Place Holder Products Code
Bash MySQL
Notes Return of the Fed Login
Admin Control Panel Email Control Panel Product Control Panel Debug Info Beacon Create Snippet Tag Control Panel

m7c1

Much by way of discourse, some by way of advice; security from Clausewitz to Fancy Bear.
Buffer Overflow 0x01
Buffer Overflow 0x01

A buffer overflow is one of the oldest tricks in the book.  The NSA was performing them in the 70s, and they continue to be a problem today.  As we'll explore here, they result from an interaction between inappropriate assumptions and the way modern operating systems function.  In this tutorial, we'll cover a very simple example of how the execution of a poorly coded program can be subverted to give control over the system it's running on.

Posted by Will - October 24th '19
The Morris Worm
The Morris Worm

    Robert Tappan Morris, the son of Bell Labs researcher and National Security Agency (NSA) computer specialist and cryptographer Robert ‘Bob’ Morris, was born in November of 1965 in rural New Jersey.  Bob and his wife Anne were pragmatists, growing their own food when it became expensive, preferring to use hand-me-down appliances and repair them instead of purchasing new ones, and accepting television into the living room after determining their then six year-old daughter to be “mass-culture ‘illiterate’” (Hafner & Markoff, 1995, p.272). Young Robert read voraciously, finishing the complete Lord of the Rings trilogy in third grade, and distinguished himself in school: a slump in grades correctly attributed to boredom was remedied by having him skip fifth grade entirely.  Robert continued to excel academically, and soon became interested in his father’s line of work, especially what we might now term ‘systems security.’ As a teenager, his study of the Unix operating system lead him to uncover a flaw that allowed privileged access to one machine to provide privileged access to any networked machine.  After exploring a little, he told the Bell scientists about his discovery and they fixed the vulnerability.

Posted by Will - August 23rd '19
Tor and "Invisibility"
Tor and "Invisibility"

In March of 2017, Linux Magazine published an article titled Invisibility Cloak in which they described the Tails operating system and how it provides anonymity via Tor (Thommes 2017).  Several months later, Engadget ran a story called ‘Karma's New Hotspot Gives Users a Cloak of Invisibility’, describing a new Tor enabled router (England 2017).  Perhaps this conception of an invisibility cloak was best summed up in a Gizmodo article from 2014 titled ‘Tor Is Still Safe’, the first sentence of which reads “Tor is having a bit of a crisis, as it's become increasingly clear that the wildly popular network isn't the internet invisibility cloak it was once thought to be.” (Aguilar 2014)  While this notion of an invisibility cloak is attractive for many reasons - even romanticized in folklore and popular fiction - the focus on the technology itself perpetuates a dangerous misconception about anonymity on the Internet, and misses the real story of Tor: a conflict over what the cloak conceals.

Posted by Will - May 24th '19
Curation
Curation

    A few weeks ago I wrote about what appears to be the changing nature of obscurity.  Under the now nearly ubiquitous model, actively thwarting data collection is no longer likely to obscure you from surveillance, but rather to highlight you.  Extending the concept of the security of the majority to data collection suggests that the majority one wants to join is no longer the mass of the unsurveiled.  Ubiquitous collection and the wild-west-like data-use market strongly suggest that we’re well over the hill in terms of big data, and we need to update our doctrine to reflect that reality.  I imagine there are many clever ways one might mitigate this issue. I propose weaponizing the means of data production through curation.

Posted by Will - April 26th '19
Obscurity
Obscurity

    We’re experiencing a fundamental shift in the way in which security is achieved.  This shift is, I think, best described by examining the differing characterizations of the ‘before’ and ‘after’ states.  The before state is one characterized by a general lack of data. Universal data collection was, for a variety of technological and cultural reasons, not being done.  An individual enjoyed the benefits of safety in numbers simply by default, without having to take any special action. An entity wishing to obtain more information about that person, perhaps wishing to compile a profile on that individual, would need to specifically target that person for surveillance.

Posted by Will - March 17th '19

Search

Popular Posts