hacky hack hack!

This morning I stumbled upon this. Apple one of the companies in the world that does sort of care about privacy was hacked by a 16 year old!

After busting the kid. Police uncovered a litany of hacking files and instructions all saved in a folder titled “hacky hack hack”.

Full link to the article

https://www.theage.com.au/national/victoria/melbourne-teen-hacked-into-apple-s-secure-computer-network-court-told-20180816-p4zxwu.html

Now coming at you via fiber optic – or FTTP!

So I moved home recently and what I didn’t realise, and what was also a very pleasant surprise, was that the new home has a fiber optic link (or fttp if you want the nice acronym!). So now via a not so great gigabit link via my ISP’s cheap and rather crappy supplied modem. It’s not rocket ship fast but should hopefully be a lot better than the old ADSL2 link that the poor thing limped along on. Fingers crossed that this should work faster and we should have longer uptimes!

 

Quick shout out dumpNotificationDB.py

Had a quick look at this today and it’s a doozy! Patrick Wardle has created a small python script that dumps the data from the macOS, notifications database. This is a whole lot of information that you may not want anyone to see, let alone audit. Be interesting if and how the Mac os X dev team may manage this issue.

More info hear…

https://www.patreon.com/posts/18714633

Happy new year and some update news!

Well happy new year and I hope that you have had a happy and safe holiday season! I’ve made a few minor changes to my sshfail project. For those of you who don’t know what that’s about have a look at this old post. In a nut shell it’s a script to generate a report that looks at the number of unsuccessful attempts to attack your machine if you have ssh enabled. It also creates a list of the ip address that generate this may hem and it’s darn educational.

My own experience is that the the machine fights back anything from 3 to 6 thousand attempts a day to hack it!  I’m making an assumption that the bigger sites – targets may be taking more flac than that. It’s sobering and sad that this is the state of the internet today. SO be careful out there and secure your machines.

Oh and the pic I’ve included – well stay tuned it’s an exciting arduino pi based project that I may let you all in on soon. But it’s secrete and in testing at the moment!

Hope you all have a most amazing 2018 and that you stay safe and happy.

Kind regards & have fun!

Steve Abrahall

PS for those of you who might like to run – play with the script hear is the source code.https://github.com/nevetsanderson/sshfail

if you have Git installed just cd to your home and run the following.

git clone https://github.com/nevetsanderson/sshfail.git

 

 

 

Write an iso to an external drive from Mac os X

 

A quick cheat!

Running an ios based installer from a hard drive, instead of from a usb can often be faster and is useful if you have a swag of machines to re image and esata is a lot faster than say usb V2. I’ve needed to do this a few times but I often spend far to much time looking for the information. So, Now I’ve written this little cheat!

First run this

diskutil list

This will give you a list of drives and the result will look a little like this

/dev/disk2 (external, physical):
   #:                       TYPE NAME                    SIZE       IDENTIFIER
   0:                                                   *80.0 GB    disk2

As you can see hear the disk attached I want to write to is /dev/disk2
The command to use is

sudo dd if=linuxmint-18.2-cinnamon-64bit.iso of=/dev/disk2 bs=1m

This will write the contents of the iso the the external drive

Break down of the command

dd if={path_to_iso_image} of/dev/{location of device you want this written to} bs=1m

Enjoy

Detail and old technology

I keep lots of note books, technical one’s and personal. Unfortunately like most people I’m not blessed with a photographic memory, but I can get rather methodical, and that’s useful.

Technical writing – this blogging thing is valuable. But I also like to write things in long hand and in pencil in note books! I know it sounds crazy, because these days we can google many if not most problems. But writing my own cheat sheets, (spells, as I call them ) can help a lot to jog the memory. Often it can be just as quick if not quicker than trying to find that page in google you forgot to book mark 3 years ago!

Not to mention that there is some evidence that a hand written approach to the problem solving process can have a number of positive side effects.

When I’m working on something technical my journal is close buy but I’ll also have the index open that I maintain in a spread sheet. The reason is that it’s a lot quicker to find things via the spread sheet. But I also have a hand written index that is good for if i’m off line or taking things slowly. We live in very fast times but it’s good on occasion to slow down a little, think and reap the benefits.

 

 

 

 

 

 


Additional thoughts about AI

Vegetable, Animal or Mineral?

I’ve found an interesting article about AI by research psychologist  Robert Epstein over at Aeon.co . It’s a good read and a breath of fresh air with regards a lot of the noise that is being generated of late, about AI running amok (yes I’m guilty of jumping on that band wagon!).

Mr Epstein’s basic premise is that the brain does not work like a computer – it’s different because it contains 86 billion neurons with  100 trillion interconnections. This big hunk of humanity changes due to each unique experience, and we can’t just reduce human conscious down to a big bag of self learning algorithms. That and the computational model that a lot of people rely on is flawed.

I sort of agree with him on a lot of this, but I am also  still a little concerned about things like people with photographic memories, how studies in childhood development will influence our understanding of the creation of human consciousness, and I’m still worried about self learning. But if you want a fresh perspective on this stuff the article is well worth a read. May be we are not doomed after all!

Sarah Jamie Lewis and “The Dark Web”!

I have spent the afternoon researching the work of Sarah Jamie Lewis. A very interesting person and among other things she used to work for GCHQ! The irony is that she is now an independent security researcher who is pro anonymity and privacy advocate.

She is also the author of an interesting product called onionscan, which is a tool that can be used for mapping the dark web.

This particular talk I found rather interesting

Sarah Jamie Lewis: OnionScan: Practical Deanonymization of Hidden Services
https://www.youtube.com/watch?v=r8hr0nlfJRc

Among other things it gives rise to the fact that if you want security you should find your self a great Sys admin! Put simply a lot of sites on the “Dark Web” are not well configured and if you use such services you could be at risk.

She covers such topics as why you should be careful if you use apache as a dark web server. Why not to use a google analytics id (don’t use the same id for all your sites) and be aware that if your using it in the real world as well as the dark web this is a rather incriminating vector!

Other things discussed are exif metadata (from photographs for instance) that give away your geolocation, phone type etc!!

Most importantly though she mentions a lot of the good things that the dark web can be used for including, that a lot of the dark web is blog sites, forums that help drug users with regards catching addiction before it happens and harm reduction. Also that the dark web is used to monitor human rights abuses, and censorship data gathering.

She sums up buy proposing that peer to peer may be the future of creating secure communications due to the fact that the client server model is rather difficult to secure and anonymise. Some very interesting, important and thought provoking work. Her twitter feed is also an interesting read and rather humorous but probably NSFW!

Related links
Source for onionscan
https://github.com/s-rah/onionscan