Doubling Down is risky business with Chrome CRLSets and Adam Langley!

Anyone want to drink that Kool-Aid?

When Steve Gibson first started talking about revocation, I never knew it would be such a hot topic right now.   Then he decided his next thing he needs to do is talk a bout the CRL’s (Chromium Browser or Chrome).   Now before we get into the problem at hand, we first have to understand what CRL’s (Chrome Revocation List’s) are and how they deal with Chrome.   I think Steve did a fantastic job at discussion it but we probably are not done with the subject.   The Adam Langley decided he needed to talk about what Steve posted.   I guess he felt like he was being attacked but he also said stuff that purely got me thinking:

“Since we’re pushing a list of revoked certificates anyway, we would like to invite CAs to contribute their revoked certificates (CRLs) to the list. We have to be mindful of size, but the vast majority of revocations happen for purely administrative reasons and can be excluded. So, if we can get the details of the more important revocations, we can improve user security. Our criteria for including revocations are:

  1. The CRL must be crawlable: we must be able to fetch it over HTTP and robots.txt must not exclude GoogleBot.
  2. The CRL must be valid by RFC 5280 and none of the serial numbers may be negative.
  3. CRLs that cover EV certificates are taken in preference, while still considering point (4).
  4. CRLs that include revocation reasons can be filtered to take less space and are preferred.”

Breaking down that statement!

I figured this is all about details and we should have a little fun and read between the lines.   The first thing that jumps out at me is that the CRLSet’s must not get to big, I’m guessing it has to do with size and they probably are trying to keep it under a certain amount of space.   I can only guess it would be close to 10 megabytes but that is just a guess.  It isn’t unconventional to say the least but it would be phenomenal if it was better than the revocation checks.

So the Second thing that really makes my eyes pop out is that it can not be encrypted?  Which means that if it can not be encrypted then we have a man in the middle attack possible where someone could almost prevent Google from telling browser that a site has revoked their certificates.   It is highly unlikely but someone could come along and snatch that CRL before it gets to the browser and easily change it to prevent you from knowing any the wiser.  Which means it is a MITM (Man in The Middle Attack) although it is highly unlikely I am going to have to say it is possible!   I can not understand the concept of this.   You can have bots go to sites that are 100% HTTPS and not have any problems.   I am amazed and quite concerned that it has to be HTTP and HTTPS.   So it begs the question about why he thinks this is an ideal situation.

I could go on about just that list but I better get to my other points

Soft-Fail revocation

And yet, GRC managed to write pages (including cartoons!) exposing the fact that it doesn’t cover many revocations and attacking Chrome for it.

They also claim that soft-fail revocation checking is effective:

I’m pretty sure, I’ve talked about soft-fail revocation the last few weeks but I am not the only one who has talk about this.   Steve has talked about it in depth on his site also.  He seems to think that it will not help and it is not effective but I find that the CRLSet is also very ineffective and should be avoided at all cost.   I though did like the cartoons that Steve or I should say GRC posted about the CRLSets and what that means to you!

Revocation is still KEY!

Even though I believe revocation is the heart of the problem, it is still the best we have.   I think it will go out the window in the next few years and something better will come but until then we have to come up with a best way to trust that if the certificate is revoked we can know that it isn’t being used.  This is where OCSP  Stapling comes into play.  We can cut out most problems and attacks if we do not allow the connection to refuse a certificate look up.   I can’t seem to come up with any other way.  Again if you haven’t enabled SSL revocation check, it is time to fix that in Chrome.

How To Get the RCA A1 4.7″ (unlocked) to Work with Straight Talk

The Low Down!

If your like me, and you have bought the Unlocked RCA A1 4.7″ Smartphone and you need to use Straight Talk (Affiliate Link).   Then you’ve come to the right place.   I’m going to tell you how I got it to do send and receive Multimedia Messages Services (MMS), Voice, and Data.  If your like me, this should be “a walk in the park” but I’ve heard some people say they couldn’t get it to work with Straight Talk.   I’m here to help transition you to the service easier.  First off, you will need the AT&T Compatable Straight Talk Sim Card (Affiliate Link)!   I will be doing more down the road.

