COVID19 – Until We Expand Testing it Will Not Be Solved

When Roses Die Because They’re Already Cut

From the article by a Canadian in Florida returning to Canada by car. She left out of concern that Floridians were ignoring the Coronavirus Pandemic. (I will try to track down the link and update.)

Canadians are divided, politically and geographically, but compared with our neighbours, our divisions are trifling. … There are disagreements, as is proper in a democracy, about the best course to take, but the virus (in Canada) has not been turned into a political weapon, as it has in the United States, where attitudes about the illness sharply divergeon partisan lines.

With catastrophic leadership and a lack of social solidarity, the United States looks like it is going to get hit hard, which is tragic, because it has the resources to stop the virus in its tracks. What it doesn’t have is the leadership, the will, the social solidarity, to get equipment to health-care workers and convince everyone to stay home for a few weeks.

I am afraid that partisan division, fuelled by a narcissistic, attention-seeking president, is going to cost the Americans dearly.

It reminds me of this quote from President Bush:

“The difficulty of the task is no excuse for avoiding it,” George W. Bush

And right or wrong is for history to judge, usually. W did not hide from facts. I say this because as a society we need less of this imagery.

ReadyHarris.org

And more of this:

A Happy Squirrel
Beautiful Sunsets, Even if Taken From Quarantine

We need a lot more of positives images, but only those based on facts. If you, as a leader, give one iota about who genuflected to you for doing your job, then you may have picked the wrong job.

Facts: Sadly, since this last Thursday, (today being Sunday, March 29, 2020), deaths from COVID19 went from 1,000 to over 2,000 on Saturday – and a current count of 2,348.

The above image shows the current reality in the United States as of March 29, 2020 at approximately 1 PM EST.

https://www.theguardian.com/world/ng-interactive/2020/mar/29/coronavirus-map-of-the-us-latest-cases-state-by-state

Goldman Sachs survey: less than 50% of US SMBs to survive 3 months of lockdown

From the article: https://apple.news/AssYy_n2OSzWnbB7FdnC7QA

“There are nearly 30.7 million small businesses in the U.S., employing around 47.3% of the private workforce, according to the U.S. Small Business Administration.

“Approximately 51% of the business owners surveyed by Goldman reported that they can “only be able to continue to operate for 0-3 months,” according to Goldman.

“The results highlight the severe and sudden impact COVID-19 is having on the economy, which is expected to contract and hemorrhage jobs in the coming weeks amid widespread public lockdowns.

A third of Coronavirus patients admitted to ICU – Lancet Medical Journal – Jan 2020

A familiar cluster of pneumonia associated with coronavirus
progression of the Coronavirus in a patient over time
This is the progression of the Coronavirus in a patient over time. This is why we quarantine.
https://www.thelancet.com/action/showPdf?pii=S0140-6736%2820%2930183-5

I’m stunned by this: “Lancet, the British medical journal, published an article in January, based on studying a small group of patients, which found that a third of people (infected with the coronavirus) had to be admitted to intensive care units.”

The reason that stuns me is it is from January and it is now March. We lost significant time in responding to an obvious issue of a lack of Ventilators and ICU beds are vastly insignificant for that level of infection.

That quote on Covid-19 is from today’s NEW York Times article March 20, 2020 titled “Behind the Virus Report That Jarred the U.S. and the U.K. to Action”

https://www.nytimes.com/2020/03/17/world/europe/coronavirus-imperial-college-johnson.html

Statistics from the Imperial College of London predicts what an uncontrolled spread would mean. This data is from the WSJ article (this will NOT happen, this shows what COULD have happened without non-medical intervention.)

  • 510,000 deaths in Britain
  • 2.2 million deaths in the United States

I repeat – the ABOVE predictions will NOT happen because of non-medical intervention. It does represent what could have happened. And the final numbers, while less than the above, will be greater than they needed to be.

Back to the WSJ article:

The (now debunked) theory (ignoring coronavirus) is that this would build up so-called “herd immunity,” so that the public would be more resistant in the face of a second wave of infections next winter.

Dr. Ferguson has been candid that the report reached new conclusions because of the latest data from Italy, which has seen a spiraling rate of infections, swamping hospitals and forcing doctors to make agonizing decisions about who to treat.

My opinion: Let me translate the phrase “build up ‘herd immunity’” – because I went to Texas A&M with a BS in POLS and my wife is an Agricultural Science major as well. “Herd Immunity” basically means building up immunity, in the absence of a vaccine, “culling of the herd” or “survival of the fittest” or “the weak or those predisposed to the virus will die.” – Ed

And….

“Based on our estimates and other teams’, there’s really no option but follow in China’s footsteps and suppress.”

My opinion: Let me interject here again. If the public had known that up to 1/3 of all patients with the coronavirus needed treatment in an ICU with ventilators, I’m going to guess we wouldn’t be where we are now. Back to the article. – Ed

…the burden on hospitals was clear as far back as the original outbreak in Wuhan, China. Lancet, the British medical journal, published an article in January, based on studying a small group of patients, which found that a third of people had to be admitted to intensive care units.

