PROFESSIONAL PATH

PROFESSIONAL PATH

A brief and visually helpful timeline style walk through of my work experience...

Read more
SKILLS, TALENTS, AND ABILITIES

SKILLS, TALENTS, AND ABILITIES

Showing determination in the face of fear makes us extraordinary. Wow, that's deep but hey, check out some of these awesome skills...

Read more
MESSAGE IN A BOTTLE

MESSAGE IN A BOTTLE

Yo, ho! There be rough waters ahead. Ye Scallywags best be tossin' a bottle overboard! Hurry now! Send out the S.O.S....

Read more
Homepage / Technology & Programming

Reading Time: 2 minutes I am very excited to announce that WordPress.org has begun publishing my work! I am now developing different WordPress Plugins and Themes which you may now access through WordPress.org! My WordPress Developer profile may be viewed by clicking below: . On this page, I will be sharing with you my different WordPress projects I am working on or have completed. My different WordPress projects may also be located on my Github repository HERE which includes MY THEMES as well as MY PLUGINS. My WordPress Plugins: WP Citation. Provides readers a way to copy/paste citation of your articles, pages, or blog posts. Here are some great ways for you to get your hands on this awesome plugin: View or download the code on Github HERE Official website for WP Citation HERE Access WordPress plugin page HERE Download and auto-install using your WordPress admin panel. Simply “Add New”, search for “WP Citation”, Click to “Install”, then “Activate”. CLICK HERE to view the contents of the readme.txt file. My WordPress Themes: This section is currently “under construction”. A theme is in the process of being completed and due to be uploaded to WordPress soon. Please continue to check back for further information.

Read more

Reading Time: 4 minutes Figure 1. Video of working Uber GPS hack. DISCLAIMER: This white hat hack is for educational purposes only. PURPOSE: To demonstrate the need for immediate changes to Uber’s GPS tracking and validation programming. TYPE: White Hat WHAT IS NEEDED: Rooted Android phone with: Uber Driver app installed (hacked copy required for long term use) GPS spoofing app installed A cellular data plan Non-jailbroken iPhone with: Uber Driver app installed A cellular data plan BRIEF: This hack spoofs GPS through exploitation of Uber’s lack of proper root check handling and per device account reset feature. Currently, when an Uber Driver is logged in using an Android device, the Uber Driver app checks whether root privileges are granted. The root check is accomplished using the Google Maps app, which detects if the Android device is rooted (or whether the user has full admin control of the device). tBefore I was able to complete my hack of the Android Uber Driver app, I discovered that the Google Maps app is what relays to the Uber Driver app whether the device is rooted. It was at that point that the Uber Driver account becomes frozen (following a slow build up of occasional pop-up error messages from the Google Maps app). However, to undo this ‘freeze’, simply log on to your Uber Driver account using a non-jailbroken IOS device and your Uber Driver account is instantaneously reset for you to continue spoofing along. As a side note, to avoid the Google Maps pop-ups there are workarounds. Also, until you hack the Android Uber Driver app, you run the risk of a permanent lockout but this may take a matter of weeks. All methods exploit the same weakness which is founded in the same initial hole that the Uber app leaves open: an app playing location games that doesn’t actually know where you are (and lets too many people see things they shouldn’t be able to see). SYSTEMS EFFECTED: Uber app Uber self-driving vehicles (please contact me for more information about this) SAFETY CONCERN(S): Life, limb, and property; to include: Driver, Rider, and Uber self-driving vehicle(s). Through spoofing, one party may furnish a false location. Having the ability to employ false GPS opens the way for legal exposure for Uber as well as liability for any party who chooses to use the Uber service. Here are some examples of what one may do using this hack: An Uber Driver, may falsely change their GPS to a location where a surge is taking place thus adding the surge rate to the Driver’s account (see Figure 1). Additionally, upon the next fare request, the Uber Driver – while still not moving – may falsely arrive “on-scene”, pretend the Rider failed to board the vehicle, thus getting the “no-show” fee as well as the surge rate. An Uber Rider, may request an Uber self-driving vehicle. Once the self-driving vehicle arrives, the Rider may activate false GPS, and guide the self-driving vehicle to a chop shop and take possession of the self-driving vehicle while reporting back to Uber that the vehicle is traveling as it should be. An Uber Driver, may pick up a Rider, activate false GPS and take the Rider to a different location than what is on the waybill. The Uber Driver may feed false location(s) to the Uber app, letting the Uber app record the occupants are heading to the correct location. In these examples (above), we have theft of money, theft of a vehicle, and kidnapping. Obviously, there are other crimes which may be carried out using this hack. For example, utilizing Uber self-driving vehicles to coordinate a terrorist attack to transport any number of payloads. Just these few examples raise enough concern for this matter to be an issue of public concern for any and/or all parties utilizing the Uber service. PATCH: The following measures should be taken: Upon actual confirmation, through detection (like what is already in place), of a rooted device, Uber Driver app should freeze the given user account until such time as a complete Blue Team investigation may take place. Uber should not allow user accounts to become automatically unfrozen. Do not allow users to reset their own accounts (especially by simply switching device platforms). Modify relational policy regarding activity behavior patterns to include more conservative assumptions. Require Rider to also confirm each phase of the ride process (arrival, enroute, completed, as well as other safety features) thereby diversifying the one party control of the transaction. Driver-to-Rider relational comparison model implementation. Employ use of the Determinative Ambulatory Location Algorithm (DALA) in combination with several policy adjustments to current GPS validation techniques. Additional recommendations include: Followup, address, and amicably resolve ALL feedback received from Drivers through affiliate surveys and other forms of communication (this would have solved this issue when it was still a theory). Establishment of a real reward program to enable ANYONE to bring a bug/hack to Uber’s attention (like what Microsoft has). Regarding the technical aspects of DALA, samples of this algorithmic solution may be requested using my CONTACT ME page. CONCLUSION: This white hat hack was to demonstrate the need for immediate changes to Uber’s GPS tracking and validation programming. Uber has been placed on notice regarding their software having this (as well as many other) issue(s). Uber’s Bug Bounty Program precludes participation through their own language which leaves no real white hat outlet. This hack is completely avoidable and Uber should take measures to immediately repair this. Uber has not responded to my communications regarding my concerns about this issue.