If No Sim found Message

First off after you get your SIM card installed and you turn on the phone you get the dreaded no SIM card found then you will need to do some things.  First off pull the back off and see if your SIM, is placed, in the right way in either SIM 1 Slot or SIM 2 Slot.   You should notice that the Sim should have the cut facing the battery and it needs to be in the Lower Right hand corner!  Once you have placed the SIM correctly in the Phone, reboot the phone and it should bring up saying it has found the SIM!

Access Point Names and Activation!

If you have not activated the sim by going to Straight Talk (Affiliate Link), you will need to do that now.   Once you’ve activated the SIM, you can now turn on the phone and let it boot up.  Access Point Names (APN’s) are used to tell the phone how it should communicate with the Cell Towers.  If done right the Phone will work on all AT&T Cell Towers with no problems.  I’m going to walk you through the process and help you get your new phone to work with Straight Talk.

Go into SETTINGS  (Either through the APP itself, or by pressing the book with 2 lines (To the left of the button) and selecting System Settings!)

Select  ( More… ) then Mobile Networks and Finally Access Point Names.

Once there, you should see one already been made by Straight Talk & AT&T it should be called (Cingular 410) already selected and used!

You will need to create a new APN by pressing the book with 2 lines and selecting NEW APN.

Once Done here you should add these to the new APN.   Do not add more or less and make sure you spell everything correctly or this may not work properly for you!


APN:  tfdata

APN type: default, MMS, supl (Only select those three.   Do not select WAP or it will not work)


MMS proxy:

MMS Port80

MCC: 310


Save these settings by hitting that book with 2 lines on it and selecting Save.

All Set!

Once Done you should have two APNS.   Now select the  STRAIGHT_TALK apn and reboot your phone.   If you have done it right the phone should now have a H right above the 4 bars and you should now have both data and MMS working.   I have used MMS and it working just fine with the phone.   I can send and receive movies, pictures, and even sound recordings.   It worked with my old phone wonderfully, the LG Optimus 3.   If you’re looking for even more help with Straight Talk, you should check out my other blog posts about them!

Adam Langley, You are dead to rights wrong. Why you should enable SSL revocation checks!

Don’t tell your think it is for the best!

After what seemed like a few hours looking over other blogs and what they were saying.   I came to this blog post from Adam Langley’s Blog  ImperialViolet.   He is saying we shouldn’t even check that box to check for certificate revocation.  I am going to try to explain why it is so vital that you enable it.   Even if it is a soft fail we will still be far better protected than not to even have it on in the first place.

So soft-fail is the only viable answer but it has a problem: it’s completely useless. But that’s not immediately obvious so we have to consider a few cases:

After reading everything he has to say about the subject at hand, I’ve come to wonder what he is trying to say.   Some of the things Adam talks about why not to enable SSL Certification check just seem moronic to say the least.   Here are a few things I read and want to talk about:

That’s why I claim that online revocation checking is useless – because it doesn’t stop attacks. Turning it on does nothing but slow things down. You can tell when something is security theater because you need some absurdly specific situation in order for it to be useful.”

It is more than useless, it was an old protocol that just needs to be retired but unfortunately we have had little reason to or even any want to.   We can not keep accepting that these revocation system do anything but help either the governments or even the highly efficient hackers to gain valuable information about users.   It isn’t like they have to do any more than write a script and be able to retrieve what ever they want.   The problem with SSL is quite simply it wasn’t designed around security or proper encryption.   It was designed for one purpose and one purpose alone to make people feel safe about giving out their credit cards and other such important information.   This one comment we both agree on but I also think that having a soft fail option is a better option than not having one at all.

Google Wants Money

Your just telling users that you are telling them what is best for your interest not theirs.   In one word, it really comes down to money and advertising.  We know you make money on searches and if you this go through then you are more likely to start loosing even more money because you will have constant hard fails from sites and you May not be able to serve up ads for sites because of the hard fail.  Users who do not even know about it will likely just go to sites that can’t be verified and think it is the their browser but it is the server that is causing the problem.

It’s all about numbers!

