Blog

The Art of Making Money

Or atleast trying to!
I’ve always been good with coming up with ideas for projects and various tasks that needs some kind of problem-solving, but never been good at getting some of that sweet $$$$ for it. Well.. this is basically me trying to see if I can change that with some various projects (duh!) and ideas but getting it monetized. Maybe it can help you out? I honestly don’t know, but it might be worth of checking out.

Who is this for?

I started writing this post because I wanted to do the research for myself, but thought that it might be useful for someone else in my scenario or someone similar maybe.

I’m not a “top marketer” (or whatever it’s called), I’m not a big influencer, I’m not gonna sell you this or that. I just wanna see how us ‘everyday’ people could find some kind of way of making some potential money.

“Top X ways of making passive/online money”

I’ve looked over the internet, browsing webpages and looking at youtube videos, and somehow, most ‘influencers’ wants you to make amazon affiliate, online classes, sell stock photos or whatnot.
Well, here’s the problem! In order to do most of these stuff, you need to have an audience to actively pursue what you as some kind of influencer market for them.
Now, let’s say that we have this sort of audience, do you who reads this still think that you can take good professional photos/videos? or make a “masterclass” online class playing guitar (just an example)? or that people would use your links on whatever platform you use for your audience..

Maybe you do? maybe not! I for sure don’t have that audience or that kind of influence. So what do I have in mind?

My Skills to move forward

Personally, I come from a heavy IT background ( you should be able to find my resume on this site) and I feel very confident with my knowledge, but could always learn more ofcourse.

This however doesn’t mean that you would need the same background as I do, I’m just highlighting my knowledge and seeing what I could potentially use to make whatever money. Everyone has some kind of knowledge or skill, but that doesn’t necessarily suggest that you should use that knowledge. For instance, me with a heavy tech background is starting up a youtube channel and learning how to edit and make somewhat interesting videos. I just try to adapt and combine similar interests of different topics together. Maybe you like to share videos, maybe you like knitting (or something), how about combining them? It’s just an example to see some potential in whatever you do and most important, what you like to do.

Breakdown

So let’s take a step back from this post and write down some stuff that we can think of doing. Whatever is on top of your head! Write down a list on a piece of paper with atleast 20 solid ideas and see if it’s easy or hard for you to do.

Go ahead, just do it!
And if you don’t find any ideas, go out on the web and really search outside your comfort-zone, even if it doesn’t gives you the exact thing you wanna do, it may be some inspiration for something you could do.

Note: Some day I would want to write down a list of 1000 different ideas on this website, but that’s gonna take some time and it’s something I wanna do for myself. But that’s a future project! 😉

The plan

So for me, there’s two approaches we could do here, and you’re gonna do what you think it’s best for you!!! Don’t copy me or someone else, you do what you think suits you the best.

The first approach: Do one thing and do it darn good!
For example, if you really know what you like and wanna do, do that 100%! and separate money sources are gonna come your way. As an easy example for this, if you really wants to make youtube videos and somehow ends up semi-big, you’re gonna get sponsors, adsense and so on. It could be something completely different, but you get the picture.

The second approach: I wanna call this the spray and pray scenario, where you have a lot in your head and just wanna try various different things to see what fits you and maybe earn some dollar/euros/pounds in multiple projects. Even if I don’t find this option to be the superior one, it’s the one I’m going with.

But these ideas that we’re getting here (even if I’m gonna mention them below) are up to you. If you find this step difficult, go back to the #breakdown section and figure out your 20 ideas again. This post is about teaching you (and myself) to figure this mess out ourself.

Good luck us!

Let’s do it!

So now, we’re gonna actually start up and do these projects.
My own list of things I wanna try is the following:

  • YouTube
    -Gaming & tech videos
    -Amazon affiliate links within the videos
    -Patreon for fans to help out
    -Sell merch
  • Spotify/Apple-music/OTHER
    -I play various instruments and have this as a hobby today
  • Sell Stock Videos/Photos
    -I spend alot of time hicking and take some nice photos every now and then
    -I like editing, so I could make some stock footage
  • Sell a product
    -I have some ideas of different products I could sell
  • Invest in stocks & crypto
    -Stocks at robinhood or local market
    -Coinbase & Binance for crypto
  • This blog
    -I like writing things I genially care about
    -Affiliate amazon
    -Ads (once that day comes)


    Notice that I only mention 6 topics instead of the 20 I originally mentioned? It’s because I really wanna try out these things to see if they work or not. And that’s how you gonna do it aswell.
    If you try out ten different ideas, 9 totally fail and 1 work. It’s a success, since you figured that out by yourself! If everything failed, go back, think of some new ideas, research and try them out. Just because some things work for certain people doesn’t mean you even wanna do it!

The most important thing here is to do something you like or wants to do. As soon as you do that, it’s not gonna feel like work.

