• Home
• About
• Writers
• Landscape
• Wizards Index
• Fraud
• Wanna Be Like Larry?

New Malware MosaicLoader Takes Unusual Attack Vector

ZDNet warns us about some micro targeting from bad actors in, “This Password-Stealing Windows Malware is Distributed Via Ads in Search Results.” The malware was first identified by Bitdefender, which named it MosaicLoader. The security experts believe a new group is behind these attacks, one not tied to any known entities. Writer Danny Palmer tells us:

“MosaicLoader can be used to download a variety of threats onto compromised machines, including Glupteba, a type of malware that creates a backdoor onto infected systems, which can then be used to steal sensitive information, including usernames and passwords, as well as financial information. Unlike many forms of malware, which get distributed via phishing attacks or unpatched software vulnerabilities, MosaicLoader is delivered to victims via advertising. Links to the malware appear at the top of search results when people search for cracked versions of popular software. Automated systems used to buy and serve advertising space likely means that nobody in the chain – aside from the attackers – know the adverts are malicious at all. The security company said that employees working from home are at higher risk of downloading cracked software. ‘Most likely, attackers are purchasing adverts with downstream ad networks – small ad networks that funnel ad traffic to larger and larger providers. They usually do this over the weekend when manual ad vetting is impacted by the limited staff on call,’ Bogdan Botezatu, director of threat research and reporting at Bitdefender, told ZDNet.”

Antivirus software might catch MosaicLoader—if users have not disabled it because they are downloading illegally cracked software. Oops. Once downloaded, the malware can steal usernames and passwords, farm out crypto currency mining, and install Trojan software through which malefactors can access the machine. Users should be safe if they do not attempt to download pirated software. Sometimes, though, such software does a good job of posing as legitimate. Palmer advises readers to avoid being duped by navigating away if instructed to disable antivirus software before downloading any program. That is always good advice.

Cynthia Murrell, August 5, 2021

DarkCyber for July 27, 2021: NSO Group Again, Making AWS Bots, How Bad Actors Scale, and Tethered Drones

The 15th DarkCyber for 2021 addresses some of the NSO Group’s market position. With more than a dozen news organizations digging into who does what with the Pegasus intelware system, the Israeli company has become the face of what some have called the spyware industry. In this program, Stephen E Arnold, author of the Dark Web Notebook, explains how bad actors scale their cyber crime operations. One thousand engineers is an estimate which is at odds with how these cyber groups and units operate. What’s the technique? Tune in to learn why Silicon Valley provided the road map for global cyber attacks. If you are curious, you can build your own software robot to perform interesting actions using the Amazon AWS system as a launch pad. The final story explains that innovation in policing can arrive from the distant pass. An 18^th century idea may be the next big thing in law enforcement’s use of drones. DarkCyber is produced by Stephen E Arnold, who publishes Beyond Search. You can access the blog at www.arnoldit.com/wordpress and view the DarkCyber video at this link.

Kenny Toth, July 27, 2021

NSO Group: The Rip in the Fabric of Intelware

A contentious relationship with the “real news” organizations can be risky. I have worked at a major newspaper and a major publisher. The tenacity of some of my former colleagues is comparable to the grit one associates with an Army Ranger or Navy Seal, just with a slightly more sensitive wrapper. Journalists favored semi with it clothes, not bushy beards. The editorial team was more comfortable with laptops than an F SCAR.

Communications associated with NSO Group — the headline magnet among the dozens of Israel-based specialized software companies (an very close in group by the way)— may have torn the fabric shrouding the relationship among former colleagues in the military, government agencies, their customers, and their targets.

Whose to blame? The media? Maybe. I don’t have a dog in this particular season’s of fights. The action promises to be interesting and potentially devastating to some comfortable business models. NSO Group is just one of many firms working to capture the money associated with cyber intelligence and cyber security. The spat between the likes of journalists at the Guardian and the Washington Post and NSO Group appears to be diffusing like spilled ink on a camouflage jacket.

