Happy Death Day Trailer 360 For Universal Studios By Rez FX Productions

I would like to thank Rez FX productions for casting me in their Happy Death day trailer that is in 360, which means it works with virtual reality and is a lot of fun to use on any device.

You can easily find me by the right side of the keg in the first room. You may watch their trailer below

Planet Zuda | Ryan Satterfield Review Of Planet Zuda

Full disclosure: I own Planet Zuda.

Planet Zuda is a data security company dedicated to protecting users from being hacked and while we don’t usually expose many of our customers, we’ve worked widely with the financial industry, On The Go Systems, and make open source software that thousands of people use.

Planet Zuda data security dedication to security isn’t always done just by one person. While some projects can be finished by one person, some projects require our team of experts to work together and focus on their specialties to make sure everything is properly secured. This is what makes Planet Zuda data security great, because our team gets the best available to work together and secure the web as much as possible. Planet Zuda has taken securing the web to a whole new level and you will be hearing more about it.

Planet Zuda also provides SEO services for companies like a Los Angeles tour company called losangelestours.com. We are always staying on top of the best ways to do SEO and defeat our competitors competition. Planet Zuda is indeed a very dedicated company who is working on other projects, but isn’t ready to disclose them.

You can keep up-to-date on planet zudas blog

Opinion piece: MGT And Why I Don’t Freak out over the price

Full disclosure: I own shares of MGT and have bought and sold the stock multiple times. I have never lost a dime on MGT, yet I hear plenty of people bagging on John Mcafee, Demonsaw, and everyone else who works for the company that is renamed John Mcafee Global Technologies. I know that MGT used to be an online game and casino site. But John Mcafee, yes the same one who created Mcafee anti-virus and sold it in 1994,took over the company and in my opinion and from a stock viewpoint has turned it around. Please note this piece is entirely my personal opinion, not advice and you should not do anything monetarily wise on the stock market due to me venting my own personal opinions, views, and perspective.

Plenty of people don’t understand the extreme change MGT has undertaken, which is quite understandable. It’s a huge pivot from online gaming and gambling to security, but the thing is, it is a different company on the most part. Secondly, look who is part of the company and what products they’re acquiring. They are trying to buy one of the most private social sharing platforms that exists called demonsaw, they’re trying to acquire dvasive and are reporting making 55 thousand a month in bitcoin that they’re mining.

If you aren’t part of the security industry, you may never have heard of any of the names above. These people have worked very hard to change the world and while it’s no secret that many of us in the security community are eccentric, many of us are damn good at business. We are trying to create what we have in our minds and automate processes that can currently only be done manually. So that people who have no security training can be protected from online threats.

So, why am I talking about a stock if I am a security geek? I take an interest in many things and while stocks are interesting what I find most fascinating about MGT is how impulsive and scared people are. If the stock falls, everyone starts jumping ship and screaming how angry they are. I look at the stock and I am like “YES, price dip, buy more!!” and then the price goes back up. When MGT prices fall really low, it’s like Christmas because I know that it will rebound and it always has since it’s become John Mcafee Global Technologies. I have never lost money on MGT, not one single time. So, that is my opinion. My approach is to hold on and buy more stock when it drops. Not sell, lose money, and then punch myself in the face two days later when it goes back up.

Again, none of the above is meant as stock advice, guidance, or anything of the sort. It’s simply my personal opinion. I am using this forum to rant about traders who don’t understand MGT the way those of us in the security community do. These short sighted investors who jump ship at the first sign of a dip in price hurt all MGT investors. Again, in my opinion if I had shorted MGT I would take my losses, lick my wounds and then buy the stock when it drops low enough and hold on for the ride. To be clear, I’ve never shorted MGT.

Layerone Conference, CTF Fun And Great Food!

I wasn’t expecting to be able to go to the layerone conference in Los Angeles this weekend, but I was there and it was great! I’ve been to appsec, bsides, defcon, but layerone has all of them beat with one thing none of them provide that great. The amount of food and the quality of the food we had for dinner was insane, that’s not even mentioning breakfast! Also, if you like alcohol, then you would’ve loved it when alcohol was free for an hour during dinner. Did I forget to mention the food was built into the price of the ticket? I dislike it when cons don’t offer much food, but you paid through the nose to get in the door. I notice this because for a long time I was a vegetarian, but now I am a pescetarian and it was challenging to find food, yet I usually pay at least a hundred dollars to attend. Even if you are a normal meat eater you would’ve noticed the awesome selection of food at dinner including the desserts!

