- Slides for “A Dive in to Hyper-V Architecture & Vulnerabilities” with Joe Bialek and Nicolas Joly can be found here. (The link on the Black Hat site is still borked.)
- This isn’t an actual DEFCON 26 presentation, but it’s referenced in Vincent Tan’s “Hacking BLE Bicycle Locks for Fun and a Small Profit”, and I want to bookmark it for later: “Blue Picking: Hacking Bluetooth Smart Locks” by Slawomir Jasek.
- Slides for “Ring 0/-2 Rookits: Compromising Defenses” with Alexandre Borges are here.
- Also not a DEFCON presentation, but picked up by way of an Ars Technica story: “Fear the Reaper: Characterization and Fast Detection of Card Skimmers” by Nolen Scaife, Christian Peeters, and Patrick Traynor. In which the authors analyze a bunch of skimmers confiscated by NYPD…and then build a device that can detect skimmers, based on nothing more than the physical properties of how card readers work. Quote of the day: “Security solutions requiring significant behavioral changes are unlikely to be successful.”
- Content for “All your math are belong to us” with sghctoma is here: slides, white paper, and exploit code.
Archive for the ‘Bookmarks’ Category
More Black Hat/DEFCON 26 updates.
Wednesday, August 15th, 2018Here in my car…
Thursday, July 5th, 2018I bought a new to me car last Saturday. It’s a 2006 Honda Accord EX-L that had 82,000 miles on it (not bad, in my opinion, for a 12 year old car) and has quite few features I like: leather interior, sun roof, cabin air filter, power seats, and even seat heaters for that one month a year when those are actually useful in Texas. (Also ABS. I’m not clear on whether it has traction control or not. I checked the Honda-Tech VIN decoder and while it is useful, it doesn’t talk about traction control.)
Now that I have the car, I splurged on a couple of things. I got a dashcam for it: the Papago GoSafe 535, which is what the Wirecutter currently recommends. That one has gone up by about $13 in the couple of days since I ordered it, and it really wasn’t my first choice. I wanted the Spy Tec G1W-C, which was a previous Wirecutter choice that I bought for my mother’s car and have been happy with. But by the time I was ready to order, Amazon had sold out of the Spy Tec.
My other splurge item was a LELink Bluetooth Low Energy BLE OBD-II car diagnostic tool. Why? Several reasons:
Quaint and curious volumes of forgotten television.
Monday, April 9th, 2018I don’t remember how I stumbled across this, other than we were watching “Ironside” (with Burgess Meredith!) while waiting for “Kolchak” to start.
Anyway: I found out that there was a detective show in the mid-1970s called, believe it or not, “Khan!”.
No, tragically, it did not star Shatner or Ricardo Montalbán. Actually, the title character was played by Khigh Dhiegh. Unless you’re as geeky as I am, you may not recognize that name: he was a fairly prominent character actor, perhaps best known for playing Wo Fat repeatedly on the good “Hawaii 5-0”. (He also played the brainwashing expert in the original Manchurian Candidate.)
(Short shameful confession: while I like the good “5-0”, I do have a lot of reservations. Besides Jack Lord’s ego and politics, my biggest one is: I’ve never liked the Wo Fat episodes. I find them mostly unrealistic and annoying. Yes, I know, I need to go out for blueberry-almond martinis with Gregg Easterbrook. But I digress.)
Also interesting: Ivan Dixon was involved as a director on the series. (Note to self: I still need to pick up a copy of The Spook Who Sat By the Door for movie night.)
So why have I never heard of this? Well, it only lasted four episodes. I suspect this is also why it hasn’t had a DVD release.
As an extra bonus, because I know there are a couple of other Kolchak fans out there (Hi, Pat!): “It Couldn’t Happen Here…” in which the bloggers review all of the episodes of the original series, including the TV movies and the three unproduced scripts.
I’m not sure I agree 100% with their reviews and conclusions, but it fills in the blanks on some of the episodes I’ve missed.
Quote of the day.
Tuesday, September 5th, 2017Apropos of nothing in particular, other than that this is one of my favorite poems and I want to bookmark it:
–“The Stars Go over the Lonely Ocean”, Robinson Jeffers
Bookity bookity bookity bookmark!
Tuesday, June 6th, 2017By way of @newsycombinator:
A whole big bunch of free NASA e-books in various formats, including Kindle and PDF.
A few titles that pique my interest:
- Unlimited Horizons: Design and Development of the U-2
- X-15: Extending the Frontiers of Flight
- Breaking the Mishap Chain: Human Factors Lessons Learned from Aerospace Accidents and Incidents in Research, Flight Test, and Development
I’ll admit some of these are a little geeky even by my standards. It takes either a professional or a special kind of person to want to read a history of pressure suit design, or one of the Langley wind tunnel. But guess what: I am that person, and I bet some of my readers are, too.
Besides, who doesn’t love the X-15 and the U-2?