I can’t help but feel angry that it has taken almost two months for politicians and even ‘experts’ to understand the scale of the danger from SARS-CoV-2,” said Richard Horton, the editor-in-chief of Lancet, on Twitter. “Those dangers were clear from the very beginning.”

(PDF on Coronavirus from Lancet, search for more.)

My Opinion: My understanding from reading the above article, is that the Lancet feels their advice was ignored for two months and our leadership didn’t take it seriously, causing greater pain. I get that.

This is what your lungs look like with the Coronavirus (Covid-19)

COVID-19 Lung Scans Through the Treatment Process
https://www.thelancet.com/action/showPdf?pii=S0140-6736%2820%2930183-5

Like all Global Citizens, I believe we are in an unprecedented time. I hope and pray the miracle of humanity can solve this pandemic as soon as possible.

I’ll do my part as best I can. – Ed

Coronavirus DIY Facemask Test

diy protective mask for coronovirus

In Houston the Coronavirus (COVID-19) response has been quite aggressive. And as the third largest metro area in the US, it should be. I get it. Mostly we are quarantined in place except for grocery store runs and emergency needs. (And we can walk the dog, but that’s about it.)

The paper section in the Walgreens across the street looks like this

Walgreens paper goods in Houston

This led to research on what we could do and turned up two interesting pieces of knowledge about the coronavirus.

A) How long is the coronavirus contagious or viable by surface. As in how long can it be there and still infect you?

  1. plastic = 3 days
  2. Stainless Steel = 3 days
  3. Cardboard = 1 day
  4. Copper = 4 hours
  5. Airborne = 3 hours

They don’t mention wood, which maybe varies by paint, varnish, etc.

Copper is the winner. Cardboard three times better than stainless steel is bizarre as well.

Source: https://apple.news/ATWmOdE4STTmvJCBdURGDTQ

Next up, if you can’t get a mask for when you do go out, how do other materials compare to a medical mask?

Clean vacuum cleaner bags were a close second to surgical masks, but in the end they conclude you can barely breath through them so use two cotton “tea towels.”

Two Cotton Tea Towels are best after a real mask.

Thus began an insomnia driven test to try and create a coronavirus diy mask from a tea towel with no power tools. It started like this:

The real mask before photo

Then the build process using paper as my makeshift mold.

My materials.

The Ghirardelli chocolate and wine are a tip of the hat to my friends in San Francisco on complete lockdown. Those aren’t technically necessary to make the DIY coronavirus mask, although they do help.

Gave myself extra room
Rough initial stencil
Evolution of mask into 3D space with tale

In the above photo the template is overlapping and kind of mushed into the real mask so I could get an idea of the shape of the masks. They are not circular because your face isn’t a flat circle either.

Initial stencil with original mask on top for comparison
Applied to the fabric, then used the fabric to make the second layer via singer iron-on stick tape. You could use pins

Then a whole bunch of adjustments and cuts happened at the fabric level during hand sewing. The SINGER iron stick is a temporary way to hold fabric together, but definitely not strong enough to be a permanent join. But it’ll hold it together long enough for you to stitch it up.

Rough cut comparison of the diy coronavirus mask and the original.

The straps on my version are the edges of the towel because I didn’t have any elastic bands that long, and if people in countries with limited supplies available, the straps seemed more realistic.

A truly rustic looking diy coronavirus mask

It’s hard to tell in the photo above but between the two layers there is a small wire bent to the approximate shape of the bridge of my nose just like the more flexible one that comes on the real masks.

And the final result

My advice? Buy it if you can.

It looks amateurish, I look ridiculous, but it’s waaaaay better than taking the BARTT in SF and wondering if the person coughing is giving you an infection.

Update: I received some questions about what I used for the metal “nose bridge” so I’m adding further details.

For me (easier way below) I go by autozone at the end of a rainy day and pull the broken / discarded windshield wiper blades. If you rip them apart there are two thin, but very sturdy, pieces of metal attached to the rubber part. (they make great tension wrenches.) mine looks like this when sewn in place in between the two layers of the cotton kitchen towel.

DIY Coronavirus Face Mask Nose Bridge

Easier alternative: bend paperclips like this:

For Comparison, Paper Clips vs. Scraps from Wipers
Bend the paper lips twice. This is step 1, then twist.
Overlay the paperclip nose bridge to the length you want
Wrap paperclips in tape to avoid sharp edges.
Wrap them in tape and cut off excess tape
Bend to shape. Actually much easier than my original

Pro tip: when I do a DIY project like this I usually hand sew them using dental floss. Yes “Dental Floss” because it’s always around and stronger than most threads.

hunting botnet attacks and reporting to the host

Cyber Alert Dashboard Example

I like to demystify things for people who aren’t completely tech savvy, hopefully using words that are human readable, although anything having to do with information security (infosec) is going to read a bit geeky. To that end, this is an attempt at a human readable example of the tracking down of an ip address that was attacking our network today. Let’s start with THE FACT that your network admin CAN give you visual open source tools. This is important if you want accountability and awareness. Like this:

Most networks (hopefully) have endpoints that include firewalls and extensive logging And frequently the logs are redundant for verification purposes. Usually the virewalls using tools like OSSEC to help decipher what is going on. We run multiple tools for network monitoring, but my “go to” is ElasticStack (also called an ELK stack) because the whole team can visualize things in Kibana and bring it to our attention if we happen to take 5 minutes off for lunch.