I am sure that OCSP Stapling isn’t all it is cracked up to be or even the perfect option.   If your saying that it will stop all possible attacks and keep your identity safe, then your probably going to be wrong.   I argue that nothing you do can keep your identity or even credit cards safe online.   There will always be some one who can come up with a way to get that information they are so desperately wanting.   Although by using this system we make it that much harder for them to sneak past the browser.   Yes we can probably come up with stories of how it happened when that box was check but I will say it is less likely to happen because people are smarter than they once were.   We’d also be able to keep track of newly discovered revoked certificates that were in the wild by using the OCSP Stapling along side a way to report to the browser developers that we have found an invalid certificate and we could strengthen our security even more.   It is just theory but I am sure it would at least keep more people safe than doing nothing at all.

Finally, it isn’t the fault of the users who are the problem but how browsers have dealt with users who either do not know better or have not been educated on how to properly protect their identity.   You should be making more impact on the end-user by teaching them about security and privacy settings than expect that you know what is best for them.

Why you should check your SSL settings!

My Heartbleeds for Chrome

When we first heard about the Heartbleed bug came out.  We had Lastpass create a test to see if a site is vulnerable to this bug.   Heartbleed is a vulnerability in which an attacker could gain sensitive information by asking the server some really simple questions.

Heartbleed explained

How it works!

Some people have a better grasp then I do on this subject but I will say Steve Gibson  on the subject if your really wanting to get into even more detail about this bug.   I won’t go into much detail about this bug or even if it is truly a vulnerability but I will talk about how you should make your Chrome OS browser have a hard fail for your certificates that is not be verified.   I know I’ve heard people say in the past that it may stop making sites being seen but I have yet to see this problem in detail and I think it is a good security idea because this will help prevent phishing attacks and maybe even save you from identity theft but I can’t guarantee it 100%.

The Chrome OS!

If your like me and using Chrome OS, you will need to go into your settings.  You can easily get into the settings by clicking the three bars on the far upper right corner of the chrome browser.   This will bring down a menu and you will then click on Settings.  Once there you will need to go all the way to the bottom and then click Show Advance Settings.

Screenshot 2014-04-26 at 3.53.05 PM

Go find the HTTPS/SSL and check mark it to look like his.   Once your done with that, restart your chrome os browser.   Simply exit out of the browser and then come back in and it should start working for you the way you are wanting it to work!  This will make all SSL certificates that are not verifiable become hard fails and thus you will not be able to view sites like which is what we call a hard fail.  You will then see this:

Screenshot 2014-04-26 at 4.23.40 PM

If you see this the next time you visit that site, you are now protected from some forms of possible phishing attacks and other forms of personal information being taken from you unknowingly.   This will not protect you all the way but it will allow you to at least make it harder for people to do a Man in the Middle Attack and other such attacks.

I am going to review the RCA A1 4.7″ 3G Unlocked Dual SIM Phone from RCAmobile!

41en96KC1tL._SL160_The RCA A1 4.7″ Phone!

The Phone has shipped and is coming my way in the next few days.  Some of the things that I will do with this phone is talk about getting it to work with Straight Talk.   It should work flawlessly when I get it, I will be going to buy the Straight talk Sim card in the next few days.   You are able to get it from Wal-Mart or even Amazon Directly!

Some of the things we will talk about when I get this phone is how will it work with Multimedia Messaging Services (MMS) with straight.  If I am able to send or receive picture or even video messages from friends and family.  I will explore how to get this phone to work with any Straight Talk provider.

Wi-Fi And Hotspot Capabilities!

I read and I know this phone should be able to have WiFi or even Hotspot capabilities so you can tether it to your laptop or even other mobile devices and not have to worry about data or speeds.   I remember Straight Talk talking about the speed reduction so I am unsure if it is still in effect!  With Virgin Mobile, doing the more aggressive solution by cutting speeds in half.   I’ve pretty much decided it was time to either use this phone with Straight Talk or even T-mobile and be able to use the phone the way I want, and when I want to!

Stuff I will do!

In the coming weeks, I will talk about installing Cyagen mods and other fun stuff to the device to have fun.   I’ll have to explore as much as possible but until then we will talk about which phones cases will work with this phone!  It looks to be only one now but I am hoping there will be more in the coming weeks and months.   It looks like an awesome phone for my needs and can’t wait to start playing with the phone in greater detail!  So stay tuned!

Why I switched back to WordPress from Squarespace!

I’m back WordPress!

