CyberOSINT banner

JavaScript Code Search

May 25, 2016

The general purpose Web search systems are not particularly useful for narrow queries. As a result, developers who want to locate JavaScript code to perform a specific task have had to bang away at Bing, forums, Google, and odd duck discussions on open source code sites. I learned in “Find JavaScript Code Snippets by Functionality with Cocycles” that there is a niche search engine available. Navigate to Cocycles and run your query. According to the service’s Web site, additional languages will be added to the system in the near future. Worth a look.

Stephen E Arnold, May 25, 2016

Math Objects for the Non MBA

May 12, 2016

If you have an MBA, you won’t be turning cartwheels to dive into this directory. If, on the other hand, you have a degree in medieval literature or a fondness for Cubism, this directory is your cup of tea.

Navigate to the directory of mathematical objects at Choose your poison and scan the categories of objects or dive right into the particulars of an object. Here’s what you find when you navigate to elliptic curves:


You can plug in values or just look at the sample data. There are examples, and dataset download options.

Nifty, nifty.

Stephen E Arnold, May 12, 2016

Penetration Testing Tool List

May 11, 2016

Want to avoid the effort of convincing a commercial penetration tool vendor to license you their gizmos? Want to understand how some questionable computer exploits work?

Navigate to BlackArch Linux and check out the list of tools in the table called Tools.

In my forthcoming Dark Web Cookbook, we provide some basic info about how you can turn your free time into a learning experience. One suggestion: Buy a used computer and dabble with some prophylactic methods in mind. Better yet, perhaps you should just remain in a cloud of unknowing?

Stephen E Arnold, May 11, 2016

A Dark Web Spider for Proactive Protection

April 29, 2016

There is a new tool for organizations to more quickly detect whether their sensitive data has been hacked.  The Atlantic discusses “The Spider that Crawls the Dark Web Looking for Stolen Data.” Until now, it was often many moons before an organization realized it had been hacked. Matchlight, from Terbium Labs, offers a more proactive approach. The service combs the corners of the Dark Web looking for the “fingerprints” of its clients’ information. Writer Kevah Waddell reveals how it is done:

“Once Matchlight has an index of what’s being traded on the Internet, it needs to compare it against its clients’ data. But instead of keeping a database of sensitive and private client information to compare against, Terbium uses cryptographic hashes to find stolen data.

“Hashes are functions that create an effectively unique fingerprint based on a file or a message. They’re particularly useful here because they only work in one direction: You can’t figure out what the original input was just by looking at a fingerprint. So clients can use hashing to create fingerprints of their sensitive data, and send them on to Terbium; Terbium then uses the same hash function on the data its web crawler comes across. If anything matches, the red flag goes up. Rogers says the program can find matches in a matter of minutes after a dataset is posted.”

What an organization does with this information is, of course, up to them; but whatever the response, now they can implement it much sooner than if they had not used Matchlight. Terbium CEO Danny Rogers reports that, each day, his company sends out several thousand alerts to their clients. Founded in 2013, Terbium Labs is based in Baltimore, Maryland. As of this writing, they are looking to hire a software engineer and an analyst, in case anyone here is interested.


Cynthia Murrell, April 29, 2016

Sponsored by, publisher of the CyberOSINT monograph

Google Search, Jr.

April 6, 2016

As a kid friendly society, we cater to the younger generations by making “child friendly” versions of everything from books to meals.  When the Internet made headway into our daily lives, kid friendly dashboards were launched to keep the young ones away from pedophiles and to guarantee they only saw age-appropriate content.  The kid protocols sucked, for lack of better terms, because the people designing them were not the greatest at judging content.

With more tech-savvy, child wise Web developers running the show now, there are more kid friendly products with more intelligence behind their design.  One of the main Internet functions that parents wish were available for their offspring is a safe search engine, but so far their answers have been ignored.

The Metro reports there is now a “New Search Engine Kiddle Is Like Google For Children-Here’s What It Does.”  Kiddle’s purpose is to filter results that are safe for kids to read and also is written in simple language.

Kiddle is not affiliated with the search engine giant, however:

“Kiddle is not an official Google product, but the company uses a customized Google search to deliver child-friendly results.  Kiddle uses Google colors but instead of the traditional white background has adopted an outer space theme, fit with a friendly robot.  It will work in the same manner as Google but its search will be heavily filtered.”

The results will be filleted as such: the first three sites will be kid friendly, four through seven will be written in simple language, and the remaining will be from regular Google filtered through by the Kiddle search.

Kids need to understand how to evaluate content and use it wisely, but the Internet prevents them from making the same judgments other generations learned, as they got older.  However, kids are also smarter than we think so a “kid friendly” search tool is usually dumbed down to the cradle.  Kiddle appears to have the best of both worlds, at least it is better than parental controls.


Whitney Grace, April 6, 2016
Sponsored by, publisher of the CyberOSINT monograph


Google DeepMind Acquires Healthcare App

April 5, 2016

What will Google do next? Google’s London AI powerhouse has set up a new healthcare division and acquired a medical app called Hark, an article from Business Insider, tells us the latest. DeepMind, Google’s artificial intelligence research group, launched a new division recently called DeepMind Health and acquired a healthcare app. The article describes DeepMind Health’s new app called Hark,

“Hark — acquired by DeepMind for an undisclosed sum — is a clinical task management smartphone app that was created by Imperial College London academics Professor Ara Darzi and Dr Dominic King. Lord Darzi, director of the Institute of Global Health Innovation at Imperial College London, said in a statement: “It is incredibly exciting to have DeepMind – the world’s most exciting technology company and a true UK success story – working directly with NHS staff. The types of clinician-led technology collaborations that Mustafa Suleyman and DeepMind Health are supporting show enormous promise for patient care.”

