Hello Everyone,

Well were all coming up on the last big holiday of the year, Christmas, and after that we should be all getting our New Years resolutions done and ready to start. Now I know how most resolution end up for us all, but you all have to really be determined this time to follow through and achieve your goals you set out on this year.

I have some resolutions of my own, but you’ll have to be a member of my Internet Marketing course to find out what they are, exactly, and if they come true. The new course opens January 1st, 2012 and all students will have to make a resolution and layout their plans for the new business. I will tell you all just some of my plans for the new year, as I work 16-18 hours a day from home because I love what I do and working for yourself provides such a feeling, you just have to experience for yourself.

First I have 3 membership sites opening next year, including the one mentioned above. Then I have my own internet marketing affiliate sites, plus the new ones I’ll be starting because of the internet marketing course. The course of a follow along for the students as I show them what exactly to do and how to do it. So yes, while to most, this looks like an advertisement, or spam post, it actually isn’t to those who follow me and my Internet Marketing radio show at Talk Marketing Now every Saturday at 3pm PST. That’s also a plug too, but hey I’m a marketer among other things. And pretty successful at it too, if I must say so.

Another resolution is to update my blog more often. This blog is where I provide all the updates to everything I do and am involved with. You can find my security research updates here, along with malware and internet marketing udpates too, such as this one.

So plenty of new things to come the next coming year. I hope you all have a wonderful Christmas and a Happy New Year.

I’ll see you all on the other side of 2012.

Lonnie (CyberSorcerer) Gardner

As a security researcher, I have to keep up with the latest software and operating systems. Although I must admit I’m slow to switch to a new operating system when it first come out. This is mainly because I want to see what everyone else is going to find wrong with it first before I start looking for vulnerabilities. I figure let all the other eager researchers get a start and then I can come along afterwards and find what is seriously messed up with the program. This leads to more money when I sell the exploit to iDefense or TrippingPoint.

Another reason for me to go with Windows 7 now is because of the 64-bit nature of programs and operating systems. This seems to be the destination, for the time being, and when reverse engineering it does lend itself to a different set of issues that can arise.

So this is just an update of what’s new with me and what to expect in the future. Judging from my server stats, I do have a lot of visitors who are running Windows 7 or 64-bit OS’s

So I’m kind of excited by what new challenges, features, etc that lie in store for us heading down the Windows 7 route. I’m sure you’ll still experience my bad mouthing Microsoft. I don’t think that will ever change.

So until next time, I’ll catch you all later.

As most of you know I spend a lot of time collecting software, plugins, scripts, etc from all the popular torrent and download sites out there on the internet. The purpose for this is to reverse engineer them to see what has been added to them from the virus writers, or other people out there looking to benefit from you downloading the software.

I research these downloads so much that I get to know pretty much which malware, or viruses, are being distributed on which P2P sites. When you do it as much as I do you begin the see many different patterns for distribution. But the bottom line is yes, you do end up getting a piece of software for FREE but is it really worth it? Some of the popular software releases, such as Photoshop and Flash, come with some real nasty viruses that are hard to remove.

Yes, before you mention that there are free malware forums on the internet that will help remove these infections, I do understand your thinking in that I will just install the software and then head over to one of these forums and get the malware removed for free. That doesn’t work all the time though. Some forums will not help you if you have cracked software, or signs of it on your computer. Others will only help you once and then you’re on your own. Some of the worse cases people don’t get the viruses removed at all and have to wipe their harddrives and do a complete reinstall. Unless you have very important data on your computer and REALLY need it then you have to seek the services of someone like me that knows these infections inside and out and can recover your data.

Only problem with that is this type of service doesn’t come cheap and most people, or companies, can’t afford it or realize they REALLY need to put in some measures to prevent employees and such from accessing these sites and downloading illegal software because it’s too expensive and cuts into the company’s bottomline.