I noted “Pegasus Spyware Seller: Blame Our Customers Not Us for Hacking.” The main point seems to be that NSO Group allegedly suggests that those entities licensing the NSO Group specialized software are responsible for their use of the software. The write up reports:

But a company spokesman told BBC News: “Firstly, we don’t have servers in Cyprus.

“And secondly, we don’t have any data of our customers in our possession.

“And more than that, the customers are not related to each other, as each customer is separate.

“So there should not be a list like this at all anywhere.”

And the number of potential targets did not reflect the way Pegasus worked.

“It’s an insane number,” the spokesman said.

“Our customers have an average of 100 targets a year.

“Since the beginning of the company, we didn’t have 50,000 targets total.”

For me, the question becomes, “What controls exist within the Pegasus system to manage the usage of the surveillance system?” If there are controls, why are these not monitored by an appropriate entity; for example, an oversight agency within Israel? If there are no controls, has Pegasus become an “on premises” install set up so that a licensee has a locked down, air tight version of the NSO Group tools?

The second item I noticed was “NSO Says ‘Enough Is Enough,’ Will No Longer Talk to the Press About Damning Reports.” At first glance, I assumed that an inquiry was made by the online news service and the call was not returned. That happens to me several times a day. I am an advocate of my version of cancel culture. I just never call the entity again and move on. I am too old to fiddle with the egos of a younger person who believes that a divine entity has given that individual special privileges. Nope, delete.

But not NSO Group. According to the write up:

“Enough is enough!” a company spokesperson wrote in a statement emailed to news organizations. “In light of the recent planned and well-orchestrated media campaign lead by Forbidden Stories and pushed by special interest groups, and due to the complete disregard of the facts, NSO is announcing it will no longer be responding to media inquiries on this matter and it will not play along with the vicious and slanderous campaign.” NSO has not responded to Motherboard’s repeated requests for comment and for an interview.

Okay, the enough is enough message is allegedly in “writing.” That’s better than a fake message disseminated via TikTok. However, the “real journalists” are likely to become more persistent. Despite a lack of familiarity with the specialized software sector, a large number of history majors and liberal arts grads can do what “real” intelligence analysts do. Believe me, there’s quite a bit of open source information about the cozy relationship within and among Israel’s specialized software sector, the interaction of these firms with certain government entities, and public messages parked in unlikely open source Web sites to keep the “real” journalists learning, writing, and probing.

In my opinion, allowing specialized software services to become public; that is, actually talk about the capabilities of surveillance and intercept systems was a very, very bad idea. But money is money and sales are sales. Incentive schemes for the owners of specialized software companies guarantee than I can spend eight hours a day watching free webinars that explain the ins and outs of specialized software systems. I won’t but some of the now ignited flames of “real” journalism will. They will learn almost exactly what is presented in classified settings. Why? Capabilities when explained in public and secret forums use almost the same slide decks, the same words, and the same case examples which vary in level of detail presented. This is how marketing works in my opinion.

Observations:

1. A PR disaster is, it appears, becoming a significant political issue. This may pose some interesting challenges within the Israel centric specialized software sector. NSO Group’s system ran on cloud services like Amazon’s until AWS allegedly pushed Pegasus out of the Bezos stable.

2. A breaker of the specialized software business model of selling to governments and companies. The cost of developing, enhancing, and operating most specialized software systems keeps companies on the knife edge of solvency. The push into commercial use of the tools by companies or consumerizing the reports means government contracts will become more important if the non-governmental work is cut off. Does the world need several dozen Dark Web indexing outfits and smart time line and entity tools? Nope.

3. A boost to bad actors. The reporting in the last week or so has provided a detailed road map to bad actors in some countries about [a] What can be done, [b] How systems like Pegasus operate, [c] the inherent lack of security in systems and devices charmingly labeled “insecure by design” by a certain big software company, and [d] specific pointers to the existence of zero day opportunities in blast door protected devices. That’s a hoot at ??????? ???? “Console”.

Net net: The NSO Group “matter” is a very significant milestone in the journey of specialized software companies. The reports from the front lines will be fascinating. I anticipate excitement in Belgium, France, Germany, Israel, the United Kingdom, and a number of other countries. Maybe a specialized software Covid Delta?