If you have been an avid reader of my blog, you will have noticed the last week that my website has changed looks.  I even went with BlueHost (Affiliate Link).   I wasn’t really sure about these guys but I have been really pleased with them the last few days.  Very responsive with emails and when you asked for help they are always happy to help you out when possible.  I could go on and on about how easy it was to get this website started on WordPress but that wouldn’t be the reason I switched.

Constant change!

The need for my website to constantly change is one reason I just had to switch back to WordPress.   I have more customize-able settings and other ways to make this website rock.   I have just begun to start customizing this website.  when I am done. I am sure it will rock!  I can have anything I want with advertising space on my website.  I can easily have a way to have people buy advertising space without any involvement from me.   It isn’t going to happen any time now but I am sure it will develop in the next couple months.   If I get it working the right way.  I could always use comments and suggestions so you will see a page that you can go to contact me!

Link Track-ability!

With Squares Space, I could never track which links were clicked on or which links were dead links.   I would constantly worry about which links are just not working.   I can now use plugins to find dead links and fix them to go to the right place easily and quickly.   You couldn’t know which links were not working until a user would comment or contact you and tell you.  It wasn’t a pleasant experience to have a reader contact me and tell me.  I would have to apologize and fix the problem.

Up time Guarantee!

Even though Square Space claims to have a 99.99% up time, I would have problems over last year having it being down for one reason or another.  I know it couldn’t be my fault but again, I do not know what the problem was to begin with.  It was more like 97% of the time I was up but the stats never showed it be 99.99%.   I got close last year to 98% but that was about it.

Speed of the website!

I am sure it wasn’t just me but I had speed issues with Square Space and it would be a constant problem.   Although I was on Square Space 5, it wasn’t very speedy as it used to be.  It was just like other hosting providers that I had but it just got worse over time.   I am sure it was because they were not updating it as much or any now and it is slowly going away to get people to go to square space 6.  It wasn’t like I didn’t like them, it was just getting more of a hassle to deal with the site.

Duplicate Content!

It was a constant problem with Square Space, but I had to keep changing my username for my account to prevent the search engines from finding it.  I do not know why it happened.   I am sure it was something I was doing but couldn’t figure out why.   So I had duplicate content and I also think that was why they dropped my sites PR was because of that.   I had to just get out of Square Space.   So I am going to be working the next few weeks to move all images to this site.   Until then you will find some images not being displayed right and they will be quickly fixed in the coming weeks but until then you will just have to be patient.

As you can see these were just a few of the reasons why I switched back to WordPress, but I am really happy with the change back to them.   I am really thrilled that they have added so much grammar and spell checking to the WordPress outlet that I think I made the right call.   Give Bluehost a try for your self and see just how responsive these WordPress templates are!


How much is your identity really worth to you?

Identity is Everything!

I’ve been talking about this my whole life about security and you but it seems it might of happened to me.   I am sending off my information snail mail to Equifax to get my mail version of the Credit report!

If it wasn’t for Lastpass and their Free Credit Monitoring that you get with your 12$ a month subscription to their lastpass Mobile service.  I was alerted earlier than I ever thought possible.   Almost as soon as it hit the credit monitoring services.  I am so glad I took the option of having them monitor my credit report for me.   It reminded me through pop ups and push notifications on my phone and tablet.

Identity theft and you!

It can happen to anyone and at any time.   I found out that I might be a victim and I put a Credit Reporting Freeze on my account on Equifax, Experian, and Transunion.   It only cost me 15$ on all three credit bureaus that prevent it from going any further than that!  I also went with LifeLock (affiliate link) to help protect my identity for 10$ a month.   Currently I am going to offer peope a 30-Day Free Trial + 15% Off 6 Months LifeLock Service with code SHAREASALE15S30 (affiliate link) to encourage you to keep your identity safe.

I will be talking more in depth on what to do if your identity is stolen, but first I have to fix the problems I have and see if I can make it even better for myself.   This post will not be long but the ones that come up with be more in depth on how to avoid this misfurtune fro yourself!

How to tell if that account is fake. (From Personal Experience)

On Average — 1 in 10 is fake!

I joined (affiliate link) and sign up with the three-month membership.  I must say it was nothing I was expecting. Me and this woman online started talking on their in under a day we switched to the Google Hangouts and have chatted for the past week at least on and off.   I’ve been loving the talks, and we have talked about everything from sex to secrets in dating!  I’ve been up front about almost everything that wasn’t to personal and we are finally going to meet in the next few weeks.  Even though Venturebeat talks about one in ten profiles are scams.   I do not like scams or for that matter and I try to avoid them at all costs!

