Category: Technology

On Ransomware, PNP and Infosec


“I’m so three thousand and eight
You so two thousand and late”
Boom Boom Pow, Black Eyed Peas

And so our beloved Philippine National Police Anti-Cybercrime Group (PNP-ACG) warned the Filipino citizenry about ransomware. Wow! I’m lost for words, so let me just sing a song from the the Black Eyed Peas instead

We have this quote/saying in Filipino “Huli man daw at magaling, naihahabol din!” So let me welcome the Philippine National Police, PNP-ACG to the Ransomware party! Habol na lang mga Boss Chief, kaya natin ito!

On the brighter side of things, I’m happy that our PNP finally gave some warning about the dangers of ransomware. I know they are doing their best in keeping up with the latest threats and cybercrime and as a responsible Pinoy infosec (information security) dude here in the Philippines, I support  them on these efforts.

On the geeky tech side of things, Ransomware started sprouting like mushrooms in the last 2~3 years (or maybe more). How do I know this one? I’m just lucky, because I eat malware for breakfast (almost every day) 🙂  I am very thankful that I am part of this wonderful team that helps protect the world from these types of online threats! I love you TM Team! 🙂

So when I read GMAnews article on PNP, Ransomware it brings back “senti” ransomware moments because if I remember it correctly, the first ransomware that caught my interest was the Bundespolizei Police Ransomware (around 2012). Bundespolizei is Germany’s Police force and that ransomware variant pretends to becoming from the German Police entity and it demands payments/ransom from the victims. More geeky details of the German police ransomware here . Police and ransomware always go together pala talaga! Hehehe!

I also promised on my some blogging thoughts  post that I will do something different on my blog this year so let me take this opportunity to launch (or re-launch) my infosec/security focused blog AVsecurityProductManager.com. I have posted a Ransomware inspired article there and this is a shameless plug so please visit me there too.

For more details about Ransomware please visit Trend Micro Ransomware info page

Before we end, some disclosure: I work at Trend Micro. The views expressed in this blog are mine and mine alone (and do not necessarily represent my employer’s positions, strategies or opinions). Read my about page on what I do.

WAUA: WordPress WP-ADMIN Bruteforce Attack

We Are Under Attack!!!”

That is what the orcs will shout (in their very unique husky and grunty voice) when the enemies attack their orc base in Warcraft 3.

That is also my topic of this post:

“WAUA!!!”

No I’m now screaming about the attack on my blog. I have this good mindset about threats and attacks: I don’t panic. I am also not feeling kawawa or wawa (poor victim in loose filipino translation) in this situation. I think I survived the onslaught of the attack and to spread some good vibes why not share some useful tips here at menardconnect.com 🙂  OK enough of the intro. Let’s get it on:

Late last month, this blog experienced some form of attack from malicious actors who-must-not-be-named. We all know I’m using WordPress, and some dudes out there are trying to login to this blog’s WordPress administration panel and do some brute force attack on  guessing my password. Simply put, this means some bad guys (I will collectively call it hax0r) are trying to pretend to be me (me, the website blog admin) and try to get into the wordpress admin console so that they can control the website and blog. More basic info on brute force attacks here.
I will not delve into the technical details of the attack , but in tradition of my good old free six video and free six series, here are six easy to-do tips and tricks that users/admins can do to prevent or better prepare themselves (blog owners) against these WordPress WP-ADMIN Bruteforce attacks.

1. Update your WordPress core files as soon as possible
Just like any software, WordPress have its own security flaws and it needs to get updated from time to time. Admins are advised that they should always update WordPress to the latest version, for more info on this go here. When a new version of WordPress is available admins will receive an update message in your WordPress Admin consoles.

2. Update your WordPress plugins too
Just like the wordpress core files, plugins needs to get updated too. If your blog relies on many plugins, do not worry because when a new version of WordPress plugins are available you will also receive message in the WordPress Admin console that its time to update. There are also automated update settings if you want to try it out.

3. Do not use Admin as the username of the administrator account.

Yes the hax0rs are trying to login via the “admin” username, but as a basic security practice, I disabled it every time create a wordpress blog. I suggest the you be creative. Use NIMDA instead!

4. Do not use your name as the blog admin username account
This piece is quite a revealing one, the hax0rs are trying to get in via the username menard. My name is public info in this blog, so they are clever and they tried it too. But luckily I did not use that name so I avoided that loophole in this admin account issue.

