In terms of physical penetration testing (i.e., property and building access), a bright fluorescent safety vest and a hard hat will get you into a lot of places.

I’m doing cell site inspections this month under contract with a client. I’m carrying my Letter of Authorization with me, but I haven’t had to show it once. Three of the four sites I’ve visited were urban properties with people milling about.

At each property, after working for a few minutes I introduced myself, but I enjoyed doing the test to see if anyone would stop me and ask what I was doing there. And that Letter of Authorization? Even when I introduced myself, I never had to produce written proof. They took my word for it.

#CallMeIfYouNeedMe #FIFONetworks

Cybersecurity - Networks - Wireless – Telecom – VoIP

Microsoft can still surprise us. Yesterday a client scheduled for a remote support call at 9am today. The problem was that he was receiving error messages from Microsoft saying that his mailbox was almost full. At the appointed time I connected remotely to his computer, and watched while he pulled up the message. It was an email, rather than an in-app Outlook message, so the first thing I did was examine the header to make sure it was real (it was).

Here’s the surprise: Microsoft’s “mailbox full” messages come from an email account that has no DKIM signature and no DMARC policy! This is a classic first-blush clue that an email may be either malicious or spam.

Next, I looked at File – Options, and the in-app message was there, too, so it was indeed legitimate.

I enabled autoarchive, with message deletion from the mailbox after archiving, to fix the problem. BTW, I did this as a two-step process. First, I verified that archiving was working, and the location of the archive file. With that assurance, I enabled deletion from the mailbox.

So the issue was easy enough to fix – a simple configuration error – but, Microsoft, why are you using any email accounts with no DKIM signature and no DMARC policy? Set a good example for us!

#CallMeIfYouNeedMe #FIFONetworks

#TechSupport #HelpDesk #ServiceCall #Email

Cybersecurity - Networks - Wireless – Telecom – VoIP

You finally get a seat at the table, literally. You become a senior manager, or a director, or a VP. Now, you’re in the conference room, sitting at that table with a group of your peers for some regular weekly meeting.

Something feels off. You recognize an invisible wall, a barrier. You know that there are things you don't know about the culture, the relationships, the "way things work," and how change can be made to happen.

Here's one of the two-sided secrets of power that some people are brought up knowing, but that many people only experience from one side.

As a leader, you should be comfortable with expecting obedience. I chose my word carefully: you should expect obedience, not cooperation.

Have you experienced this kind of leader? They have some aura that radiates outward. They don’t say, “If it’s alright with you,” they just kindly and politely tell you what they want done. They know you’re going to do it, and you know you’re going to do it. They don’t ask your permission or approval. They’re not mean or demanding. They just tell you what they expect you to do, and on your side, you know you’re going to do it.

Obedience is how things get done. Obedience is required.

Cooperation is how the doer feels about the doing. Cooperation is desired.

Now, back to the conference table and that weekly meeting. You'll be asked to report on what got done. You won't be asked how the doers felt about the doing.

Your inner power, your inner confidence, in that hour at the table, comes from all that happened in the preceding week. And what happened in the preceding week is the direct result of your expectation of obedience.

Yes, be humble.
Yes, be grateful.
Yes, show appreciation.
Yes, reward the achievers.
Yes, grow and develop your team.
These things evoke cooperation from the good hires.

But always - always! - expect obedience.

You're the leader. In another week, you're going to be back at the table, and the person you report to will want to know what got done.

#CallMeIfYouNeedMe #FIFONetworks

#leadership #management

Cybersecurity - Networks - Wireless – Telecom – VoIP

Your Microsoft account password should never be the same as your email password. This is a Microsoft vulnerability that has been around for years.

BACKGROUND
This morning I received an email from a past client with a link to a document. We ended my last project on good terms, but they haven’t contacted me for a couple of years, so I was cautious (but not cautious enough, as you’re about to see). I looked up the contact’s email in my own Contacts and sent a new email to ask if the email with the link was legitimate. A minute later I received a reply, from the contact’s email address, saying “Yes, that was me, and it’s legitimate.”

WHAT HAPPENED NEXT
With that assurance, I opened the original email and clicked on the link. It directed me to a page that looked like it was from Microsoft, and prompted me to enter my email address. I did. Then, in what looked like a real Microsoft account dialogue box, it prompted me for my Microsoft account password. I entered it. It told me the password was incorrect, and everything stopped. The hyperlink to “try another way” was non-responsive.

I opened a new tab in Edge and logged into my Microsoft account, proving to myself that I did in fact have the correct password.