Best of luck to you and please send me a tweet if you figured something out and it helped you. I believe in you 🙂

/Carl

Socials and links:

twitter.com/fiskenhero
youtube.com/c/fiskenhero

Try Amazon Prime for 30 days free!
https://amzn.to/2HGOycw

Patreon
https://www.patreon.com/fiskenhero

Wanna buy something off amazon?
https://tinyurl.com/fiskenhero

“Zero Logs” 20Million accounts leaked!

Well.. where to begin.

A collection of ‘Free’ VPN services left some servers completely open and accesible.
The lack of security for a Security Product is pretty insane.
A VPN that doesn’t protect your data? huh?
Recommendation: https://www.youtube.com/watch?v=WVDQEoe6ZWY
Tom Scott explains VPN’s.

Personally Identifiable Information data for potentially over 20 million VPN users.

Every one of the VPN’s mentioned below advertise their services as “No-Log” VPN’s (lol).
Which basicly means that they don’t record any of the users activity/logs.
This turned out to be false.

Not only is this false, everything I and other sources found where cleartext passwords, Ip adresses, home adresses, phone numbers etc.

The VPNs affected are UFO VPNFAST VPNFree VPNSuper VPNFlash VPN, Secure VPN, and Rabbit VPN

Data Breach Summary

AppsUFO VPN, FAST VPN, Free VPN, Super VPN, Flash VPN, Secure VPN, Rabbit VPN
Headquarters/LocationHong Kong
IndustryCybersecurity
Total size of data 1.207 TB
Total number of files1,083,997,361 records
No. of people exposedOver 20 million, based on user numbers claimed by the VPNs
Geographical scopeWorldwide
Types of data exposedActivity logs, PII (names, emails, home address), cleartext passwords, Bitcoin payment information, support messages, personal device information, tech specs, account info, direct Paypal API links
Potential impactFraud, doxing, blackmail, extortion, viral attack, and hacking, arrest, and persecution
Data storage formatElasticSearch Server

Digging deeper…

Somehow it looks like it comes from the same developer, since all the VPN’s mentioned above share a common ES(ElasticSearch) Server.
They seem to have the same recipient for payments aswell (Dreamfii HK Limitied) and .. doesn’t their website look a bit.. similar?

It looks like it’s just rebranded but comes from the same entity.

The brands the VPNs are marketed under include:

  • UFO VPN – “Super private & unlimited fast VPN for Android. Hide IP, unblock sites from 360.”
    Google Play Store: Rating 4.5 stars, 10M+ downloads
    Apple App Store: 4.8 stars
    Developer: Dreamfii HK Limited, Hong Kong
  • FAST VPN – “100% Free VPN for gaming: access websites, apps and mobile games unlimited”
    Google Play Store: Rating 4.5 stars, 1M+ downloads
    Apple App Store: Rating 4.6 stars
    Developer: Mobipotato HK Limited, Hong Kong
  • FREE VPN – “The best free VPN tunnel for android to unblock content. Feel the outer space!”
    Google Play Store: Rating 4.5 stars, 100k+ downloads
    Apple App Store: Rating 4.6 stars
    Developer: Starxmobi HK Ltd, Hong Kong
  • Super VPN – “Super VPN is the best unlimited VPN proxy for android.”
    Google Play Store: 4.6 stars, 1M+ downloads
    Apple App Store: 4.9 stars
    Developer: Nownetmobi, Hong Kong

A screenshot from securitytrails.com showing the different domains hosted on a single IP address managed by the company that owns the VPN apps

It’s also funny to see that all of these sites/services advertise that they use “Military grade security”, which is a joke at this point.

Fast VPN’s ‘Strict Zero Logs’affirmation

UFO VPN’s security and confidentiality promise

Fast VPN’s Privacy Policy

The VPN’s exposed database and server most likely shared a common developer and owner.

The print of log data displayed below is a sample taken from the database. It show that the VPN apps writing user data to a unsecured server.

For example, in the snippet above, the package name com.freevpn.fast.unlimited.proxy” appears in the URL for Free VPN’s Google Play app page (“https://play.google.com/store/apps/details?id=com.freevpn.fast.unlimited.proxy”).

The same package name is also connected to the VPN’s website URL “http://free-vpn.io/”.

Similarly, the package name “vpn.fastvpn.freevpn” appears in the URL for Free VPN’s Google Play page (“https://play.google.com/store/apps/details?id=vpn.fastvpn.freevpn”).

The website for this app is “https://www.fastvpn.im/”.

Data Entries

After downloading it to my phone, I used the app to connect to some servers. Upon doing so, new activity logs were created in the database, with our personal details, including an email address, location, IP address, device, and the servers we connected to.