5. Discard unused wordpress themes and plugins
If you are not using the wordpress themes and plugins, do not keep it.  Delete it asap. This one caused me some issues several years ago, but my advise here is if you are not using any theme or plugin that theme or plugin should be deleted ASAP because these are like low hanging fruits for attackers.

6. Have good WordPress security plugins installed
Just like security softwares (antivirus, antimalware, anti-threat) for your PC, Macs, iPads, smartphones and other devices, wordpress blogs needs some security tools too. There are some good free wordpress security plugins that works well but I will try to share two: Login Lockdown and Sucuri .

Login lockdown locks the admin console after several failed attempts, a good old trusted plugin. A recent good addition to my security plugin arsenal is Sucuri Security- Auditing, Malware Scanner and Hardening, a free plugin and it has helped me detect this attack. How? See this…

email alert by sucuri

 

So I’m giving the good folks at Sucuri some love link here in my blog. Kindly go visit them at Sucuri

That’s all for now, i will try to share other tips in the future. Hope you liked my free six tips and tricks to combat WordPress Admin Brute-force Attack

Shellshocked: Some Bash #Vuln Useful Links

Last week, I was “literally” fooling around with the bash bug by reposting 9gag images about it 🙂

and mashing it up with old movie flicks:

but by the end of the week things are getting a little bit serious as my colleagues found some live malicious files in the wild

As part of the usual sharing of good tech info to my blog readers and friend and as part of public service of a responsible netizen, here are some cool links about this vulnerability:

Infographic from TrendLabs on the Bash Bug aka Shellshock vuln

Shellshock

Some useful links too below:

All image/link credits to Trend Micro, TrendLabs Security Intelligence Blog and CNN.

Before I end the post, the usual disclaimer/disclosure:
I work at Trend Micro. The information contained in this post is taken from Trend Micro website and TrendLabs Security Intelligence Blog. To know more on what I do full-time kindly visit my blog’s about page or visit my linkedin page. To read my blog’s disclosure policy, kindly visit my disclosure page.

For infosec, malware and tech (and not so techie) stuff, please follow me in Twitter 🙂

Twitter Analytics Online

Twitter launched some cool features last week.

Going to analytics.twitter.com will give you great metrics about your tweets and your followers.
For followers stats, it shows data about your followers interests (Top Interests and Most Unique Interests), location, gender and list tweeps your followers also follow.

menardconnect-twitter-analytics

For the tweets metrics, it highlights your tweets impressions and engagement data. Good visualization given the data is free.

menardconnect-twitter-analytics-tweets-

For the followers stats, I believe it’s already there as you check it out, but for the tweets metrics, you need to somewhat enable it (or login once into the analytics page) to start the population of data.

We might argue that these are geeky data points, but my personal take here is that in this interconnected world of social media this is good and interesting data (and quite possibly profitable too *hint* *hint*) .

No security issues so far but I will try to update this post (and my soon to be re-launched tech blog) if I find something new.

TrendLabs Security Intelligence Blog: RSA Conference 2014: The Way Forward

I recently attended an information security conference in San Francisco, CA, USA (hence some lull moments with the posting frequency for this blog late last month and early March). I was able to collect some insights and posted them in TrendLabs Security Intelligence Blog. TrendLabs posted it yesterday and so I am reposting it here at menardconnect.com:

RSA Conference 2014: The Way Forward

I attended the RSA 2014 Conference in San Francisco, which has held about two weeks ago. This year the conference offered new insights to today’s threat landscape, which will help us all plan for and protect users in 2014 and beyond.

Largest Security Conference of 2014

The attendance numbers for RSA are always impressive: this year had more than 25,000 attendees, 400+ sponsors and exhibitors, with more than 550 speakers. Such was the number of vendors that two large Exposition Halls – one each in the Moscone Center’s North and South buildings were used for vendor exhibits. The various sessions – including most of the technical track talks I attended – were in the Moscone West hall.

Earlier my colleague JM Hipolito shared her own thoughts about RSA; here is what I found most interesting there.

