Jump to content

Twin Wolf Technology Group

Members
  • Content count

    202
  • Joined

  • Last visited

  • Days Won

    25

Twin Wolf Technology Group last won the day on September 28

Twin Wolf Technology Group had the most liked content!

Community Reputation

138 A Community Leader

2 Followers

About Twin Wolf Technology Group

  • Rank
    Advanced Member

Personal Information

  • Real Name:
    Dan Porter
  • Reason for registering:
    Live and/or work in Chiriqui
  • Location of primary residence:
    In Chiriqui
  • Birth (home) country:
    USA

Recent Profile Visitors

1,223 profile views
  1. For what it is worth, I was told (about a year ago) that customs views the various mail services different depending on if they are classified as cargo or as courier. Mailbox Etc is classified as a cargo service whereas the service I used (Servitechnics) is classified as a courier service. My experience was that occasionally my packages coming through Mailbox Etc got opened and examined but in 4 years none of my packages coming through Servitechnics were opened. Perhaps someone that is more informed than myself could speak about the truth of this and how various services are classified. After my experience with several services, I ended up using Servitechnics in part because my packages arrived without being opened and examined, possibly delaying them.
  2. Hackers

    Technology has become so intertwined in our lives that it is hard to imagine life without it. It makes our lives simpler in many ways yet the complexity challenges even the most well informed. The news is full of technology stories that can be confusing, misleading and down right scary at times. Today there is news of more hacker activity and I want to pass along what you need to know in simplest terms. Equifax Data Breach The security breach of Equifax happened between May and July of 2017. We are several months since this happened. There is a lot of information available on this, so I am not going to repeat everything here. However, there is one important piece of information and recommendation that is important to examine. Many websites are recommending that you go to another website to check to see if you were affected by the data breach. Testing has shown that the website is giving false results as it wants people to signup for the free credit monitoring. Everything "free" comes with a price. The hidden part of this is that by signing up for the free credit monitoring, you also agree not to be part of any class action lawsuit that is sure to follow in the near future. I might also add that there is no reason to trust Equifax at this point in time, nor some free service they are trying to give away. Good information on this here: https://www.consumer.ftc.gov/blog/2017/09/equifax-data-breach-what-do CCleaner Hacked A very popular tool for cleaning PC's is software called CCleaner. I personally use it as one of many in my toolkit for cleaning computers of malware and other nasty things. Today it was learned that the latest versions of the software between 5.33.6162 and 5.34 were infected with a multi-stage malware payload. Luckily this was discovered quickly and it appears to only affect 32 bit versions of the software, not the more common 64 bit versions. More details on the hack here: https://www.howtogeek.com/326742/ccleaner-was-hacked-what-you-need-to-know/ The point here is to be aware that any software installed on your computer could potentially contain malware. Even legitimate software can be compromised. The best things to do are: Backing up of your data regularly and keep it in multiple locations (Be sure your backup does not remain connected to your computer) Regular malware scans and cleanup - this is different than just a simple virus scan Have a computer tech that knows your system before disaster happens. You do not need to be a pro yourself but you will need a pro at some point in time. Technology is simply too complex these days and we are all vulnerable. My advice is to plan ahead, just as you would look for a doctor before you need one, you should do the same for a technology pro.
  3. US ISPs can spy on customers?

    If you want to add one more worry ... realize that 90% of databases are not encrypted. That means once someone gets access to a database, all of its information is in the clear. I am far more worried about that then I am email. Virtually everything is stored in a database (in the clear). There is a growing push to encrypt databases but the cost is high. Right now, some database items are encrypted, like your credit card number (or they are suppose to be) but that is a far cry from something I would call secure.
  4. US ISPs can spy on customers?

    I think I have enough problems LOL
  5. US ISPs can spy on customers?

    I am 100% behind privacy and protecting people. It is one of my pet peeves when I see people saying that using any one product will protect them 100% when it is simply not true. I advocate for more security online at all times but education as well. Technology is hard enough for the general public to understand and those of us that do "get it" have a responsibility to state the truth and educate the rest as best we can.
  6. US ISPs can spy on customers?

    Currently this is world standard. Email was never designed for security. The addition of SSL and VPN and all the various protocols have helped but there are still large holes. If you are sending a message using PgP, you are 100% protected. The encryption is done on your computer and the ONLY person able to decyrpt it is the receiving part with the other key. Unfortunately, the process of encrypting and decrypting email messages seems to challenge the general public and there have been little successes getting it adopted. It is the only way I know to be 100% covered since is even stays encrypted when it is stored on the receiving email server.
  7. US ISPs can spy on customers?

    Both the VPN and the SSL encryption only take effect up to their end points and the moment email exchange happens between two email servers, those end points have already been passed. Lets give this example. You want to send an email using your VPN and SSL from your-address@myISP.com to friend@gmail.com When you send an email from your home email address it is protected by both SSL and your VPN. Your email does not go direct to Gmail. The first hop is for your email going to the "myISP.com" mail server. During that time, it is encrypted. When it reaches the "myISP.com" mail server, it is then unencrypted and two things happen. It is written to the "sent" folder of the user. It is then also sent to the Gmail server from the myISP.com server. That final journey from the ISP to Gmail is done in the clear regardless of how it was received. The ISP can see it as well as anyone snooping along the route between myISP.com and the Gmail server. Since your VPN only protected you from your computer to the "myISP.com" server and since the SSL email encryption is terminated at the first hop, the mail is then in the clear both for storage at the ISP and for the continued journey to Gmail. If the email went direct from your computer to the destination you would be completely protected but that is not the case. If you were sending to an address on the same server (gmail to gmail or protonmail to protonmail) you are protected. The problem comes in when you are sending from one email server to another (gmail to protonmail or isp to gmail) which is most email traffic. That traffic spends part of its journey in the clear.
  8. US ISPs can spy on customers?