So moral of the story, next time you download a piece of illegal software and think it’s awesome because I’m going to get this for FREE, thinking about it again and ask yourself,  What else are you getting along with this software they the retail version doesn’t have? Because I can tell you one thing, you are going to get SOMETHING that you didn’t expect. It might be harmless and it might not but this software, by the time you get it on the P2P site, will have something added to it.

Please feel free to leave your comments on this subject and what you think?

As some of you might know, Microsoft has what it calls the “Ten Immutable Laws Of Security” which is at version 2.0 now I believe. I would like to give my thoughts on this as from reading their website it sounds like they’re putting all the blame of the computer owners instead of where it actually belongs, on the operating system developer.

I will agree on one thing that they state and that is; it isn’t possible for Microsoft – or any software vendor – to “fix” all the security holes; because, there will always be a way into a system. It’s just a matter of time until a hacker figures out a way. I’m making this post just because I believe Microsoft should acknowledge at lease some blame for their business approach to developing an operating system, and the incompetent way they handle security upgrades and fixes.

First let me list the 10 Immutable Laws of Security they claim:

• 1 – If a bad guy can persuade you to run his program on your computer, it’s not solely your computer anymore
• 2 – If a bad guy can alter the operating system on your computer, it’s not your computer anymore
• 3 – If a bad guy has unrestricted physical access to your computer, it’s not your computer anymore
• 4 – If you allow a bad guy to run active content in your website, it’s not your website any more
• 5 – Weak passwords trump strong security
• 6 – A computer is only as secure as the administrator is trustworthy
• 7 – Encrypted data is only as secure as its decryption key
• 8 – An out-of-date antimalware scanner is only marginally better than no scanner at all
• 9 – Absolute anonymity isn’t practically achievable, online or offline
• 10 – Technology is not a panacea

Ok, let me give my quick run down on my thoughts. As you’ll notice if you’ve read Microsoft’s TechNet Library on this it’s going to be a little different.

#1 – The problem for this actually lies on why does the bad guy have to persuade you to run his program on your computer in the first place? Because the operating system has a flaw in it that he’s programmed his software to exploit which will give him control of it. Is this YOUR fault? No, it’s the developer of the operating system, or software, that’s being exploited for not doing due dilligence in QA and beta testing to patch the holes in the first place.

#2 – This is a very short response because it builds on what I mentioned above. If the bad guy can alter the operating system, then why didn’t you figure out this loop hole in your QA and beta testing phase and fix it before finally release?

#3 – There’s really not much to say here if security is a big issue with you; because, if someone has that kind of physical access to your trusted data, laptop, or computer, then your simply an idiot? For those that don’t know me already, yes I’m very open with my opinions

#4 – Your control over your website is VERY limited unless you have a dedicated server or co-location. Most people that pay for hosting are on a shared plan which is cheap and affordable but does lack in the security department. This falls back on the old saying “You get what you pay for”.

#5 – This is true, but most of the popular algorithms on the market have already been cracked so cracking your password is only a matter of time anyway no matter how strong it is. If the hacker is determined to crack it his software will eventually.

#6 – Sorry for saying this, but it has been proven over many times, NO ONE is trustworthy; because, in this day an age everyone has a price and can be bought. There are multiple proven cases of administrators, with no prior criminal record, activity, or thought who turned bad because someone gave them the price they needed to break the rules and the law. Fact is that there’s a higher percentage of a security leak coming from inside the company than outside it.

#7 – Everyday, software license’s are being broken and this from some of the top protections companies in the industry. The problem lies with reverse engineering. Same problem with cracking passwords, given enough time any encryption can be broken. It’s a matter of the knowledge, skill level and patience of the reverser on how long it takes him to crack the encryption. But the truth is, if your encryption key is embedded into your software it’s going to be cracked.

#8 – Sadly enough, I have nothing to say about this law. It’s fully true; although there are issued with the scanners engine and algorithms but I’ll leave that for another post down the road.