Opening Keynote: Finding a Path Forward in an Increasingly Conflicted Digital World

The Executive Chairman of RSA, Art Coviello, delivered the opening keynote. He gave his first public comment on the RSA and NSA controversy, as well as the need to separate the NSA’s offensive and defensive functions. But what I will remember most on his keynote is his call to governments and the security industry as a whole to adopt four guiding principles to help maintain a safer Internet for everyone:

  1. Renounce the use of cyberweapons, and the use of the Internet for waging war
  2. Cooperate internationally, in the investigation, apprehension and prosecution of cyber criminals
  3. Ensure that economic activity on the Internet can proceed unfettered and that intellectual property rights are respected
  4. Respect and ensure the privacy of all individuals

He also reiterated the need for the security industry and governments to work hand in hand to create a safer digital world that will benefit this and the generations to come. All of the guiding principles are all equally important, but I would like to highlight the first and second ones as being the most important.

The topic of cyberwar and cyberweapons is very sensitive, but I found the correlation between cyberweaponry and nuclear weapons compelling. I totally agree with Coviello’s statement that “we must have the same abhorrence to cyberwar as we do nuclear and chemical war.”

As for cooperation in prosecuting cybercrime, this is a topic where Trend Micro’s positions are well-known. We’ve frequently spoken about the need for researchers and law enforcement agencies to work together to prosecute the actual “threat actors”, as we believe that this is the most effective way to catch cybercriminals. These partnerships allow researchers and police to combine their strengths and ensure that Our efforts have netted effective results, most recently being the arrest of the creator of SpyEye.

Bitcoin Is Here: How to Become a Successful Bitcoin Thief

Uri Rivner of Biocatch and Etay Maor of Trusteer co-presented the one technical session at RSA dedicated to Bitcoins. They discussed the basics of cryptocurrency and how one can use it. They also discussed the usual use cases of Bitcoin: from creating a wallet and having your very own address, to filling the wallet with Bitcoins using an online Bitcoin exchange.

The highlight of the session for me was the a live demonstration of a hack using a SpyEye variant. In the demo, they performed a man-in-the-browser (MiTB) attack and stole the user’s Bitcoin from his wallet.

They also discussed the top cybercriminal activities that Bitcoin has been tied to. These include phishing attempts to steal Bitcoin-related website credentials, deploying RATs (Remote Access Trojans) to have direct access to desktop wallets, up to using botnets to mine Bitcoins (even though this is no longer particularly attractive).

They also explained why cybercriminals are interested in cryptocurrencies like Bitcoin. Because the cybercriminals believe that cryptocurrencies offers anonymity, they think that these will help in laundering money made from illegal activites. In addition, advanced services available in the cybecrime underground (like Bitcoin fogging services) may enable threat actors to further increase their anonymity tenfold.

In summary, the presenters said that Bitcoin is a new exciting frontier and encouraged everyone in the room to try and delve into it so that they understand its potential. They warned about the increasing phishing and malware attacks related to cryptocurrencies. They also pointed out that online Bitcoin exchanges and online wallets are low hanging fruit that may be a big opportunity for the cybercriminals. (The troubles of many online exchanges recently, including erstwhile leader Mt. Gox, have only reinforced this last point.)

The talk mirrored many of the points we have discussed. In December, we had discussed the possibility of Bitcoin’s then-record prices causing thefts of Bitcoin wallets. We had also earlier discussed how users can help secure their cryptocurrency. Overall, we share their sentiments: Bitcoin is the object of much potential, but is the subject of multiple threats as well.

Original Post from: RSA Conference 2014: The Way Forward

 

Definitely I will do a follow up post/s with my other insights on RSA, the keynotes and on Bitcoin. But not yet sure if it will be for menardconnect.com or my other tech blog.

Like my previous posts on RSA, I would like to convey my thanks to Jonathan and JM for their assistance with the article.

And of course some shout-out to my RSA 2014 buddies (Jamz, Malen, JM and Ian) for their ideas and thoughts that kept me sane in RSA. Another special shout-out to other pinoy AV dudes I’ve met in SF.

Lastly some disclosure:
I work at Trend Micro. The views expressed in this blog post are mine and mine alone and do not necessarily represent my employer’s positions, strategies or opinions.
To know more about me (work and other stuff), kindly visit my about page.
To know more about my blogs full disclosure policy, kindly visit my disclosure page

Until next post…

And so the Bangko Sentral ng Pilipinas (BSP), the Central Bank of the Philippines already issued an advisory on bitcoin and other cryptocurrencies.

