Month: February 2023

What in the World is a Penetration Test?

A penetration test is an agreed-upon simulated, offensive cybersecurity engagement that tests for vulnerabilities in the target’s systems. The red team is the offensive team and the defenders are the blue team. The organization being tested is looking for weaknesses in their systems.  (Optionally, an organization may set up a purple team to support the engagement.)

In order to do a penetration test you need written permission with specific rules of engagement. You cannot deviate from the plan that is agreed upon. Even scanning the ports of the target system can throw up red flags for the responsible organization and can lead to legal trouble for you if not documented.

Though many red-team/blue-team exercises use in-house teams for both, an outside hacker can actually make some good money doing this. Some hackers make a career out of it. I’ve heard of a contract tester making $50,000 for one engagement; though in-house team members can make $140,000.  There’s even two certifications specifically for penetration testing, the Certified Ethical Hacker and PenTest+ certs.

Halo’s red team/blue team borrows from this concept: Spartan Showdown: Blue Team vs Red Team – YouTube

Another difficult passage: grain sacrifice

The disapproval of God for the grain sacrifice versus meat is another difficult passage. I know there are some explanations, but it’s one of those where you wonder: why the meat and why does God like the pleasant smell of the meat?

Why the human sacrifice of Christ for that matter?

After the beauty of Christ, doesn’t it seem almost blasphemous?

 

Old places

Last time I was in the U.K. I spent some time in the New Forest. Wild ponies.

I didn’t return to my childhood school, but the places where we lived in Northbourne gave rise to memory. Walking to the local store, down by the river with my uncles, the pub frequented by dad and uncle.

There is a quietness of the chill air.

In summer, my nan sat in the yard, bathing in the sun, a little bold perhaps.

But the neighbors are gone now, too.

Sometimes, returning to old places, the ones from our childhood the most, destroys the dream.

Defense in Depth

Layering security measures is called Defense in Depth. Though zero trust is the phrase of the day, defense-in-depth can be a complementary approach to security.

Preventive measures can prevent breaches of confidentiality, for example, measures such as file encryption, TLS encryption for websites, or protecting a certificate key.

Detective measures include intrusion detection/prevention systems (IDS/IPS) or other measures that alert you when there is an unauthorized intrusion on the network.

Recovery measures include backups and other measures to maintain resource availability. Whether daily, incremental, or full, you need a backup plan.

Continue reading “Defense in Depth”

Captain Fantastic

What to make of the millennial want of the Winnebago lifestyle.

I see the sprinters here on the island sometimes. They’re parked along Ocean Drive. I will say that there are fewer messes when compared to the fast food wrapper-spewing lowriders. (What a mess.) At my prior employer, one of the young guys brought us outside to look at his tricked-out camper van.

It gives an honorable sense of not wanting to waste and decreasing your footprint. It’s actually kind of admirable, I think.

It’s difficult for me to comment on family matters as I don’t have any children. But I think there are a few things to say. One does not grow up as quickly as with kids. A friend often lectures me on “growing up.” There could be some anger toward him, but maybe he’s right? I do like the single life, but how would I change?

But with all due respect, I am not immature, .

I have thought about doing the Reese Witherspoon thing and hike for life. Sun-bleached mind tan (TM).

Does one need any responsibility without children? Am I serving society well? What is the debt to society?

I know, no man an island. Fine. But when you read of proud parents and proud friends, you do have a certain sadness/defiance.

Year upon year, time after time. What to leave the world other than children. So what if your name ends? Shakespeare’s lineage was gone in a generation. Posterity gets ideas and creativity.

So we of lesser insight should try something different.

Physical abundance v information abundance

Remembering the old work by Negroponte, bits versus atoms. In the digital economy we learn, organize, and tell stories that are ephemeral.

Electrons versus photons is a close thing to atoms versus bits. It seems that the abundance economy is not physical, but light you’re looking at right here. A simple handshake can move mountains, e.g. a digital transaction with physical tether.

Every object contains its corresponding bits, like an atom with its ghost.

What is the CIA Triad?

No, not the Yankee security agency; the CIA Security Triad is a model organizations can use to guide policies for their cyber and information security. CIA stands for Confidentiality, Integrity, and Availability. It’s also useful during the acquisition of new technology assets and data to guide policymaking.

Confidentiality – Keeping sensitive, confidential, or private information safe from unauthorized access. It’s common to categorize sensitive data by the potential for damage if the data is released or stolen in case of a security breach. The question of who needs what kind of access to the information should be a consideration. Organizations can set access control lists (ACLs), encryption, and permissions for systems, files, and folders.

Integrity – Preventing data from deletion, tampering, or modification by an authorized or unauthorized party. This includes mistaken but authorized changes. Data at rest (stored), in transit, or in use should be protected for consistency, accuracy, and trustworthiness.

