CrowdStrike-Ukraine Explained

|
Trump's conversation with the President of Ukraine mentions "CrowdStrike". I thought I'd explain this.What was said?This is the text from the conversation covered in this“I would like you to find out what happened with this whole situation with Ukraine, they say Crowdstrike... I guess you have one of your wealthy ... Read More
Thread on the OSI model is a lie

Thread on the OSI model is a lie

|
I had a Twitter thread on the OSI model. Below it's compiled into one blogpostYea, I've got 3 hours to kill here in this airport lounge waiting for the next leg of my flight, so let's discuss the "OSI Model". There's no such thing. What they taught you is a ... Read More
Thread on network input parsers

Thread on network input parsers

|
This blogpost contains a long Twitter thread on input parsers. I thought I'd copy the thread here as a blogpost.I am spending far too long on this chapter on "parsers". It's this huge gaping hole in Computer Science where academics don't realize it's a thing. It's like physics missing one ... Read More
Hacker Jeopardy, Wrong Answers Only Edition

Hacker Jeopardy, Wrong Answers Only Edition

|
Among the evening entertainment at DEF CON is "Hacker Jeopardy", like the TV show Jeopardy, but with hacking tech/culture questions. In today's blog post, we are going to play the "Wrong Answers Only" version, in which I die upon the hill defending the wrong answer.The problem posed is this:YOU'LL LIKELY ... Read More

Securing devices for DEFCON

|
There's been much debate whether you should get burner devices for hacking conventions like DEF CON (phones or laptops). A better discussion would be to list those things you should do to secure yourself before going, just in case.These are the things I worry about:backup before you goupdate before you ... Read More
Why we fight for crypto

Why we fight for crypto

|
This last week, the Attorney General William Barr called for crypto backdoors. His speech is a fair summary of law-enforcement's side of the argument. In this post, I'm going to address many of his arguments.The tl;dr version of this blog post is this:Their claims of mounting crime are unsubstantiated, based ... Read More
WKRP in Cincinnati S03E22 Clean Up Radio Everywhere

Censorship vs. the memes

|
The most annoying thing in any conversation is when people drop a meme bomb, some simple concept they've heard elsewhere in a nice package that they really haven't thought through, which takes time and nuance to rebut. These memes are often bankrupt of any meaning.When discussing censorship, which is wildly ... Read More

Some Raspberry Pi compatible computers

|
I noticed this spreadsheet over at r/raspberry_pi reddit. I thought I'd write up some additional notes.https://docs.google.com/spreadsheets/d/1jWMaK-26EEAKMhmp6SLhjScWW2WKH4eKD-93hjpmm_s/edit#gid=0Consider the Upboard, an x86 computer in the Raspberry Pi form factor for $99. When you include storage, power supplies, heatsinks, cases, and so on, it's actually pretty competitive. It's not ARM, so many things ... Read More

Your threat model is wrong

|
Several subjects have come up with the past week that all come down to the same thing: your threat model is wrong. Instead of addressing the the threat that exists, you've morphed the threat into something else that you'd rather deal with, or which is easier to understand.PhishingAn example is ... Read More

Almost One Million Vulnerable to BlueKeep Vuln (CVE-2019-0708)

|
Microsoft announced a vulnerability in it's "Remote Desktop" product that can lead to robust, wormable exploits. I scanned the Internet to assess the danger. I find nearly 1-million devices on the public Internet that are vulnerable to the bug. That means when the worm hits, it'll likely compromise those million ... Read More