Stephen E Arnold, July 22, 2021

How Do You Spell Control? Maybe Google?

The lack of a standardized format has made it difficult to manage vulnerabilities in open source software. Now, SiliconAngle reports, “Google Announces Unified Schema to Make Sharing Vulnerabilities Easier.” Writer Duncan Riley explains:

“Google LLC today announced a unified schema for describing vulnerabilities precisely to make it easier to share vulnerabilities between databases. The idea behind the unified schema is to address an issue with existing vulnerability databases where various ecosystems and organizations create their own data. As each uses its own format to describe vulnerabilities, a client tracking vulnerabilities across multiple databases must handle each separately. Because of the lack of a common standard, sharing vulnerabilities among databases is challenging. The new unified schema for describing vulnerabilities has been designed by the Google Open Source Security Team, Go Team and the broader open-source community and has been designed from the beginning for open-source ecosystems. The unified format will allow vulnerability databases, open-source users and security researchers to share tooling and consume vulnerabilities more easily across open source, providing a complete view of vulnerabilities in open source.”

Google also launched its Open Source Vulnerabilities database in February, describing it as the “first step toward improving vulnerability triage for developers and consumers of open-source software.” Originally populated with a few thousand vulnerabilities from the OSS-Fuzz project, the database is being expanded to open-source ecosystems Go, Rust, Python and DWF. These seems like moves in the right direction, but can we trust Google deliver objective, unfiltered reports? Or will it operate as it has with YouTube filtering and AI ethics staff management?

Cynthia Murrell, July 8, 2021

Microsoft in Perspective: Forget JEDI. Think Teams Together

I received some inputs from assorted colleagues and journalistic wizards regarding JEDI. The “real” news outfit CNBC published “Pentagon Cancels $10 Billion JEDI Cloud Contract That Amazon and Microsoft Were Fighting Over.” The write up stated:

… the Pentagon is launching a new multivendor cloud computing contract.

What caused this costly, high-profile action. Was it the beavering away of the Oracle professionals? Were those maintaining the Bezos bulldozer responsible? Was it clear-thinking consultants who asked, “Wasn’t Microsoft in the spotlight over the SolarWinds’ misstep?” I don’t know.

But let’s put this in perspective. As the JEDI deal was transported to a shelf in a Department of Defense store room at the Orchard Range Training Site in Idaho, there was an important — possibly life changing — announcement from Microsoft. Engadget phrased the technology breakthrough this way: Microsoft Teams Together Mode test lets just two people start a meeting. I learned:

Together Mode uses AI-powered segmentation to put all participants in a meeting in one virtual space.

I assume that this was previously impossible under current technology like a mobile phone, an Apple device with Facetime, Zoom, and a handheld walkie talkie, a CB radio, a ham radio, FreeConference.com, or a frequently sanitized pay phone located in a convenient store parking lot near the McCarran International Airport in Las Vegas.

I have a rhetorical question, “Is it possible to print either the news story about the JEDI termination or the FAQ for Together in the midst of — what’s it called — terror printing, horror hard copy effort — wait! — I have it. It is the condition of PrinterNightmare.

I have to stop writing. My Windows 10 machine wants to reboot for an update.

Stephen E Arnold, July 7, 2021

And about That Windows 10 Telemetry?

The article “How to Disable Telemetry and Data Collection in Windows 10” reveals an important fact. Most Windows telemetry is turned on by default. But the write up does not explain what analyses occur for data on the company’s cloud services or for the Outlook email program. I find this amusing, but Microsoft — despite the SolarWinds and Exchange Server missteps — is perceived as the good outfit among the collection of ethical exemplars of US big technology firms.

I read “Three Years Until We’re in Orwell’s 1984 AI Surveillance Panopticon, Warns Microsoft Boss.” Do the sentiments presented as those allegedly representing the actual factual views of the Microsoft executive Brad Smith reference the Windows 10 telemetry and data collection article mentioned above? Keep in mind that Mr. Smith believed at one time than 1,000 bad actors went after Microsoft and created the minor security lapses which affected a few minor US government agencies and sparked the low profile US law enforcement entities into pre-emptive action on third party computers to help address certain persistent threats.

