Threat Visualization

A way to visualize IP addresses and their countries of origin. Use it for web traffic, or hostile attacker. The difference between good and bad is the difference between red and green. See a daily generated copy here, and follow the links for the historical reports. I also decided to animate a year of the Artillery feed. Animation was done with PhantomJS(since it’s a JS render, not an image), and The GIMP, importing each image as a layer.
Read more

‘Cue the techsplainers’, or, how to antagonize domain experts.

I let out a long sigh as I read the following tweet: “Cue the techsplainers” Which may be in reference to this article. ‘splaining - The missing manual For those of you unfamiliar with the concept of “splaining”, it comes from the term “mansplaining”, in which a man will explain something to a woman because he feels that she’s incapable of understanding without his explanation. While this does happen, the pejorative term is used frequently by the regressive left as a way of dismissing any argument. It’s an attack, whether merited or not, on the person providing information, denoting them as an asshole. In this case, it’s the technically inclined assholes that could drop some knowledge on a lazy journalist that is being preemptively dismissed. The Backstory… This tweet in particular may be in response to an earlier post that I wrote, expressing my frustrations with the Halifax Examiner. This isn’t the first time that I’ve taken issue with the lazy reporting that’s in search of a sexy headline. Also, this particularly snarky comment may have nothing to do with that exchange, and Tim is just used to be taken to the mat for lazy technical descriptions and attempting to quell the comments by signaling how he will...
Read more

The Unencrypted iOS Kernel And You

Big-ish changes? So Apple has decided to ship an unencrypted kernel in iOS 10. What does this mean, and what are the practical considerations around this decision? Shipping an unencrypted kernel will now allow for the inspection of the code at the very core of the Apple device, something that we have not had the ability to do before. Apple is claiming that this will lead to a more robust patch cycle due to more eyes being able to spot bugs. Initial article from Technology Review. “What’s my motivation?”. Well, that is, indeed, the question. Apple does not currently have a bug bounty program, which leads to some very, potentially, poor outcomes. You see, researching software vulnerabilities can be very hard, and time consuming. People generally like to be compensated for their time and effort, and the idea that a company with more than 500 billion dollars in market capital doesn’t have a plan to compensate parties that find flaws in the core business isn’t palatable. Apple’s failure in this plan is in motivating people to disclose any security issues that they find… to Apple. The options of getting paid if you do find an exploit: Use a brokerage service like Zeroday Initiative, and see what the market will bear. Sell to the government, and...
Read more

Social Engineering construed as blackmail by Halifax Examiner

I fear that the need for salacious headlines from the Halifax Examiner has grossly misconstrued how social engineering works: So, say one of the city’s IT guys has a down-low life as a S&M fetishist; he’s not hurting anyone beyond his self-selected group of fellow BDSM enthusiasts, but still, it’s not the kind of information he wants Richard Butts or the other managers at City Hall to find out about. The city, however, will now hire a hacker to try to break into the IT guy’s Facebook account, discover that he’s a member of the private “Halifax Bondage” group, and then try blackmail the guy… This was in response to Halifax tendering a security assessment: Halifax Security Tender (PDF). While social engineering could technically include such things, it’s fanciful to think that the person conducting the vulnerability assessment would go to such lengths(also, this would be illegal, there is no permission to blackmail given!). This is analogous to draining a lake to catch a fish; sure - it works, but nobody is going to do it, unless, that is, they’re writing a Hollywood movie. The goal of the security assessment is to get inside the network, not destroy someone’s life. There are better, more fruitful, attacks such as: spear phishing, “found” USB key attacks with...
Read more