Book Review: The Tunnels – Escapes under Berlin Wall.

When I was a kid, I enjoyed the exciting tales of tunnels and escapes from prisons such as Colditz and as a young kid, that was basically all they were – thrilling tales of adventures and escapes. So naturally, a book about the Berlin Wall and the escapes (mainly) underneath it was going to be intriguing reading. I can clearly remember the night that it was announced that the wall was coming down and free movement was now available so although the ending of the book was not a surprise, it was still going to be an interesting read.

The Tunnels by Greg Mitchell front cover Greg Mitchell writes a very detailed and exciting book that gives details on several escape methods used to leave East Germany, not just tunnels although they are the primary focus. The depths that the diggers went to,their heroism and the risks that the escapees took deserves a wider audience and this book provides a very detailed account of what happened.

Apparently both NBC and CBS were trying to capture exclusive footage of tunnel escapes for their network and some of the book details the political twists and turns as the producers and networks attempt to get the films released despite the protestation of various governments who feared the political fallout and risks during this cold-war era. It was pretty scary to see just how close the US was to war with Russia in the cold-war era and how big of an impact the Berlin escapes were having.

The pictures included in the middle of the book give an additional indication of what happened under the streets of Berlin. I had not heard details of the escapes or seen pictures of the Berlin Wall so this book also provided a detailed history lesson from this era.

I thoroughly enjoyed the book and got a new appreciation for what happened back during those years and an appreciation for the freedom of movement that we currently enjoy. Highly recommended.

As a follow up to the book, I will be watching the NBC video, East Germans escape through tunnel that will provide an extra insight into the situation. I would recommend that you read the book before watching the film though.

A special thanks to Blogging for Books for the review copy of this book.

Remotsy – voice control for the tv

No more remotes
Image thanks to redjar at flickr

I just signed up for my first Kickstarter project for the remotsy package. A device that integrates with smartthings and alexa to control your remotes by voice. No more moving the cat and dog to see if they are sitting on the remote or hunting for them if they are not underneath them – instead I can just say “Alexa – continue watching Gilmore Girls” and the bluray will turn on, along with the tv and the lights can dim. This will be useful to reduce the number of remotes for our home entertainment system(currently at 4 total).
Watching the demo videa was amusing as they demonstrated Alexa commands – naturally my Alexa heard the ad and chimed in and although it got the time right, everything else was a “Sorry I don’t understand”
At $57 including shipping for a beta and a retail device it’s also pretty reasonably priced. There are quite a few packages left at the moment, but the project has just been released so I expect it to sell out pretty quickly

Review: TravelSafer digital pressure gauge

Both Brandi and I have had alerts in our cars come up to say that our tire pressures need to be checked. Unfortunately neither of the cars actually tell you *which* tire has the problem so it requires checking all 4 tires (which probably should be done anyway). Naturally the stations never have working air or pressure gauges and as I have an air compressor at home – I need a quick way of checking the pressures. I think this is actually caused by the temperature dropping and getting cold overnight as it only seemed to happen on the couple of cold nights we have had recently.

I already have one of those stick gauges – you put it on the valve stem and it shoots out a piece of plastic with marks to tell you the pressure and each tire came up with the right pressure give or take one psi so I wasn’t sure which tire had the problem.

I was given the chance to review the TravelSafer digital pressure gauge and due to the above issues I jumped at the chance to get a second opinion on the tire pressures.20161106_091352

The gauge arrived in see through plastic on a cardboard backing (left)  and was very easy to open which is a plus – no need to go and get scissors to open this.  It requires a 3v (supplied) lithium battery,  so the device was ready to use straight away. It does look like the screws that hold this device together are really recessed, so switching out the battery may require some long jewelers screwdrivers in order to take the two halves apart. Hopefully the battery lasts a long time!



