Did you ever notice a politician will never say "war" when it's an actual war. They like "police action", "reconnaissance in force", "interdiction", etc. They use it all the time though for items they want you to rally behind like the War on Drugs, the War on Poverty, and the War on Obesity. Why are they so keen on calling that which is, anything but? However for that which isn't, they stop just short of naming it genocide? It's the same reason a car dealer uses "certified pre-owned" instead of "used". One conjures thoughts of an almost-new vehicle. The other is makes us feel like we are going to spend the next 6 months just getting the smell of farts out of there. I wish the government had as much zeal in naming laws and departments honestly as they do in food labeling.
This same nonsense is true with the term "cyber warfare". I am still trying to remember the last time someone was cyber'ed to death. Was there ever a time where we had to drape a flag over a Dell Optiplex and bury it at Arlington? Are we giving out Silver Stars to the guys pushing "Enter" in the Metasploit-console window? They are on the cyber-front, using cyber-arms. Should they be denied their due commendations and VA benefits? Surely not, if we are being at all consistent between our words and actions.
What we have here is a new dynamic in the field of salesmanship. We can gin up a scare with no casualties, and get millions of dollars in return. We can receive accolades and promotions with absolutely no risk of battlefield losses outside of the occasional ESX server running too hot. This is a win-win solution for the politically inclined and the cyber-salesman. One convinces the other more money is needed, they both get to reap the rewards sans a crying widow(er).
I am not saying we shouldn't take threats in the cyber domain seriously. I am also not saying it should be absent from an intelligence operation. I simply don't think we ought to treat it even remotely the same as we do a bomber or an AK-47. Ask a serviceman sometime if they ever lost someone close due to a malicious email attachment or PDF. And yes, there are different levels of service to your country. Being a linguist at Fort Meade your whole career is not the same as being an asset in-country. Piloting a drone is not the same thing as flying an F-16, but is something a 16-year old can probably do. (I don't allow comments, so whine to your Facebook or the Twitter-verse) Finally, being a "cyber warrior" is not the same as being front-line infantry; no matter how many air-conditioned Commander's Calls pats on the back there are. (Please see my previous comments on whining).
Let's leave the computer security field as what it is; an exercise in risk-mitigation and intelligence gathering. This way we can talk in a non-hyperbolic manner about the subject. We can discuss flaws and methods openly without fear of Wassenaar or other hastily put together Federal dictum. There's nothing wrong with a firm selling services that reduce their odds of revealing user information. It is a mutually beneficial transaction. We get money, they get some assurance their business isn't flying blind against potential theft. If we are terrible at our jobs, we lose them to a better competitor or have to compensate the client for negligence on our part. This is a business, not a war with winners and losers. Those who wish to label it so seek to increase profits on the back of a lie. Their time would be better spent on improving security products instead of practicing pomp and political posturing.
Friday, July 17, 2015
Monday, July 6, 2015
Yes, I did delete my LinkedIn Account and here is sort of why
Maybe one day I will entertain you all with the tale of the final profile deletion decision. Long story made somewhat shorter, though not as short as it could be considering the length of this run-on sentence, it was too much work for too little gain and ZERO enjoyment.
While we are on the subject of popularity and visibility on the web, let me share with you a story from a gaming convention I attended. It was a great time, with several speakers of some renown. There was one illustration of the ethereal nature of online fandom which stuck. It gave me pause for pondering upon the nature of social media. One of the individuals at the conference was a person who had a following so vast, the line was full an hour before the talk just to get in! Once we were inside, I could see why. The fellow had a gimmick. He had charisma. He surrounded himself with a team that made each of them more interesting. I had no regard for what they did; little desire to watch their show, but damn it all I respected the clear ability to pull an audience. I could see why the audience liked him immediately. One person asked for a hug, and another cried while telling the presenters how they had pulled her from a deep depression. These were devotees. They had a trust and admiration for these guys that warranted the million or so followers in their thrall. I said as a matter of study, "man, what are they doing right?". Was it polished public speaking which garnered this much enthusiasm? Does the very personable presence of this panel demand adulation and attention?
Whispers in the wind tell us of the ability Reagan had to draw folks into his sphere of thinking. Books have been written on the way Lombardi and Hank Stram inspired their teams to victory. Millions followed and cherished their leadership. Their faces were enshrined in buildings and on trophies. Here we had a man, who thousands watched day-in and day-out. Surely this man would be readily identified by his fans. THIS man would never know a moments peace from those he touched; no respite from the rooms he roamed with recurrence. His face was all over the Internet, a far greater expanse than the largest library, or stadium in any era.
