Russia, Tor, and Maybe Sybil Are a Thing?
December 14, 2021
Dictatorships are in vogue, at least in some parts of the world. One interesting response to the Onion Router Technology has been to look up that well known person Sybil. That individual makes it possible to participate in onion routing. Then Sybil’s admirers can process assorted Internet metadata and time stamps in order to learn some interesting things. One of those interesting things is explained in “Russia Ratchets Up Internet Control by Blocking Tor.” Russia learned that it does not want the Onion Router within the land of vodka, bears, and forgotten gulags. Makes sense, doesn’t it?
The write up says:
GlobalCheck, a group that monitors websites’ accessibility in Russia, confirmed that blocking had begun.
Is it possible to block Tor?
Probably not 100 percent. But the steps, including the enabling legislation, suggest that getting caught might have consequences. Believe it or not, there is a person who gets some support from the Russian government to locate burial grounds associated with gulags.
Perhaps that individual will get the opportunity to have some new explorations to undertake?
Stephen E Arnold, December 14, 2021
Monopolies Know Best: The Amazon Method Involves a Better Status Page
December 13, 2021
Here’s the fix for the Amazon AWS outage: An updated status page. “Amazon Web Services Explains Outage and Will Make It Easier to Track Future Ones” reports:
A major Amazon Web Services outage on Tuesday started after network devices got overloaded, the company said on Friday [December 10, 2021] . Amazon ran into issues updating the public and taking support inquiries, and now will revamp those systems.
Several questions arise:
- How are those two pizza technical methods working out?
- What about automatic regional load balancing and redundancy?
- What is up with replicating the mainframe single point of failure in a cloudy world?
Neither the write up nor Amazon have answers. I have a thought, however. Monopolies see efficiency arising from:
- Streamlining by shifting human intermediated work to smart software which sort of works until it does not.
- Talking about technical prowess via marketing centric content and letting the engineering sort of muddle along until it eventually, if ever, catches up to the Mad Ave prose, PowerPoints, and rah rah speeches at bespoke conferences
- Cutting costs where one can; for example, robust network devices and infrastructure.
The AT&T approach is a goner, but it seems to be back, just in the form of Baby Bell thinking applied to an online bookstore which dabbles in national security systems and methods, selling third party products with mysterious origins, and promoting audio books to those who have cancelled the service due to endless email promotions.
Yep, outstanding, just from Wall Street’s point of view. From my vantage point, another sign of deep seated issues. What outfit is up next? Google, Microsoft, or some back office provider of which most humans have never heard?
The new and improved approach to an AT&T type business is just juicy with wonderfulness. Two pizzas. Yummy.
Stephen E Arnold, December 13, 2021
US Government Procurement: Diagram the Workflow: How Many Arrows Point Fingers?
December 8, 2021
I want to keep this short. For a number of years, I have pointed out that current Federal procurement procedures and the policies the steps are supposed to implement create some issues. I like to mention procurement time for advanced software. By the time the procurement goes through the RFQ, the RFP, the proposal evaluation, the selection, the little meeting at which losers express their concerns, and the award — the advanced technology is often old technology. Another issue is the importance of marketing hoo hah which often leads the Federal government to purchase products and services which are different from that which was described in the PowerPoint presentations and the proposals. There are other interesting characteristics of the process; for example, coffee chats with senators, nice lunches with important people who may pop up on a cable TV talking head program, or good old friendship from a college social group. Ah, yes. Procurement.
“US Government Agencies Bought Chinese Surveillance Tech Despite Federal Ban” is a collection of some procurement anecdotes. Interesting? Not particularly. Why? There are no consequences for buying products and services from vendors who should not be eligible for US government contracts. The article focuses on Chinese related missteps. The explanations are crafted to avoid getting anyone in legal hot water.
Net net: I worked in DC starting in the early 1970s. How much has changed in the last 50 years. Not much. China is nemesis but China was a bit of a nemesis 50 years ago. The FARs have been updated. Nevertheless, some interesting purchases have been made over the years. Where’s the Golden Fleece Award now? Are there some unwanted and unloved tanks parked somewhere? What about certain air superiority systems which experience more downtime than a second hand taxi purchased from a shady character in Mexico City. Yes, procurement and some proud moments. Why not fire up that TikTok and ignore the useful data hosed back to certain servers?
Stephen E Arnold, December 8, 2021
An Impossible Dream? Where Is the Windmill?
December 1, 2021
Cyberattacks are only growing in frequency, sophistication, and ROI for hackers. We know most companies need to do a better job at protecting themselves, but what will make the difference? Perhaps the problem lies in the gaps between departments. Network World suggests “3 Steps to Better Collaboration Between Networking and Security Pros.” IT Research firm Enterprise Management Associates finds many companies recognize the need for these departments to work more closely but are having trouble effectively bringing them together. The article identifies four key challenges: separate data silos, skill and knowledge differences between the teams, architectural complexity and, surprise, lack of funding. Writer Shamus McGillicuddy suggests three solutions. The first is to create common data repositories:
“The first priority is to establish a shared data repository that both teams can rely on for a common view of the network. In many companies, security teams are constantly requesting data from the network team when conducting investigations. If that’s the case, the network team should identify the data that security teams frequently request and establish repositories that are accessible to them. … network teams and security teams should centralize packet-capture infrastructure as much as possible so that both teams have a common record of raw traffic data.”