When I went to check the pressure on the car, I discovered a major  shortcoming in that the device is pretty bulky and it was difficult to get the device on the valve without the hubcap getting in the way. The device is about 3cm wide so make sure you have plenty of room by the valve stem. You can see the difference in size with the image below – it was a bit too bulky (but not impossible)  to fit on the stem with the hubcap on and nobody is going to remove the hubcap to check their tire pressure!

gaugecomparison-smallThe device however does  seem to be accurate and was within 1 psi of my original manual device when I checked several tires so it’s reading is pretty consistent.  The pressure is displayed for about 30 seconds so you get plenty of time to remove from the tire and then check the readings. The image below shows the reading of 25.5 on the device and about 26-26.5  on the manual device


The device The light of this device helps to see where the valve stem is has a blue light that is always displayed whenever you take a reading. During the day you are not going to notice it. It is pretty handy to see at night when you are trying to check the pressure. The light is not strong enough to ruin your night vision or read the paper with, but is enough for you to be able to see where the dark valve stem is in the dark. The reading display is back lit to make the numbers more visible.

The device also shows you the pressure in psi, bar, kpa or kg/cm – the vast majority of you are going to use this on your car tires but the other pressure readings will be useful for air compressors too (I guess?). Switching between the scales is a simple push of the power button to cycle through the 4 stages.









This device works well if your hub caps allow plenty of access to your valve stems and it makes it a lot easier to read the pressure of your tires. The light also makes it easier to use at night, but it’s not bright enough to use as a flashlight to navigate around the car in the dark.

Note that I did receive this item with a promo code and this doesn’t affect my review of this product – it  is a useful addition to the glovebox in the car, is easier to use than the manual device, but lacks some features that would make it the ideal tire pressure gauge for me. #TravelsaferDigitalTirePressureGauge password breach – you’re doing it wrong.

Last.FM logon page

I received an email from HaveIBeenPowned this morning – the incredibly useful service that lets you know if your username and password was released in a data breach. This time around it was – a streaming radio station that was pretty popular a long, long time ago.   I went to log into the system and checked my gmail account for email from to see if I had my membership confirmation email – nothing. I had 1 email from back in 2008 when I had received a friend request (I am so popular!) – that was actually a spam request.

Obviously I had not used the service for a very, very long time. The data breach occurred in 2012, was known about in 2012 and yet they had done nothing about it then. They had also not done anything about it recently after the data breach was leaked as I had not received an email lfrom them etting me know my account had been breached.

To add insult to injury, the old password was still active and I was able to log in with it. I can understand a small pokey geocaching website not understanding security correctly and leaving passwords the same after a data breach with only a small notification on the website, but even they reacted after I sent them an email to say they need to do something better and at least inform their visitors and ideally change their password. really have no excuse as they are big enough that they should know better and all of the accounts should have had their passwords changed once the breach was public or better yet, when they knew about the breach.

Instead, the list of usernames and passwords are still out there for people to search and log in with.

I guess the argument for not changing the account password is to let the subscriber log in with their original password that they know about. If the email address was now invalid and the password was changed by then the user would not be able to get into their account anymore….on the other hand if does not change the password, anyone could log into the account,reset the password, have access to all the data (including the persons email address) and the account holder would not be able to gain access. The hacker will not be able to change the email address though as they have put protection in place to prevent the email address being changed without a verification email link being clicked on so I guess that is something…..

This is also yet another reminder to use a password manager to “remember” all of your passwords for each site – don’t use the same one at each location. I highly recommend LastPass (unless you are a user with multiple accounts at Office365). At $12 a year  for syncing between all of your devices it is well worth the cost and if you sign up with the link above we both get an extra month for free. I used to use the free KeePass software which is standalone and doesn’t hook into your browser like LastPass but it can also sync between devices (with a bit of finagling.

What do you think – should have changed users passwords when the data breach went public?  Have you signed up for HaveIGotPowned?  If not – what are you waiting for – it’s free and a great first response tool to keep your accounts more secure.

Arj compression – anyone remember this?

We had an interesting ticket come in today where an antispam system had let through a file compressed with the arj format. This immediately brought back memories of compressing files back at university – in the very early 90’s and a format that used to be very popular but nowadays most people, including the rest of our techs had never even heard of.
I am guessing the spammers were hoping that their recipients have winzip, winrar or 7zip installed so they will be able to open the infected file and that as the file format is so old, av scanners will not check them.

