ShmooCon Day 2 Part 2

Bring-It-On. This. Analysis of logs to see what happens when security researchers hit known bad hosts.

They seem to be looking at clients accessing known C2 hosts, then looking to see if they can access those clients. I’m trying to be shocked that these, largely, are coming from places like Iran and China.

Curiosity made me look at IPv6 adoption in Iran. Hmm. Interesting. While I really do think that there should not be government efforts to block traffic, I wholeheartedly support individuals/companies blocking traffic to/from that part of the Intertubes.

Next up is this on deception operations. Interesting, but really not a lot that I have any insight into.

Was kind of in and out on this; mislaid something and was looking for it. Anyway, I understand what they were trying to do and assume abandoned domains. It’s good information to have, but I’m not exactly sure what he’s really trying to do. Okay, it’s abandoned. If you’re worried about things like a dominate, there’s always something you can do with a wildcard, then narrow down from the bucket once you see something you want.

Did see all of this one. I understand, and sympathize with, her motivations and concerns. Yes, you should be able to make it harder to get your personal information. Yes, it should be protected by whomever collects it.

If CFPB is the answer, you asked the wrong question. There are very few things government does well; protecting consumers isn’t one of them. Hell, if you look at what’s going on in LA this week, you could easily extend that to delivering water, and providing fire protection, How about that TSA?

This one is interesting when it comes to things like cheap network cameras. Ubiquity for the hardware is a problem with so many of them sending foreign places, but I think probably a lot of it can be solved by just paying attention to what you purchase. I’m just wondering if you don’t need to do better with blocking outbound traffic. They talk about measures put into the firmwares that are there to circumvent protections, but I have to admit my skepticism. If you have a halfway-decent Layer-3 device, you can shut down traffic. If it’s this type of traffic coming from this device, it’s blocked.

As someone who is plugging through all of the Beavis & Butthead , “Silent Push” sounds flatulent.

But this is about FUNNULL, something I’ve never heard about.

Interesting that this is all because of gambling run offshore. These work for money laundering.

People like to gamble. People like to drink, smoke, do other drugs. It’s almost as if these are innately human behaviors.

And the last one. I’m thinking it’s stuff where I’ve completely lost the bubble. Intersting things at the site.

It’s absolutely interesting, but I really don’t have the stuff, or th time.

ShmooCon Day 2 Morning Belay It

Really not feeling great this morning, but I was able to get back up to the room to watch.

First one was about tracking Kubernetes. I’ve not done anything, really, with Kubernetes, so this is kind new for me.

Lots of discussion about thing with /dev/bpf in Linux. I didn’t realize that it was still there?

Transitioned in to discussion of risk analysis and prioritization. Too much effort is being spent

This is very applicable to some of what I’m doing for work, but it’s something a lot of the sekurity mastars don’t understand. I’m thinking of one IAC I was working. Yes, it’s a Medium vulnerability. Yes, that finding negatively-affects the overall system score.

But I’m pretty sure the number of users with privileges to exploit it can be counted on one hand, and implementing the system change would take weeks, and, use all system resources during the implementation.

Next talk was about how exploitation works. Some interesting information about how to exploit things like Totes-Didn’t-Used-To-Do-Evil KDE Browser extensions.

“John The Ripper” can crack things like the Apple Passwords utility, which is actually pretty good unless you get the Apple account password.

PowerShell script available for testing Windows hosts for common accounts.

Recommendation of auditing accounts that might cause a problem if they’re compromised.

Went into this one with great skepticism.

There was a talk, and it probably would have been like 2018, that really focused on Russian influence in the 2016 election.

This isn’t taking that tack. The speaker didn’t do a good job disguising his political bias, unfortunately.

Nothing with the sort of things that I think might repair the Presidential system, at least.

  • Expand the House. Take a state’s population, divide by the smallest state’s population, and round UP to the next whole number. The 435 limit in the House isn’t set anywhere other than by legislation from the Wilson administration.
  • Do electoral vote allocation the way Maine and Nebraska does. Winner-take-all goes away, unless a candidate actually gets a majority of the vote in a state.
  • Repeal the Seventeenth Amendment

Bits on foreign interference. No evidence of it actually provided, just as it wasn’t with the 2016 election. When a Republican wins, it’s foreign interference. When a Democrat wins, you can’t even question it.

