"I know why you did it. I know you were afraid. Who wouldn't be? War. Terror. Disease. There were a myriad of problems which conspired to corrupt your reason and rob you of your common sense. Fear got the best of you and in your panic, you turned to the now High Chancellor Adam Sutler. He promised you order. He promised you peace. And all he demanded in return was your silent, obedient consent." - V - V for Vendetta
I try not to talk politics too often because it's a came you can't win. Usually both sides are passionate for their cause and will never be swayed to think one way or the other. But I felt the need to comment on the recent revelation that the NSA received approval to pull meta-data for about 3 million subscribers at Verizon Wireless. Under normal circumstances this would require that at least one of the parties be outside of the country, but in this case it was allowed to be American to American, all in country phone calls. Now I will note that since it was meta-data, the only information received was the numbers involved, the length of the call, and location of said call. They were not recording the substance of the conversation (not that it sets me at ease).
Generally, what would occur, is if enough "evidence" was gathered from the meta-data then an actual warrant for the substance of the conversation would be sought. I tend to believe that if they believed anything was to the conversations the telco's would merely receive a National Security Letter and probably comply with the request. Today we learn even more in regards to the fact that it's not just the telco's (don't think AT&T, T-Mobile, et al didn't get the same requests), but several online companies are also providing information of substance. I think we'll slowly learn how deep the rabbit hole goes at some point.
But my main reasoning for this article is in regards to the fact that I tend to believe something is fowl in the state of Denmark when both parties agree with what is happening. All week we heard about how everything was above board and legal. The proper oversight and proper people knew what was happening and had no issues about it. The proper oversight? A secret court with judges no one really knows saying yay or nay to what is presented to them. How exactly do you get your right to a fair trial if you never go to court? What about innocent until proven guilty?
I laughed because in discussing this with a family member they replied that they had nothing to hide so why worry about? The issue is with the silent consent you say yes to everything after that. Slowly more and more rights will be eroded for the sake of security. One Senator stated that this program stopped one terrorist attack, but didn't name what the attack was. It's honestly no different then saying the firewall is working without ever checking the logs and being able to show to the boss what was blocked.
It's time we think about exactly how silent we want to be....
Friday, June 7, 2013
Tuesday, May 28, 2013
Social Engineering Made Easy
In my spare time I really enjoy watching movies. Usually, a comedy or something sci-fi related, just something I can veg out to for two hours to get out of my own head. But every so often you come across a film that still sucks you into work a bit. There is always a war when it comes to "hacking" movies usually along the lines of how likely things that happen are. Social Engineering isn't a topic you'll find a ton of movies directly related too. Look hard enough however and you will find them!
When ever discussing social engineering I always like to point out Beverly Hills cop. Throughout all three films Axle Foley gets into and out of situations through social engineering. Whether pretending to be in the Secret Service to shove away a nosy bartender or pretending to be a Customs official to get into a bonded warehouse. The piece connecting all of this is social engineering. Now it has been awhile since a newer film has broached the topic, but last night I saw one.
Identity Thief tells the story of a man named Sandy who has his identity stolen by a woman in Florida. Throughout the film you see this woman social engineer her way through various situations. She has a story for every event and it's amazing to see it work. Obviously, it's a film so it is going to work, but I'd honestly say that in most cases people wouldn't think twice about it.
I firmly believe one needs to merely have a pack of gum, a pack of cigarettes, and a smile to get into any area. The weakest link in any chain will always been the human factor. It is for this very reason that I've always promoted just asking a question. It could make all the difference in the world if you just stop and ask "can I help you?"
When ever discussing social engineering I always like to point out Beverly Hills cop. Throughout all three films Axle Foley gets into and out of situations through social engineering. Whether pretending to be in the Secret Service to shove away a nosy bartender or pretending to be a Customs official to get into a bonded warehouse. The piece connecting all of this is social engineering. Now it has been awhile since a newer film has broached the topic, but last night I saw one.
Identity Thief tells the story of a man named Sandy who has his identity stolen by a woman in Florida. Throughout the film you see this woman social engineer her way through various situations. She has a story for every event and it's amazing to see it work. Obviously, it's a film so it is going to work, but I'd honestly say that in most cases people wouldn't think twice about it.
I firmly believe one needs to merely have a pack of gum, a pack of cigarettes, and a smile to get into any area. The weakest link in any chain will always been the human factor. It is for this very reason that I've always promoted just asking a question. It could make all the difference in the world if you just stop and ask "can I help you?"
Wednesday, April 24, 2013
Bitcoin
Obviously, at least as long as you haven't lived under a rock, you've heard of Bitcoin. Long story short, an unknown gentlemen (or group) developed a currency based off crypto sequence. It is meant to be "anonymous" (albeit you do need to do some work to make that possible) and there are two factors that make it different then say the dollar or the British Pound. One, there is no central bank. Coins are minted through mining and traded. The max that can be mined is 21 million, once that number is reached no more can be created. Second, it is completed digital and all transactions are kept in a ledger. No names are exchanged, the currency is merely sent to addresses. Its up to you to secure your address.
