Archive for April, 2018

Lagging on Balisage Paper? PsyOps Advice

Wednesday, April 11th, 2018

Are you lagging on your Balisage paper for submission on 22 April 2018?

Robert Cialdini, Pre-Suasion, at pages 116-120, details how to build a persuasive geography that focuses you on a Balisage submission.

The “trick” is to create geography/surroundings that remind you of Balisage, along with the great people, papers and conversations.

How?

Go to the Balisage Social Pages to grab pics of people, social gatherings, etc., from Balisage and make them into screen savers, posters, make your work space a mini-Balisage den.

Try it! You will be thinking about and working on your Balisage paper nearly constantly!

PS: The same trick works for other things but I would reserve it for Balisage papers. 😉

The EFF’s BFF? – Government

Thursday, April 5th, 2018

DHS Confirms Presence of Cell-site Simulators in U.S. Capital by Cooper Quintin.

The present situation:

The Department of Homeland Security has finally confirmed what many security specialists have suspected for years: cell-phone tracking technology known as cell-site simulators (CSS) are being operated by potentially malicious actors in our nation’s capital.

Anyone with the skill level of a hobbyist can now build their own passive IMSI catcher for as little as $7 or an active cell-site simulator for around $1000. Moreover, mobile surveillance vendors have displayed a willingness to sell their goods to countries who can afford their technology, regardless of their human rights records.

The EFF’s solution:


Law enforcement and the intelligence community would surely agree that these technologies are dangerous in the wrong hands, but there is no way to stop criminals and terrorists from using these technologies without also closing the same security flaws that law enforcement uses. Unlike criminals however, law enforcement can still obtain search warrants and work directly with the phone companies to get subscribers’ location, so they would not lose any capabilities if the vulnerabilities CSSs rely on were fixed.

Why the EFF trusts a government that has spied on the American people for decades is a question you need to put to the EFF. I can’t think of any sensible explanation for their position.

I’ve been meaning to ask: How does it feel to be lumped in with “…criminals and terrorists…?”

You may be an average citizen who is curious about who your member of Congress or state/local government is sleeping with, being paid off by, or other normal and customary functions of government.

A CSS device can contribute towards meaningful government transparency. Perhaps that’s why the EFF resists CSS devices being in the hands of citizens.

We’ll lose our dependence on the EFF for what minimal transparency does exist.

I can live with that.

I am the very model of a hacker individual…

Thursday, April 5th, 2018

Pure brilliance posted to Twitter by Karen Reilly, @akareilly:

I am the very model of a hacker individual,
I’ve information cryptographic, analog and digital,
I know every cypherpunk, adhere to Kerckhoff’s principle,
I bounce from node to node so I can make myself invisible.

I’m very well acquainted, too, with server vulnerability,
I escalate my privilege and I trash availability,
I know the latest breaches and I know first when the ‘net’s ablaze,
With many cheerful facts about developments in zero days.

I’m very good at cracking but I can support security;
I know that it is bollocks if you seek it with obscurity :
In short, in matters cryptographic, analog and digital,
I am the very model of a hacker individual.

I know our hacker history from Ada to the Admiral,
If I ever leave a trace at most it is ephemeral,
I clone your black box hardware tokens or I social engineer
I fill logfiles with peculiarities that cause CTO fear

I can open any doors with tumbler locks or RFID
I've got root and have the keys to all your cryptocurrency
I can hum your servers dead by reaching a high decibel
No matter where I am, I am guaranteed to pop a shell

In short, in matters cryptographic, analog and digital,
I am the very model of a hacker individual.

I have seen other verses but not certain of their placement. Perhaps that’s intentional.

In any event, this is the first version I saw on Twitter. Other arrangements and content are likely to exist and be equally enjoyable.

Glossary of Defense Acquisition Acronyms and Terms

Wednesday, April 4th, 2018

Glossary of Defense Acquisition Acronyms and Terms

Not nearly all that you will need for the acronyms and terms even for defense work in the United States, but certainly a good starter set.

From the webpage:

Department of Defense, Defense Acquisition University (DAU), Foundational Learning Directorate, Center for Acquisition and Program Management, Fort Belvoir, Virginia

The DAU Glossary reflects most acronyms, abbreviations, and terms commonly used in the systems acquisition process within the Department of Defense (DoD) and defense industries. It focuses on terms with generic DoD application but also includes some Service-unique terms. It has been extensively revised to reflect current acquisition initiatives and policies. While the glossary identifies and highlights many terms, it is not all-inclusive, particularly regarding the military Services, defense agencies and other organizationally unique terms. The Glossary contains a listing of commmon abbreviations, acronyms and definitions of terms used throughout the DoD acquisition community, including terms that have commonality beteween U.S. and Allied acquisition programs. The Glossary is for use by students of DAU, and other working on defense acquisition matters, including congressional staffs, Pentagon and other headquarters (HQ) staffs, program managers and requirements managers of the DoD, and defense contractors.

DISCLAIMER

The Glossary of Defense Acquisition Acronyms and Terms provides an extensive list of acronyms, abbreviations and terms commonly used in the systems acquisition process within the DoD and defense industries. Many of the terms in the Glossary may be defined in other documents in a different fashion. For example, the Federal Acquisition Regulation (FAR) contains upwards of 600 definitions of words and terms. Definitions that are applicable to all parts of the FAR are contained in FAR Part 2, Definitions of Words and Terms, whcih contains close to 250 definitions.

Other words and terms may be defined for a particular part, subpart or section. Some terms, such as “United States”, have multiple definitions. “United States” is defined 11 different ways in the FAR, due to how it is defined in various pieces of legislation. Some of those definitions differ from the ones contained in the Glossary.

The reader may want to use definitions that are provided in the Glossary in solicitations and resulting contracts to help clarify the government’s requirement. In doing so, keep in mind the FAR requires that all solicitations and contracts excceeding the simplified acquisition threshold incorporate the definitions in FAR 2.101 Definitions.

See FAR 52.202-1, Definitions, for appropriate clause.

Take heed of the topic map like warning that other definitions of these terms exist!

192 Search Strings for Never To Be Patched Intel CPUs

Wednesday, April 4th, 2018

Mohit Kumar in Intel Admits It Won’t Be Possible to Fix Spectre (V2) Flaw in Some Processors points to a microcode revision guide from Intel, PDF), which points to CPUs which won’t be patched for Spectre (variant 2) flaws.

Kumar lists the product families, Bloomfield, Clarksfield, Gulftown, Harpertown Xeon, Jasper Forest, Penryn, SoFIA 3GR, Wolfdale, and Yorkfield, but those are Intel names, not product names.

To simplify your searching for never-to-be-patched Intel chips, I created a list of the public chips names, some 192 of them.

Good hunting!