Read more

Reading Time: 2 minutes Having worked in the IT field for over 10 years, I resonated with Moira Alexander, of Chief Information Officer (CIO.com), a subsidiary of International Data Group (IDG), in her article titled Project management guide: Tips, strategies, best practices , when she listed the following as reasons IT projects fail: Misalignment between project goals and business strategy Unrealistic project scope or scope that is not closely controlled Vague business goals or requirements The remaining items Alexander listed in her article may have relevance to others but for me, these jumped out at me. Misalignment has occurred with me when management is afraid to set boundaries with clients. In software development you wireframe out all aspects of development but when managers meet with clients and let too much input enter the development process it mucks up the waters. Often times, it is because clients do not understand what all goes into programming software yet want to reserve the right to randomly add in a feature that may take months or even years to produce. Features included in software must be very specific, realistic, and useful or you have a bad end product. When someone doesn’t understand what goes into software they begin listing off features they’ve seen in movies or heard about in a tech magazine. The truth is, when you imagine something “cool” (like unnecessary window slide-in transition in RMS software) in the middle of production you effectively cancel the working contract, as well as the previous production schedule, and must reenter into the negotiation stage so you may rework the entire contract to include the given “cool” add-on. Clients become endlessly offended and have the “Why can’t you just add in anti-gravity while you’re at it?” attitude when it’s simply not a possible feature you can include and satisfy the terms of the contract (budget, time, etc.). However, when you have a manager that fails to relay this information to the client you immediately have unrealistic project scope. Vague business goals (or requirements) has happened with me when the client was given too much opportunity to change their mind about features offered. When contracts are signed for software they stand as the diecast from which all production will come from. If at any point the model (or cast) is changed, the entire contract must be rewritten to establish a new diecast from which software may be generated. In short, I completely agree with the items listed in this article. I have personally experienced setbacks and they did specifically include these three (3) items listed.