Bitcoin.svg

 

Image Credit: Wikimedia Commons

I believe it’s a good and timely move. But reflecting back, there is really nothing new with this announcement (ok maybe for me and other crypto coins dudes and dudettes out there). But I will reserve my other personal commentaries for a future post.

For now here is the full text of the BSP’s advisory posted at the Bangko Sentral ng Pilipinas official website (http://www.bsp.gov.ph/) last week:

Warning Advisory on Virtual Currencies

03.06.2014

It has come to the attention of the Bangko Sentral ng Pilipinas (BSP) that virtual currencies like Bitcoin are now being exchanged in the Philippines. The public is hereby warned that such exchanges are not regulated by the BSP or by any regulatory authority in the country at this time. Thus, there are no existing regulations which would specifically protect consumers from financial losses if an organization that exchanges or holds virtual currencies fails or goes out of business. Moreover, there is no assurance that the value Bitcoin or any virtual currency would be stable. In fact, its value can be highly volatile.
The BSP will be closely monitoring developments on these virtual currencies particularly on their possible use for money laundering and other illegal purposes, and will adopt appropriate measures as needed.

In the meantime, the public is enjoined to familiarize themselves with some basic information on the subject. Further understanding can be gained through personal researches on the internet and other forms of media.

What you need to know about virtual currencies

A virtual currency is a form of unregulated digital money, meaning it is not issued or guaranteed by a central bank. It allows purchase of both virtual goods (such as in online gaming environments and social network) and real goods and services (such as in retailers, restaurants and other establishments). Unlike electronic money, which is backed by cash for 100% of its stored value, virtual currencies are not backed by any commodity like cash, gold or silver. Rather, they are merely valued subjectively according to one’s ability to exchange them for goods.

Things to think about before buying, holding or trading virtual currencies

  1. You can lose your money through a virtual currency exchange – Exchange platforms are unregulated. If a virtual currency exchange loses or fails, there is no legal protection that covers you for losses arising from any funds you may hold on the said exchange. At present, there have already been a number of cases where virtual currency exchange platforms have gone out of business or have failed.
  2. Virtual currencies in your digital wallet can get stolen – When buying virtual currencies, the same are stored in a “digital wallet,” on a computer, laptop, PC tablet or smart phone. This digital wallet makes use of public and private keys or passwords that allow you to secure your wallet. Still, there have been a number of reported cases whereby consumers lost large amount of virtual currencies from their wallets through hacking. Further, since virtual currencies do not have central organizations that hold and re-issue keys or passwords, losing the key or password to your digital wallet would mean losing your virtual currency forever.
  3. You are not protected when using virtual currencies for payment –Payments made through virtual currencies like Bitcoin are immediate, direct and non-reversible. Further, since the use of virtual currencies is not regulated, there are no existing regulations to protect you in case of unauthorized or incorrect debits made from your digital wallet.
  4. The value of your virtual currencies cannot be guaranteed and can change quickly – The value of virtual currencies has shown several sharp increases for the past year, and several sharp decreases as well. If you buy a virtual currency today, it is quite possible for its value to drop sharply and permanently the next day.
  5. Virtual currencies may be used for money laundering and other illicit activities – Virtual currencies provide consumers with high degree of anonymity and therefore may be used for money laundering and other illicit activities. This illegal use can affect you, as law enforcement agencies may decide to close exchange platforms and prevent you from accessing funds that the platform may be holding for you.

Full text can be found here . Special thanks to Lee Chipongian (@leechipongian) for the link.

I will write more about bitcoin (and maybe other cryptocoins) here at menardconnect.com soon so this will be a good starting post on this topic.

In the mean time, if you want to read more about bitcoins and malware, kindly visit TrendLabs Security Intelligence Blog.

On DOST-ICTO, PH Government Websites Security and PDAF Piggyback Conspiracy Theory

I stumbled upon some announcement via Official Gazette. It’s some sort of preso from DOST-ICTO discussing compromised government websites and the need for secure web hosting (see quoted text below). As much as possible I avoid writing about politics here at menardconnect.com. But just like with the RA 10175: Philippines Cybercrime Prevention Act, I will take some exception and write about it here as this topic got multiple intersecting interests of mine (haxing, infosec, security, and philippine politics). Quoting Official Gazette:

DOST-ICTO: Hacked government websites highlight need for secure web hosting

From the Department of Science and TechnologyInformation and Communications Technology Office
Published: August 26, 2013. Latest update: August 26, 2013.