Now that I am done raving about how good the food was let me talk about the CTF, which stands for capture the flag. Surprisingly it was my first CTF, but I wasn’t in it for the prizes, since all they showed were my little pony prizes. I was in the CTF to have fun and I had a blast. Would it surprise you that a team consisting of two hackers was able to stay in the 2nd and third position on the leaderboards for the majority of the day against 35 other teams? It wasn’t till day two that we had more people on the team. Some of the challenges were easy including the XXE injection, but others which looked easy were down right baffling. What I really liked is that when we were stuck we could brainstorm and finish the puzzle. The ability to work together as a team was great and is a crucial feature that bug bounties are currently missing, but I’ll leave that topic for another rant. Anyways, I spent ten AM till whatever time the hacking village kicked everyone out working on the CTF. We were the last to leave, because we were so focused on the challenges and they had to tell us to leave because they were closing up.

The team I was on finished in fifth place, which is pretty good since there was 35 other teams! Layerone had enough people at the conference, so you didn’t feel bored and only 50 or so people showed up, but not so many that you were crashing into other people. They had no problem or didn’t notice my robot driving around the grand room where we ate while our table tested my robots response to different environments and what made it respond and react the way it did. I won’t post the outcome of those results, since I plan to use this bot in competitions but the findings were very interesting to me.

I did attend one talk by the machinist, which introduced me to a more user friendly open source 3d program that looks far better then blender. The program he used is called mesh lab and from a user interface perspective it looked great, as did the few built in features he used during the talk. See, that’s another nice thing that most security conferences don’t have and that’s talks on other subjects within the word hacking. Not all of hacking is defacing sites and finding vulnerabilities. Hacking is the art of finding unique ways to do things with computers whether you’re doing 3d modeling and have techniques to show people or you have a bunch of zero days to release. Of course, this is purely my personal interpretation of the word hacking. It’s odd that there is an entire industry that can’t even agree on what one of the main terms for their industry actually means. This shows problems in our community that I’ll probably discuss in another rant.

Anyways, if you got anything out of this post it’s that you should attend layer one next year and I hope they have food again next year! Earn free bitcoin

App Auto Updates Could Endanger Privacy

Today Christopher Soghoian from the American Civil Liberties Union sarcastically thanked the Department Of Justice for journalist Seth Rosenblatt telling people to turn off app auto updates in his article for the parallax called ” how to FBI proof your android“. Now let me explain a couple things about app auto updates. You can automatically update your apps and expect to get the latest updates and security fixes, yet at the same time you are opening yourself up to malware being distributed to apps on your phone. This isn’t theoretical, it actually happened last year to the Apple app store last year where the app store itself was hacked and 85 popular apps had malware added to them. Anyone who allowed auto updates on the iphone had the malware put on their phone.

This isn’t the only incident of this happening, but when it does happen it isn’t usually talked about much. I want to make something else clear Christopher and I are both promoting privacy with app auto updates, but have different views on this topic. While the article being disputed directly references the fbi in the title, the article itself just has good advice on android app security.

If targeting auto updates on apps isn’t on your long list of things to check during a complete security audit, then you’re doing things differently then my company. While our list is quite long and we won’t make it public. Attacking auto updates is part of a complete security audit at my company planetzuda.com. If this isn’t on your list of things to test, then you may want to target app auto updates in the future. I can assure you this is most likely on any attackers to-do list.

How long should I wait to update apps?
This all depends on you, but I would advise to update at a maximum of 24 hours after the app release has been sent out. While I am aware this advice goes against other researchers, I am quite careful when it comes to privacy and look at every way a feature can abused, especially the ones that are supposed to help make you more secure like app auto updates. So to sum this up, I agree with disabling app auto-updates for privacy reasons.