I sent a new email to the contact: “It won’t let me in.” No response.

I called my contact and left a voicemail. He called back and said, “It wasn’t me, sorry, the same thing happened to me yesterday and it sent out emails from my account.”

I logged into my Microsoft account, checked the login session history (it was clean), and changed my account password.

THE LESSON
Do you see the problem now? My contact’s email is through his company’s Microsoft account. His Microsoft account password and his email password are one and the same. That’s why the cybercriminal was able to send emails to all his contacts. There was probably also a little social engineering involved, in order to bypass his Microsoft MFA, but reusing the same password for MS email and the MS account is a long-standing Microsoft vulnerability.

If you know a way to separate the MS email and account passwords, please let me know, because I have a lot of clients that I’d like to make more secure by fixing this.

#CallMeIfYouNeedMe #FIFONetworks

Cybersecurity - Networks - Wireless – Telecom – VoIP

Now is a really good time to think about what information your company should have connected to the Internet.

Yesterday was a better time. Last year was better still. But, now is a really good time.

#CallMeIfYouNeedMe #FIFONetworks

#DataClassification #InformationPolicy #PrivateNetworks #AI

Cybersecurity - Networks - Wireless – Telecom – VoIP

Wi-Fi 7 is good – but not that good.

Over the weekend I replaced the wireless router for a small business in Washington State. It was an emergency replacement; they need it for several routine business functions. It turned out they didn’t have a spare. They took my advice and let me provide two routers, identically configured, so they can swap cables and get back online even when I’m not there.

The new routers I picked up were 802.11be, commonly referred to as Wi-Fi 7. The product literature says, “Leverage the power of WiFi 7 for speeds up to 3.6 Gbps at 1.2X faster than WiFi 6.”

Wait a minute. Hold up. Take a look at the ports on this thing: the WAN port is 2.5 Gbps, and the four LAN ports are 1 Gbps.

They’re not exactly lying, but you need to understand what’s going on, so you don’t have unrealistic expectations about Wi-Fi 7.

1) You can’t get Internet speeds higher than what’s provided by your ISP, and what your WAN port is capable of. Those are hard limits.

2) You can’t get wired LAN speeds higher than the ports and cabling on your wired devices are capable of. Those are hard limits.

3) On a wireless-to-wireless transfer, the physical port speeds don’t matter. BUT... that 3.6 Gbps number is only possible under laboratory conditions when two wireless endpoints are connected to each other on a single aggregated stream using all the radios: 2.4, 5, and 6 GHz. In a real-world home environment you’re more likely to measure 1, maybe 2, Gbps.

For a family of five, will Wi-Fi 7 perform better than Wi-Fi 6? It depends. Are you doing a lot of internal wireless data transfers, or is everyone constrained by the same 500 Mbps data rate from your ISP?

At your place of business, should you rip out twenty Wi-Fi 5 access points and spend the capital budget to upgrade the Wi-Fi 7 infrastructure? It depends. Let’s take a look at your data flows and usage patterns first to see if it could make a difference in your situation.

#CallMeIfYouNeedMe #FIFONetworks

Cybersecurity - Networks - Wireless – Telecom – VoIP

Here’s why the Wi-Fi coverage was inadequate in the Washington Hilton Hotel ballroom during the White House Correspondents’ Association (WHCA) annual dinner on April 25, 2026.

It’s not because the Hilton is being cheap. It’s simply physics. In this post, my goal is to help people who aren’t RF engineers understand why high-density Wi-Fi is so hard to get right.

BACKGROUND
The dinner was interrupted during the salad course by loud noises, and the Secret Service rushed into action. The President and many other people were evacuated and the building was secured. I was watching a Breaking News segment on TV. The journalist who was covering the event for the TV station I was watching was using a Wi-Fi VoIP connection to talk to the newsroom, and it wasn’t working very well.

It’s easy to say, “Wow, the Hilton should have better Wi-Fi in such an important ballroom,” but it’s not that simple.

WI-FI IS HALF-DUPLEX
Refer to the picture. The IEEE 802.11standard, more commonly called Wi-Fi, uses half-duplex communications. It’s bi-directional, but only works in one direction at a time. When the smartphone is transmitting, the Access Point (AP) is receiving, and vice versa.

The reporter I was listening to estimated that there were 1,500 people in attendance. This number may be low; the WHCA official report on the 2025 dinner lists 2,600 people in attendance, in the same ballroom. Television coverage inside the venue showed several guests using their phones to video record the scene. No doubt some of them were live-streaming, or at least attempting to.

