Category: Tech

Tech

Never Going Trip Again

Consider following on social media!

Quick note: if you’re viewing this via email, come to the site for better viewing. Enjoy!

Scriptingthewhy, what do you mean I’ll never vacation again? I can’t do it now.
Photo by Robert Nagy, please support by following @pexel.com

After reading this, you just may never trust writing a review ever again. And you know what, we don’t blame you. It’s getting pricey just to exist. We all enjoy traveling to new places, especially with our partners.

You may have seen or shared some photos of yourself or others on their romantic getaways from the kids, job, or life just in general on social media. But let’s say you visited a vacation spot, and it left a sour taste in your mouth, clearly, your next course of action is to fire up your computer and write a review.

However, you may want to hold your horses before letting that Sandals resort owner know how you really feel because not all websites are created equal or with good intentions.

We’re going to be going over what kind of attack this is, who is using it, the functionality and effects upon release, and what are some ways you can prevent this from being the beginning to the end of your vacations.

Oh, would you look at that, someone else filed another complaint. That would hurt my business…if they were complaining on the real website.
Photo by Mikhail Nilov, please support by following @pexel.com

The Attack

We as humans have a common tendency to seek out others who align with our current or pending point of view. Sometimes when we can’t find this we may resort to posting online as a signal for someone to agree or just be wrong in their thought.

But given the current growing threat in the landscape of the internet, it seems like those days are about to be numbered due to malicious actors making use of the complaint form of TripAdvisor as an attack vector for cyber-attacks. This may sound absurd, but like Spandau Ballet, this much is true.

We revamped the malware and made it better. Don’t call it a comeback.
Photo by Cleber wendder Nascimento, please support by following @pexel.com

Who Can It Be Now

So, an old menace brings an onset of new challenges. The group operating behind the Cyclops campaign back in May 2023 had revamped and offered Knight ransomware as RaaS (Ransomware-as-a-Service)—this is the act of offering the use of ransomware with different payment plans to interested parties, on the RAMP hacking forum.

This was done with the intent to invite affiliates to join their scheme and share the profits from extorting victims. We’re not sure as to how many partake in this invite but it’s something to keep an eye out for.

Enjoy the read so far? Why don’t you consider subscribing so you can keep up to date?

I didn’t download a file, did I? How would I remember? I was just trying to get off the computer. 36 hours a day at work is driving me mad.
Photo by Mikhail Nilov, please support by following @pexel.com

That Sinking Feeling

So, how does something like this work, well, we’re glad you asked. This campaign was spotted by Bleeping Computer and after analyzing they found an HTML (Hypertext Markup Language) file, “TripAdvisor-Complaint-[random].PDF, htm”. When opening the file, a fake browser window is launched within the real one. This window displays a TripAdvisor website however, this is a spoofed domain name and URL (Uniform Resource Locator). This technique is called browser-in-the-browser (BitB).

This aims to trick users into thinking they’re on a trusted site but in reality, the stealing of your credentials is pending. What makes BitB attacks more dangerous is, unlike normal phishing attacks where the user is redirected to a malicious website, BitB attack does not require the victim to click on any link or download a file because the fake browser window is embedded in the HTML attachment itself. The user may not notice the difference between the real and fake browser windows, this is unless they pay close attention to the details or have security tools in place for detecting phishing attempts.

However, the fun doesn’t stop there, when interacting with this particular BitB, it pretends to be a complaint submitted, asking for the user to review it. When clicking on the “Read Complaint” button, an Excel XLL file is downloaded named “TripAdvisor_Complaint-Possible-Suspension.xll”.  This file delivers the malware payload to encrypt files appending the “.knight_l” extension to encrypted files’ names, where ‘l’ portion likely stands for ‘lite’.

Once this process is complete a ransom note will be created named “How to Restore Your Files.txt” in all the folders of the computer. The note will demand a payment of $5,000 to be sent to a listed Bitcoin address. Trust us, even if you find the means to pay the ransom, there will be no restoration of your files.