I chortled when I read this passage:

Brad Smith warns the science fiction of a government knowing where we are at all times, and even what we’re feeling, is becoming reality in parts of the world. Smith says it’s “difficult to catch up” with ever-advancing AI, which was revealed is being used to scan prisoners’ emotions in China.

Now about the Microsoft telemetry and other interesting processes? What about the emotions of a Windows 10 user when the printer does not work after an update? Yeah.

Stephen E Arnold, May 28, 2021

What the Colonial Pipeline Affair Has Disclosed

I worked through some of the analyses of the Colonial Pipeline event. You can get the “predictive analytics” view in Recorded Future’s marketing-centric blog post “DarkSide Ransomware Gang Says It Lost Control of Its Servers & Money a Day after Biden Threat.” You can get the digital currency can be deanonymized view in the marketing-oriented “Elliptic Follows the Bitcoin Ransoms Paid by Colonial Pipeline and Other Dark Side Ransomware Victims.” You can get the marketing-oriented “Colonial Pipeline Ransomware Attack: What We Know So Far.” Please, read these after-action reports, pull out nuggets of information, and learn how well hindsight works. What’s hindsight? Here’s a definition:

the ability to understand an event or situation only after it has happened (Cambridge.org)

The definition edges close to the situation in which cyber security (not Colonial) finds itself; namely, I have seen no names of the individuals responsible. I have seen no identification of the sources of funding and support for the group responsible. I have seen no print outs illustrating the formation of the attack plan or of the log data making explicit an attack was underway.

The cyber security industry is a club, and the members of the club know their in-crowd has a license to send invoices. Not even IBM in its FUD days could have created a more effective way to sell products and services. These range from real time threat intelligence, to predictive reports explaining that lighting is about to strike, or smart autonomous cyber nervous systems sounding alarms.

Nope, not that I have heard.

Here are some issues which Colonial raised when I participated in a conference call with a couple of LE and intel types less than 24 hours ago:

1. The existing threat intelligence, Dark Web scanners, and super AI infused whiz bang systems don’t work. They missed SolarWinds, Exchange Server, and now the Colonial Pipeline affair. Yikes. Don’t work? Right. Don’t work. If even one of the cyber security systems “worked”, then none of these breaches would have be possible. What did I hear in Harrod’s Creek? Crickets.
2. In the case of Colonial, how much of the problem was related to business matters, not the unknown, undetected wizards of Dark Side? Who knows if the bad actors were the problem or if Colonial found the unpleasantness and opportunity for some breathing room for other activities? Where are the real journalists from Bloomberg, the New York Times, the Wall Street Journal, the Washington Post, et al? Yep, sources produced nothing and now the after action analyses will flow for a while.
3. What about the specialist firms clustered in Herliya? What about the monitoring and alerting systems among Cambridge, Cheltenham, and London? What about the outfits clustered near government centers in Brussels, Berlin, and Prague? I have not heard or seen anything in the feeds I monitor. Zippo.

Let’s step back.

The current cyber security set up is almost entirely reactive. Any breach is explained in terms of China, Iran, and Russia. Some toss in Iran and North Korea. Okay, add them to the list of malefactors. That does not change the calculus of these escalating cyber breaches.

The math looks like this: 1 + 0 = 3²

Let me explain:

The “1” represents a cyber breach

The “0” represents the failure of existing cyber security systems to notice and/or block the bad actor’s method

The 3² means the impact is exponential—in favor of the bad actors.

With no meaningful proactive measures working in a reliable function, the cyber security systems now in place are sitting ducks.

Some body said, “Our reaction to a situation literally has the power to change the situation itself.” Too bad this aphorism is dead wrong.

When the reactions are twisted into marketing opportunities and the fix does not work, where are we? I would suggest in a place that warrants more than sales lingo, jargon, and hand waving.

The talk about cyber security and threat intelligence sounds similar to the phrase, “Please, take off your shoes.”