The hacking of at least thirty government websites of supposedly local hacker groups sympathetic to today’s pork barrel protest action highlights the need for secure web hosting for government agencies and services.

DOST – Information and Communications Technology Office Executive Director Louis Casambre mentioned that: “This recent spate of website defacements goes to shows the serious need for the Government Web Hosting Service (GWHS ) especially since gov’t websites will more and more be leveraged to deliver public services.”

Administrative Order 39 (AO39) was enacted on 12 July 2013 mandating all national government agencies, government financial institutions, and government-owned and controlled corporations to have their websites hosted under the new GWHS which will be provided by the DOST ICT Office. “GWHS development is progressing and will be online as scheduled as per AO39.” Usec. Casambre Added.

The webpage defacements are deemed to be a protest action supporting the Million People March in Luneta. “No critical online services were affected and it seems that it wasn’t the intention of the community to cripple critical information dissemination websites and services of the government. We would like to request our hacking community not to target such sites.” said Casambre.

The Information and Communications Technology Office of the Department of Science and Technology is the Philippine Government’s lead agency on ICT related matters. Its primary thrusts are in the ICT Industry Development, eGovernment, ICT policy development, Internet for all and Cybersecurity

 

Read full text and links at

http://www.gov.ph/2013/08/26/dost-icto-hacked-government-websites-highlight-need-for-secure-web-hosting/

Now my personal comments and insights:
1. First, this is good news. Any move improving the security posture of the government (and government websites) is welcome news for me and a lot of Filipinos out there. I just hope that your agency continue this with concrete actions.

Now on to more serious stuff…
2. As The Black Eyed Peas song goes… “I’m so three thousand and eight, You so two thousand and late.” Yes, this announcement is so 2000 and late!!! As I tweeted earlier in twitter (“Huli man daw at magaling. LATE PA RIN“). Nuff said on the timing.

3. Trigger for this PR: Hacking of at least 30 government websites in relation to the recent pork barrel/PDAF protest actions.

Why single out the recent 30-ish defacements? Are you DOST-ICTO folks doing some piggyback on the popularity of pork barrel/PDAF protests and issue?

Piggyback and Pork BarrelAng galing pala ng word-combo ko kaya ilalagay ko sa title yung PDAF/Pork Barrel Piggyback Conspiracy Theory!!!
4. Quote and quote “We would like to request our hacking community not to target such sites“, said Casambre.
To Usec. Casambre, are you really sure you are requesting for this??? Official statement at request nyo po ba talaga ito? Baka kase misquoted lang.

5. RE: <DOST-ICTO> is the Philippine Government’s lead agency on ICT related matters. Its primary thrusts are in the ICT Industry Development, eGovernment, ICT policy development, Internet for all and Cybersecurity.
I am amazed by the keywords and buzzwords for this government office. “lead agency” + “primary thrusts” + “Cybersecurity“. But given the technical depth and logical reasoning  on this PR all I can say is “Oh my!!!”
Seriously, DOST-ICTO folks may need to rethink and re-strategize (and then synchronize the overall plan with the PR/Marketing machine). My 2 cents…

Before I end this post, some disclosure:
I work at Trend Micro. The views expressed in this blog post are my personal opinion and do not represent my employer’s positions, strategies or opinions.
To know more on what I do full-time kindly visit my linkedin page and my blogs about page.
To know more about my blog’s full disclosure policy, kindly visit my blog’s disclosure page.

Power User Group Shoutout: Mac Power User and DirectPass 2.0

Are you a Mac power user?

Do you want some free Trend Micro gift items?

Do you want some Sodexo Gift Checks?

If you’re answer is YES to the questions above, then I’ve got great news for you…

My teammates at TrendLabs will be having a Mac Power User event on Saturday, August 17, 2013 1pm-4pm. They are looking for tech-savvy Mac owners who would like to participate in some intensive and exciting testing with our Mac OS security solution, DirectPass 2.0, a password management solution.

directpass_boxshot

Image Credit: www.trendmicro.com

So what is DirectPass?

Trend Micro™ DirectPass™ is Trend Micro Password Manager solution. It manages website passwords and login IDs in one secure location, so users only need to remember one password. Other DirectPass features include: keystroke encryption, secure password generation, and a secure browser.