From a security stand point this is the ultimate currency to carry. No names, no central authority, and you can carry you cash with you (no need to store it online thus even more secure). The main issue right now would be the flux in the market. One can purchase Bitcoins, but again the price is ever changing. Two weeks ago it reached about $236 usd for one Bitcoin. This was due to the supposed plan for the government to seize funds from bank accounts in Cyprus (that plan has since been scrapped). It quickly dropped to $50 usd for one Bitcoin. At this point, the largest exchange, shutdown for 12 hours to allow things to cool off. Currently it is trading for $143 usds.
From a law enforcement perspective this is a force that may prove difficult to deal with. The infamous Silk Road operates in Bitcoins. Also, the biggest point, is most crime is about money and following the money solves many cases. What do you do when you can't follow the money? Coins can be kept offline and there are numerous ways to fund a trading account without needing a bank account. From there you will have to resort to old school detective methods if you are lucky enough to find out where they sent the cash from. I suspect most criminals would use a mule to send the cash and they might not even know who they are dealing with.
From a security stand point this is the ultimate currency to carry. No names, no central authority, and you can carry you cash with you (no need to store it online thus even more secure). The main issue right now would be the flux in the market. One can purchase Bitcoins, but again the price is ever changing. Two weeks ago it reached about $236 usd for one Bitcoin. This was due to the supposed plan for the government to seize funds from bank accounts in Cyprus (that plan has since been scrapped). It quickly dropped to $50 usd for one Bitcoin. At this point, the largest exchange, shutdown for 12 hours to allow things to cool off. Currently it is trading for $143 usds.
From a law enforcement perspective this is a force that may prove difficult to deal with. The infamous Silk Road operates in Bitcoins. Also, the biggest point, is most crime is about money and following the money solves many cases. What do you do when you can't follow the money? Coins can be kept offline and there are numerous ways to fund a trading account without needing a bank account. From there you will have to resort to old school detective methods if you are lucky enough to find out where they sent the cash from. I suspect most criminals would use a mule to send the cash and they might not even know who they are dealing with.
Tuesday, April 16, 2013
Boston
First, my sympathies go out to all those effected by the bombings in Boston yesterday. We will learn more and more each day, but honestly regardless of who did it innocent lives should never be taken. Everyone has grievances with one group or another this doesn't require murder to get your point across. But let me step down off the soap box.
Today's post would be in regards to misinformation. News station are in the business of being first regardless of how accurate the information is. Had this happened in the 50's or 60's, I suspect the initial reports would have amounted to merely there was a bombing and they are awaiting confirmed information. Initially, reports were of dozen killed and officially now it is three (that does not discount the three poor souls who died and will be forever missed). This plays exactly into which ever group performed this act of terrorism.
The other issue I have is with the initial report that cellular companies and perhaps even law enforcement had cut cellular service. Obviously, the initial belief was that these devices were set off via cell phone. This is the normal tactic when dealing with an IED. Law enforcement, having received information from military EOD teams, would know that most IED's are now setup to go off if a signal is cut off. In the haste of being first, the news decided to not look at the obvious reason for cellular service going down....large load.
Each of the cellular companies reported a large spike in the use of service (I wonder why that might be?). If you've ever tried to make a call on New Years you know exactly the issue, everyone is trying those some calls don't make it. Same goes for an emergency situation, everyone is attempting to contact love ones to let them know they are ok.
To make some use of this post, cellular companies have suggested a number of things to do during emergency situation:
1. Send texts - Texts us vastly fewer resources and stand a much better chance of reaching your loved ones
2. Wifi - If possible (and there stands a good chance) connect to wifi and use a third party messaging service (Facebook, Google, etc)
Stay safe.
Today's post would be in regards to misinformation. News station are in the business of being first regardless of how accurate the information is. Had this happened in the 50's or 60's, I suspect the initial reports would have amounted to merely there was a bombing and they are awaiting confirmed information. Initially, reports were of dozen killed and officially now it is three (that does not discount the three poor souls who died and will be forever missed). This plays exactly into which ever group performed this act of terrorism.
The other issue I have is with the initial report that cellular companies and perhaps even law enforcement had cut cellular service. Obviously, the initial belief was that these devices were set off via cell phone. This is the normal tactic when dealing with an IED. Law enforcement, having received information from military EOD teams, would know that most IED's are now setup to go off if a signal is cut off. In the haste of being first, the news decided to not look at the obvious reason for cellular service going down....large load.
Each of the cellular companies reported a large spike in the use of service (I wonder why that might be?). If you've ever tried to make a call on New Years you know exactly the issue, everyone is trying those some calls don't make it. Same goes for an emergency situation, everyone is attempting to contact love ones to let them know they are ok.
To make some use of this post, cellular companies have suggested a number of things to do during emergency situation:
1. Send texts - Texts us vastly fewer resources and stand a much better chance of reaching your loved ones
2. Wifi - If possible (and there stands a good chance) connect to wifi and use a third party messaging service (Facebook, Google, etc)
Stay safe.