Here we enter an event party, held off-site. The place was not terribly crowded. It held plenty of spots to spy even the smallest subject from across the space. I was in attendance along with my comrades smart enough to follow a Twitter link, when I saw something I could not believe. I found that beloved Internet sensation. I saw his face. I saw his attire. I knew it was him, yet at the same time I thought I may be mistaken. Alone. He was alone. Alone? Not possible. I double-checked my conclusion with a colleague who confirmed my eyes were not in conflict with my brain. Not only was this person solo, but he was CONSISTENTLY solo. Six or seven times that night I recall wanting to extend a hand or buy a drink. I simply couldn't do it. I felt odd. It felt wrong. This should not be. After all of that fanfare and all of the accolades...nothing. There was no effort at disguise, I only met the guy that afternoon and could ascertain that was indeed him with a glance. Surely a fan or two could be seen in tow?
There was not a soul, however. Neither groupie nor follower to be had. A social media masterpiece was right in front of us without so much as a munificent man with a mojito waiting? The line was out-the-door to even hear him speak only a few hours ago. A perfect opportunity had presented itself to probe his profundities. That is when the whole concept of second life started to form for me. The fame is more fleeting than ever. It is a contradiction. There is a much greater spread of viewership, but you are forgotten at thrice the speed. It's almost as if the virtual world, and all it encompasses, is just that. Virtual. The applause is abbreviate. No one cares once the show is over, even if it will resume the next day. You have to be there everyday, every minute, and on every screen. Anything less, is pointless. A single slip results in online oblivion.
Here I was, looking at my LinkedIn profile and its sub-par performance I hated having the account almost as much as my long-forgotten Facebook phase. I received nothing from the reams of data and insights I had supplied to the business beast regarding my profession. Insights, by the way, for which I have someone eagerly paying an hourly wage to supply. I was giving recruiters a one-stop-shop for similarly qualified persons without deriving any monetary benefit from the transaction. I was forced to acknowledge that the whole exercise was a benefit to everyone but those who matter most; myself along with those I wished to help with my advice. It was actually sort of an insult, to be frank. I was a piker in terms of visibility compared to the virtual-virtuoso I encountered at that party, yet I was spitting in the wind here. Why participate in this network if someone so celebrated in cyberdom could be forgotten in less than a couple blocks from the conference?
This blog is a recording of my thoughts and research which I wish to share with you all without feeling like it is a professional obligation. I have fun posting here...mostly because I can say "Fuck" ad infinitum just like I do at SAHA!. The preceding tale isn't one of sour grapes, only an acknowledgement of the necessity to live in reality. Do what you enjoy because you enjoy it. If you do it for an increase in views, why are you doing it? You will be virtually vacated, nothing but data dust in the end. Instead of that, switch it up. Be the fine fragments people will look upon fondly before discarding you in the digital dumpster.
Next blog post will be another feast for the sarcastic eye about our chosen field. The one after that will probably be a return to computer vision with a new-and-improved method I showed at SAHA!
XOXO
-vesh
While we are on the subject of popularity and visibility on the web, let me share with you a story from a gaming convention I attended. It was a great time, with several speakers of some renown. There was one illustration of the ethereal nature of online fandom which stuck. It gave me pause for pondering upon the nature of social media. One of the individuals at the conference was a person who had a following so vast, the line was full an hour before the talk just to get in! Once we were inside, I could see why. The fellow had a gimmick. He had charisma. He surrounded himself with a team that made each of them more interesting. I had no regard for what they did; little desire to watch their show, but damn it all I respected the clear ability to pull an audience. I could see why the audience liked him immediately. One person asked for a hug, and another cried while telling the presenters how they had pulled her from a deep depression. These were devotees. They had a trust and admiration for these guys that warranted the million or so followers in their thrall. I said as a matter of study, "man, what are they doing right?". Was it polished public speaking which garnered this much enthusiasm? Does the very personable presence of this panel demand adulation and attention?
Whispers in the wind tell us of the ability Reagan had to draw folks into his sphere of thinking. Books have been written on the way Lombardi and Hank Stram inspired their teams to victory. Millions followed and cherished their leadership. Their faces were enshrined in buildings and on trophies. Here we had a man, who thousands watched day-in and day-out. Surely this man would be readily identified by his fans. THIS man would never know a moments peace from those he touched; no respite from the rooms he roamed with recurrence. His face was all over the Internet, a far greater expanse than the largest library, or stadium in any era.
