Change your defaults..

This is why you should change your default password.

During a meeting tonight our digital projector went into a screensaver mode and displayed the wireless network it was broadcasting (Shame on you Epson). It eventually went to another screen save that gave me the brand. With a little DuckDuckGo searching I was able to log in with the default password and username. I was able to log in and access the projector interface. As you can see, there is a lot of control. I didn’t even screenshot the config page! It was during the end of the meeting so I thought I’d try shutting it down. After I hit the button twice the projector shut down before the meeting. No one really seem to take notice. Bizarre. I wonder if someone did and if the password will change soon.

Sadly many places here where I live in SE Asia don’t bother to change the default passwords to wireless access points, or other network devices. If someone wanted to, the could shut down the legitimate wireless network, change the password and start broadcasting the SSID with a device that captures all the traffic and do a man in the middle attack. Or they could just be a pesk and continually reboot the device to frustrate others. Additionally could gather info on other devices and attempt to gain access or exploit them. Either way it’s a good reason to change your default passwords.

Installing Modoboa, Let’s Encrypt & Ubuntu 16.04

Over the past month or so I’ve been trying out running my own email server. This has come about due to warnings from Mailchimp giving warnings about our newsletter emails potentially being marked as spam because we used a Gmail account and they could not verify the domain or identity of our email address. Thus the desire to try one of these self-hosted solutions that I could potentially use for friends and family needing email. Obviously I could have gone with a hosted solution and just setup my DNS per Mailchimps requirements, but what is the fun of that.

My first choice was using which runs well and is fairly easy to setup.  It consists of Postfix, Dovecot, Z-Push, Roundcube, ownCloud, Spamassassin, PostgreyNginx and runs on Ubuntu 14.04. I opted to run this on Digital Ocean. The server handles all DNS for the domain you specify as the root domain to handle your email. It allows you to also setup many domains on the server with unlimited users, issuing of Let’s Encrypt certificates, etc. For me a couple of things were lacking in regards to user management. Mailinabox website recommended two other platforms that had a little more advanced feature set so I checked them both out. I chose Modoboa I honestly liked the admin and user interface and management a little bit better as well as the statistics for traffic and spam.

Read more

Customizing WooCommerce Product Pages

I’ve been working on an online store for a business I work for here in SE Asia and trying to find ways to customize WooCommerce to meet my needs. One setting that I don’t care for is the listing to the categories on individual product pages as it was redundant and irrelevant to the product.  There wasn’t much formatting options I could find to remove it, or adjust its location as it seemed to not want to line break right after the SKU.  I didn’t find much searching Google, but found a few forums on WooCommerce site that indicated how to do this.  However, these forums are in the process of being shutdown for whatever reason, so I wanted to make this available to anyone else looking for such a solution.

You need to modify your CSS to disable the elements you want to hide.  Using your web browser page inspector or another tool, you can find the CSS class to control this.  The code you need to insert into your CSS is as follows:

The .posted_in is the element that lists the product category on a product. Using the display:none hides this from the product page.  You can hide this individually on each product, or site wide. You would follow this for other css elements that you want to hide. If you are looking for a great WordPress theme, GeneratePress is pretty amazing and lets you simply modify CSS without having to hack your CSS.

Tracking Cellular Data Usage [Update]

Living in South East Asia cell phone ‘plans’ are a bit different then they are in the States. Here you can buy ‘top-up’ cards for certain amounts for a set amount of data and use data on a continual basis as long as you keep ‘toping up’. This can be quite convenient and easy to use and cheaper than set plans. However, its somewhat difficult to track data usage without calling a 3 digit number all the time.  This is where the phone app comes in.

Two apps that I’ve stumbled upon recently are Data Widget and Data Usage Pro. Both apps are $1.99, but I happen to get them for free. (Data Usage Pro currently is still free at the time of this writing).


Read more

Protonmail and 1Password

I was an earlier adopter of Protonmail and have had my account maybe for a year or so now.  Protonmail is a swiss based email provider that offers true secure email through your web browser (and mobile app). This email service lets you send encrypted emails and attachments to others on other email systems like Gmail, yahoo, etc. They are a little slow in releasing new features but are methodical in their development and provide a solid product. They have started offering some great tools like custom domain names and iOS and Android Apps, and providing additional storage and a great user interface.

A good friend of mine always says security and convenience are always in tension – it is very difficult to have both. We must evaluate the level of security needed in relation to the ease of use which is often diminished.  Protonmail would likely be troublesome for some as they requires two (2) passwords. One for account login and one to decrypt your mailbox. This means you should use two unique passwords that you don’t use for any other website logins…right?

Read more


Being in the IT world for the past 8 years, I’ve tried to form a good habit of locking my computer when I step away. This is particularly true if I am in a public area, like a coffee shop, and want to step away to order another coffee or use the bathroom, etc.

Windows operating system has always had a lock-desktop feature at least since I can remember (correct me if I am wrong. :)) However, as my website might indicate, I am also a Mac user and as far as I can remember, Mac’s never had such a feature to lock the desktop. The closest thing you could find was to enable to screen saver with a hot-corner and then require a password to come out of a screen saver. However, as of recent, I found a short cut key on how to lock your Mac easily. The key command is:


This is a quick and easy way to lock your Mac when you walk away. Don’t walk away from your computer and let anyone access it because you didn’t lock it. I wish I could remember where I found them, so I could thank them.

Following Facebook Posts

If you are like me, I don’t want a lot of Facebook notifications in general, but I am apart of some Facebook groups that post things that are informative that I would like to keep track of.  People normally respond somehow with ‘following’ or some random text on the post to get notified of updates. This is messy.

A simpler way to follow a post is to look for the little down arrow in the corner of the post. When you click this arrow, you will be presented with a pop-out menu with the option of turning notifications on for a post. Here is what it looks like:



Pretty simple. This should work for just about any post.

Secure Email vs. Encrypted Email

I often find there is always this misunderstanding when it comes to the security of email. The term, secure email, is often over used and often mistaken for something it’s not. Many email services use this as a selling point, and don’t really explain what it really means.

To use some simple analogies, I hope to show you that secure email really isn’t secure. Email was never really designed for secure communications between sender and receiver and the technology behind it doesn’t really support the protocols to make it secure either. In recent years, email providers have taken steps to help improve security, but it has created a false sense of security for its users.

Read more

Encrypted Messaging – Part 1 of…

Over the past few months I have been looking at different messaging application such as WhatsApp and Line.  While I realize there are a ton of them out there, including the standard SMS, iMessage, and… does Google Android have their own proprietary messaging service, Google+ Hangout perhaps? These services have faced a number of similar challenges and issues and a number of them have been in the new facing allegation of privacy and weak security including the ever popular Facebook WhatsApp, Viber, and Snapchat.

Enter apps like Threema (iOS & Android), TextSecure (Android),  surespot (iOS & Android) , and Wickr (iOS & Android), to name a few.

I’ve been using Threema the past couple months and really like it.  Threema is a end-to-end encrypted messaging
tool that ensures communications are completely secure and private. Threema does all the encryption on the device before sending it to its servers to relay to the recipient. According to Threema’s website, it provides several layers of encryption:

Read more