page that you can go to contact me!

Link Track-ability!

With Squares Space, I could never track which links were clicked on or which links were dead links.   I would constantly worry about which links are just not working.   I can now use plugins to find dead links and fix them to go to the right place easily and quickly.   You couldn’t know which links were not working until a user would comment or contact you and tell you.  It wasn’t a pleasant experience to have a reader contact me and tell me.  I would have to apologize and fix the problem.

Up time Guarantee!

Even though Square Space claims to have a 99.99% up time, I would have problems over last year having it being down for one reason or another.  I know it couldn’t be my fault but again, I do not know what the problem was to begin with.  It was more like 97% of the time I was up but the stats never showed it be 99.99%.   I got close last year to 98% but that was about it.

Speed of the website!

I am sure it wasn’t just me but I had speed issues with Square Space and it would be a constant problem.   Although I was on Square Space 5, it wasn’t very speedy as it used to be.  It was just like other hosting providers that I had but it just got worse over time.   I am sure it was because they were not updating it as much or any now and it is slowly going away to get people to go to square space 6.  It wasn’t like I didn’t like them, it was just getting more of a hassle to deal with the site.

Duplicate Content!

It was a constant problem with Square Space, but I had to keep changing my username for my account to prevent the search engines from finding it.  I do not know why it happened.   I am sure it was something I was doing but couldn’t figure out why.   So I had duplicate content and I also think that was why they dropped my sites PR was because of that.   I had to just get out of Square Space.   So I am going to be working the next few weeks to move all images to this site.   Until then you will find some images not being displayed right and they will be quickly fixed in the coming weeks but until then you will just have to be patient.

As you can see these were just a few of the reasons why I switched back to WordPress, but I am really happy with the change back to them.   I am really thrilled that they have added so much grammar and spell checking to the WordPress outlet that I think I made the right call.   Give Bluehost a try for your self and see just how responsive these WordPress templates are!

 

How much is your identity really worth to you?

Identity is Everything!

I’ve been talking about this my whole life about security and you but it seems it might of happened to me.   I am sending off my information snail mail to Equifax to get my mail version of the Credit report!

If it wasn’t for Lastpass and their Free Credit Monitoring that you get with your 12$ a month subscription to their lastpass Mobile service.  I was alerted earlier than I ever thought possible.   Almost as soon as it hit the credit monitoring services.  I am so glad I took the option of having them monitor my credit report for me.   It reminded me through pop ups and push notifications on my phone and tablet.

Identity theft and you!

It can happen to anyone and at any time.   I found out that I might be a victim and I put a Credit Reporting Freeze on my account on Equifax, Experian, and Transunion.   It only cost me 15$ on all three credit bureaus that prevent it from going any further than that!  I also went with LifeLock (affiliate link) to help protect my identity for 10$ a month.   Currently I am going to offer peope a 30-Day Free Trial + 15% Off 6 Months LifeLock Service with code SHAREASALE15S30 (affiliate link) to encourage you to keep your identity safe.

I will be talking more in depth on what to do if your identity is stolen, but first I have to fix the problems I have and see if I can make it even better for myself.   This post will not be long but the ones that come up with be more in depth on how to avoid this misfurtune fro yourself!