Wednesday, October 19, 2016

I am so conflicted

On the one hand I despises Donald Trump and think he is totally unfit to be President; on the the other hand I despise Hillary Clinton and think that while on paper she may be qualified she is such a dishonest piece of shit that she shouldn't be President.  I think I despise Trump more, but I am totally stoked that there is a possibility that Clinton may lose the election - I just wish it wasn't to Trump.  

At this point it's like a never ending cycle of Schadenfreude 

Tuesday, October 11, 2016

My morning walk to work

Just a few of the sights on my way to work each morning

Those are all within a couple blocks of each other.  There were 7 people sleeping under the bridge, and to there credit it was clean and orderly.  The other two shots show 12 to 15 people - not sure if you can really make out all the trash strewn around.  There are actually a lot more I don't have all morning to just take pictures of homeless folks.

CYBERWAR!!!! - Hacking Critical Infrastructure

Viceland TV has a show called Cyberwar whose premise appears to be that every week they look at a different cyber security issue.  Last week they showed the Hacking Critical Infrastructure episode.  

Not super-impressed.  Yeah the concerns raised are valid, and probably overdue, but the episode was clunky and poorly edited.  It didn't present a cohesive story and that makes it appear like a bunch of fear mongering.  Especially when the host keeps saying "So, this isn't just a bunch of fear mongering?"  They should have had a storyline and stuck with it.

Another problem, after building up a bunch of fear, they just ended the episode.  No discussion of what is being done to help address the problem.  No potential solutions.  Nothing.  Just a big, "Boy are you fucked America".

Here's an exerpt:

Friday, October 07, 2016

Kudos to the Cloud Security Alliance ( @cloudsa )

Today I found (via The Register) an IoT security guide published by the Cloud Security Alliance> I went to download it and at first I thought they were requiring us to fill out one of their contact forms in order to do so.  I general I have stopped doing that because vendors just start pelting you with unwanted emails and phone calls.  I was mistaken the CSA does allow you to download without all filling out the form.

Hooray for them.

Now if only other vendors / groups would start doing the same.  I understand the need for lead generation but it has gotten to the point anymore that it just gets abusive.

Tuesday, October 04, 2016

Inside Society There Is A Beast - What I Am Reading 10/4/2016

CBC Radio - 'I'm not a bigot' Meet the U of T prof who refuses to use genderless pronouns -

CO: Isn't it also the role of a society to make people feel included and to have inclusiveness?
JP: No. It's not the role of society to make people feel included. That's not the role of society. The role of society is to maintain a modicum of peace between people. It's not the role of society to make people feel comfortable. I think society is changing in many ways. I can tell you one thing that I'm very terrified of, and you can think about this. I think that the continual careless pushing of people by left wing radicals is dangerously waking up the right wing. So you can consider this a prophecy from me if you want. Inside the collective is a beast and the beast uses its fists. If you wake up the beast then violence emerges. I'm afraid that this continual pushing by radical left wingers is going to wake up the beast.
Reuters - WikiLeaks' Assange signals release of documents before U.S. election -

WikiLeaks founder Julian Assange said on Tuesday the organization would publish around one million documents related to the U.S. election and three governments, but denied the release was aimed at damaging Hillary Clinton.
He said the documents would be released before the end of the year, starting with an initial batch in the coming week.

Schneier on Security - The Cost of Cyberattacks Is Less than You Might Think -

The result is that it often makes business sense to underspend on cybersecurity and just pay the costs of breaches:

Romanosky analyzed 12,000 incident reports and found that typically they only account for 0.4 per cent of a company's annual revenues. That compares to billing fraud, which averages at 5 per cent, or retail shrinkage (ie, shoplifting and insider theft), which accounts for 1.3 per cent of revenues.  
I read the register article (linked above) last week and passed it around at work, where the response was basically "bleh" or "Oh, this makes me so angry".  Maybe a little surprise that the cost was so low.  Personally I wasn't surprised at all, business will always seek the cheapest solution. This is not in itself a bad thing, the problem occurs when those hurt by that decision have no recourse.  In the Ford Pinto case that the Register article makes the comparison to they could sue.  In today's environment when you sign up for the service or the software you are stripped of that right.