Stephen E Arnold, May 21, 2021

Cyber Security: What Are You Doing?

I read “A Federal Government Left Completely Blind on Cyber attacks Looks to Force Reporting.” The write up uses a phrase for which there are a limited number of synonyms in English; namely, completely blind. There are numerous types of blindness. There’s the metaphorical blindness of William James, who coined the phrase “a certain blindness.” The wordy kin of the equally wordy Henry James means, I think, that some people just can’t “see” something. A friend says, “You will love working at Apple.” You say, “I don’t think so.” Hey, working at Apple is super, like the chaos monkeys on steroids.

Other types of blindness include losing one’s eyes; for example, Tiresias, who lost his vision seeing some interesting transformations. (Look it up.) There’s the Oedipus angle which involves breaking some Western cultural norms, ignoring inputs, and gouging out his eyes. Yep, that will do. Don’t listen, generate some inner angst, and poking one’s eyes. There are medical reasons galore. These range from protein build up, which is easily corrected today with some medical magic to truly weird stuff like nuclear radiation.

The point is that cyber security has left the US government “completely blind.” The write up says:

Lawmakers of both parties told POLITICO they are crafting legislation to mandate cyber attack reporting by critical infrastructure operators such as Colonial, along with major IT service providers and any other companies that do business with the government.

What are the “rules” now? The write up says:

No federal law or regulation requires pipeline operators to report any cybersecurity incidents to the government. Instead, suggested guidance from the Transportation Security Administration — the federal agency that oversees pipeline cybersecurity — recommends that they tell local and federal officials about significant breaches.

President Biden says, according to the article, “we have to do more than is being done now.”

Who agrees? If a commercial enterprise says, “Yo, breach”, won’t the stock or value of the brand decline. If a government agency says, “We’ve been hacked”, what happens to the security manager and his / her manager?

Are the cyber security vendors able to provide a solution? Maybe.

To sum up, lots of talk and more regulation. In the meantime, ransomware bad actors are seeing an open road, no traffic cops, and a dry, clear day. Put the pedal to the metal.

Stephen E Arnold, May 20, 2021

Security: Survey Says, Not Buttoned Up

I read “Two Thirds of CISOs Admit They’re Not Ready to Face a Cyber attack.” Who would have guessed? Executives at SolarWinds, Microsoft, or Colonial Pipelines? Yet, we needed a survey to make insecurity visible it seems. The write up reports:

The 2021 edition of Proofpoint’s Voice of the CISO report — based on a survey of more than 1,400 CISOs in 14 countries — found 66 percent of the executives acknowledged their organizations were unprepared to handle a targeted cyber attack this year. In addition, more than half the CISOs (53 percent) admitted they are more concerned about the repercussions from a cyber attack this year than they were in 2020.

First, the good news. Cyber security executives are admitting that they are in reactive mode but admitting their work has been ineffective.

Now, the bad news. Bad actors can exploit the “gap” which exists between what executives license to protect their colleagues and their employers’ assets. That means that 2021 is not just going to be worse than 2020, one of the study’s findings. The survey data points out these findings:

• 64 percent of the survey respondents are “at risk of suffering a material cyber attack.” (Are those other 36 percent that confident?)
• 34 percent expect email compromises
• 27 percent anticipate ransomware. (73 percent of the sample are apparently not that nervous about ransomware. Odd because insiders and phishing deliver the goods, and the Colonial Pipeline incident makes clear that authorities can apply pressure to bad actors after the event. Predictive marketing jabber, not too helpful it seems.)

And threat intelligence, Dark Web indexes, and “special” content available to some cyber intelligence firms are more like looking in a rear view mirror than watching what’s ahead. Of course, this is my opinion, and I am confident that the venture fund fat cyber intelligence firms will beg to disagree.

Stephen E Arnold, May 18, 2021

How To about Ransomware from Lawyers

Lawyers are sophisticated technologists in general. I was amazed with the advice in “Avoiding Ransomware Attacks is Not a Pipe Dream: Actionable Steps to Avoid Becoming the Next Victim.” Let’s run through the suggestions, shall we?

