I picked up “On Writing Well” by William Zinsser (Amazon affiliate link), a little over two years ago. The book came up as something worth reading by a professor. It’s been one of those books I always meant to get to, but could never find the time.
A while back I grabbed copies of both Practical Anonymity — link goes to my review — and the Incognito Toolkit (Amazon affiliate link), I think the former should have been more like the latter. The biggest complaint I had about Incognito was that it was self published. It showed in the writing.
I got a copy of Practical Anonymity by Peter Loshin a while back via O’Reilly, had a sell on it. I finished it about two weeks ago. For what it sounded like it would be, I’m disappointed. I was expecting something more along the lines of “How to be Invisible”. For what it was, it was pretty good.
The news wires reported General Keith Alexander moved in to the private sector, and offering his services to finance companies for a million dollars a month. This is the person that took control as the director of the National Security Agency on August 1, 2005 and left in October 2013 (Wikipedia). Remember, that was after the Edward Snowden leaks came out.
Which really leads one to wonder were those really leaks, or was that a case of we know this is compromised lets make it public knowledge so we can hide the real data. Here is an interesting thought, is Snowden really still working for the U.S. Government?
If you’ve read the Cryptonomicon or seen the Sherlock episode “A Scandal in Belgravia“, you probably know what I mean. For those that need a quick refresher – let assets of lower value go, to hide the assets of higher value. Blow up planes with dead people on them, instead of letting real passenger jets get blown up. Let a German U-Boat sink a freighter or get past the blockade to keep them from realizing that the codes are broken.
The C-Levels at banks should be asking some hard questions if Gen. Alexander is showing up offering them service. Like what really happened on the Snowden watch. How does that failure make his people qualified for the private sector’s needs? Yes while Gen. Alexander may have some Government related attack sources, we already have that in the private sector with Infragard, and the different breach reports.
I’m working on a project using the Raspberry Pi. The requirement was that I use the TP-LINK TL-WN722N, actually I just needed a wireless adapter with an external antenna. When I found the TL-WN722N on Amazon, the reviews said people were having no problems plugging the device straight in to the Raspberry Pi.
While researching things today, I came across this penetration testing article by Cyber Arms. There, and several places on the Raspberry Pi forums it said that people needed to use 2.1 amp usb chargers. The others wouldn’t do what was needed with the Pi, and the wireless adapter plugged in. So I went out and got 3, 2.1 amp plugs, when I bought extra Raspberry Pi units.
I’ve done some testing with the power cables I got last time. the standard 5v, 1000 mA (1 amp) ones, and it ran the plug for the wireless keyboard remote (small keyobard) and the wireless adapter, with no problem.
Here is the one I got, it’s made in China, and sold via MCM. Sorry about the flash on the photo, but that was the best one I got after 10 tries.
I know I haven’t written here lately, and I’m not getting in the number of blog posts I want per week. However I’ve been busy with school and projects. I only have time right now, because I can only run 1 Raspberry Pi (of 6) at a time (right now), and the first one is going through Kali’s apt-get upgrade. Man talk about not the fastest. Going to clone that drive and copy to other flash drives.
Currently, I’m working on a project for my independent study at Eastern Michigan University. The project and documents have to be turned in by Monday night, so I’ll talk about that after I get the stuff done.
The Eastern Michigan Campus Crime Project turned out really well. My team and I presented on it at Circle City Con in Indianapolis. What I thought was going to be a simple 4 week project will probably take the rest of the year to complete. That’s with 4 of us working on it. There is some more interest on campus and suggestions on how to move this forward. I’ve got a really good team, and I’m really proud to have worked with them on the project.
I also dug out, and updated (slightly) my Human Trafficking talk. I’m a little wary of posting that one. Goes against my OPSEC views, but the presentation is important enough. I will say this, things have changed in a year+ since I stopped working on it. Got some good books to go with it too, I’ll get reviews of them up eventually.
There will be another book review up over the weekend (probably Sunday) as well.
The company I’m contracted to did a Business Continuity / Disaster Recovery test recently. We were called the day before and told the building would be closed, and what we had to work from remote locations (read as home). The problem is, it was not an accurate test.
I’ve read a few other biographies and case histories from people that work at the CIA, but this one wasn’t as interesting as those. I understand that the book had to go through Pre-Publication review at both the FBI and the CIA, but what was left was mostly Mr. Lynch’s The C.I. Desk (Amazon Affiliate Link) was him complaining about each and every job he had (or at least that’s what stuck with me). I understand that things had to be taken out, and he would point out that parts were cut by the agencies, including one whole chapter. While there was some entertaining things in the book, and some insights, the part of the book I was most struck with was the Bureaucratic Behemoth that he felt he was fighting against.
Over all, I wasn’t impressed with this book. Mr. Lynch worked for Robert Hanssen, and worked with Aldrich Ames while they were active in spying against the US, but his unit’s didn’t track down the spies in the organizations, even though their job was supposed to be Counter Intelligence.
* Update 2024-10-05: changed to Amazon Affiliate Link, which I earn a commission from qualifying purchases.
I keep forgetting, that my university teaches All Source Intelligence Analysis, not just Open Source, but it is easy to forget when OSINT so prevalent. The school’s classes, and the IASA club does do others.
Yes we do lots of OSINT, and Social Media / Cyber Intelligence looking at the social media sites, ip address related tools, and the logs of the servers. However, we also use other for Cyber Intelligence to see what’s going on, on the servers. We use the logs, the open connections, what’s odd.
We do use tools to track wireless signals, mostly for wifi, but there are a few people at the school, in the IA program looking at more than just wifi. They even ran a Fox Hunt (hid a radio and had people go find it). We use packet captures on networks and on servers to see what is going on, on the wire.
We do Human Intelligence probably the most without realizing it. Any time we have to interact with someone, usually as a customer on the phone. We have to elicit the information needed from them. There is lots of cruft to discard to get the data we need, but we can’t fix their issues until we do. We don’t have to be help desk to get that level. Sure we’re not turning people, to help us spy on things, but it’s still getting the info, finding what is realization via analysis, and then having and end “product”.
I know I’ve used Google Earth to find information, by looking at the images, and building out from there. Where I want to live, aerial views of crime locations, working with a team to plot those locations.
Ok, so I can’t think of anything where MASINT comes in to play, at least not off the top of my head, but I’m sure there is something. I’m sure that mapping out nuclear bomb blast radius for Disaster Recovery at work does not count. Don’t ask, but like I said, I’m pretty sure it didn’t count. I didn’t do measurements and used someone else’s tools on the web which just overlaid on Google Maps. I don’t have a way to test and validate, well I guess I could doing OSINT at a library, and then mapping by hand once I understood the bomb blasts radius.
I must remember, the degree program taught me things that I don’t think about daily too.
I submitted two talks, to circle city con. Both were accepted.
One is a group presentation on EMU’s campus crime.
The other is my Intelligence Analysis 2 research project.