When Scope for Hacking A Site Matters

If you aren’t familiar with ethical hacking, also known as security research then please read this paragraph. When you do security research for a client they can give you a scope, or in other words areas they don’t want you to test. I have been very vocal about how creating a scope makes a site more vulnerable and a bigger target. I was wrong to some extent and I am willing to admit that and explain it to anyone else who hates scopes that customers have.
When is a scope wrong?
Customers can design the scope on their own without help, however sometimes they don’t know what they’re doing or they want to save money so they put the most critical things out of scope. What I am going to say next is slightly odd, but I’ll say it anyways. A scope needs to exist and while I still agree that areas not in scope are the most vulnerable you have to think about what area has the most sensitive information. Sure, you can point out how you could get to those areas from the out of scope areas, but doing any security at all is something that we must realize is a big step for companies.

If a company wants to protect their data then it makes sense to start where that sensitive data is stored and then work towards the areas that don’t store sensitive data. If a customer puts an area with sensitive information out of scope then there is a major problem. If you report issues in that area and they are denied due to the scope, you have an even worse problem. At this point it starts looking like the company doesn’t really care about security and rather wants to give the impression to clients that they do. This is where the argument over scope comes in the most and while I’ve never heard anyone explain it this way, it makes the most sense.

So to wrap things up a scope is fine if it includes all sensitive data, but a scope isn’t good if it excludes sensitive data.

To Those Of You Who Explain Why I Should Shut up — Thanks!

This may seem odd, actually very odd but I like it when someone tells me privately that they think I am wrong about something whether they think I need to rephrase things, I am being too blunt, or anything else. It doesn’t matter if you’re a colleague, a friend, or even a reporter — if you tell me to stop talking about something and shut up and you don’t publish it in your article, then I am quite happy.

Sometimes I’ll get stuck on one topic for too long and can go into the smallest nuances of it. This can be very useful with code, actually extremely useful with code but not so much in conversations, which one reporter was nice enough to point out. I’d be more then happy to talk to a reporter again who will privately tell me to stop talking about a subject and doesn’t write about that incident, then talk to the reporters who ask you the same question 20 times in a row and you give them the same answer 20 times in a row. That’s a waste of my time, especially when they don’t use any of the content. I understand asking a question a few times to make sure they understand the topic and I don’t have anymore to add, but 20 times… that’s just too much.

It’s very useful when people point out that the way I word things may come across wrong, since I am quite blunt and to the point but am not trying to be rude. I am always improving my communication style, so people can understand me better. You can’t win with everyone, but if you can improve so more people can understand what you’re saying and that you aren’t trying to be rude to them, well, that’s quite useful.

Another thing someone has pointed out to me is that I can be impatient. Sure, waiting 3 months or years for something to be fixed may seem like a long time and you feel totally right in being impatient, but when the person has just learned about the issue you need to be patient. It’s important to realize that the person you’re talking to may have just heard about the issue, so while you’ve been dealing with it for months or years and talking to the same company, companies are large. So, you need to be patient. It’s far easier said then done, but it’s something important to do.

If you have a problem with me, I’d really like it if you direct messaged me and explained what the problem is, so I can see if I’ve made an error in the way I come across in my writing or in anything else, so I can correct it for future conversations and even make a public statement apologizing about it if needed.

So, for those of you who are polite enough to privately message me, thank you. You know who you are.

Why You Should Take Time Off Work

Awhile back things got stressful with my work, which happens to everyone. However, not everyone runs their own company and needs to give a speech in two weeks. Some stress that I’ll wrap up to business politics on top of everything else made me decide to take a week off work. That may sound like a bad idea for the CEO of a company to take a week off, but I put all my ducks in a row. I had completed all work I was supposed to complete and the rest was being handled by someone else.

I decided to check my emails once or twice a day, but on the most part I didn’t touch any technology, excluding my playstation. I did write my speech on my break and take care of some small things, but for all intensive purposes I was unavailable.

Once I got back to doing work, well, it didn’t feel like work at all. I don’t do information security because it feels like work, I do it because I love it and am not a 9-5 guy. You can find me working late into the night and in the middle of the day, but it doesn’t usually feel like work. The time I took off taught me not to check my emails like crazy, because i mainly read new spam. I focus my energy where it is needed and then do other things. What’s really awesome is an amazing opportunity came available the first week I got back in the game and I worked on it like crazy. I am trying to take small breaks and encourage everyone to give theirself a breather from work, even if you don’t consider it to be work. Trust me, you’ll come back swinging home runs.