The first is to buy insurance. I am not sure how hedging financial losses is a way to “avoid ransomware.” If anything, insurance gives some people a false sense of security. My information comes from some individuals who suffered storm damage in Florida. Not a good sample I admit.

The second tip is to “understand what your IT provider is actually providing you.” My reaction to this brilliant chunk of “mom says” is that law firms may lack information technology professionals. I assume this dependence on outsourcing from individuals who have not read and understood the terms of their agreement with a service provider is a willing suspension of disbelief. Obviously any lawyer smart enough to buy insurance knows what an “IT provider provides.” Stellar logic.

The third tip is more reassuring: Understand what your “internal IT provides you.” Is there a cultural divide between the billable and the individuals who provide IT? No, it is helpful to speak with these IT professionals. For example, read the “data inventory.” Read the WISP or “written information security plan.” Know the firm’s “data breach response plan.” Know the “data retention plan.” (Absolutely. Without a copy of the information germane to a trial, how can those billable hours be counted. Perhaps keeping these data on a USB or a personal computer at one’s domicile is a great way to facilitate the “keep on billing” approach.) And, know the training plan. My goodness, it is possible that if a security training session is held at the firm, one should read about its plan. Attend? Yeah, well, maybe. One question, “Is there a Zoom or YouTube video one could watch if one is not billable?)

The final way to “avoid” ransomware is to talk with an attorney. What? I think the idea is that a firm may have its own legal counsel. But are recent hires permitted to call a firm’s legal advisors and spend the partners’ bonus money?

I am thrilled with this advice. Bad actors aware of law firms embracing this write up’s approach to security will seek a new line of work. Terrifyingly effective. Intellectually incisive. Practical. All-in-all wonderful.

Stephen E Arnold, May 17, 2021

« Previous Page — Next Page »

• 

• Search the site

•  

  Subscribe to Beyond Search

  • 
  • 
   
  • 
   
  
  Feature archive
  News archive
   
  
  
  Stephen E. Arnold monitors search, content processing, text mining and related topics from his high-tech nerve center in rural Kentucky. He tries to winnow the goose feathers from the giblets. He works with colleagues worldwide to make this Web log useful to those who want to go "beyond search". Contact him at sa [at] arnoldit.com. His Web site with additional information about search is arnoldit.com.

• Categories

  • 3D-Printing
  • Acquisition
  • Advertising
  • Aggregation
  • AI
  • Alexa
  • algorithms
  • Amazon
  • Amazonia
  • Analytics
  • Appliance
  • Applications
  • Audio
  • Augmented Reality
  • Big data
  • Bing
  • Bitcoin
  • Bitext
  • Book review
  • Business intelligence
  • Business process
  • Business strategy
  • Censorship
  • Cloud computing
  • Company Profile
  • Conferences
  • Connectors
  • Consulting
  • Consumer
  • Content processing
  • Copyright
  • Corporate Concerns
  • Cost
  • Crawl
  • Crowdfunding
  • cryptocurrency
  • Customer support
  • Cyber OSINT
  • cybercrime
  • cybersecurity
  • Dark Web
  • DarkCyber
  • Data
  • Data mining
  • Database
  • Deepfakes
  • Digital Assistant
  • Digital Library
  • E2EE
  • ECommerce
  • EDiscovery
  • Editorial opinion
  • Education
  • Emoticons
  • Enterprise
  • Enterprise search
  • Entity extraction
  • Ethics
  • Facebook
  • Faceted search
  • Factualities
  • Feature
  • Federated search
  • Financial
  • Fogint
  • Google
  • Governance
  • Government
  • Hackers
  • healthcare
  • IBM Watson
  • Image search
  • Indexing
  • Infrastructure
  • Innovation
  • Integration
  • intelware
  • Interface
  • Internet
  • Interview
  • Investment
  • law enforcement
  • Legal matters
  • Library automation
  • Management
  • Marketing
  • Mathematics
  • Metadata
  • Microsoft
  • Mobile
  • Natural language processing
  • News
  • NGIA
  • Online (general)
  • Open Access
  • Open source
  • OSINT
  • Osint Radar
  • Overflight
  • Palantir
  • Patents
  • Personnel
  • Podcast
  • Policeware
  • Portals
  • Predictive coding
  • Privacy
  • Profile
  • Publishing
  • Quotation
  • Real time search
  • Reference tool
  • Rich media
  • Robot Writer
  • Search
  • Search enabled applications
  • search engine
  • Search quality
  • Security
  • Semantic
  • Sentiment analysis
  • SEO
  • SharePoint
  • Short Honks
  • Smart Technology
  • Social
  • Social Media
  • software
  • Statistics
  • Taxonomy
  • Technology
  • Text analytics
  • Text processing
  • Tools
  • Tor
  • Training
  • Translation
  • Twitter
  • Uncategorized
  • Unstructured Data
  • User experience
  • User Interface
  • Vertical search
  • Video
  • visualization
  • Voice search
  • Voice technology
  • Web 3
  • Web Services
  • Webinar
  • Windows
  • Work flow
  • XML
  • Yahoo

