How to irregular cyber warfare

|
Somebody (@thegrugq) pointed me to this article on "Lessons on Irregular Cyber Warfare", citing the masters like Sun Tzu, von Clausewitz, Mao, Che, and the usual characters. It tries to answer:...as an insurgent, which is in a weaker power position vis-a-vis a stronger nation state; how does cyber warfare plays ... Read More
Notes on the Bloomberg Supermicro supply chain hack story

Notes on the Bloomberg Supermicro supply chain hack story

|
Bloomberg has a story how Chinese intelligence inserted secret chips into servers bound for America. There are a couple issues with the story I wanted to address.The story is based on anonymous sources, and not even good anonymous sources. An example is this attribution:a person briefed on evidence gathered during ... Read More
Mini pwning with GL-iNet AR150

Mini pwning with GL-iNet AR150

|
Seven years ago, before the $35 Raspberry Pi, hackers used commercial WiFi routers for their projects. They'd replace the stock firmware with Linux. The $22 TP-Link WR703N was extremely popular for these projects, being half the price and half the size of the Raspberry Pi.Unfortunately, these devices had extraordinarily limited ... Read More

California’s bad IoT law

|
California has passed an IoT security bill, awaiting the government’s signature/veto. It’s a typically bad bill based on a superficial understanding of cybersecurity/hacking that will do little improve security, while doing a lot to impose costs and harm innovation.It’s based on the misconception of adding security features. It’s like dieting, ... Read More
Debunking Trump's claim of Google's SOTU bias

Debunking Trump’s claim of Google’s SOTU bias

|
Today, Trump posted this video proving Google promoted all of Obama "State of the Union" (SotU) speeches but none of his own. In this post, I debunk this claim. The short answer is this: it's not Google's fault but Trump's for not having a sophisticated social media team.#StopTheBias pic.twitter.com/xqz599iQZw— Donald ... Read More
Provisioning a headless Raspberry Pi

Provisioning a headless Raspberry Pi

|
The typical way of installing a fresh Raspberry Pi is to attach power, keyboard, mouse, and an HDMI monitor. This is a pain, especially for the diminutive RPi Zero. This blogpost describes a number of options for doing headless setup. There are several options for this, including Ethernet, Ethernet gadget, ... Read More
DeGrasse Tyson: Make Truth Great Again

DeGrasse Tyson: Make Truth Great Again

|
Neil deGrasse Tyson tweets the following:I’m okay with a US Space Force. But what we need most is a Truth Force — one that defends against all enemies of accurate information, both foreign & domestic.— Neil deGrasse Tyson (@neiltyson) August 20, 2018When people make comparisons with Orwell's "Ministry of Truth", ... Read More
That XKCD on voting machine software is wrong

That XKCD on voting machine software is wrong

|
The latest XKCD comic on voting machine software is wrong, profoundly so. It's the sort of thing that appeals to our prejudices, but mistakes the details.Accidents vs. attackThe biggest flaw is that the comic confuses accidents vs. intentional attack. Airplanes and elevators are designed to avoid accidental failures. If that's ... Read More
What the Caesars (@DefCon) WiFi situation looks like

What the Caesars (@DefCon) WiFi situation looks like

|
So I took a survey of WiFi at Caesar's Palace and thought I'd write up some results.When we go to DEF CON in Vegas, hundreds of us bring our WiFi tools to look at the world. Actually, no special hardware is necessary, as modern laptops/phones have WiFi built-in, while the ... Read More

Some changes in how libpcap works you should know

I thought I'd document the solution to this problem I had.The API libpcap is the standard cross-platform way of sniffing packets off the network. It works on Windows (winpcap), macOS, and all the Unixes. It's better than simply opening a "raw socket" on Unix platforms because it takes advantage of ... Read More
Loading...