They said they revamped it and made it better, but it still looks the same to me.
Photo by Pixabay, please support by following @pexel.com

The Prevention

While reading this you probably think it’s the end of the world and that you may never go on vacation again. We’re here to tell you, that is not the case. A few ways of protecting yourself is familiarizing yourself with the actual website. When visiting a website make sure you look for “https” and a lock image in your search bar as this will ensure that not only the site is secure, but your personal information is encrypted.

Some fake websites will be harder to spot since scammers are kind of clever, so they’ll be sure to come as close to mimicking the real website as possible, but a bit of mindfulness and staying up to date with your operating system and rising threat trends could safeguard you for your next vacation.

Always remember it’s better to file a complaint with the real TripAdvisor. Sure, they might not listen to you and take your money but it’s better than the alternative of scammers holding your data hostage with the intent to sell at a cost way lower than that Sandals resort owner had charged you.

They charged me an “existence fee”. How do you someone for just being in the area!?
Photo by Mikhail Nilov, please support by following @pexel.com

Made it this far and found this to be entertaining? Then a big thanks to you and please show your support by cracking a like, sharing this with whomever, scripting a comment, or plug-in to follow.

Would like to give sincere thanks to current followers and subscribers, your support and actions mean a lot and has a play in the creation of each script.

Do you feel like there is something I may have missed on Knight ransomware? Script a comment below.

Cloud Talk, Programming, Security, Tech

How to Win Father of the Year

Quick note: if you’re viewing this via email, come to the site for better viewing. Enjoy!

Children team building exercise on grass
Truly a photo representation of the school system that never hit so hard.
Photo by Lukas, please support by following @pexel.com

I’m just going to assume all the people reading this are grown adults and have experienced that moment in their career (or job) where you’re being tasked with finding someone to lead your team.

You’re provided with a room full of people and still, you manage to find no one who would fit the bill. This shocks you. Why? Because all too often people say they have the “juice” to lead but when placed center stage they fold faster than origami paper.

Embarrassing I know; however, time is ticking, and your client isn’t going to wait for you to find the “right for right now” candidate. But then again, what would be the perfect candidate for this situation?

father with child on shoulders
A good Scrum Daddy will never be an absence father…unless it’s his day off.
Photo by Hannah Nelson, please support by following @pexel.com

The Chosen One

So who is this person that the company is going to have to employ in order to run your band of misfits? Don’t look at me, it’s not me, although Z-daddy makes an excellent leader.

Quickly subscribe to join Zeroclay Nation, so you can join the one and become an army of none. Shameless plug-in aside, back to answering the question. Well like most creative, non-so-creative names in the IT world, they’re called Scrum Masters.

Scrum Masters, while the name sounds like an underground kink club, are accountable for helping their team succeed. They are responsible for managing the exchange of information between team members.

This is done as a team member or collaborator. Most scrum teams (I say most because working in teams with different people creates “experiences may vary situation”) can run themselves so having top-down management isn’t ideal for this band of misfits.

A Scrum Master often helps in groups or on a one-on-one basis (to all of you who thought of Hall and Oats, a big shout out to you, stay classic).

They may facilitate exercises, give guidance, or help people come to conclusions on their own. Scrum Masters are like having a coach that everyone on the team likes and can get along with and who doesn’t stare at you from around the corner while you’re taking a shower.

father and girl on bench on lake shore
A good Scrum Daddy will protect his team, but Z-daddy will always protect his nation.
Photo by Tatiana Syrikova, please support by following @pexel.com

The Perfect Supervisor

Have you ever played the video game Bioshock? Your answer was no? I’m shocked. For those of you who have played you’ll know what I’m laying down and for those of you who don’t, let me explain.

Bioshock, in a nutshell, had an underwater city and within that city were these little girls with syringes who went around drawing what looked to be blood but wasn’t.

I’m not going to get into the whole details, just know every time you sighted a little girl, she wasn’t alone. There would be a giant known as “Big Daddy” walking and for the most part, protecting her. So long story short, don’t mess with the little girl or you would have more than a double barrel to worry about.