Thursday, April 11, 2013
Hide That Number!
iPhone users tend to get the best apps first and I can understand it. Single platform, easy to get started, and money to be made. But eventually companies branch out and say "hey, it's time we make it for Android." The mobile sphere is my baby and I like to look at the security angle. Yesterday, a very interesting new app was released that should really be useful in the security arena. First, a little background.
A "burner" is a prepaid phone that you use for a period of time and then ditch. You can buy them just about anywhere, for around $20 to $30 bucks and usually come with a few minutes. You have the option to refill the phone with minutes and so you can control your bill. The phone is very popular with the criminal types because they can make the call or send a text, then toss the phone. Law enforcement can't track a phone that keeps changing.
Now, this is all well and good, but it's inconvenient. A number of states have enacted laws requiring photo id to purchase the phones (not that it stops anyone). But what if I just wanted one phone, but a changing number? Say hello to the Burner app. Install the app on your phone and then you simply hit a button to create a new number. You can make or receive calls/texts to this number. You purchase the amount of minutes and/or texts you want. When you're done, simple "burn" the number and when the person calls it they get a "sorry the number you have dialed..." Pesky guy at the bar? Just get a burner and give him the number. Cranking someone you don't like? Hello burner!
Obviously, if law enforcement puts a request for info in to the company they will comply and then you'll have issues. But if you are trying to hide from an abusive ex or perhaps some fear this can help you sleep at night.
A "burner" is a prepaid phone that you use for a period of time and then ditch. You can buy them just about anywhere, for around $20 to $30 bucks and usually come with a few minutes. You have the option to refill the phone with minutes and so you can control your bill. The phone is very popular with the criminal types because they can make the call or send a text, then toss the phone. Law enforcement can't track a phone that keeps changing.
Now, this is all well and good, but it's inconvenient. A number of states have enacted laws requiring photo id to purchase the phones (not that it stops anyone). But what if I just wanted one phone, but a changing number? Say hello to the Burner app. Install the app on your phone and then you simply hit a button to create a new number. You can make or receive calls/texts to this number. You purchase the amount of minutes and/or texts you want. When you're done, simple "burn" the number and when the person calls it they get a "sorry the number you have dialed..." Pesky guy at the bar? Just get a burner and give him the number. Cranking someone you don't like? Hello burner!
Obviously, if law enforcement puts a request for info in to the company they will comply and then you'll have issues. But if you are trying to hide from an abusive ex or perhaps some fear this can help you sleep at night.
Wednesday, April 10, 2013
Python Gear Up!
Been doing a bit of soul searching and attempting to see where my future lies. I met up with my college room mate on Sunday and we shot the breeze for a number of hours (with a nice mix of whiskey and cigars, since we have jobs). I'd be reading more and more about DevOps...he just so happens to work in DevOps. He also happens to be a Python master and was happy to show me some of the awesome things he'd been working on. The funny thing is, he said to me what many in the industry have said, don't worry about the degree just start programming.
I've been interested in Python for sometime now (as you know with my SPSE post) and it's time to complete it. Obviously, the cert is just a bonus because I want to know it! But definitely making the dive so I can hopefully move onto bigger and better things!
I've been interested in Python for sometime now (as you know with my SPSE post) and it's time to complete it. Obviously, the cert is just a bonus because I want to know it! But definitely making the dive so I can hopefully move onto bigger and better things!
Thursday, March 28, 2013
Facebook Trumping Your Privacy! (Facebook Last Active)
A coworker came over to me today and was laughing about a feature he found on the Facebook App for iPhone. Seems they added the ability to see the last time the person was active when you click on their name within the messaging app. On the iPhone your will see "Last Active" and get a time (now, minutes, hours, etc). Creepy right? A quick Google search shows that there doesn't appear to be a way to stop this. Ah, but given sometime I found a solution.
First, you can just turn the "Chat" feature off completely and the problem is solved. Obviously it's not the optimal fix for this issue, especially if you use the chat feature. Thus we have option two:
1. Login to Facebook
2. In the "Chat" window on the bottom right, click on the Gear (Options)
3. Select "Advanced Settings"
4. You then are presented with three options:
- "Turn on chat for all friends except..." - Here you select the people you don't want to see the last
active
- "Turn on chat for only some friends" - Here its off for everyone, but the people you select to have it
on
- "Turn off chat" - Just turns it off
So if you have a creeper and they are a "friend" put them on the list so they don't see when you were last active.
First, you can just turn the "Chat" feature off completely and the problem is solved. Obviously it's not the optimal fix for this issue, especially if you use the chat feature. Thus we have option two:
1. Login to Facebook
2. In the "Chat" window on the bottom right, click on the Gear (Options)
3. Select "Advanced Settings"
4. You then are presented with three options:
- "Turn on chat for all friends except..." - Here you select the people you don't want to see the last
active
- "Turn on chat for only some friends" - Here its off for everyone, but the people you select to have it
on
- "Turn off chat" - Just turns it off
So if you have a creeper and they are a "friend" put them on the list so they don't see when you were last active.
Subscribe to:
Posts (Atom)