The catch—this change may require updates to data stores, which means spending some dough. Then there is the issue of training staff to better understand each other. McGillicuddy suggests it is up to management, not the teams themselves, to identify the necessary know-how:
“Leadership should recognize how skills gaps are undermine NetSecOps partnerships and lead from the top to close those gaps. Also, network infrastructure professionals are usually quite knowledgeable about network security concepts. They can bring that to bear as much as possible to find common ground with the security team.”
Again, companies must be willing to allocate funds to this endeavor. Finally, architecture should be simplified. The write-up stresses:
“If complexity is getting in the way, the network team should kill complexity and modernize legacy architecture as much as possible. One option is to adopt automation solutions that abstract complexity. And as they move into new environments like the cloud and work-from-anywhere, they should design for simplicity as much as possible.”
This step might be the most costly of the three, especially if legacy systems must be overhauled. All told, companies can be looking at a significant investment to establish harmony between their networking and security departments. The alternative, though, may be to risk a much more costly (and embarrassing) data breach in the future.
Cynthia Murrell, December 1, 2021
DarkCyber for November 30, 2021: Sean Brizendine, SecureX
November 30, 2021
This DarkCyber program features an interview with Sean Brizendine. He is one of the founders of SecureX, where he serves as the director of Blockchain technology. The interview covers:
- SecureX’s secret sauce in the crypto currency and services market
- How open source software fits into the company’s technology portfolio
- How the products and services further the capabilities of Web 3.0, distributed computing, and enhanced online security.
Mr. Brizendine is a certified Certified IIB Council Blockchain Professional & EC Council Online University Lecturer covering Blockchain in their Cyber Talk Webinar Series.
You can view the 11 minute interview on YouTube at this link.
Kenny Toth, November 30, 2021
An Epidemic of Whistle Blowing?
October 22, 2021
Are organizations prepared for an epidemic of whistle blowing?
This question struck me as I read “How One Facebook Worker Unfriended the Giant Social Network.” Here’s the statement in the article which caught my attention:
“There has just been a general awakening amongst workers at the tech companies asking, `What am I doing here?’” said Jonas Kron of Trillium Investment Management, which has pushed Google to increase protection for employees who raise the alarm about corporate misdeeds. “When you have hundreds of thousands of people asking that question, it’s inevitable you’ll get more whistleblowing,” he said.
The comment touched upon two issues which I don’t think have been resolved.
The first is the “awakening.” The idea that workers are “woke” is interesting. My reaction is that the flood of information about social unraveling, breakdowns in what were supposed to be reliable services, and the waves of disturbing news have broken down the “I’m entitled” Drosophila in these folks’ brains. Woke is not a good word. I think something along the lines “I understand now” is more accurate.
The second is the statement that a particular individual who allegedly “has pushed Google to increase protection for employees who raise the alarm about corporate misdeeds.” Okay, that’s interesting. How is that working out for those of the Timnit Gebru ilk?
Net net: Whistle blowers can present different reasons for their actions. The write up makes clear that the “cult of me” is alive and well. Some “me’s” are into dumping documents and information which are confidential. These actions take place even though the person has signed an agreement to keep an organization’s data secret. Guess that piece of paper is not working too well, right? Plus, an investment professional urging the Google to alter its DNA is a helpful endorsement of an individual’s valiant effort to induce change and get some good vibes for the action. Whistle blowing may be little more than an extension of an individual’s need to be the nail that sticks up.
Stephen E Arnold, October 22, 2021
Human Editors and Subject Matter Experts? Dinosaurs but Just from a Previous Era
October 15, 2021
I read “Bugs in our Pockets: The Risks of Client-Side Scanning.” The embargo is amusing, and it underscores the issues related to confidential information and the notion of information wants to be free. Amusing, maybe not?
The write up looks a bit like a paper destined for a pay-to-play publisher or an outfit which cultivates a cabal-like approach to publishing. (Hello, ACM?) The paper includes 13 authors, and I suppose the idea is to convey consensus or a lead author who wishes to keep his or her head below the concrete bunker in order to avoid direct hits from those who don’t agree with the write up.
I neither agree nor disagree. I interpreted the write up as:
- A clever bit of SEO, particularly the embargo and the availability of the paper to certain saucy online information services
- A way to present some entities, although with the titles and email contacts favored by some link hunters
- A technical bit of push back for assorted government mumbling about privacy, security, and another assault on personal freedoms.
Yep, the sky is falling.
Please, read the paper. One business executive allegedly said, “There is no return to normal. Today’s environment is the new normal.”