The healthcare industry is ripe for disruptive technology, especially technologies which solve information and communications challenges. As the article alludes to, many issues in healthcare stem from too little conveyed and too late. Collaborations between researchers, medical professionals and tech gurus appears to be a promising answer. Will Google’s Hark lead the way?


Megan Feil, April 5, 2016

Sponsored by, publisher of the CyberOSINT monograph

RAVN ACE Can Help Financial Institutions with Regulatory Compliance

March 31, 2016

Increased regulations in the financial field call for tools that can gather certain information faster and more thoroughly. Bobsguide points to a solution in, “RAVN Systems Releases RAVN ACE for Automated Data Extraction of ISDA Documents Using Artificial Intelligence.” For those who are unaware, ISDA stands for International Swaps and Derivatives Association, and a CSA is a Credit Support Annex. The press release informs us:

“RAVN’s ground-breaking technology, RAVN ACE, joins elements of Artificial Intelligence and information processing to deliver a platform that can read, interpret, extract and summarise content held within ISDA CSAs and other legal documents. It converts unstructured data into structured output, in a fraction of the time it takes a human – and with a higher degree of accuracy. RAVN ACE can extract the structure of the agreement, the clauses and sub-clauses, which can be very useful for subsequent re-negotiation purposes. It then further extracts the key definitions from the contract, including collateral data from tabular formats within the credit support annexes. All this data is made available for input to contract or collateral management and margining systems or can simply be provided as an Excel or XML output for analysis. AVN ACE also provides an in-context review and preview of the extracted terms to allow reviewing teams to further validate the data in the context of the original agreement.”

The write-up tells us the platform can identify high-credit-risk relationships and detail the work required to repaper those accounts (that is, to re-draft, re-sign, and re-process paperwork). It also notes that even organizations that have a handle on their contracts can benefit, because the platform can compare terms in actual documents with those in that have been manually abstracted.

Based in London, enterprise search firm RAVN tailors its solutions to the needs of each industry it serves. The company was founded in 2011.


Cynthia Murrell, March 31, 2016

Sponsored by, publisher of the CyberOSINT monograph


Google and Reverse Engineering

March 28, 2016

I don’t want to make a big deal out of the information presented in “Google’s Reverse Engineering Software BinDiff Now Free for Researchers.” The write up reports that Zynamics’ code is now free. The write up explained:

What’s the code’s application? The write up reports:

BinDiff is a comparison tool for scrutinizing disassembled binary files and finding both similarities and differences in code through reverse engineering. The software can be used to identify and isolate flaws and bugs in software, namely, “fixes for vulnerabilities in vendor-supplied patches and to analyze multiple versions of the same binary,” according to Blichmann. Binary files for x86, MIPS, ARM/AArch64, PowerPC, and other architectures can be analyzed with the software.

Are there other uses for this software? The write up identifies a number of benign uses; for example port function names.

The article concludes:

Interested parties can download the software directly from Zynamics.

Stephen E Arnold, March 28, 2016

No Search Just Browse Images on FindA.Photo

March 2, 2016

The search engine FindA.Photo proves itself to be a useful resource for browsing images based on any number of markers. The site offers a general search by terms, or the option of browsing images by color, collection (for example, “wild animals,” or “reflections”) or source.  The developer of the site, David Barker, described his goals for the services on Product Hunt,

“I wanted to make a search for all of the CC0 image sites that are available. I know there are already a few search sites out there, but I specifically wanted to create one that was: simple and fast (and I’m working on making it faster), powerful (you can add options to your search for things like predominant colors and image size with just text), and something that could have contributions from anyone (via GitHub pull requests).”

My first click on a swatch of royal blue delivered 651 images of oceans, skies, panoramas of oceans and skies, jellyfish ballooning underwater, seagulls soaring etc. That may be my own fault for choosing such a clichéd color, but you get the idea. I had better (more various) results through the collections search, which includes “action,” “long-exposure,” “technology,” “light rays,” and “landmarks,” the last of which I immediately clicked for a collage of photos of the Eiffel Tower, Louvre, Big Ben, and the Great Wall of China.


Chelsea Kerwin, March 2, 2016

Sponsored by, publisher of the CyberOSINT monograph


Wrangle That Data: Trifacta Receives $35 Million

February 14, 2016

When I read “Data Cleaning Software Company Trifacta Raises $35 Million,” I realized that the notion of automating the clean up of disparate data was an unsolved problem. Odd. I have been operating on the assumption that tools from Lexmark Kapow and Palantir had tamed that stallion years ago. Wrong.

According to the write up:

New investor Cathay Innovation and existing investors Accel Partners, Greylock Partners, and Ignition Partners participated in the new round. To date, the company has raised more than $76 million, including the $25 million round announced May 2014.

That’s a reasonable chunk of change for a function many search and content processing vendors suggest is a no brainer. Trifacta has a pocketful of cash to provide some evidence that the belief that cleaning up data remains a big, big problem.

Will Trifacta surge to the top of the data clean up pile. If one takes a peek at the azure chip consulting firm reports on this housekeeping sector, there are quite a few vendors chasing customers in this sector.

Now returning to the question about incumbents like Kapow and Palantir. Where are these companies? I can understand why Kapow has slipped from some folks’ radar, but the Palantir operation is active in the commercial sector and seems to have helpers, wizards, and smart software which allows a person with little or no training to import, process, and extract insights from disparate data.

Do those funding Trifacta perceive Kapow and Palantir as companies unable or unwilling to tackle the problems Trifacta addresses? Good question.

Stephen E Arnold, February 14, 2016


Next Page »