Anyone else out there remember Arj files and anyone (dare to admit that they) still use it?

KeySmart Extended version makes my keys a lot easier to handle.

I received my new Key Smart  extended quite a while back and forgot I hadn’t reviewed it online.

Here is the before mess of all my jumbled keys:-

Mess of Keys
A mess of keys, loyalty cards and stuff that filled my pockets.

and then my after neat and tidy stack of keys and loyalty cards.

Keys and loyalty cards in the Keysmart
Everything in the Keysmart
Comparing the height of the Keysmart.
Comparing the height of the Keysmart.

I did remove about 3 loyalty cards and trimmed the rest of them so they fit nicely in the device and also removed a couple of keychains, but the end result is a lot tidier and much easier on my pocket. I also splurged and got the USB key fob (the larger silver device at the bottom right of the third picture so I always have some data storage handy.  This new version of the keysmart seems to be sturdy with the expansion pins holding up well (too well – I had to use two pliers to pull two apart when I made it too big).  At first I was concerned about how easy it would be to get the required key out, but they rotate very easily (possibly a little too easily) and as long as your keys have distinguishing features you can tell them apart easily. If they don’t – get some permanent markers or nail polish. I kept my work keys on one end at the top and my house keys on the other end at the top so they are the easiest to get to and I know where they are.

Starting at $21 for the extended version I have here you can also get 15% off at (affiliate link). Note that I did buy my own KeySmart and also purchased one for Brandi too.

I used to use Keyring on the android for all my loyalty cards but had issues with the lasers being unable to scan the cards on the phone. Nowadays most places also just ask you for your phone number or alternate id, so it is rare that I even use a loyalty card – I think the last time was at the Gas station to get my 3c off at Shell as like most gas stations, it does not have NFC for card payment and no barcode scanner (although the shell one doesn’t even have a barcode anyway.

WordPress 4.6 is out now.

I’ve spent most of the day fighting a WordPress install at work as it has been slow and sending various out of memory issues on a 16GB of memory VPS – so should really have enough memory to run a WordPress site. Therefore it was quite a surprise to see that 4.6 was released today for me to spend yet more time in WordPress today.

However, on this personal site, the upgrade went through smoothly with no issues (as far as I know).

A laymans guide to malicious files and why you shouldn’t always trust the software.

It was an interesting week at work with several malware infections making it through the various av protections that we have in place which proves that end user education should be your primary line of defense in the fight against virus’. It is amazing how often people will click on random emails that have been sent to them with random filenames just because the email arrived in their inbox (or in another mailbox that they happen to have access to), even if it was not addressed to them.

I was lucky enough to get one of these emails through to my corporate mailbox on Tuesday this week, evading detection by McAfee email protection and Forefront on the desktop. (Using another av solution would not have prevented this as you will see later)

Fake looking email
Would you trust this email?

This was obviously some scam with the description of the user not even matching the email address of the user. Being curious, I naturally saved the file to my hard drive and then uploaded it to virustotal. On Tuesday, only 1 of 58 av engines recognised this as a virus – kudos goes to Quihoo-360 for being the sole detector. I must admit that I’ve never even heard of this software and I was very surprised to see that only 1 av vendor recognised the file.

Tuesday morning's virustotal result - only one av picking it up from Quihoo-360

I submitted the file to McAfee for scanning by zipping the file up with 7-zip and password protecting it with the phrase infected and sending it to their response team at [email protected] Incidentally, McAfee’s instructions for doing this are very outdated as Windows10 no longer has the option to password protect a zip file. McAfee immediately came back saying that their analysis was inconclusive and the file had been submitted for further research.  This was an improvement on the previous sample I had submitted on Friday for a cryptolocker variant that came back as no virus found!

Wednesday morning I uploaded the file to virustotal again to see what the state of detection was.

This time the detection rate was slightly better – 9 products including Sophos that I use at home, but neither of the products in use at the office.