In the Presidential elections where I’ve been old enough to vote, I’ve mostly voted for the Libertarian candidate.

Not impressed with that one.

Time to rest a bit, see if my body will allow me to go back downstairs to watch more in person. Ugh.

Shmoo One

I really wasn’t feeling well after trying to breathe through a face diaper again. Oops.

I did have things on in the background. Right now, I’m listening to KRenner talk about finding gigs from an HR perspective.

It’s interesting, but I’m inclined to think that much of this is now OBE. Despite the robust economic latching on with a big company and advancing there is a thing of the past.

Really sour on most things HR after the past few weeks. I saw something on X about Lowe’s killing of its DEI programs. That was right on the heels of the news about FacH^H^HMeta doing the same.

A lot of that stuff is from HR staffs. Will they ever get the message? I

I’m not holding my breath.

There’s still a certitude about where the future is headed.

But they’re wrong. And it becomes quickly apparent that there’s just nothing there at all. Going on in may different places.

End Of The Moose

Settling in to my hotel room for the final Shmoocon. Early check-in? Sure, why not?

Perusing the schedule for what I might want to see.

Kinda tempted to bounce out early on Sunday. I can watch closing remarks from home. While I’d like to do some schmoozing after closing remarks, there’s a tiny dog who needs my attention at home.

Looks like mostly Belay It, with a smattering of Bring It On.

Shows just how little building I’m doing these days, I guess.

So, here we go.

Shivering Saturday

Preparing for first significant snow in the Beltway Swamp really since our first winter here.

Even if the electricity goes out, we should be okay. They keep lowering the snow totals in the forecast runs. I’m guessing four inches.

But it’s going to be cold. That’s not good for someone with balance issues; even less so for a tiny dog.

Catching up on email, paying the slightest amount of attention possible to football until the playoffs are well underway. The Lions-Vikings game tomorrow night should be good.

Monday is January 6th, where President Trump will be returned. Generally indifferent, though mildly interested to see what happens.

Did see this pop across my browser welcome screen this morning. If anything ever required a “yeas, and…” response, it’s this. I appreciate the author’s frame of reference from time in Bulgaria. What the Soviets did there was bad. So, yes, and…. did you miss what happened in Romania on Christmas Day in 1989?

Trump isn’t ideal, but is any of the stuff he might do as bad as what the Chinese have done in Hong Kong, or Tim Walz did in Minnesota?

The cops were shooting people with paintballs to keep people off their porches during a public health crisis.

Biden tried to make it so you couldn’t work or travel if you didn’t take a shot.

How about what the Marxist did/is doing in Brazil?

Bad things happened all over the world in 1989, but it’s better to only highlight the things that help make your point.

Thinking back to college and an early-Boomer professor who would liberally-quote Simon & Garfunkel–a man hears what he wants to hear, and disregards the rest.

Saying Trump is a Nazi didn’t work, so what do we do now?

Disjointed

I was distracted yesterday with the thoughts that wrought that memory.

Last two days of the year are workout days. My legs are sore.

Fantasy football resulted in two disasters yesterday. So, second place in my league, and seventh in the other Yahoo league.

Obviously, most of the pods are on holiday break, but there’s been a few things I’ve filled back in.

I need to get to the doc to get this weird finger thing I’ve got going on checked.

More later, maybe.

Weather Digging Up Memories

As I was procrastinating about going to work out today, I was looking for something to listen to on Apple Music.

The first summer after my dad died, my wife and I were holed up at my mom’s house riding out a hurricane. I noticed that it was my mom’s first anniversary day as a widow. Both of the dogs had died, so she was living in this huge house by herself.

Knowing how flaky the electricity could be at that house during storms, we were cooking up a lot of the things in the fridge that’d probably go bad if the power was out for a few days.

I hadn’t brought up the date, but I could tell that my mom was a bit down. Finally there was a moment where I noticed she was crying.

