Category: Uncategorized

CIPA is the new iteration of the internet censor bill floating around. In politics, if you cannot pass a corporate empowering bill, you keep changing the names and hope no one notices it being passed.

No commercials and plenty of content is what many know Netflix for. No wonder the RIAA and MPAA (Music and Movie industries) hate them so much. As for this bill, let us not forget the vaguely worded context and clauses to relay information to federal agencies.

Also relevant, The Internet’s Own Boy The Story of Aaron Swartz 2014 is out to watch.

The topic name format will likely change, but yeah. Computers are a common part of many people’s lives these days, yet there are many gaping issues that are finally coming to more minds as valid concerns. Especially the pocket computers, AKA Smartphones.

Spying is a concern for some folks, since it used to only be suspected criminals, now a days, it is quite literally entire populations, if not the entire world. On that note, why is the ex-NSA General Keith Alexander running a 1 million per month security firm?. Personally I get a very Haliburton / Blackwater / Academi vibe. Call me paranoid.

Also in the Gov’t sector, the US Marshals Service is auctioning ~29600 bitcoins. Roughly worth $17.5 million USD. Flashback being Silk Road was the online drug retailer taken down by law enforcement sometime in 2013. Also of note, is when the BCC for all buyers turned into a reply-all and that list was leaked. Oops.

Cryptome.org was temporarily taken offline for a ‘malware issue’ by their host provider. Cyptome has been disclosing leaked documents since June 1996.

In entertaining news, World Cup Wif-Fi password for the security center was disclosed in a press article. If you are taking photos in a security center, check those screens for info you would rather not publicize.

A 16 year old crafted a browser plugin that shows the financial contributions to politicians.

You know mobile phones have been backdoored to spy on people, right? Well some good people are reverse-engineering those spy tools to try and defeat the methods used, and to further disclose their operations.

Speaking of Spying, USA politics continues to be largely theatrical in restricting the bulk surveillance of persons around the world. Since the House of Representatives was called out for being really weak on their stance, they are apparently looking to cut NSA funding. If you are not concerned about spying yet, I really advise you to see what organizations are involved with NSA compliance. When software and hardware is deliberately weakened, these agencies are not the only ones with access.

Then get into the vast amount of spying 3rd parties do under contracts, with an addition of Stingray (cell phone interception spying by false cellular tower) surveillance by local police departments (Guardian write-up). Thanks for reading this current events in security post.

Think of this sub-forum as the Summer (in)security thread, but as this forum will display newest posts 1st, it will be vastly easier to keep on current dialog, without jumping through prior posts to current.

I have been a fan of combing information security news and rss feeds for years. Largely because if a flaw is unknown then it gets a published release, you can bet it will be more commonly used against that package or program. Keeping up on things helps prevent intrusions and unscheduled downtime, as that is my intent to avoid dealing with both issues. As usual I will add some dialog and overview to the articles, to save you time reading them all, and possibly getting a chuckle out in the process.

Bonus Port and Service info by command.

Thanks to Vas.com for this syntax, you can get what ports are running and what those services and applications are.

netstat -a -n -b -p TCP

Running an Nmap will likely show the ports 49152 – 49159 running on a Windows system. On your scan (with -A scanning option) they will list as [Version]Microsoft Windows RPC and a [Service]msrpc. The details on what is actually running on these ports, is provided via the above netstat command.

As described in the above link, these are Event Log and other remote services & domain related items. As with most all of the .MMC options, you can execute them to load remote servers. I do this often in administration.

compmgmt.msc /computer:"IP or MachineName"

Chain these in a batch file if you have multiple machines to audit. Closing the MMC will open the next one in your batch list. For a list of .mmc objects you can invoke by command line, this list should do you justice.

Hello. I have been thinking as I search the IT industry for a new position and I have decided Bliss PC will be a Non-Profit Charity based entity. I will do training, support, design and consulting for IT and potentially other systems as well.

I have been interested in instruction for years, but do not have the time or financial resources to obtain a Masters Degree to do so. Thus I will offer assistance via my experience and exposure to various systems and persons. Donations are always welcome, but surely not enforced. Friends to FunTimeBliss should be familiar with this format.