Read more

Reading Time: 1 minute Background This project began because of a few factors. One of the big factors was that I have two small boys at the house. My wife mentioned to me that I should keep my office door locked so the boys don’t get in the office and get hurt on something in there. So, my goal was to come up with a techy way to lock the office and keep things consistant with my nerdy inventor theme. When I was about 10 I remember Star Trek The Next Generation (TNG) was one of my favorite shows and my fondness was actually kick started again by a fellow co-worker of mine. He would bring his Star Trek DVD’s to work and on some nights he would come to work dressed in his full Star Trek uniform! At first that seems really funny but he was very intelligent and I never minded having a conversation with him. As time went on I thought it would be a kick to skin my security touch-pad door system using the TNG look, style and feel. My research for artistic insight got me watching the show again and I had a lot of fun revisiting some childhood moments. I was able to capture the TNG skin for my door panel and so I know have a TNG door touch-pad locking the office!   Summary of Downloads & Extra Links   Helpful links Adge’s Star Trek LCARS Terminal Page LCARS DesktopX Theme LCARS X32 View the LCARS code on Github

Read more

Reading Time: 2 minutes Getting anything done for free these days takes a bit of working. Lets follow some steps to see if what worked for me can work for you as well. Step 1. Power your phone up and act like you are going to make a call. Type in *#06# your IMEI number will appear on the screen. Copy that down somewhere.   Step 2. You need to retrieve your BlackBerry device’s MEP code. To do this you need to open up your “OS Engineering Screen”. On the main menu screen of your BlackBerry press down ATL+Shift+H (for help) at the same time.   Step 3. Go to OS Engineering Screens > Device Info.   Step 4. Scroll down under the SW Parts List and you will find your MEP. In my case it was MEP-04104-007. Take this number down. You will need it.   Step 5. Download this BlackBerry MEP generator and fire it up. You simply select from the drop down menu which MEP you have (such as mine above MEP-04104-007 from steps 2 – 4) then you type in your IMEI number in the appropriate textbox and click on “Calculate”.   Step 6. Back to your BlackBerry’s main menu screen go to Options > Device > Advanced System Settings > SIM Card.   Step 7. Type in MEPD. No typing will appear on the screen as you do this. Once that is typed your screen list will expand and you will be able to see the following (or similar): Personalization: SIM Network Network Subset Service Provider Corporate Each of these settings in the phone represent a Mobile Equipment Personalization (MEP). Each of these can be locked and if that’s the case you will have to select each one and unlock them. Your unlock code will be between 10 and 16 numbers long. For better clarification, the above is what you will see along with whether it is active or disabled. Like so: Personalization: SIMDisabled NetworkActive Network SubsetDisabled Service ProviderDisabled CorporateDisabled The “Active” and “Disabled” are not bolded on your phone as they are all smooshed into the other word. You will understand once you see it on your screen. Please note, each of the five personalizations are a different MEP. For instance, Personalization: MEP1 = SIMDisabled MEP2 = NetworkActive MEP3 = Network SubsetDisabled MEP4 = Service ProviderDisabled MEP5 = CorporateDisabled Each phone has 5 MEP’s that can be locked. In my case, T-Mobile only locked MEP2 and so I only needed to input the 1 code which unlocked the phone.   Step 8. Now from your MEP generator you can select one of the MEP codes that match what is Actively locked. For instance, the following codes is what will be presented in your generator screen: IMEI: 353039043459297 MEP: MEP_04104_007 ————————– MEP Codes: MEP1 :4486467426976036 MEP2 :7603376453602214 MEP3 :1577369485260306 MEP4 :8051453218862502 MEP5 :7845777045561355 ————————– Codes Successfully Done. So if MEP2 = NetworkActive is what is locked or showing active on your phone, you would select MEP2 :7603376453602214 from the generator as your code to enter.   CAUTION: BlackBerry only allows you to try a MEP code up to 10 times and then it will permanently lock on you and you will not be able to unlock that phone. Please make sure you type things in correctly. Step 9. To input your code scroll over the MEP you wish to unlock and type in MEP2 or the letters M E P and then the number 2 (alt+e). This will bring up the screen for you to place your MEP code. It should display that the code was accepted and you’re go to go! Enjoy your unlocked phone.

Read more