Posted on

No Pattern in Network Security Alerts? You tell me.

POTS phone

Given my blog is being constantly attacked and throwing alerts to my monitoring system, I just thought I’d put this visual out there in case anyone thought it was “fake” news.

Yes, yes, I have backups and backups of backups and backups of backups of backups offline, etc…. Plus redundant logging with IAM “write / not read” permissions, encrypted and pushed to accounts I don’t even have access to.

Recent security alerts on my blog (all blocked, but recorded) for your viewing pleasure.

Note the security legend on the lower right.

And yes I am omitting the time-frame and cropped out other specifics because that is common sense. But you get the point.

This is a continuous attack. And this is how brazen people become when you don’t defend yourself. We need to defend ourselves.

This is a a hassle. And not a good use of American minds, or anyone’s for that matter.

Trickle down economics might not work, but trickle down inventions sure as hell do (Edison? Tesla? Einstein? The kid next door? What could she be inventing if not being distracted bs?)

Posted on

Marissa Mayer Testifies Russian Agents Behind 2013 Yahoo Attack

Marissa Mayer

Nov 8, 2017.  From the Reuters article regarding former CEO of Yahoo Marissa Mayer’s testimony before Congress:

WASHINGTON (Reuters) – Former Yahoo Chief Executive Marissa Mayer apologized on Wednesday for two massive data breaches at the internet company, blaming Russian agents for at least one of them, at a hearing on the growing number of cyber attacks on major U.S. companies.

Having spent the majority of the last three years doing almost exclusively InfoSec and Security on the Tendenci SaaS Cloud, not by choice but out of necessity, I do feel a bit of vindication as they confirm the facts. This is DATA people. Not opinion. I see it every day.
Tendenci has always kept logs, but never before have we had to have three (and sometimes four) sets of logs kept in different locations. Log verification, audit, cross references, searching through millions of logs DAILY. Just the expense … it’s frustrating for us in the security community for several reasons:

  1. We can’t talk fully openly about it for confidentiality reasons

  2. We sound kra-kra.

  3. When we do, everyone thinks we are crazy and it’s a conspiracy theory.

It turns out reality is like an idiom, what everyone initially thought was wrong and like so many other things, people get silenced. That shit Cray . Oh, and that reference doesn’t mean what you think it means either. Because Jay-Z is smart as f*ck and he is making a damn point.

All I can say is … what he said. Because THIS shit is Cray.

By World Economic Forum – “An insight, an idea: Marissa Mayer” at Flickr, CC BY-SA 2.0, https://commons.wikimedia.org/w/index.php?curid=24851211

Posted on

Etech, Bruce Sterling and ALL of the Things I am too Responsible to Consider

PandasandiegoAt ETech.  Prep for Rael, Tim and Bruce Sterling at tonight’s opening sessions. A little history seemed in order.  At a time when I hire anyone under 30 and they have *never* heard of 2600 nor phreakers nor captain crunch – I needed a refresher.  The irony is much of what I learned CAME from folks younger than me.  People with the courage not only to share information, but to share and teach with anyone who is curious regardless of age.

Bruce is the third speaker tonight, so this snippet from Gutenberg seemed appropriate (if bad PR <grin>)

CHRONOLOGY OF THE HACKER CRACKDOWN (from Bruce Sterling – Gutenberg Post)

1865  U.S. Secret Service (USSS) founded.
1876  Alexander Graham Bell invents telephone.
1878  First teenage males flung off phone system by enraged authorities.
1939  "Futurian" science-fiction group raided by Secret Service.
1971  Yippie phone phreaks start YIPL/TAP magazine.
1972  RAMPARTS magazine seized in blue-box rip-off scandal.
1978  Ward Christenson and Randy Suess create first personal
      computer bulletin board system.
1982  William Gibson coins term "cyberspace."
1982  "414 Gang" raided.
1983-1983  AT&T dismantled in divestiture.
1984  Congress passes Comprehensive Crime Control Act giving USSS
      jurisdiction over credit card fraud and computer fraud.
1984  "Legion of Doom" formed.
1984.  2600:  THE HACKER QUARTERLY founded.
(more)

Hopefully messing around at the Make session won’t get anyone arrested for phone tampering.

The panda picture?  From the San Diego zoo earlier today.