Monthly Archives: March 2014

Spying by Government Agencies

I’ve been trying to keep up on things regarding information security for quite some years. Issues and concerns post 2001-09-11 (9/11 as the media calls it) had been a president for huge erosion of privacy for domestic spying on citizens, politicians and businesses.

Over the last few years, these issues have been proven, but now thank to #SEA (Syrian Electronic Army), details and costs from Microsoft have been proven and disclosed on how this spying is happening and being itemized by the companies to respond to government requests, with a scope of how often this is / was occurring. Trade secrets have also been recently confirmed to have been stolen from major firms in other nations.

As for Microsoft, they are charging $50 to $200 per request, totalling hundreds of thousands of dollars per month. Considering this is likely paid from tax money and unlisted black budget funds, it especially highlights the lack of oversight or consent that has occurred in this domestic spying process.

It has been awhile since I had a heady topic on InfoSec here @ Funtime. That should do some justice. I have been having fun watching content be removed from my Facebook pages, with very occasional #FreeAnons info being blocked or removed on the Twitter. I’ll add them to my profile details (On my Profile Bio page). We can be all social network spam bots. :ninjawub: However.
FuntimeBliss forever. So long as I can pay the bill. I :pirate: private email.

2014 Greetings @ BlissPC

Happy 2014! Hopefully Spring emerges here in the near future. I am currently located in Lancaster County, Pennsylvania, however I am looking to migrate to Albuquerque, New Mexico. I am following some leads but they are pending at this point.

I support and am also skilled in remote support and administration. Full time employment would be cheaper for any long-term work and businesses. I do not plan on being in the job market for much longer, to be honest. My personal consulting rates are as follows:

    [*]$20 / hr – Personal & Residential users.
    [*]$35 / hr – Small Business users.
    [*]$60+ / hr – Large businesses or Government work.
    (Any work is taken upon my discretion) I will not perform a role or task I am uncomfortable with.
    [/list]Since I no longer bother with private WhoIs domain registration, I will save you a step and provide my LinkedIn Profile. I have 13+ years professional work experience and have been into computers and database systems since the early 1990’s.
    http://www.linkedin.com/in/ryanmitch

Security & SXSW data

While my local posts have been light on the security front, I have been doing a bit of the data aggregation of content on social networks and a bit of testing of my own. Recent subjects here cover removed content on these networks and spring boards into becoming the new propaganda mechanism to replace the television. #JustinBieber, so on and so forth.

I got to explain what a hashtag is to my grandparents yesterday, that was quite funny. Speaking of the subject, do not forget that Windows XP end of life support is coming quite soon. April 8th 2014 to be exact.

I have deployed some 2012 Server installs. Granted I had to regHack 2008 compatibility back in quite a bit, largely because Windows 8 removed the config options, but the registry remains intact. Core services tend to operate as in 2008 / 2003, for the most part.

Anyhow, Enjoy some Snowden and Assange talks. You are likely aware of the global surveillance happening, that has been for a decade or so by GCHQ and NSA. These talks from 2014-03-08 will encapsulate the current state of these. Keep on keeping on friends. :)

(Julian Assange @ SXSW)

(Edward Snowden @ SXSW)
These are remote videos, because both are in exile.

DNS Router Malware

Check your DNS servers, because many vendors have exploited flaws that allow the routers to be changed to new DNS servers. Man In the Middle, yeah an alternate DNS server will certainly allow this type of attack.

300,000+ Routers Hijacked

Affected devices had their DNS settings changed to use the IP addresses 5.45.75.11 and 5.45.75.36. As with the DNS Changer malware, unwitting victims are vulnerable to a loss of service if the malicious servers are taken down, as both primary and secondary! DNS IP addresses are overwritten, complicating mitigation.

Card Prox RFID Fun

Hey. I may have worked in the badge industry, so this video I came into about Prox and RFID card cloning and ID collection is pretty enjoyable to me. Card Formats for building access, and many other cards like Credit Cards are into this stuff.

Quite silly because the old technology is in fact quite active, as of a few years ago when I was working that environment. Facility Codes, Badge Numbers and Card Formats. Such common terms we used. Especially when migrating an old system to your software platform of access control.

I did not do this talk, it is really good and hits on many terms and topics. Highly recommended if you are into the subject.