(No, really, who doesn’t? Raise your hands. No, I’m not noting your IP address…)
True crime notes.
Monday, March 20th, 2017I don’t want to seem like I’m making light of this story: it’s awful, and I hope the victims are able to achieve some level of peace.
But when you see a headline like
Vegas jury convicts War Machine of 29 counts
on the Entertainment and Sports Programming Network’s website, it gets your attention.
“War Machine”, in this case, is Jonathan Paul Koppenhaver.
The jury deadlocked on attempted murder charges, but found him guilty of the other crimes. It isn’t clear to me if those include the eight counts of “domestic battery” that his lawyer conceded to.
And I hope he does every damn day of it.
In other words, he beat the shit out of them both. But he apparently reserved special attention for her.
…
===
On what I hope is at least a slightly less depressing note, here’s something I stumbled across in my reading over the weekend, but haven’t had time to dig into in depth: Taylorology. This apparently started out as a zine in the old pre-Internet/”Factsheet Five” days, but eventually migrated online.
What’s it all about? Quoting the introduction:
The Taylor murder is one of those great unsolved Hollywood mysteries that everyone seems to have a theory about; some of those theories may even have an element of truth to them. Bruce Long, who runs Taylorology, has collected a great deal of archival material related to the Taylor case. And he’s a man after my own heart: he mentions in the biographical information on his site that he first became interested in the case when he was nine.
When I have some spare time (mumble years from now, the way things are going) I’d like to dig deeper into this site. One thing I can give Mr. Long credit for: he’s steered me away from purchasing one of the more famous books on the case. (Actually, I stumbled across Taylorology by reading another book on the case that references the website. Apologies for being elliptical, but I may do a brief review of the second book in the near future.)
Bookmarks.
Saturday, September 17th, 2016Two things I found on the YCombinator Twitter feed that I want to bookmark:
“JavaScript Systems Music”. I’m not really good at music in general, nor am I the audio guy of my group of friends (Hi, Todd!). But I am kind of generally interested in computer audio, and the subtitle of this one sucked me in: “Learning Web Audio by Recreating The Works of Steve Reich and Brian Eno”. Yes, you can do in JavaScript what Steve Reich did with tape loops in 1965.
I like “It’s Gonna Rain”, but, yeah, this.
YComb also linked to an article here, but I actually find the whole site interesting and want to bookmark it: Gary McGath’s “Mad File Format Science”. Or everything you ever wanted to know about file formats, identifying them, and recovering data from them.
As you know, Bob, I’m not a “Star Trek” fan, but I did find this interesting:
The floppies were written on CP/M systems custom built for Roddenberry with special disk drivers.
“DriveSavers took three months to reverse engineer the disk format.”
Anyway, I want to spend more time exploring this site. I’m also tempted to spring for his udemy course: $20, open-source tools, and hey! I can actually make a case that it is job related!
Obit watch: September 5, 2016.
Monday, September 5th, 2016Officer Amir Abdul-Khaliq of the Austin Police Department passed away yesterday.
He was critically injured in an accident on Thursday. According to reports, he was escorting a funeral procession, and was at the Burnet/Ohlen intersection when a woman pulled in front of him (trying to make it into a gap in the procession) resulting in the officer striking her vehicle.
Officer Abdul-Khaliq had been on the force for 17 years and has five children.
Be careful out there, people.
Semi-related: “A Fighter Pilot’s Guide to Surviving on the Roads..”
DEFCON 24 notes: Hail Hydra!
Thursday, August 4th, 2016GitHub repository for Blue Hydra.
I’m jumping the gun a little, as the presentation is still a few hours away, but I wanted to bookmark this for personal reference as well as the enjoyment and edification of my readers.
Edited to add: quick update. Holy jumping mother o’ God in a side-car with chocolate jimmies and a lobster bib! It runs! It works! Mostly. Kind of.
If I get a chance, I’ll try to write up the steps I had to follow tomorrow. Yes, this blog is my personal Wiki: also, while the instructions in the README are actually pretty good, I ran into a few dependency issues that were not mentioned, but are documented on Stack Overflow.
110 years ago yesterday…
Sunday, June 26th, 2016Missed it by that much.
On June 25, 1906, Harry Kendall Thaw, professional heir and nutcase, walked up to noted architect Stanford White on the roof of Madison Square Garden (during the opening night of something called “Mam’zelle Champagne”) and shot White in the head.
NYT coverage 1. NYT coverage 2.
When I call Thaw a “nutcase”. I mean that quite literally: historical evidence seems to show that he had a long history of mental problems, and that his enormously wealthy family spent a a great deal of money covering for him. Indeed, the Thaw trial is an early (though not the first) example of the interaction between great wealth and criminal justice.