You think you fit that criteria for Mac Geek? then register via this surveymonkey link

All qualified participants who will attend the Power User event will get a Trend Micro gift item and Sodexo GC. If you are really lucky + uber-geeky and can find some critical bug, you might also win bigger prizes.

Registration closes on Friday August 16, 2013, 12 noon (GMT+8)

Feel free to forward this blog post to your friends (online and in-real-life), family members, relatives or classmates to share this wonderful opportunity with them. If you have Facebook/Twitter/Google+/Linkedin/etc, feel free to share/tweet/+1 this blog post too so that others can know about it.

And of course the traditional disclaimer at the end of the post:
I work at Trend Micro. This blog post is _NOT_ a paid post by Trend Micro. The information contained in this post is taken from Trend Micro Beta Team members. To know more on what I do officially full-time kindly visit my about page or visit my linkedin page. To read my blog’s disclosure policy, kindly visit my disclosure page.

On Cybercrime and Interpol

I am re-posting some news release from Interpol related to Trend Micro. This is about the collaborative efforts between the two organizations to support global law enforcement programs and combat cybercrime.

24 June 2013 – Media release
INTERPOL and Trend Micro to collaborate against cybercrime

LYON, France – INTERPOL and Trend Micro Inc. have announced that the security software leader is to collaborate with the world police body to support global law enforcement programmes to combat cybercrime. The announcement is the latest in INTERPOL’s efforts to boost the global fight against cybercrime by engaging with private sector leaders.

Following talks on Friday at INTERPOL’s General Secretariat headquarters between INTERPOL Secretary General Ronald K. Noble and Trend Micro’s Chief Executive Officer, Eva Chen, Trend Micro is set to deliver training programmes to INTERPOL, government and police agencies in various participating countries to address emerging digital crime at the national and international level.

Including expertise and best practices, training will encompass e-learning modules, classroom-based training sessions, workshops and professional certifications.

“We are honoured to have earned the trust of INTERPOL to provide our expertise to keep digital information safe while exposing illegal activities,” said Eva Chen, CEO, Trend Micro. “Our team is on the frontlines of the quickly-evolving threat landscape and we look forward to sharing our analysis and insight to support global law enforcement. Alignment between public and private organizations will play a critical role against cybercrime and it will take collaboration such as this to be successful.”

Trend Micro will also help support the development of an INTERPOL cyber alert by providing expert cyber-threat analysis at INTERPOL’s Global Complex for Innovation (IGCI) when it opens in Singapore in 2014. This cyber-specific alert created by the IGCI will be used to share information on cybercrime with not only the law enforcement community but also the general public.

“Due to the complexity of the cyber-threat landscape, investigation of cybercrimes is profoundly different in nature to traditional crime, requiring high-level technical expertise and large-scale cross-jurisdictional investigations,” said INTERPOL Secretary General Ronald K. Noble.

“It is essential that law enforcement collaborate across sectors with Internet security experts such as Trend Micro so as to develop the technical expertise, tools and infrastructure necessary to effectively combat cybercrime and enhance digital security.”

“INTERPOL’s collaboration with Trend Micro therefore marks another significant step towards forging a global alliance against cybercrime,” added Secretary General Noble.

The IGCI will act as an international hub against cyber-threats to identify trends, build capacity in cybercrime units, and facilitate international cooperation through a multi-stakeholder alliance, bringing together the respective expertise and resources from specialists in law enforcement, public institutions, the private sector and academia.

“An essential element of this strategy is the creation of strategic alliances with the information technology sector to help national law enforcement keep abreast of technology trends and develop effective countermeasures,” said IGCI Executive Director Noboru Nakatani.

As a research and development facility for the identification of crimes and criminals, the state-of-the-art IGCI will provide innovative training and operational support for each of INTERPOL’s 190 member countries.

Maybe I will post some additional personal commentaries here at menardconnect.com in the next few days. But for now let me just congratulate Trend Micro and INTERPOL for these wonderful collaborative efforts.

Related Stories:
Interpol Press Release
Trend Micro Press Release

Lastly some disclosure:

I work at Trend Micro. My posts here in menardconnect.com are my own personal views and does not necessarily represent my employer’s positions, strategies or opinions. To know more about me, kindly visit my about page. To know about this blog’s disclosure policy kindly visit my disclosure page.