Here we enter an event party, held off-site. The place was not terribly crowded. It held plenty of spots to spy even the smallest subject from across the space. I was in attendance along with my comrades smart enough to follow a Twitter link, when I saw something I could not believe. I found that beloved Internet sensation. I saw his face. I saw his attire. I knew it was him, yet at the same time I thought I may be mistaken. Alone. He was alone. Alone? Not possible. I double-checked my conclusion with a colleague who confirmed my eyes were not in conflict with my brain. Not only was this person solo, but he was CONSISTENTLY solo. Six or seven times that night I recall wanting to extend a hand or buy a drink. I simply couldn't do it. I felt odd. It felt wrong. This should not be. After all of that fanfare and all of the accolades...nothing. There was no effort at disguise, I only met the guy that afternoon and could ascertain that was indeed him with a glance. Surely a fan or two could be seen in tow?
There was not a soul, however. Neither groupie nor follower to be had. A social media masterpiece was right in front of us without so much as a munificent man with a mojito waiting? The line was out-the-door to even hear him speak only a few hours ago. A perfect opportunity had presented itself to probe his profundities. That is when the whole concept of second life started to form for me. The fame is more fleeting than ever. It is a contradiction. There is a much greater spread of viewership, but you are forgotten at thrice the speed. It's almost as if the virtual world, and all it encompasses, is just that. Virtual. The applause is abbreviate. No one cares once the show is over, even if it will resume the next day. You have to be there everyday, every minute, and on every screen. Anything less, is pointless. A single slip results in online oblivion.
Here I was, looking at my LinkedIn profile and its sub-par performance I hated having the account almost as much as my long-forgotten Facebook phase. I received nothing from the reams of data and insights I had supplied to the business beast regarding my profession. Insights, by the way, for which I have someone eagerly paying an hourly wage to supply. I was giving recruiters a one-stop-shop for similarly qualified persons without deriving any monetary benefit from the transaction. I was forced to acknowledge that the whole exercise was a benefit to everyone but those who matter most; myself along with those I wished to help with my advice. It was actually sort of an insult, to be frank. I was a piker in terms of visibility compared to the virtual-virtuoso I encountered at that party, yet I was spitting in the wind here. Why participate in this network if someone so celebrated in cyberdom could be forgotten in less than a couple blocks from the conference?
This blog is a recording of my thoughts and research which I wish to share with you all without feeling like it is a professional obligation. I have fun posting here...mostly because I can say "Fuck" ad infinitum just like I do at SAHA!. The preceding tale isn't one of sour grapes, only an acknowledgement of the necessity to live in reality. Do what you enjoy because you enjoy it. If you do it for an increase in views, why are you doing it? You will be virtually vacated, nothing but data dust in the end. Instead of that, switch it up. Be the fine fragments people will look upon fondly before discarding you in the digital dumpster.
Next blog post will be another feast for the sarcastic eye about our chosen field. The one after that will probably be a return to computer vision with a new-and-improved method I showed at SAHA!
XOXO
-vesh
Wednesday, June 24, 2015
UnlinkedIn and Jobs' Quotes
My only social network is LinkedIn. I am not a fan of Facebook and I fail at Twitter. LinkedIn, though, has a different purpose. It's a near necessity for the "I may want a job/client/investment in the future" crowd. By and large, I have fun with it. I post technical material too - you look at my blog from LinkedIn; I have the data. I get a nice pretty map of all of the countries where your IPs originate. Do you think I want to configure that crap myself? Hell no. I have fake Steve Jobs quotes to post. Ain't nobody got time for that. However, I like to be funny from time to time. If I were a pretentious butthole, I would say I am trying to contribute to the Zeitgeist.
Steve Jobs image macros, complete with inspirational quotes, are the adult equivalent of when you would put a phrase or vague allusion on your AIM away message or profile. Do you honestly think someone is going to see "your" Jobs quote and go, "Holy shit. Apparently everyone is innovating. I better start doing that." This is an update that requires absolutely no thought at all other than purloining someone else's idiotic sentiment via Google Image Search. You may as well go find a picture of Artie Lange and plaster on it some spew from your Marketing 101 course. Since I am a huge Artie Lange fan, I will support your efforts in spite of my previous statements. My blog, so I get to be a hypocrite when I want to.
The macro-calypse (trademark, vesh's Shenanigans Inc.) is just barely better than the "Like" deluge. I make a post which requires feedback, and then oodles of you only hit the "Like" button!?! I want your opinion, dammit! This is the one point in my life I am taking time out to care what you actually think and all I get is a bunch of "I like that you asked" BS? If you do not care, just ignore the post. Move, along. Nothing to see here. It is a very simple process. At least hit the Dislike button to tell me to go screw. The Dislike button is a stance against something. It runs the risk of confrontation, which can also be awesome.