• Archives

  Archives Select Month December 2024 November 2024 October 2024 September 2024 August 2024 July 2024 June 2024 May 2024 April 2024 March 2024 February 2024 January 2024 December 2023 November 2023 October 2023 September 2023 August 2023 July 2023 June 2023 May 2023 April 2023 March 2023 February 2023 January 2023 December 2022 November 2022 October 2022 September 2022 August 2022 July 2022 June 2022 May 2022 April 2022 March 2022 February 2022 January 2022 December 2021 November 2021 October 2021 September 2021 August 2021 July 2021 June 2021 May 2021 April 2021 March 2021 February 2021 January 2021 December 2020 November 2020 October 2020 September 2020 August 2020 July 2020 June 2020 May 2020 April 2020 March 2020 February 2020 January 2020 December 2019 November 2019 October 2019 September 2019 August 2019 July 2019 June 2019 May 2019 April 2019 March 2019 February 2019 January 2019 December 2018 November 2018 October 2018 September 2018 August 2018 July 2018 June 2018 May 2018 April 2018 March 2018 February 2018 January 2018 December 2017 November 2017 October 2017 September 2017 August 2017 July 2017 June 2017 May 2017 April 2017 March 2017 February 2017 January 2017 December 2016 November 2016 October 2016 September 2016 August 2016 July 2016 June 2016 May 2016 April 2016 March 2016 February 2016 January 2016 December 2015 November 2015 October 2015 September 2015 August 2015 July 2015 June 2015 May 2015 April 2015 March 2015 February 2015 January 2015 December 2014 November 2014 October 2014 September 2014 August 2014 July 2014 June 2014 May 2014 April 2014 March 2014 February 2014 January 2014 December 2013 November 2013 October 2013 September 2013 August 2013 July 2013 June 2013 May 2013 April 2013 March 2013 February 2013 January 2013 December 2012 November 2012 October 2012 September 2012 August 2012 July 2012 June 2012 May 2012 April 2012 March 2012 February 2012 January 2012 December 2011 November 2011 October 2011 September 2011 August 2011 July 2011 June 2011 May 2011 April 2011 March 2011 February 2011 January 2011 December 2010 November 2010 October 2010 September 2010 August 2010 July 2010 June 2010 May 2010 April 2010 March 2010 February 2010 January 2010 December 2009 November 2009 October 2009 September 2009 August 2009 July 2009 June 2009 May 2009 April 2009 March 2009 February 2009 January 2009 December 2008 November 2008 October 2008 September 2008 August 2008 July 2008 June 2008 May 2008 April 2008 March 2008 February 2008 January 2008 November 5

• Recent Posts

  • Pass a Law to Prevent Youngsters from Accessing Social Media. Yep, That Will Work Well
  • FOGINT: Telegram and Its Possible Latent Weakness
  • Deepfakes: An Interesting and Possibly Pernicious Arms Race
  • The Golden Fleecer of the Year: Boeing
  • Directories Have Value

• Meta

  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org