Just say NO backward compatibility for crying out loud!

Just say no to backward compatibility!
Backward compatibility is one of many banes of programmers existence. When you’re going through a program and ask “Why do you have code to support a 3-5 year old version of this software?” the answer almost always is “Because of backwards compatibility”. Sometimes you can look at the code and realize that the only way a person would run into a situation where it is needed is when they’ve updated to the newest version, in other words the code doesn’t need to exist.

Is this a pointless rant? Nope, not at all. Code that’s quite vulnerable stays in programs and isn’t removed under the guise of backwards compatibility. If you don’t know what backwards compatibility is, it’s simply supporting older versions of code that your code is dependent on. One example is PHP. The actual codebase for PHP has extremely ancient code, because if they remove it anything that’s ever used it could break.

So, if we get rid of backwards compatibility how are we supposed to stop the web from breaking when one piece of software is reliant on a language or a framework for a certain piece of code? It’s extremely simple — you deprecate the code and then give 3 months to 6 months for everyone to get their code up to date and do as many press releases that the web will break on a certain date if companies do not comply. Yes, I realize this is a tiny bit of backwards compatibility, but it’s needed to keep the web functioning. The sites that break, well, I wouldn’t want to use a site that can’t update their codebase in six months. Yes, I know certain functions are widespread like a plague across millions of lines, but you can easily search and replace all areas automatically with say grep. We should not be held hostage to other companies or users failures to understand why they shouldn’t use a certain bit of ancient code Internet Explorer 6 or IE at all for that matter.

Making backwards compatibility enables people to keep using insecure code or code that needs to be removed due to programmers thinking it does something it actually doesn’t do, like the absurd PHP function magic_quotes which I believe has been completely removed from the PHP language. The sooner we force people to update their code, the sooner we hopefully can have nice things online. Right now just a few megabytes of code will have hundreds of security holes, which I know as a fact from helping customers at planetzuda.com.

We can write slimmer code that is usable and not millions of lines long mainly due to backwards compatibility. I am not going to get into object oriented programming and what I think of it today… I’ll save that for another day and another post.

Professor Michio Kaku Is Cool

Professor Michio Kaku was doing a book tour for his book “Physics Of The Impossible” several years ago and I had to go meet him. He gave a talk which I couldn’t get into, so I waited for over an hour in the hallway. I then waited another 30 to 45 minutes in line to get my copy of “Physics Of The Impossible” signed by him. After I got my book signed I waited until almost everyone had left, so I could get a few minutes to talk to him. Why would I wait so long to get a book signed and then wait to talk to him? Well, Professor Kaku is a genius and my favorite theoretical physics author, but I really wanted to find out if one of my theoretical physic theories was sound.

Wait, You’re Into Theoretical Physics?

I’ve never publicly written about it, but yeah I am. I mainly write about security research. So, as I left off I waited until almost everyone left, which took a very long time and then told Professor Kaku my theory that I stumbled onto while reading two physic books at the same time. When I say I read books at the same time, I mean I have both books open and am reading pages from both books at the same time. Anyways my theory had to do with theoretical Calibi-Yau blackholes in another dimension, which according to string theory would have low energy vibration patterns. I theorized that these vibrations would affect our 3 dimensional universe.

When I finally had a chance to ask Professor Kaku if I was right he was very polite and nice. He quickly did the math in his head while moving his hand around like he was writing on a whiteboard and then said “yes”. I was ecstatic. Sure, I know that figuring that out won’t change anything in science, but I’ve never attended theoretical physics class. I only read theoretical physic books and papers on theoretical physics.

I was impressed by how smart he is, yet he isn’t stuck on himself. It’d be awesome to meet him again and discuss a much more complicated theoretical physics theory I’ve come up with. I am not saying what it is here, because I’d like to know if I am anywhere close to being right before talking about theoretical physics. Anyways, Profesor Kaku is really cool.

I would also highly recommend that you read his latest book “The Future Of The Mind“.