Looking at the wazuh plugin tab in Kibana I noticed an increase in rule id : 31303 which is a Critical NGINX error.

The log file includes this snippet:

Graph of OSSEC Network Security Alerts Over Time
A visual graph from OSSEC visualized by an ElasticStack

When we drill down into the logs in Kibana it parses things out to be a little easier to read. This matters because we need the detail to report the bad ip address.

FROM THE LOGS: SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking

So who is the bad guy? Who owns this IP address? Arin.net answers that for us either with the owner or by pointing you to a different registrar that can tell you the owner. In my situation is was a US based IP address 23.100.232.233

Straight up, most of us in InfoSec actually prefer using the command line because we can filter the data faster that way. If you can't "see" it in a report in my experience it rarely happens. Still, a typical command would be something like this if I wanted to help out my SEO manager prioritize which 404 pages to fix first:
grep '404' /log/file/path/nginx/access.log | sed 's/, /,/g' | awk {'print $7'} | sort | uniq -c | sort -n -r | head -100

Now back to our story of finding the botnet hitting our endpoints. Mr. 23.100.232.233

We go to arin.net. The ARIN URL is: https://search.arin.net/rdap/?query=23.100.232.233 which shows the owner and further delegates.

It goes on to show that the owner is Microsoft.

Source Registry: ARIN
Kind: Org
Full Name: Microsoft Corporation
Handle:
MSFT
Address: One Microsoft Way Redmond WA 98052 United States


And it continues:
To report suspected security issues specific to traffic emanating from Microsoft online services, including the distribution of malicious content or other illicit or illegal material through a Microsoft online service, please submit reports to:* https://cert.microsoft.com.

Perfect! They are telling us exactly how to report the problem to Microsoft. Now we want to be a bit more helpful so let’s try to figure out what it is in more detail. There are many tools, just google “ip address reputation” and you will get something.

We have the data from the logs so let’s try to find out what the attack is. Google for other options, but I picked this one today:

https://www.abuseat.org/lookup.cgi?ip=23.100.232.233

RESULTS OF LOOKUP
23.100.232.233 is listed
This IP address was detected and listed 4146 times in the past 28 days, and 137 times in the past 24 hours. The most recent detection was at Fri May 31 17:35:00 2019 UTC +/- 5 minutes
This IP is infected (or NATting for a computer that is infected) with an botnet that is emitting email spam. The infection is probably necurs.

necurs is also known as: WinNT/Necurs.A, Mal/Necurs-A (Sophos), RTKT_NECURS.SMA (Trend Micro), Trojan.Hosts.5268 (Dr.Web), Trojan.Win32.Genome.aglua (Kaspersky), Trojan.WinNT.Necurs (Ikarus), Win32/SpamTool.Tedroo.AS (ESET)... etc...

Microsoft told us exactly how to report it, so we can go to: https://cert.microsoft.com and enter all of our data with confidence. And they are far more likely to take action having the exact data, logs, and type of attack in detail.

For those of us managing large and numerous websites that are constantly under attack, we have seen a HUGE increase in attacks over the last 10 years.

Y’all, we really are in a cyberware, and while the Navy gets Ships, the Airforce gets Planes, The Army gets the tools they need. But in the US, most of the cyber warfare defense is literally left up to private companies and private individuals who are not part of any organized force nor provided assets to fight the war. Kind of scary, huh?

Stock Market Crash March 9, 2020 Explained

Motley Fool has a balanced explanation of the Coronavirus related stock market crash yesterday. We’re back into Bear territory.

https://www.fool.com/investing/2020/03/10/stock-market-crash-2020-everything-you-need-to-kno.aspx

Motley Fool Write up on the Bear Market

While cases of the coronavirus are dropping in China, it is from rather draconian methods of quarantines and shutting down entire cities. Containment seems to be the only option right now.

2020 coronavirus cases in China

The CoronaCrash (too soon?) is imho just starting. You can’t lock down an entire country like Italy has, major portions of China, and not expect economic fallout. And it’s here now.

CoronaVirus – Markets Move on Emotion not Fundamentals

Now we see fears and the reality of coronavirus hitting the markets hard.

coronavirus

I’ve said it before, so this is repetition, but worth repeating. Stock markets move on emotion much more than the fundamentals. Companies are overvalued because there are more people with more money in pensions and the money has to go somewhere.

Stock Market Movement with Coronavirus Last two weeks

Source: https://www.msn.com/en-us/money/markets

I also highly recommend this informative thread on twitter regarding research on coronavirus so we can all hopefully keep it in perspective. It’s linked with more detail on my linkedin at https://www.linkedin.com/feed/update/urn:li:activity:6641792800314675200/