In a modern football stadium (another high-density Wi-Fi environment), wireless APs are located under a seat or on a seat back, operate at low-power, and serve a small cluster of nearby seats. In a hotel ballroom this type of fixed arrangement is harder to do. We might imagine a low-power AP under every table (that would be wonderful!), but the tables aren’t permanent and it isn’t practical. Instead, the ballroom has APs with directional antennas mounted at various points on the walls and/or ceiling.

CONCLUSION
When the AP is receiving, and several phones transmit simultaneously, the AP gets interference and decodes very little. The 802.11 (Wi-Fi) standard isn’t designed to accommodate that scenario. The solution is to plan many low-power APs, each serving a very small area. This is difficult to do in an environment with moveable furniture for hosting different types of events.

#CallMeIfYouNeedMe #FIFONetworks +1 206-465-2422

Cybersecurity - Networks - Wireless – Telecom – VoIP

Recently I was given the contract to evaluate the Wi-Fi system in a huge, gargantuan building. Hundreds of feet in each direction, one big open space, thirty-foot ceiling. The existing system wasn’t working well, and my job was to make recommendations for improvement, or design the replacement system.

On the day of the initial site survey, I discovered that the wireless access points were mounted on the ceiling, pointing down. Not good! That will work fine in an office with a ten-foot ceiling. But not thirty feet.

This meant that the absolute best Wi-Fi service in the building was in the top half of the space, where there were no people, no computers, no smartphones, no IoT devices. Their system provided good coverage to randomly moving air molecules between fifteen and thirty feet above the floor.

Between three feet and six feet above the floor, where coverage really matters, there was massive interference caused by clear line-of-site to multiple wireless access points.

The situation reminded me of a conversation I had with another client some time ago.
Client: “How much will it cost?”
Me: “Do you mean for my analysis and design, or to fix the problem? Because the price of my services will be tiny compared to what it will cost you to implement the fix.”

#CallMeIfYouNeedMe #FIFONetworks

Cybersecurity - Networks - Wireless – Telecom – VoIP

This week I did an interesting data recovery task for a family. (This was a legal data access. The identities were verified). They were trying to put together a notification list for an upcoming funeral. They could tell the contacts in the person’s laptop were incomplete because names they knew should be there were missing. And the person’s Android phone, with Google Contacts, won’t directly sync to the email app on the laptop. They could go through the phone contacts one at a time, but, was there an easier way?

Yes, there is.

In this case, it was an Android phone. Refer to the picture.

You can export the Google Contacts to a single .vcf file (vcf is an abbreviation of an abbreviation. It stands for vCard File, and vCard is short for Virtual (Business) Card).

People sometimes think that a .vcf file is a single contact, but a .vcf file can contain multiple contact records. It can be quite large and contain hundreds, even thousands, of contacts.

You can view some of the information with any text editor like Notepad. To easily view all of the information, import the .vcf file into a new or existing address book in an email program.

SUMMARY
For this client, the solution was to export the contacts as a .vcf file from the phone, import the .vcf file into the contacts in the computer, and merge duplicates. Now they have a relatively complete list of contacts in one place, and they can manage announcements and invitations using a full-size keyboard.

The client is in another state. A family member did the steps while I coached them over the phone.

#CallMeIfYouNeedMe #FIFONetworks

#TechSupport #RemoteSupport #HelpDesk

Cybersecurity - Networks - Wireless – Telecom – VoIP

“If You Used an Android Mobile Device to Access the Internet Through a Cellular Network at Any Time from November 12, 2017 to the Present, . . . You Could Get Money from a $135 Million Settlement.”

“The Plaintiffs allege that Google’s Android operating system causes Android mobile devices to transfer a variety of information to Google without users’ permission, consuming users’ cellular data from their cellular data plans. Plaintiffs allege that certain transfers occur in the background, without any notice to the user, including when the devices are in a completely idle state, meaning they are not in use or being touched, with all apps closed. Plaintiffs allege that even though Google could make it so that these transfers happen only when the devices are connected to Wi-Fi, Google instead causes these transfers to sometimes take place over a cellular network. Plaintiffs allege that Google’s unauthorized use of their cellular data violates the law...”

Google got in legal trouble for an activity that violated the Software Developer’s Code of Ethics that I published on August 28, 2016 (available on the FIFO Networks website). Turns out, their action was not just immoral, it may also be illegal. Of course, they denied doing anything wrong.

#CallMeIfYouNeedMe #FIFONetworks

Cybersecurity - Networks - Wireless – Telecom – VoIP