New user registration logs for certain VPNs 

Fast VPN new user registration log

Record of a user from Bangladesh changing their password – shows an old and new password

Logged Web Activity and Technical Details

It seems that the exposed database contains a lot of personal details about users and technical information about the devices

  • Connection logs, traffic, and sites visited
  • Origin IP addresses
  • Internet Service Provider (ISP)
  • Actual location
  • Device type
  • Device ID
  • App version
  • Phone models
  • User network connection

The VPN server users connected to was also exposed, including its region and IP address. This makes the affected VPN service virtually useless, as the user’s origin IP address can be connected to their activity on the target server.

User from Tehran, Iran

Another user from Tehran, Iran

Connection log of user from Khartoum, Sudan

In some cases, illicit sites were accessed from countries where viewing such content is an illegal and punishable activity.

Iranian user accessing adult content via the VPN

Additional user web activity log

User Support Messages

Included in the leaking server were multiple messages from users to the VPNs’ customer service agents, particularly those complaining about the lack of support and fraudulent charges from the VPN company itself.

Payment Information Logs

Sensitive Paypal API links were logged alongside the full names, emails, and addresses of users using this payment method with the assumption that it will be more secure. Those using cryptocurrency are also recorded in logs that identify them by their email and other identifiers.

Paypal payment log of a user based in the USA

Cryptocurrency payment log of a user based in France

Personally Identifiable Information

There was no shortage of this data in this server leak. It included:

  • Full names
  • Users’ home or work addresses
  • Users’ origin IP address as well as the IP address of the VPN server they connected to
  • VPN account login credentials (email, username, password)

This log shows the full names for both the account holder and payer – two different individuals, who are representatives of a foreign embassy based in Turkmenistan.

Internal Data & Logs

The server was also being used to store internal data from some of the VPNs, including entries from their Customer Relationship Management (CRM) software, as well as all of the activity between the VPN app users and the company’s platform (including registration, speed tests, password changes, etc.)

Summary

While I can’t say for sure that someone didn’t grabbed all of this data already, it’s incredible funny how we see VPN’s in general as our basic security when it all come crumbeling down on us.

And I got a feeling that it’s already leaked:
https://twitter.com/troyhunt/status/1284401324218445824
Troy Hunt uploading a new entry to an already big database.

We all have bad security practices but when we entrust a company (a security company nontheless) with our data, we expect it to be secure and that they follow their own guidlines/rules. Like the ‘No Logs’ policy.

Stay safe and always question everything.
/Carl

Linux bash script – mail when threshold increase of disk

Hi there!
Today at work I needed to use a script to send me a mail notification when the the disk was about to get full during an installation.

One could argue that I should’ve used some sort of bigger system like Nagios to get these messages, but in this scenario, this script that I wrote suits me better.

The script looks like this:

#!/bin/bash
CURRENT=$(df / | grep / | awk ‘{ print $5}’ | sed ‘s/%//g’)
THRESHOLD=75

if [ “$CURRENT” -gt “$THRESHOLD” ] ; then
mail -s ‘Disk Space Alert’ carl.skantz@carlskantz.se << EOF
Your root partition remaining free space is critically low. Used: $CURRENT%
EOF
fi

Where the “Current” variable looks at the disk and where “Threshold” is the percentage of disk being used.

For example in this script, when the disk is (-gt ‘greater than’) over the defined threshold it should use the command “mail” to send me a message of the current state.

Configure it the way you want it and change the email to your own.
Save it as whatever.sh then add it to crontab.

Easy huh? yeah.

/Skantz

Koppling av RJ45 (Notering för mig själv)

Kopplingen av en RJ45:a

Inkoppling av ledarna kan göras enligt två olika strukturer, där skillnaden är ordningen som ledarna placeras efter. De tekniska namnen på dessa strukturer är T568A och T568B där den sistnämnda är vanligast i Sverige. Vilken av strukturerna som väljs spelar ingen roll så länge kabeln får samma koppling i båda ändar.

Paren i en TP-kabel har varsin färg (orange, grön, blå och brun). Den ena ledaren är helfärgad och den andra är vit med ett streck av den aktuella färgen. Denna färgkodning används för att på ett enkelt sätt kunna särskilja de olika ledarna.

11-5_t568a 11-5_t568b

10/100 Mbps-koppling 1000 Mbps-koppling (gigabit)
Stift Namn Beskrivning Stift Namn Beskrivning
1 TX+ Sänd data + (par 2) 1 Data1 + Bidirectional data (par 1)
2 TX- Sänd data – (par 2) 2 Data1 – Bidirectional data (par 1)
3 RX+ Mottag data + (par 3) 3 Data2 + Bidirectional data (par 2)
4 Ej använd (par 1) 4 Data3 + Bidirectional data (par 3)
5 Ej använd (par 1) 5 Data3 – Bidirectional data (par 3)
6 RX- Mottag data – (par 3) 6 Data2 – Bidirectional data (par 2)
7 Ej använd (par 4) 7 Data4 + Bidirectional data (par 4)
8 Ej använd (par 4) 8 Data4 – Bidirectional data (par 4)