Is it possible this paper triggers Apple TV or YouTube to cue 1973 hit “The Way We Were”?
Stephen E Arnold, October 15, 2021
DarkCyber for September 21, 2021 Now Available
September 21, 2021
DarkCyber for September 21, 2021, reports about the Dark Web, cyber crime, and lesser known Internet services. The program is produced every two weeks. This is the 19th show of 2021. There are no sponsored stories nor advertisements. The program provides basic information about subjects which may not have been given attention in other forums. The program is available at this link.
This week’s program includes five stories.
First, we provide information about two online services which offer content related to nuclear weapons. Neither source has been updated for a number of months. If you have an interest in this subject, you may want to examine the information in the event it is disappeared.
Second, you will learn about Spyfone. DarkCyber’s approach is to raise the question, “What happens when specialized software once considered “secret” by some nation states becomes available to consumers.
Third, China has demonstrated its control of certain online companies; for example, Apple. The country can cause certain applications to be removed from online stores. The argument is that large US companies, like a French bulldog, must be trained in order stay in the Middle Kingdom.
Fourth, we offer two short items about malware delivered in interesting ways. The first technique is put malicious code in a video card’s graphics processing unit. The second summarizes how “free” games have become a vector for compromising network security.
The final story reports that a Russian manufacturer of drones is taking advantage of a relaxed policy toward weapons export. The Russian firm will produce Predator-like drones in countries which purchase the unmanned aerial vehicles. The technology includes 3D printing, specialized software, and other advanced manufacturing techniques. The program includes information about they type of kinetic weapons these drones can launch.
DarkCyber is produced by Stephen E Arnold and his DarkCyber research team. You can download the program from the Beyond Search blog or from YouTube.
Kenny Toth, September 21, 2021
T-Mobile Security: A Quote to Note
September 1, 2021
“T-Mobile Hacker Found Weakness” is a summary of the all-too-familiar story of a big company, indifference, security hand waving, and an alleged breach of alleged customers. Please, read the original “real” news story. No payee; no viewee, however. I want to highlight what I think is the most important direct quote in the write up; to wit:
Their security is awful.
That’s pretty juicy.
Wait, please. One more gem is tucked into the write up. Here’s that statement:
On August 13, the security research firm Unit221B LLC reported to T-Mobile that an account was attempting to sell T-Mobile customer data, according to the security firm.
What this statement, if accurate, suggests that the hundreds of high end, proactive threat detection systems did not spot this breach and offer of customer data.
One firm did. And what about other cyber security experts?
My hunch is that if the statements in the article are on the money, it may be time to entertain this question: Why don’t high end cyber security systems work?
Stephen E Arnold, September 1, 2021
Microsoft: Maybe ESET-Type Companies Are a Problem?
August 12, 2021
Microsoft security may have a problem other than bad actors compromising systems. The news cycle has moved forward, but I still chuckle at the SolarWinds’ misstep. How many super duper cyber solutions failed to detect the months long compromise of core Windows processes? I don’t know, and my hunch is that whoever knows does not want to talk about the timeline. That’s understandable.
I read “IISpy: A Complex Server?Side Backdoor with Anti?Forensic Features.” The source appears to be We Live Security which is reporting about an ESET research finding. (I find it interesting that cyber security researchers report interesting things that other cyber security vendors appear not to report or possibly know about. Interesting or a signal that cyber security systems are not particularly effective when new methods poke through a secured system, saying, “Surprise!)
The write up states:
According to ESET telemetry, this backdoor has been active since at least July 2020, and has been used with Juicy Potato (detected as Win64/HackTool.JuicyPotato by ESET security solutions), which is a privilege escalation tool. We suspect the attackers first obtain initial access to the IIS server via some vulnerability, and then use Juicy Potato to obtain the administrative privileges that are required to install IISpy as a native IIS extension. According to our telemetry, IISpy affects a small number of IIS servers located in Canada, the USA and the Netherlands – but this is likely not the full picture, as it is still common for administrators to not use any security software on servers, and thus our visibility into IIS servers is limited.
If the affected server is the exact one the bad actor wants, numbers may not be germane. Also, does the phrase “not the full picture” indicate that the cyber researchers are not exactly what’s going on?
Interesting questions from my point of view.
If I step back, what’s my observation:
Perhaps cyber security is in a quite pitiful state. If this is accurate, why would the US government offer Amazon AWS another $10 billion deal? Microsoft will contest this important award. You can read the Microsoft News story “Microsoft Challenges the Government’s Decision to Award Amazon a NSA Cloud-Computing Contract, Which Could Be Worth $10 Billion” to get a sense about the disconnect between selling and addressing what may be fundamental security issues.
Would that money, time, and effort be better invested in addressing what seems to be another troubling security issue?
The answer to this question would be in my opinion a true juicy potato.
Stephen E Arnold, August 12, 2021
-
- Subscribe to Beyond Search
Feature archive
News archive
-