How to defend against Scammers!

There are ways to find out if that profile or that picture is possibly a scammer.    I will say that even these techniques are not a 100% guarantee and you will have to ultimately make your own decision on if that person is actually real or fake.   If you take my advice you’ll be far more likely to find the real account and keep yourself from getting hurt.  Although again, it isn’t going to be 100% perfect, you could still find those scammers who are more diligent in their scams.

Details are everything!

If you find a match on (affiliate link), Zoosk, eharmony, or OkCupid.   You will need to do several things before you email them or chat with them.


  • Search for their Pictures  — Download or find the link to their picture on the dating site and do a reverse picture search on sites like Tineye.comBing, or Google.  These are the three you should start first and try other sites that have similar abilities.
  • Profile search — Copy the text of the profile and search Google and Bing and see if you find other profiles with the same text in either whole parts or over 50% of the same text.   Even though it could happen it is unlikely that the profiles would use the same exact wording and styles.
  • Self Employment — if the profile says they are self-employed then that is another mark on the profile and you will have to be careful.   It doesnt’ mean that it should disqualified all together but it should make you keep on the look out for them asking for money.


Most of the time, these are the red sirens in the mind that should go off if you do come across a profile that is questionable.   If you find two or more of these that are on other sites or same site with different name and profile.   You can bet that it could very well be a dating scammer.   Only way to know is time.


The Chat sessions!

If by chance you found someone who doesn’t have any of these 3 things going on with their profile.   You should start talking to them but you need to do these steps until you finally meet!

  • Picture exchanges — if they send you new pictures you have never seen before, you should go back and find the most likely photos that might be used on other and see if those pictures come back with hits to other sites.   It not be as bad as you think but it should kept a constantly making sure the person is real.
  • No money — Tell the person after you get to know them your stance on not giving money to them or anyone else until you have physically met them.   Even then you should be cautious after the first meeting because they could very well be scammers.   Again only time will tell.   If you throw out this to the scammer, they will stop talking to you because they know they are wasting their time on you.   It is a good way to weed out the fakes accounts from the real ones.  The ones that are really will understand not try to get any money from you.
  • Be Honest — Be honest with yourself and them about your goals and what you are wanting from the relationship can help decide if they are truly meant for you or some other person.   If you try to hide these things, then you will not succeed in finding that perfect match.


If you follow these simple steps, your less likely to be scammed and thus you are will have a much enjoyable experience in your dating attempt.   Nothing is set in stone with these steps but I am sure these will help you in finding your perfect mate for life and help you avoid those scammers!

Why blogging personally helps me! (5 Insightful tips for Blogging)

The Art of Blogging — mkhmarketing (

Why I blog!

When I started blogging in the 2007, I never really got the idea of what a blog is and what it was designed for.  For that matter, I didn’t even understand the dynamics of how to keep my blog writing.   The idea of researching, and working my blog was as foreign as to me as dating.   I haven’t dated very much in the past and I know that being nervous is something you have to expect.   It’s like the body is preparing for a fight or flight, when you have nothing to worry about.   Blogging is something that is an outlet for me.   It’s like a pressure valve that I can release steam if I am under to much pressure.  

Journaling and my Thoughts!

Since I can ever imagine, I’ve been one of the ones to love to journal and put my thoughts on the page.   It is something that not everyone can do or even accept.   Some people think that doing a blog is making yourself more public.   I tend to agree on the stance that once you start blogging your becoming a public figure.   It isn’t something that people can comprehend but it is something that must be accepted.  Acceptance is something that is required by everyone, because if you can’t accept that.  Firstly, people will be looking at your blog post in detail and judging you on the merits of the blog posts.  This can be very frustrating to some, and others like me simply smile and keep blogging.

Some useful Insights!

Since I having been blogging for over 7 years, I would of thought I would give you some valuable insights on blogging!  Each of these isn’t set in stone but can be a valuable tool and reference to keep people coming back to your blog!