    When an email is sent using SSL, it get encrypted on your computer and goes to your ISP, in the encrypted form. It becomes unencrypted entering the ISPs mail server. At that time it is copied to the user's sent file in the clear and then sent on to its ultimate destination in the clear. In other words email traffic from ISP's email server to the destination email server is done in the clear even if it was encrypted coming in from the original point. Email servers do not use encryption when exchanging mail between each other. As an email provider, I can set my system to see all traffic entering and leaving the mail server which means I can see all traffic that came into the server in an encrypted form because it was unencrypted to be handled and sent on to the destination. Since the ISP can see all traffic leaving their mail server, they can see what entered their system encrypted but is now being sent on in an unencrypted form. The same is true of anyone wanting to snoop along the path between the two mail servers exchanging mail.
  9. US ISPs can spy on customers?

    I guess I should comment as I was part of the original post... As a business in providing Internet Services in the US, I can assure you that no VPN or email service provider can guarantee end-to-end encryption unless they are controlling the both end points. The original post was not limited to email services but was discussing all Internet traffic between the home computer and various websites/email services. A VPN is effective from the source point, such as the home computer, to the end point of the VPN provider. Once your traffic leaves the VPN end point, they have no control over whether your traffic is encrypted or not. Now, if you are visiting a site via secure protocol, such as https or if you are using an email client that uses SSL, then you are still encrypted but that is not universal. Many websites still use non-secure protocols (http alone, not https) or do not use SSL within the email client. That traffic is in the clear at the point it leaves the VPN end point. Yes, it is true that more and more sites are now using secure protocols as security concerns increase. But the point that was being made in the original post is that just because you have a VPN does not mean you are encrypted end-to end. This is a common misunderstanding. The VPN provider can see any traffic that is destined to travel in the clear once it leaves the VPN end point unless it was further encrypted by an additional process before it entered the VPN. The concern here was that VPN providers can collect data that ends up in the clear and sell it or use it. Add to the mix that digital certificates that are used to encrypt the data stream are now being provided free without responsibility. At one time, to obtain one these certificates for a website, the website owner needed to go thru a verification process. That is no longer the case. That means that now, just because you are visiting a site that says is encrypted, it does not mean that the site is legitimate like it used be when they encryption certificates were verified. This has become a large issue for free digital certificate providers such as "Let's Encrypt". One last worry for email users is that even if your data was encrypted from your computer to receiving end point, it is rare for the email or other data to be then stored in an encrypted form on the email server equipment. Email service providers, their staff and anyone having access to the server can see your data in the clear. Some email service providers store your data in an encrypted form but that is the exception rather than the rule. For the layman concerned about what can and cannot be seen, the original post still stands. Be aware that despite your best efforts their are likely points where your data is visible. The best you can do is reduce this risk but you can not eliminate it. Do not fall for claims that a company can guarantee end-to-end encryption unless they are controlling both end points. Even then ask how the data is stored at the far end point. Data breaches happen, not from hackers guessing passwords but from access to points where data is non-encrypted.
  10. Good seamstress in Boquete?

    modista ?
  11. Looking for someone going to Medellin

    Thank you Penny. They are coming in late September. If anyone is coming sooner, please let me know otherwise perhaps Steve can bring it.
  12. Looking for someone going to Medellin

    I have a small package in Boquete that arrived after I moved to Colombia. I am looking for a person that might be coming to Medellin in the near future and would be willing to bring it. I am willing to meet at the airport and pay $50 for someone who could bring it. The package contains two or three small routers and should fit in a carry-on. Please contact me here or by email dan@twinwolf.net Thanks - Dan Porter
  13. I am seeing the same thing here in Colombia. Many large supermarkets charge a small fee for each plastic bag. Right away that cuts down on the number of plastic bags a customer uses. They also sell the reusable cloth bags which many use rather than paying for plastic bags each visit. I did see that the Rey in David was trying to push the idea of reusable cloth bags by having a single checkout isle that only served clients with either the reusable bags or for customers not using any bags. Unfortunately, after a short time, it appeared that checkout lane was always closed. I suspect that having a dedicated cashier for a checkout that got very little use did not make much sense. Personally, I like the consumer having the choice with incentives for preferred behavior.
  14. The global scourge is what the consumer does with the plastic bag and how it is disposed of and what is done with it after use. I have a hard time laying the blame of plastic bags everywhere at the hands of the companies making them. The user is responsible for its use and what is done with it after that point. The consumer does have choices and responsibility. The problem in Panama is much larger than just plastic bags. The problem is within the culture itself and both laws and education need to address it. Plastic bags are not outlawed in neighboring countries, yet you do not see them blowing in the wind and being tossed out car windows. In my opinion it is too easy to point the finger at oil companies or manufactures and declare they are responsible. Educate your population, put incentives in place for collection and recycling. Change the throw-away culture and create responsible consumers. Other countries have done it successfully, Panama could do it too.
  15. In Colombia, I have found that the registered white "tourist" taxis also operate as Uber drivers at times. In other words, they get the benefits of being an Uber driver when they are not busy and thereby service more people than just a regular Uber driver. It would seem to me that if taxi drivers were allowed or would embrace doing both services they could come out a winner rather than trying to squash competition. Of course you need to meet the requirements of both Uber and the local taxi laws. Those beat-up, barely running taxis are out of luck. My experience has been that the white "tourist" taxis know the city better and have more experience, so I am happy when my Uber driver turns out to be one of these drivers. Maybe Panama could encourage this while reducing some of the burdensome regulations.
×