#9 – Ok, looks like the wind in my sails are running down now, because, I have to agree with this one too. Nothing you do on the internet is private. Everyday you leave a trail on what your doing, viewing, downloading, filling out, etc, etc. It’s quit scary actually.

#10 – And I’m sure we can all agree that technology isn’t a cure for all out ills.

With all that said, software does provide us with a certain ability to achieve, and accomplish task that use to take tremendous amounts of time, in a short time span. This in turn gives up quick results, provides use with quick asnwers, and makes our lives a lot more manageable. But always remember a very simple, and sometimes fatal fact:

NOTHING IS FREE!

Most of you know that I’m pretty outspoken about my thoughts and opinions and this is just one that I have to get off my chest so-to-speak. It does involve independent security researchers, I do put myself in that category too which makes it that much harder to speak my opinion, but I’ll do it anyway.

When I visit other security researchers websites what do I normally find? Well to tell you the truth, worthless information which consist of vulnerabilities, that are just copied and pasted from a popular reporting site, and useless and confusing content that a normal computer user would be confused about and not understand at all in the first place.

I guess you could raise the argument that the visitors to their website are experienced and in the security industry, but they probably already receive these vulnerability notices anyway; because, they should be subscribed to these services — so why do they just re-hash the information thinking that it’s news worthy to their visitors?

As an independent security researcher I don’t publish a lot of my findings and that’s because my findings are strictly for my clients, and sometimes iDefense and TrippingPoint, who I sell vulnerabilities to sometimes. As a security researcher, especially an independent one at that, it’s my own research that is my asset. That’s the information that companies pay for and I’m not going to be blogging about it. And if the majority of my visitors are security industry people, why am I reposting information that has already been sent out in all the popular posting sites which anyone in the security industry would already subscribe to in the first place? Just makes no sense to me personally and I keep seeing it over and over, so I figured it was high time I said something. Maybe one of those researchers and post a comment and enlighten me a little on why they do it.

Until next time folks, see you on the flip-side.

Yes, I’m going to be going back to work and continuing running my freelancing, security research, internet marketing businesses, and starting my internet marketing course, while going back to work full-time.

I just launched my Online Money Coaching program this month and the whole premise behind it is that you can take the 6 month long course and have your own internet marketing business at the end of that time. Plus you will know everything you need to know about internet marketing when you finish too.

But, most people who are wanting to learn to make money online are already working full-time, or longer, and feel they don’t have the time to learn a new trade or business. So I’m doing this course as if I was starting all over again myself, with the current knowledge I have, and showing you the progress and how everything is done along the way. There is also a weekly Q&A session after each weeks lessons.

So for those that are interested to see how someone, working full-time + overtime sometimes, can get a whole business together and be able to quick there job within a year, this is the ticket for you. I know there are plenty of course out their but this is actually building the sites from scratch to finish and well even be selling “flipping” some of them too so everyone can see what goes into that.

If your serious about making money online, I hope to see you inside. Until next time!

Well finally, most of you that follow me know that I just launched “Online Money Coach“, my online internet marketing coaching course. And the main source for my advertising is the IM forums that I frequent and word of mouth.

I do my promotion for a week on one board, and follow the stats, then start on another board the following week. This week, after starting a new and popular IM forum, it took less than 24 hours before I started seeing hacking attempts in my logs. It’s not that had any respect for this particular forum board to begin with, but now any bit of respect that I might have had has left.

So wanted to get this post out because those that do follow my blog here, when I get around to posting something that is LOL, are usually interested in my security research that I come across. This though actually is information for anyone putting up a new site; because, it shows as soon as you start promoting your link script kiddies are going to start using their ‘outdated’ exploits to try and see if your server is patched and up-to-date.

I’ll be keeping you all up-to-date on all the hacking attempts that I come across from all my logs that I check for my domains.

Keep checking back, now that my course has launched I’m going to try and update my blog more often. Keep your fingers crossed!