Taking the thoughts of someone else, quotes or otherwise, is some Facebook-type garbage. I wouldn't support it there either though. There are times that a FB repost of something hilarious is called for. I have yet to see a need for inspirational-business quote reposts. There are infinite combinations of things which make a good joke, but there are about 5 decent re-phrasings of "Think Different" in the world.
If you feel the urge to post the quotes of someone else, using a macro that you didn't make, just remember the following. The morons who use Meme Generator are wittier and more original than you. Yes, the guy who takes a "Scumbag Steve" picture and puts on it remarks about his mooching neighbor is more clever than you. So, the next time you decide to post, please "Think Different". Make your own contribution. Put your own flavor to it. Be a Louis CK, not a Carlos Mencia.
Steve Jobs image macros, complete with inspirational quotes, are the adult equivalent of when you would put a phrase or vague allusion on your AIM away message or profile. Do you honestly think someone is going to see "your" Jobs quote and go, "Holy shit. Apparently everyone is innovating. I better start doing that." This is an update that requires absolutely no thought at all other than purloining someone else's idiotic sentiment via Google Image Search. You may as well go find a picture of Artie Lange and plaster on it some spew from your Marketing 101 course. Since I am a huge Artie Lange fan, I will support your efforts in spite of my previous statements. My blog, so I get to be a hypocrite when I want to.
The macro-calypse (trademark, vesh's Shenanigans Inc.) is just barely better than the "Like" deluge. I make a post which requires feedback, and then oodles of you only hit the "Like" button!?! I want your opinion, dammit! This is the one point in my life I am taking time out to care what you actually think and all I get is a bunch of "I like that you asked" BS? If you do not care, just ignore the post. Move, along. Nothing to see here. It is a very simple process. At least hit the Dislike button to tell me to go screw. The Dislike button is a stance against something. It runs the risk of confrontation, which can also be awesome.
Taking the thoughts of someone else, quotes or otherwise, is some Facebook-type garbage. I wouldn't support it there either though. There are times that a FB repost of something hilarious is called for. I have yet to see a need for inspirational-business quote reposts. There are infinite combinations of things which make a good joke, but there are about 5 decent re-phrasings of "Think Different" in the world.
If you feel the urge to post the quotes of someone else, using a macro that you didn't make, just remember the following. The morons who use Meme Generator are wittier and more original than you. Yes, the guy who takes a "Scumbag Steve" picture and puts on it remarks about his mooching neighbor is more clever than you. So, the next time you decide to post, please "Think Different". Make your own contribution. Put your own flavor to it. Be a Louis CK, not a Carlos Mencia.
Tuesday, June 16, 2015
JNI Fuzzing
These are slides from my SAHA! (satxhackers.org) JNI Presentation. I'll post source once I find it and a github link...I swear.
Tuesday, June 9, 2015
Recruiter Emails...sigh
Today was the day of recruiter emails. I selected a pair of the best ones, for different reasons.
Our first email is not the fault of the company with billets to fill. I blame it on the headhunting firm. Note to businesses hiring recruiters, you can tell them not to do this type of activity.
This arrived in my work email, which I will also count as a strike against them. Not even my name in the "Hello" portion...just a lonely dash.
....aaaaannnnnnd here is this thoughtful reply. I decided to be less helpful here.
This arrived in my work email, which I will also count as a strike against them. Not even my name in the "Hello" portion...just a lonely dash.
I sent the company who retained this firm a very nice reply indicating that this recruiter was not quite cutting it. They may want to go a different way next time.
This next gem is brought to us by "Monica". Her name actually is Monica so the quotes are superfluous...as is this sentence. I feel this is a better effort, but it is more annoying due to the tactics employed to get it here using RE: in the subject line. This one ALSO came in my work email.
What have we learned today kids? We have learned some basic netiquette when it comes to recruiter emails. Even though it is just an email, you should treat it as a face-to-face, especially if you are trying to get something you want from the recipient.
...or at least LEARN MY DAMN NAME!!!!
Monday, June 8, 2015
TOR+IRC
If one were to design and IRC bot that uses TOR over freenode, here is how one might do it...
Saturday, May 30, 2015
PDF Injection Techniques
As part of the semi-weekly document dump I have been able to do lately, here are my slides for PDF Injection methods. XOXO
Subscribe to:
Posts (Atom)