“It rained that day, too.”

Christmas Eve

I started typing this with a bit about the frozen things falling outside, with a bit of a lament that it’d be over soon, and that what I’m hearing is the only frozen precep in the forecast for the foreseeable future.

Coffee retrieved, and th sleet has stopped.

The stockings aren’t hung by the chimney with care. We don’t have a fireplace, and such barbarism won’t be allowed long here in the Beltway Swamp. The only acceptable burning odor allowed is the strangely-legalized weed.

Keep Virginia Blue. Just like Harry Byrd intended.

Could have been his dad, too, who was also loathsome.

So, what else is up?

Bad Saints’ loss last night. I missed most of it because I was fitting in the last bits of work.

At least they’re not the Giants.

And maybe I should get past the irrational annoyance I had about them with the weird defense and boring offense gone.

But it is difficult to do when it’s the Saints on the receiving end of a drubbing.

So. What else is going on? I looked to see if I had something I wrote probably around the time my dad died (late 2010). I changed my mind about capital punishment. This is a power the state should not have. Yes, I take into account the Church’s teachings on it, but, perhaps reflexively, I think it’s just a power the state shouldn’t have.

If someone is truly awful, he can stay incarcerated forever. I don’t care. See Sirhan Sirhan. You know, the guy that the Libertarian coming into Trump’s cabinet thinks didn’t kill his father.

Do I care that he’s never going to get out of prison? Nope. Not really.

But news yesterday had two stories that really had me being okay with them being killed.

The first was these two from Georgia. That one conflicts me even more, as they didn’t kill anyone, which is the standard for all executions.

The other was the case of what happened in the NYC Subway. I selected that story because it doesn’t have some of the photos that were on Twi^H^H^HX. Yeah, he can die. I understand I shouldn’t feel that way, but I do.

There was also some stuff last few days about North Korean soldiers being killed in Ukraine. Naturally, the NeoHippie Putin apologists question the numbers, and whether it even happened.

No, it did happen.

And they’re slaves fighting for Putin. They can’t flee without being shot.

Slaves.

Keep that in mine, Auburn.

But I think I’ve poured out enough for now. Time to go enjoy some Christmas cheer.

It Goes Fast

I wrote last week about how busy I was.

Wednesday I attended this:

I showed up just as Matt Welch was delivering his opening.

I was there, and think my opening vote might have timed out…..I said Matt and Nick won after trying to vote undecided at the open.

While I have voted for some Democrats in the past as a statement against a particularly bad Republican, the Democrats have done some absolutely batshiat crazy stuff, really, since about 2005. I put a lot of it on the reax to Katrina. That was a massive failure of local, but especially state government. For every reference to “heckuvah job, Brownie,” there was a spooky silence about Kathleen Blanco.

Things didn’t really start moving there until LTG. Honore showed up.

Sarah mentioned Harry Browne during her open, but Katrina should have driven the point home that government doesn’t work.

Yet that’s the Democrats’ prescription for just about anything.
Health Care
Disaster Relief
Monetary Policy
COVID
You name it.

Another 6K GS-11s will solve it.

And they never do.

Bubuhbut OrangeManBad!!1!

Yep. And I didn’t vote for him. But you all did vote for vaccine mandates, lockdowns, the disastrous Afghanistan withdrawal, the Inflation Reduction Act, a completely open border, continuation of Trump’s tariffs…..

You need something way more compelling to convince me that voting for Biden is a good idea.

This is what I posed on the Substack discussion of it:

Random asides: Substack makes copypasta way difficult…almost as difficult as some of the data protection features I’ve seen recently to stop data spillage. Also, the text-prediction stuff on iOS has gotten pretty damn good; I’m able to type full replies using the predictive e text much of the time on my phone. As with the Crypto scammers I dealt with on WhatsApp, I will get information out. You can’t hide things, no matter how hard you try.

This was the night before the Fami Willis disqualification in Georgia. The two debating the Reason editors-at-large were from The Bulwark, which is something I’ve really not paid much attention to. You don’t like Trump. I get it. I never voted for him, and, in spite of all the things the Democrats did to him, the LP’s basic endorsement, etc., I couldn’t bring myself to do it.