If you are interested and would like me to travel, I would like to ask for assistance with the commute fees. If I have friends in the region who can host me for a few days, I would likely rest there overnight.

http://BlissPC.com

Feel free to get at me on LinkedIn as well. You can review my various experience over the last 13+ years.
https://www.linkedin.com/in/ryanmitch

I’ve been trying to keep up on things regarding information security for quite some years. Issues and concerns post 2001-09-11 (9/11 as the media calls it) had been a president for huge erosion of privacy for domestic spying on citizens, politicians and businesses.

Over the last few years, these issues have been proven, but now thank to #SEA (Syrian Electronic Army), details and costs from Microsoft have been proven and disclosed on how this spying is happening and being itemized by the companies to respond to government requests, with a scope of how often this is / was occurring. Trade secrets have also been recently confirmed to have been stolen from major firms in other nations.

As for Microsoft, they are charging $50 to $200 per request, totalling hundreds of thousands of dollars per month. Considering this is likely paid from tax money and unlisted black budget funds, it especially highlights the lack of oversight or consent that has occurred in this domestic spying process.

It has been awhile since I had a heady topic on InfoSec here @ Funtime. That should do some justice. I have been having fun watching content be removed from my Facebook pages, with very occasional #FreeAnons info being blocked or removed on the Twitter. I’ll add them to my profile details (On my Profile Bio page). We can be all social network spam bots. However.
FuntimeBliss forever. So long as I can pay the bill. I private email.

Happy 2014! Hopefully Spring emerges here in the near future. I am currently located in Lancaster County, Pennsylvania, however I am looking to migrate to Albuquerque, New Mexico. I am following some leads but they are pending at this point.

I support and am also skilled in remote support and administration. Full time employment would be cheaper for any long-term work and businesses. I do not plan on being in the job market for much longer, to be honest. My personal consulting rates are as follows:

[*]$20 / hr – Personal & Residential users.
[*]$35 / hr – Small Business users.
[*]$60+ / hr – Large businesses or Government work.
(Any work is taken upon my discretion) I will not perform a role or task I am uncomfortable with.
[/list]Since I no longer bother with private WhoIs domain registration, I will save you a step and provide my LinkedIn Profile. I have 13+ years professional work experience and have been into computers and database systems since the early 1990’s.
http://www.linkedin.com/in/ryanmitch

While my local posts have been light on the security front, I have been doing a bit of the data aggregation of content on social networks and a bit of testing of my own. Recent subjects here cover removed content on these networks and spring boards into becoming the new propaganda mechanism to replace the television. #JustinBieber, so on and so forth.

I got to explain what a hashtag is to my grandparents yesterday, that was quite funny. Speaking of the subject, do not forget that Windows XP end of life support is coming quite soon. April 8th 2014 to be exact.

I have deployed some 2012 Server installs. Granted I had to regHack 2008 compatibility back in quite a bit, largely because Windows 8 removed the config options, but the registry remains intact. Core services tend to operate as in 2008 / 2003, for the most part.

Anyhow, Enjoy some Snowden and Assange talks. You are likely aware of the global surveillance happening, that has been for a decade or so by GCHQ and NSA. These talks from 2014-03-08 will encapsulate the current state of these. Keep on keeping on friends.

(Julian Assange @ SXSW)

(Edward Snowden @ SXSW)
These are remote videos, because both are in exile.

Check your DNS servers, because many vendors have exploited flaws that allow the routers to be changed to new DNS servers. Man In the Middle, yeah an alternate DNS server will certainly allow this type of attack.

300,000+ Routers Hijacked

Affected devices had their DNS settings changed to use the IP addresses 5.45.75.11 and 5.45.75.36. As with the DNS Changer malware, unwitting victims are vulnerable to a loss of service if the malicious servers are taken down, as both primary and secondary! DNS IP addresses are overwritten, complicating mitigation.

Hey. I may have worked in the badge industry, so this video I came into about Prox and RFID card cloning and ID collection is pretty enjoyable to me. Card Formats for building access, and many other cards like Credit Cards are into this stuff.

Quite silly because the old technology is in fact quite active, as of a few years ago when I was working that environment. Facility Codes, Badge Numbers and Card Formats. Such common terms we used. Especially when migrating an old system to your software platform of access control.

I did not do this talk, it is really good and hits on many terms and topics. Highly recommended if you are into the subject.