Availability – Accessing or refusing access to files, folders, and systems. The information the security measures protect and ensure should be available despite hardware failures, system upgrades, or power outages. The security measures should be consistent and provide ready accessibility by authorized parties.

The difference between tech support and cybersecurity experts lies with CIA. Tech support can help with your availability (connection), but integrity and confidentiality are usually the domains of cyber.

Hacking Paywalls: You Only Thought You Needed To Subscribe

Note: This tutorial is for Chromium browsers, but the developer tools on other browsers are similar. Leave a question if you need help.

Just a brief introduction to this tutorial is needed. Web pages are text files that contain text and HTML. When you go to a website your browser downloads the HTML text file and you now have a copy of the page on your computer. The file also downloads copies of images, videos, and programming that are referenced inside the HTML. Each item on the page is in a box, which may be contained in other boxes and which may have boxes inside it as well. These items are called elements. With the developer tools in each browser you can edit your copy of the page to remove or change elements. If you refresh the page, it will return to the version you downloaded. Continue reading “Hacking Paywalls: You Only Thought You Needed To Subscribe”

Using Publicly-available Information To Learn More About A Target (Passive Footprinting)

Even a novice can research a target using publicly-available information. This is also called passive footprinting and there are numerous tools and commands to find this information: Continue reading “Using Publicly-available Information To Learn More About A Target (Passive Footprinting)”

Concealment

The world of concealment, dark figures, breathing deep. One dimensional creatures slip out into two dimensions briefly, ever so briefly. Into three dimensions. Eternal destiny is three to two to one dimensions, out of sight. They still hide in shade.
Imagination can make the creatures slip into three.
We are no mere mortals, but “gods.”

Every argument is eternal. We don’t think what each means. Words take flight and move mountains.

(working…)

Internet Bill of Rights

We need a change of business. The worst types are brought out in what we call dialogue on the internet. Not only is free speech restricted by those who hold the keys to SM, it is also promotional of content that draws the most likes and follows. Unfortunately, popularity promotes the most controversial, the most provocative. The merit of a post is that it draws likes.

The erudite and the interesting are drowned.

An internet bill of rights should promote good content and less clickbait.

It sounds like something that a censor would promote. How can good content be promoted other than by a Google-like algorithm? Google operates by popularity and quality of links to your page. What if Google promoted less popular content that was sharp? Is there a way to promote new good quality content?

Riches of Heaven

They do not impress the secular man. Life lived is without that kind of worry.

The average man being unconcerned about such things. Golden streets? I need it right now, he says. Wipe away tears? Wipe them away now.

I was partaker of a conversation regarding television shows like Extreme Makeover: Home Edition. The companion near me asked, why can’t we give the money for that one house to a number of people instead?

I had one of the moments when a truth was said.

I don’t have an answer to that. At the time, my ex said my companion did not understand. She was a non-profit fundraiser.

Was the purpose of the show was to create a culture of goodness? Was it to sell the TV commercial products? That second one seemed more obvious.

One certainty is that many recipients of the makeover cannot keep the house after the giveaway.

Why would something that did not succeed in the long run be funded?

There is much waste of resources and human power in the business of television and movies. The making of money being the answer.

Extant

On my trip to Rome, I encountered ruins that offer escape. Back to the emanations of strength and high culture deteriorating. Marble remembrances, rocks you never thought could die. How did things so majestic become dust?

How did centuries pass so quickly, yet rock rot?

The great Colosseum, its floors and walls dead.

There is no memory of its builders. Those men who designed it are not even in history.

The things we hold great become dust. The positions we value, the accomplishments, beneficent action. Laurels are made of fragile leaves.

Innovation

While SM cannot be the purveyor of truth, the current model is broken (Zuckerberg). Experts determine governance, politics, civic architecture, histories, and science. They have their laurels.

But the pace of change is a bounding lion. Technology may be the easy part; the governance is not. Government can remove barriers to change; it created these booms after all. Innovation is just waiting at the door.

Changing things for the sake of fundamental change, the next wave has not been about who changes. But, these things were decided by experts who are malevolent and belong to darkness. They appear as doves.

We’re here. What should we value? Change has economic and IRL results.

Dear Patience

I was reminded of Siouxie Sioux’s Dear Prudence. But I redirect to patience.

Have patience with vile thought, envy, greed, arrogance–all those negative things afflict us. We cannot help ourselves. We are prisoners of this body, wretches? In all fairness, have patience with us.

The rainwater pours down. Drip by drip, it started. Now a torrent. Have patience. Ourselves to friends to family to our small group to our nation to our world. Send us flowers and rivers. Surrounding and refreshing.