36 Chambers – The Legendary Journeys: Execution to the max!

February 28, 2012

Some Notes Indicating That We Are, Fiscally, In The Best Of Hands

Filed under: Curmudgeonliness, Economics, Hey Whore How's The Whoring? — Kevin Feasel @ 11:07 pm

February 27, 2012

Heartland From A Security Perspective

Filed under: (In)Security — Kevin Feasel @ 10:56 pm

There’s some interesting stuff out regarding the Heartland Institute document dump.  Megan McArdle has a detailed analysis of one fake (obviously fake) document, but I want to emphasize something she kind of downplays:  the security and forensic aspect here.

The original breach was a classic social engineering maneuver:  convince the person on the other end that you’re someone else, and gain access or information that you otherwise would not be privileged to have.  The general answer to this particular type of attack is to have a level of confirmation involved.  In a small enough organization, you have the “everyone knows everybody else” advantage, but in a larger and potentially more disparate organization—particularly, an organization with board members who are not day-to-day participants in regular activities—you need something else.  That something else could be a key phrase, an identification number, driver’s license, or some other form of positive identification.  People can still get around this (for example, by pretending to be Heartland and extracting the passphrase or identification number from a board member, or making a false license), but the level of difficulty is a bit higher.

Finding out about the phony document took a bit of forensic investigation.  McArdle did her own sleuthing, which provided rather strong circumstantial evidence in favor of the hypothesis that one particular document was a fake.  Combine that with reading PDF metadata and you can see that the person who pulled this off was good enough to avoid leaving incriminating metadata, but not good enough to cover all of his tracks.  McArdle ends her second post by thinking about who potentially could be the culprit, given what we know.  She draws a number of quality inferences (being a reporter helps a lot in sleuthing), and other investigators could follow up on these clues to try to get to the bottom of the story.

Incidentally, the next day, Peter Gleick admitted to stealing documents (and thereby fraud).  He denies having created the forged document, however.

Chalk it under “things that needed to happen”

Filed under: Sports — Tony Demchak @ 5:04 pm

Really excited to see D’Qwell Jackson get a new deal.

In a 4-3 like the Browns run, the middle linebacker is #3 in importance for the defense (behind the two tackles) from a physical standpoint and #1 from a mental standpoint. If he’s healthy, he’s one of the best in the league; if he isn’t, I’m sure there are plenty of protections for the Browns.

February 26, 2012

The Case Against Santorum (And A Counter-Argument)

Filed under: Curmudgeonliness — Kevin Feasel @ 10:50 pm

Alana Goodman points out Rick Santorum’s nanny statism and wonders where the conservative outrage is.  Allahpundit makes roughly the same point.

This is a pretty good summation of the case against Santorum:  like George W. Bush, he’s a big-government conservative.  I’m not arguing either way here whether he’s more conservative, less conservative, or a better or worse potential candidate than Mitt Romney, but I will say that big government conservatism needs to die.  A multi-trillion dollar deficit and already-invasive regulatory State are too much; bringing in yet another person who wants to expand the reach of Leviathan (but in a somewhat different way than the current President) does not help.

In contrast, Jeff G. over at Protein Wisdom has a solid counter-argument, noting that Santorum had a very high grade from the NTU during his two terms in the Senate.  He also had a lifetime rating of 88.1 with the American Conservative Union.

February 25, 2012

Computer Forensic Case Studies

Filed under: (In)Security, Computinating — Kevin Feasel @ 10:17 pm

Just about a week ago, I finished up a course on computer forensics.  The course itself was interesting and I learned several things, including just how difficult computer forensics can be (particularly when you have to take the stand in a civil or criminal case) and the combination of maddening frustration combined with the intense satisfaction of finding hidden or “lost” information.

As part of the course, we went through a number of case studies using various tools.  I’m listing them here in case anybody else is interested and wants to take a crack at them.

One of the first case studies we did was a live incident response from Real Digital Forensics (a book which I plan on purchasing).  After that, we spent a lot of time on the 2010 CSI Challenge from Long Island University.  This is a rather tricky one, and unfortunately, I wasn’t able to break the case.  I think that if I spent a weekend on it, I’d probably get a little closer, but they did a good job.

Taking a break from the Frodo challenge, we went to the CFReDS Project and performed a Rhino Hunt to get some experience reading packet traces.  It was a relatively easy challenge and it was nice having answers.  I plan on trying out some of the other data sets to improve my skills a bit.  Digital Corpora has a few free scenarios, too, including M57-Jean, which I plan on working through.

On the last day, we spent a lot of time on the CHFI Al-Queda Challenge.  There were a few things that I was unable to complete in time—such as cracking the stego password used on images or a text file—but I did crack most of that case in time.

All of these case studies were interesting and informative, showing me that I’ve got a lot to learn yet…

Normally, Payment Goes The Other Way Around

Filed under: (In)Security, Wacky Theories — Kevin Feasel @ 5:43 pm

The TSA wants you to pay them to molest you.

Money quote from Glenn Reynolds:  “I’m not against user fees,” Reynolds said. “But this is not a user fee. This is a fee for being used. I don’t think the TSA does any good at all. Every dollar that goes to them is a waste. More dollars is more waste. I think the TSA should be abolished.”


February 24, 2012

Facebook Suing Over Malware And Spam

Filed under: (In)Security — Kevin Feasel @ 5:40 pm

Facebook and the State of Washington are suing Adscend Media LLC for spreading malware and stealing information.

Ad companies are in a bit of a difficult situation, in that they want to automate as much of their work as they can, but automate too much and you can accidentally let malware through.  It’s probably better just to use NoScript and not even load those ads to begin with.

February 23, 2012

The World Of Cronyism

Filed under: Hey Whore How's The Whoring? — Kevin Feasel @ 5:38 pm

John Hinderaker has a nice slide deck regarding corporate cronyism.  Speaking of corporate whores, more fun Solyndra news.

February 22, 2012

The Good, The Bad, and The Detroit

Filed under: U-S-A! U-S-A! — Kevin Feasel @ 5:36 pm

I know what you’re thinking.  “Did he bail out six companies or only five?”  Well, to tell you the truth, in all this excitement I kind of lost track myself.  But being as this is the American taxpayer, the most powerful bank account in the world…

February 21, 2012

A Post-Campus America?

Filed under: Economics — Kevin Feasel @ 5:28 pm

Megan McArdle thinks about what changes online coursework will bring about.  I personally do not believe that we’ll see the full scale of these changes, even if some of them (like reducing the number of people who spend 8 or more years at a university studying tree ring patterns in early Norse literature) are likely to be good.  The real problem with online coursework is that too many people learn through face-to-face interaction and small-group instruction.  For the people who already learn well on their own, online coursework is an excellent supplement; but that’s not really too many people.

I’ve been hearing about these changes since at least when I entered the undergraduate world.  We even had an early economics class which was supposed to be based on coursework-from-afar.  Yes, MITx and Stanford’s online courses are better than this, but watching videos or sitting in webinars won’t be enough.

Older Posts »

The Silver is the New Black Theme Blog at WordPress.com.


Get every new post delivered to your Inbox.

Join 74 other followers