Anyway, back to the point, Scrum Masters in a way act as the Big Daddy to a scrum team. Scrum Daddies help their teams by coaching in self-management and cross-functionality, creating focus in providing high-value increments that meet what the client defines as done or better known as “the definition of done”.

Scrum Daddies in times of need will, motivate and remove any impediments to the team’s progress, and ensure all Scrum events taking place are positive, productive, and kept within the timeframe also called timebox.

Scrum Daddies also help product owners by facilitating stakeholder collaboration as requested or needed, leading, training, and coaching them in their adoption, and by finding out what exactly is expected and conveying that to the scrum team.

So you can think of Scrum Daddies are like having that cool boss you can “ascend to a certain level of awesome” with and can be a google translator between the team and product owner.

Father spending time with his children.
I’m sure all you kids are mine…I think.
Photo by Denis Gvozdov, please support by following @pexel.com

Scrum Daddies are important…right?

You may be thinking to yourself, “these guys sound nice but what makes them so important?” If you have ever worked or even played on a team, you’ll know that not everyone thinks the same.

Do you remember the days when you were in school, and the teacher instructed you to get up and go find a partner and it took the class forever for people to settle into their groups? Like you would have a group that already knew they were going to link up but to the other groups developing, the awkwardness and the petty (if your ex and her friends that made up most of the class) was real.

Then you would be instructed to figure out who was going to be the team leader or in my case “you seem smart enough and I have no clue as to what I’m doing, and I assume that you do”. This is a retrospective apology, to my old classmates, sorry, you let the eyeglasses and calm demeanor fool you.

After figuring out the leader you would quickly find that most if not all people couldn’t lead well. There are many elements that go into making a good leader. This is why Scrum Daddies are so important, a good Scrum Daddy (and I say good because I know there are bad ones out there) will do everything in their power to keep the team focused, motivated, and moving along.

You know it’s like having a father instead of seeing them only on the weekends, they live with you and you guys play catch in the yard. Trust me, I’m not emotionally broken.

Team brainstorming at a meeting.
If we put Taco Tuesday on a Wednesday, we could boost productivity.
Photo by Yan Krukau, please support by following @pexel.com

More of a Father Figure

So do you want to become somebody’s Scrum Daddy? Do you think you have what it takes to protect your team of little ones? Good, in this field, having a degree would be nice but at last, you don’t need one.

Not to become a Scrum Master, instead, you’ll need to start building skills that will empower you to lead your team to the best of your ability. Developing problem-solving skills, adaptability, motivation, effective communication, and organization are going to be skills needed in this role.

Always a key thing to note is to never take sides or have any predisposition for someone’s opinion. Instead, Scrum Masters should serve as a mediator helping the parties reach a solution.

You could pick up some online courses which would help you gain a deeper understanding of what is expected in this role. Just remember when you are a leader, depending on who’s on your team, they’re all your children…you just don’t have to pay child support this go around.

man in black suit smiling
I finally get to keep my paycheck this go around! Thanks Z-Daddy!
Photo by Andrea Piacquadio, please support by following @pexel.com

Made it this far and found this to be entertaining? Then a big thanks to you and please show your support by cracking a like, scripting a comment, or plug-in to follow.

Would like to give sincere thanks to current followers and subscribers, your support and actions mean a lot and has a play in the creation of each script.

Do you think you have what it takes to be a Scrum Daddy or Momma?

Script a comment below about what you think your experience would be like.

Cloud Talk, Tech

Wish I knew this before jumping into the cloud

person climbing a mountain

Journey Upward

So, you are looking to start a career in the cloud, and you are eager to pick your courses from platforms like Coursera, Udemy, and edX to begin tracking that great journey into the cloud. You are on the hunt to gain a new set of skills and knowledge which you look to lead you to a bigger payday and a greater way of living.

After surveying the internet, talking to your peers, questioning the systems admin at your current job about things that were hot in Information technology, and they told you “Cloud computing was trending in the tech world and edge computing was on the horizon”.

