-
SVR snaps back at Biden
On April 15th the US dropped a load of sanctions on Russia for election interference, and hacking, and generally being Russia. There is a lot of good info to unpack from the sanctions, but for now let’s look at the way Russia’s foreign intelligence service, the SVR, has responded to being called Cozy Bear. (Hint:… Read more
-
SolarWind, enough with the password already!
This is a much delayed discussion on the complexity and nuance of the SolarWind hack. The simplistic and wrong messaging from some quarters of the infosec community has resulted in an atrocious misunderstanding of the hack in the public sphere. This has extended into the policy world as these bad takes are treated as cogent… Read more
-
Why Backdoor the Golden Goose?
Why I don’t think Huawei will install back doors in 5G telco equipment — it would be a forced error when they are poised to achieve a win that will give them a strategic advantage for years and maybe decades to come. I don’t think they want to backdoor everything. That’s a sort of crude… Read more
-
On Pre Op Hackers
Proper Planning and Preparation Prevents Piss Poor Penetrations I was asked for good references on pre-operation phases of hacking. I recommended Matt Monte’s “network attacks and exploitation: a framework”, and Bill McRaven’s “Spec Ops: Case Studies in Special Operations Warfare: Theory and Practice”. The Monte book is the best book on cyber written so far.… Read more
-
The Network is not the Issue Dude
Ageism is never a good look There is an argument that goes “the Internet is not secure because it was designed in the 60s (or 70s, or whenever) and back then security wasn’t part of the plan. Now we’ve inherited that legacy of no security, and it haunts us still.” For some reason this has… Read more
-
Cyber Events
There is a constant need to label cyber operations as “cyber ${battle from history}.” The most recent one, indeed the one that inspired me to write about this phenomenon, is the spectacularly insane “cyber Cuban missile crisis.” The exact quote is from some fraudulent “cyber security experts” apparently: Experts are telling me that the solar… Read more
-
Cyber Writing Sucks
In the medieval era scribes and poets wrote about war and conflict for a class who participated actively in those activities. As a result, a great deal of the writing is actually very accurate in its depictions because the audience knew when it was inauthentic. This strikes me as an interesting point because the cyber… Read more
-
A Walkthrough of “Biden’s Laptop” with Rudy Giuliani
I have transcribed the audio from this video clip of Rudy Giuliani performing an examination of one of the alleged Hunter Biden laptops. We don’t see the screen so I’ve attempted to figure out, and explain, what he’s seeing and doing. Evidence stomping Giuliani’s investigation methodology violates every principle of digital forensic analysis. His clumsy… Read more
-
How to hide money laundering on the blockchain
This is a summary of the key points from this article: How to Not Get Caught When You Launder Money on Blockchain? Seems like successfully laundering Bitcoins is fairly complicated, lots of pitfalls. Secrecy is usually binary, it is all or nothing. If there is secrecy for 99 transactions and then a failure on the… Read more
-
Ransomware Prohibition
Theres nothing that can’t be made worse The Treasury has moved to prohibit payment of ransomware ransoms. They’ve said there will be some exceptions, and it is obvious that this won’t be an effective complete global ban on payment. The result, a partial ban on payment, is the worst possible ransomware environment for victims. The… Read more