It is also claimed that Thaw’s family spent a lot of money smearing White. Specifically, Thaw’s supposed motivation for the murder was that White had “ruined” Evelyn Nesbit when she was 16. Ms. Nesbit later went on to become Thaw’s wife: she supposedly told Thaw all about her affair with White, which drove Thaw crazier than he allegedly already was…
The end result was that Thaw went through two trials. The jury hung in the first one, and found him not guilty by reason of insanity in the second one. Thaw was sent to the Matteawan asylum for several years. In 1913, he walked out of the asylum and escaped into Quebec. He was eventually extradited back to the US, where he received a new sanity hearing, was found “not guilty and no longer insane”, and was released. Shortly thereafter, he was arrested and confined again for beating a 19 year old boy. He was released in 1924 and died in 1947. Thaw obit from the NYT.
Evelyn Nesbit died in “relative obscurity” in 1967. NYT obit.
I actually had hopes and plans for doing a much longer and better post on this, but they didn’t pan out. I’ve had trouble laying my hands on the source material I wanted to find. (And I still haven’t been able to find out what gun Thaw used, alas.)
So I’m going to be a little lazy and point to:
The website for the American Experience documentary “Murder of the Century”. It does not have the film available for streaming, but it does have the transcript and background material.
The Thaw trials from Douglas Linder’s “Famous Trials” website. This is actually a website that I keep forgetting about, even though it has been around since 1995, so I’m glad to be able to bookmark it here. Professor Linder has spent the past 21 years documenting everything from the trial of Socrates through Thomas More, Aaron Burr, our old pal Big Bill Haywood, and all the way up to George Zimmerman. This isn’t the be-all end-all website for most of these trials, but it serves as a good jumping-off point if you want to do more research.
(If those NYT links don’t work for you, would you please send an email or leave a comment? I think they should work, but I’m not 100% sure.)
Random notes, philosophical asides, bookmarks, endorsements, and other things.
Tuesday, June 21st, 2016Some things I think are interesting, some I want to bookmark, some I want to plug, something for everyone, a comedy tonight! I am going to try to put these in some kind of rough topic order…
“Introduction to GPU Password Cracking: Owning the LinkedIn Password Dump”.
I Sea, “a mobile app that claimed to help users locate refugees adrift at sea”, appears to be a complete fraud.
Bonus: the NYT mentions my third favorite security blogger, @SwiftOnSecurity. (Sorry, SecuriTay, but I’ve had my photo taken with the Krebster, and I know Borepatch. Third is still good enough for a medal, if this was the Olympics.)
And it isn’t just that the coding is screwy: PopSci makes a pretty strong argument that what I Sea claims to do is physically and logistically impossible.
And those satellites make one pass a day, so you’re not getting “real-time” imaging, no way, no how.
The Oakland PD mess, summarized. Yes, I’m linking to an anonymous person on Facebook, but much of the information in this summary has already been reported in the media: this is more of a handy round-up if you haven’t been following this mess from the start. (Hattip: Popehat on the Twitter.)
And speaking of Popehat: the guys get shirts! Women, too. I just ordered mine: not only is $23 very reasonable for a shirt these days, and not only do I like Popehat, but I think Cotton Bureau does good stuff. (You may remember them from the BatLabels “Henchman” shirts, which are back in print! Hoorah!)
Flaming hyena #32: Democratic congressman Chaka Fattah.
A bunch of other folks took the fall with him, including Herbert Vederman:
(Hattip on this one to Mike the Musicologist.)
Prominent (well, in Chicago, anyway) Chicago journalist Neil Steinberg decides to pull the old “look how easy it is to buy an assault rifle” trick. So he goes to a gun store…
…and they deny his purchase because he’s a drunken wife-beater. (I have seen other versions of this story that state BATF first issued a “delay”, then a “deny” (BATF doesn’t have to give a reason for “deny”), Steinberg threatened to write that they were “denying” his purchase because he was a journalist, and the gun shop then decided to point out that he was a drunken wife-beater. However, this version seems to me to be to be the best sourced, and it doesn’t mention any BATF verdict.)
But at least he had the good taste to go with a Smith and Wesson M&P 15.
You know what Great Britain needs?
Thursday, June 16th, 2016Oh, yeah. That’s right. Never mind.
Edited to add: more from The Express by way of Popehat on the Twitter.
“…The man pulled a gun – it was a makeshift gun, not like something you see on television.”
Edited to add: The Express is now reporting that MP Cox has succumbed to her injuries. Sincere condolences to her family and friends.
He added the weapon “was probably an old gun, a sawn-off shotgun.
Edited to add: I’m now seeing reports on Twitter that the whole “Britain first” thing is wrong. It is worth keeping in mind that this story, like so many other recent stories, is emerging, and early details may be mistaken.
Edited to add: I was trying to find something very similar to this on Popehat’s Twitter feed earlier today, but I couldn’t. Fortunately, he retweeted almost exactly what I was looking for:
@Popehat Time for a #refresher ? pic.twitter.com/EAdCFpsOni
— Stephen Kiskamp (@skiskamp) June 16, 2016