Monday, October 03, 2016

I am your Stuxnet Doom - What I am reading 10/3/2016

I spent most of the last month trying to catch up on some stuff I have been putting off for awhile.  That is finally done so I am back again for a bit, and to kick the new Fiscal Year off right I am once again trying to better myself.  (it never works but I keep trying) .  Today's what I am reading focuses on a book I picked up over the weekend "Hacking Exposed - Industrial Control Systems"

So far it's been a pretty worthwhile investment.  I have been jumping around in the book mainly looking at the Risk Management Sections, but the authors seem to have the same approach (hereafter and forever more the correct approach) to assessing risk that I do, and from what I have seen they also seem to be fans of what I consider to be a highly underutilized tool (based on my limited career in this field so far) The ICS-CERT CSET tool.  Personally I think that alone makes the book worth the price.  I haven't really delved into the technical stuff yet.  They seem to have some basic explanations of the various components and protocols, and I have been trying to get a virtual SCADA system set up at work so maybe I can use some of the techniques in the book there, test out the actual offensive hacking stuff.

Anyway that;s where It stands.

(Oh I am also still studying for the SANS GSEC)

(Yeah I know the title for this post makes no sense but it was the only SCADA attack that I could think of that most people would recognize)

Friday, September 30, 2016

Will and Krauthammer get it - #NeverTrump

I've never been a big George Will fan, he's always seemd a little to smug and self-righteous to me, but in yesterday's article "Donald Trump’s rise reflects American conservatism’s decay" he nails it.

I said a few weeks ago that Trump was using "The Road to Serfdom" as an instruction manual not as a cautionary tale.  Will backs me up on that:

“Charismatic authority,” wrote Max Weber in 1915, seven years before Mussolini’s march on Rome, causes the governed to submit “because of their belief in the extraordinary quality of the specific person . . . . Charismatic rule thus rests upon the belief in magical powers, revelations and hero worship.” A demagogue’s success requires a receptive demos, and Trump’s ascendancy reflects progressivism’s success in changing America’s social norms and national character by de-stigmatizing dependency.

Under his presidency, Trump says, government will have all the answers: “I am your voice. . . . I alone can fix it.” The pronoun has unlimited antecedents: “I will give you everything. I will give you what you’ve been looking for for 50 years. I’m the only one.”
That is the very essence of the charismatic leader that Hayek described.

Will goes on to name a number of the same sins that I had:

Planned Economy
Centralized Authority based upon his cult of personality

Those are only a few of his shortcomings, but at least they are being enumerated. 

Krauthammer also gets it in "When facts, logic and history don’t matter"

After 15 months, the suspension of disbelief has become so ubiquitous that we hardly notice anymore. We are operating in an alternate universe where the geometry is non-Euclidean, facts don’t matter, history and logic have disappeared.

Monday, September 26, 2016

Homeless people overheard on the way to work

I'm old, I'm fat and I have really bad knees so I get most of my exercise by walking.  I try for 5 miles a day and on weekdays that means a couple miles of it is walking to and from the max stop, I purposefully get off about a mile from the office and take a meandering 1.2 mile path there.  That path takes me through a large number of homeless people sleeping under bridges in little tent camps and in doorways.  (It also involves large numbers of planters that smell strongly of urine but that is another matter).  As I walk my little trail I tend to listen to the people talking around me, mainly to make sure no one is saying, "Hey let's stab that fat guy and take his wallet", and today I overheard a couple gems:

First - two guys pushing shopping carts down the street discussing the best way to get away from the cops after robbing a store - consensus - a bike

Second - Homeless guys packing up his stuff talking to 3 or 4 other homeless guys (I assume, there were a bunch of homeless person shaped lumps on the sidewalk).  "I'm getting out of this neighborhood, it's nothing but blacks and gang rapists now."  I'm not sure what led to that conclusion but since I am too delicate to be gang raped maybe I will find a different path.  His race problems he can deal with on his own.

Anyway that's a typical morning walk, afternoons are different everyone is surly and aggressive so it isn't as much fun to listen.