Nothing Set in Stone — Even though your starting to blog you have the right to change or move your blog to anyplace you see fit.   That being said, if you do not learn from how your visitors feel about a certain setup of your blog.   You’ll know based on how they do not stay long or amount of people who come in the first place!  

Find your Niche — Even though it seems like a constant reminder, it isn’t something that you need to figure out.   If you do not, you will have people come and go without actually having people stay and want to build a community!  Like Me, My niche is basically Cell Phones, and Android Operating systems.   Anything to do with Google Android is what I like to talk about it in one way or form!

Add personality — If you you aren’t going to be warm and inviting for each reader that comes to your site, then your wasting their time and yours.   They want that connection that drew them to your site in the first place.   If anything you should welcome them in one way or other to your site and make it so they want to keep coming back.   It takes 7 times before a reader decides to stay or go, so you have 7 times to make it inviting and create an community.

Build upon stories — I’ve done this in this post and others, talking my experiences and adding personality.   Guest of every nationality like to hear stories and just about anything that revolves around the niche you trying to build upon.   So I am sure you have stories that can be used with your blog idea if you just stop and relax!

Money isn’t everything —  When I first started blogging, and I knew it was going to be hard to instantly start making money.   So I just put the idea to the side.   I developed the community and my niche first and then you can start learning to make money around your niche.   You should not expect to make any money in the first year if that.   I think that is a good rounded answer.   It just depends on how hard you work on your blog and how many readers you get to come to your site.   Keep in mind that what you promote should be something you believe in and not what others believe in.   If you take a personal responsibility on that, you have a much greater chance of making money.  Don’t expect it to come over night that is for sure!

If you follow these 5 tips, your be more happier and bring in even more readers and followers to your blog.   Nothing comes without hard work and understanding of the people or things that you talk about.   So if you put your heart into your blog, you can bet it will be a success no matter the real outcome!

My Chromecast Experience, a Tech review of it!

Chromecast_largeSuggest Retail Price 35$

Disclaimer: All Links on this post are affiliate links, I believe in this product and fully recommend it to my friends and family.   If you have a problem with these links please do not click on the links!


Chromecast is Amazing!

I got my Google Chromecast from RadioShack, but you can also buy the Chromecast from Best Buy, and (Affiliate Link).  Which is where you could possibly get it cheaper than I did.  I paid the full 35$ for mine because they had it there ready for anyone to buy. You will need a Television W/ HDMI Inputs (Affiliate Link) to be able to use this device and I must say it works really well once you have it configured.

Some Specs for you:

  • Supports Netflix, YouTube, HBO GO, Hulu Plus, Pandora, and Google Play Movies and Music mobile apps as well as select content through Chrome browser, works with recommended modem
  • Box includes Chromecast, HDMI extender, USB power cable, and power adapter
  • Easy setup: Plug into any HDTV and connect to your home WiFi network
  • Works with Android, iOS, Chrome for Mac, and Chrome for Windows
  • Stream online video, music to your TV using your smartphone, tablet, or laptop; Available for Windows computers running Windows 7 or higher

Portability is Excellent!

I was able to move the Chromecast from one room to another and not have to worry about setting up the device again.   You can stream movies that you buy from Google Play to the Chromecast and be able to watch it on the big screen.   From even my small cell phone,  I can stream movies to the Chrome cast with ease.  I have been using my Acer 200 10.1 Tablet to stream to the Television.  You can however use any device that has the Chromecast app on it like the IOS and even Chrome.   I could even use my Chromebook to stream whatever I want to the Television.  As long as you have the Chromecast extension and have it setup properly, I see no major problems.

Setting up the Chromecast

The process of setting up the Chromecast on your devices were simple and quite pleasure.   The only hitch that I came in was the downloading of the updates to Chromecast.   That took the most time.   It took me around 10 mins because of my connection to the internet.   If you have a faster connection it could be faster or slower depending on your internet speed.   You can name your chromecast anything you want and yo really do not need an internet conenction to stream to the device.   If your like me downloading movies and then watching them when you get home, this is an excellent option for those who want to watch movies on the big screen.   For 35.00$ (29.99 Right Now) (Amazon Affiliate Link), It was a bargain for me.   You really do not need an internet connection do watch movies you purchase on Google Play store and or Music.   You just need to have the App and the Chromecast device.   I found I made the best purchase possible, for the money!   You really should try it yourself.