But how does it make you feel?

Ambivalent? Do I hold some hope that Trump/Musk/Vivek will get things trimmed down? Maybe a bit? Am I very confident about it? Nope.

But I do enjoy getting into Reason events. I wish I could have stayed longer, but I had an early morning.

Busy Week

Hi!

Yeah, I’ve been incredibly busy all week. Maybe that really affected my attention, but I generally do feel okay about some of the things I’ve pushed back on with work.

I do think there’s a hard push to do things in the most stupid, expensive ways possible, but there’s not a ton I can do about that.

I still am tempted to stick with the halve-and-grow-back-as-needed approach to just about everything.

That approach has worked for me in so many instances. But, like, the vendor says you need to buy this really expensive stuff!!1! Noted. It’s not your money. You were hired to make things work effectively, and the vendor “requirements” aren’t your requirements. You have to make the product work, not sell hardware or software.

It’s even more of an issue when one vendor is selling both.

But to do proper work requires doing engineering using tried-and-true practices, scream waterfall scream, but it works. Yeah, I know getting someone important to sign off on your engineering work takes time, but you’re spending other people’s money. In the case of tax money, it’s money that’s been I forcibly taken.

Do the right thing. You have to look at yourself in the mirror.

That admonition leads me into the news section of things. Yes, I’ve been paying attention even if I haven’t said a lot…..

The UHC murder case. Lots of speculation from some really terrible people. Oh, it was justified because he’d been denied care by UHC. This is what you get when you’ve got for-profit insurers denying care. Any reasonable person could understand why he did what he did. Except he wasn’t insured by UHC, had been involved with psychotropic drugs, was from an affluent family, and…. Senator Warren, I will continue to ignore you, still, as best as I can. Maybe some Pow Wow Chow can distract me. The Substacker, formerly of The Old Grey Lady, and Space Cowboy Jeff’s tax write-off, I will refrain from raw-dogging anything to do with you.

Daniel Penny was acquitted. I’d just assume avoid NYC until Alvin Bragg is gone. While I hear things that NYC is better than it was last time I was there, they elected these people, and deserve the consequences.

Looks like I am going to go to the final Shmoocon. Never got a response on the sponsorship tickets, btu I’m pretty sure there is one available for me through a friend. If they ever get back to me on the sponsorship, I’ll stick to my promise….and have probably two tickets to move. But I am going. Room booked. It’s earlyish this year, so it’ll be cold. Given some of the past experiences, that seems absolutely appropriate. 2009 was such an odd experience, but it’s something I’ll remember as long as I live. Or was that 2010? I don’t remember. Pretty good con content, and it snowed. Hard. So hard that the atrium between the budlings collapsed. I helped push a DC cop out of a snow bank. I’ve barely spoken to some people with whom I was formerly close because of things that were said over the then-new Twitter. I really can’t see anything I’d written about it back then. Now thinking more about it, it was probably 2010, because I was definitely having issues that’d lead to my MS diagnosis just a few months later.

Drones. I haven’t been outside to glance at the sky in the past few nights. I’m outside most often early in the morning when I’m going to and from the gym. I haven’t seen anything. Obviously, there’s the information coming out of New Jersey, which coincidentally was where War Of The Worlds was set, Governor Hogan up in MDDR, etc.. I don’t know. Well, they ought to be shot down!!1! Um. By whom? And what about damage that happens on the ground because of the downing? I don’t know. I’m not sure that putting anyone in prison would fix it, assuming they’re competent to stand trial. But like the Chinese balloon that was shot down over the Atlantic Ocean after it’d cruised across the US, open up, y’all. But I’m also trying to still work my way though the Star Wars movies simultaneously. Are they like clones?

This morning, saw something that reminded me of the reasons I’m very much down on the reinvented Libertarian Party.

If anyone reading is interested in knowing why this is an antisemitic trope, I’ll assume that you’re savvy enough to STFW, and find out.

And I think I’ve written enough for today. Off to do some of the other things I need to do today.