On the internet, you will find countless articles on the cloud championing to be the go-to career choice, especially since the boom of the covid-19 pandemic many companies switched to using the cloud. Making the switch so they can continue to develop, house data, and migrate to being completely digital.

This is one of the most sought-after skills that are high in demand and is only going to increase in demand in the coming years. Well, while that is all good and well there are a few things you may want to consider before slamming your card or your parents down and saying, “sign me up”.

a game of blackjack is being played

House of Cards

Choosing which CSP you are going to be using is very important. There are a ton of providers out there from A-To-Z such as Cloudflare (a United States provider based in San Francisco, California) to Alibaba Cloud (a Chinese provider, based in Singapore). Not saying you are going to be starting with either one of them but if you continue and make it a career, these are a couple out of the many you may come across.

This is being said because there will be a time when performing multi-cloud (linking different CSPs to each other to utilize benefits such as prices). Aside from them, there are the main three or the big three when it comes to cloud computing. You have Amazon Web Services (AWS), Google Cloud, and Microsoft Azure.

AWS is the largest with more availability zones and regions to operate, Azure is right behind AWS but not as large, and Google falls last for size and time. Choosing which one to start with isn’t much of a chore since they all have simple user interfaces (UI) and PowerShell (terminals) to use.

Something quick to note is that once you learned one you pretty much learned them all since most of the setup is the same, just that the names for resources and their placement on the UI are different. However, at this junction, I’m going to be biased since my journey started with AWS. You always remember your first love.

Check out the link below to compare CPS.

https://intellipaat.com/blog/aws-vs-azure-vs-google-cloud/

wallet with money being pulled out

Pay to Play

After sorting out which CPS to go with, you then must lay down a credit or debit card to gain access to resources. You are the customer first in the cloud before you become the third-party constructor.

No need to worry about making a large payment because providers offer a trial program after you fill out the payment method and then receive a credit to use. Certain things like processors and storage are free within a defined limit. The use of resources like this does not charge too much, the low is ten cents an hour.

However, it is insanely important to create a budget before building hands-on projects. A good limit (which most instructors will tell you) is $10.00 – $12.00. The purpose of setting a budget is to keep you from screaming Homer Simpson’s famous catchphrase at the end of the month.

I had the unfortunate pleasure of leaving Amazon DynamoDB Accelerator (DAX) running which triggered an alert to notify me via email that I had exceeded my designated limit. Thankfully my statement was something I could pay but the fact remains. Make sure everything is stopped or deleted before you sign out.

gentleman rubbing glasses against head

Toughest challenge

Okay at this point, you probably picked out your study material, CPS and access to the cloud were granted. Your budget is set and you’re ready to start building projects to beef up that portfolio. What else could be ahead of you?

Well, if you are anything like me when I made my track into cloud technology and solely focused on cloud. You will be easily overwhelmed by the sheer number of things that are available when starting.

I went in wanting to learn everything cloud and after one or two courses, viewing learning paths, and staring at diagrams I quickly realized that was going to be a tall order since everything from web development to data science could be done in the cloud.

Cloud is an ever-growing technology, that is gaining more and more services at a rapid pace. With more services comes more things to know and be aware of. Staying up to date is going to be challenging because what’s working for you today might not be in use tomorrow.

A good way to stay on top of this is to frequently check white page documents (if you choose AWS), blogs, and forums to see if anything is no longer being used.

If you have made it this far and still are not sure where to pick up course materials to start, below I will leave a few recommendations.

https://www.udemy.com/course/aws-certified-cloud-practitioner-new/

https://www.coursera.org/learn/aws-cloud-practitioner-essentials

If you have found this post to be interesting and you would like to read a quick take on how companies are falling into money pits in the cloud, be sure to check out the link to my post below.

https://www.linkedin.com/pulse/suffering-aoc-allure-cloud-everette-powell%3FtrackingId=Zq%252BT2QxFTauSnRhlHqhwYw%253D%253D/?trackingId=Zq%2BT2QxFTauSnRhlHqhwYw%3D%3D