Wednesday morning detection rate

Thursday morning, two days after receiving the virus I received a response back from McAfee that confirmed the file was malicious. They included an extra.dat that would detect the file.

By this time, virustotal was showing 25 out of 53 products detecting the virus so it is getting better. Microsoft’s product was listed as detecting the file, yet Forefront was still passing it through as clean. Although virustotal has the definition date of 7/28, my computer was showing “defs of 7/26, update on 7/27”. Not sure why there is this discrepancy of the definition dates.

Yesterday, my laptop at home still had old definitions as it was not connected to the corporate lan and was still showing the file as clean which is pretty scary.

This morning I downloaded the file to my personal laptop, saving the file with a .txt extension so I would not accidentally open it – something that is easier to do on a touch screen tablet. Interestingly Sophos did not detect anything wrong with the file. Launching the file in notepad, it starts with the letters PK which implies the file is actually a zip file and there are several strings referring to HP printers and Adobe Photoshop.Snipped notepad view of infected file

At this point I’m not going to risk my machine further by opening it with 7zip to see what happens.

However when I copied the file to .zip or to .rtf Sophos did spring into action and quarantine the file. This is really handy as it protects the file from being saved to the machine in an executable form, but also allows you to save the file to the hard drive for further analysis in your debugger of choice.  Other applications will quarantine the file no matter what the extension is, making it harder to retrieve. On the other hand, you now have an infected file on the machine that av is not discovering.

This Sunday morning, I uploaded the file to virustotal again. This time we’re slightly better at 29/54 detections. However, Comodo, Malwarebytes, Panda, SuperAntiSpyware,Symantec, TrendMicro and Vipre (among others) do not detect the file as malicious.

Malware bytes is an interesting discovery as it’s not usually regarded as an av product as it typically protects you from software being installed into suspicious locations such as autorun, startup, browser toolbars etc as opposed to traditional av that scans every file being written or read to the hard drive. However in this case and my recent cryptolocker, MalwareBytes failed to find anything malicious although HitManPro did find the Cryptolocker exe file on the machine (but MalwareBytes and McAfee did not).

The best av is the human kind that recognises a file is suspicious or unexpected and does not open it – although even this kind of av can fail (and some are more prone than others!)

Incidentally, one of my favourite solutions for the Cryptolocker variant, in theory at least, is pretty drastic and requires the permissions of file shares to be changed so that files can be created but they can’t be edited. Users (and software) would be able to write new files to the file share, but any edits to the file would not be allowed unless the changes are written to a new file. This forces users to do Save-As all the time, may break Office documents that insist on modifying the original file, but would stop Cryptolocker from overwriting files on the drive. Obviously this takes up a lot more disk space and would not be suitable for shares holding Autocad documents.

*Please note that this post is not meant to denigrate any one particular av product in particular as I understand that definitions take time to produce but av software that does not detect infections 5 days later should probably be evaluated to see if it is safe for continued use.  I do reserve the right to moderate comments on this post if they are not helpful and just say “Product XYZ is useless”

Fixed: Android Device Manager does not ring your phone on a Samsung S6

Since I have had my S6 I have not been able to get the Android Device Manager to ring my phone. It locates it accurately on the map and will lock the screen ok, but it just wouldn’t ring. Not much use when you know the phone is *somewhere* in the house.
Today I did a bit of experimentation and discovered that my notifications was set to silent, changed this to a value in the middle by pressing the up volume key, selecting the settings gear and then changing notifications and now the phone rings even if the phone is set to silent.

Hope this helps someone else as it does seem to be a common issue with not many useful solutions.
Also, to turn on the android device manager capabilities on the phone, go to apps, settings, lock screen and security, other security settings, Device administrators, and ensure Android Device Manager is enabled (simple huh?)

Bing and Google links to report malicious/fake content in Search engines.

You can report url’s to Bing via – It took a while to track that link down – hopefully they won’t change it again unlike the rest of the links I found.

Google’s report site is which is a much better url and one that doesn’t look like it will change much.