For the last several weeks, I’ve been working with three other students from Eastern Michigan University’s Information Assurance program researching and mapping the Campus’ Crime Stats. If people take the time to look, they can find a map of the last 60 days and the daily crime logs for the last 60 days. We’re looking beyond those, but it’s interesting none the less.
WordPress and some security
I was recently listening to Paul’s Security Weekly episode 366: How Security Weekly got defaced, and started thinking about my own security posture around my WordPress sites. When I first created The Rats and Rogues Podcast site, I read everything I could find and on WordPress security. There wasn’t much. Later when I created this site, I still wasn’t impressed.
Credibility and Critical Thinking
One of the classes I’m taking for my General Education requirements is Psychology. It has a 1 credit hour lab, which is separate from the lecture class. The very first night of class in the Lab, the professor went over Credibility and Critical thinking.
This week we talked about Facial Emotions and Goal Driven Imagery. He stated up front that he didn’t like either topic and was going to push through them as quick as he could. Which is fine if you’re a professor and don’t like the topics. Even if you admit that you use one in your daily clinical work.
So on the Facial Emotion (and on body language) he was talking about how it was bunk, and when we started talking about the work of Paul Ekman, the professor started going off about how Ekman was recently completely discredited, proven to be a fraud, etc. Now I have a couple of Ekman’s books, and I’ve skimmed them. So I asked the professor what research hew as talking about. To which he destroyed his credibility by saying he wasn’t sure.
Enter twitter: I asked @humanhacker (Chris Hadnagy) about it. He provided quick background (after a little prodding) to @PaulEkman’s public reply. The reply also links to the original article. Which is both interesting stuff.
However, my point is, if you’re an “authority” figure by being a professor, and you don’t agree with a branch of your industry, don’t show your bias and take glee in saying it’s been debunked, while not having the proof to back it up. Your first night told us to question you on that stuff. Don’t be surprised when there is a non-psych major willing to call you on it, and be able to quote your sources.
Operational Security: It’s harder than it looks
So the other week, I noticed the large collapsible antenna in a back the van in the drive had an amateur radio plate near a friend’s house. Lots of radio amateurs get the plates. No big deal. I pulled out my phone and loaded up my QRZDroid app. It lets people look up who a license is assigned to. For example, if you look up mine it gives you my address and other pertinent info.
Snow shoes and Cyber security
There I was, kneeling down on my snow shoes, about 20 minutes in to my little hike, my arm buried up to it’s elbow, reaching around in the hole my pole with a snow basket just made.
What does this have to do with cyber security?
I doubt people are wondering…
I doubt it, but in case people are wondering why I’ve move to more of a book review format… My class load is taking up a lot of my free time. In fact I should be working on my Art project for EMU Gen-Ed Right now (well now when I’m writing this, not when you read this).
Doing homework is more or less preventing me from doing a lot of the things I would rather be doing. Granted I have a nice stack of books that tie in to Information and Cyber Security to read as well. However, while my Digital Forensics class occasionally brings up interesting things to talk about, the majority of my time is spent in Psych 101 and Psych 103 (Lab). This week has been tied up with a 1 week accelerated class, but it hasn’t left time for me to do other things. It’s not as easy as the Counter Terrorism class was last year. Ok, yes my Saturday’s are tied up with an interesting OSINT project, but I can’t talk about that yet.
Anyway, back to the point of this post. I know it seems like my content has gone from a really cool OSINT post (which I have at least 2 follow ups to), to mostly book reviews, but I’m trying to kill 2 birds with one stone here.
I do have some topics from other books I’ve been reading (I’m usually reading more than one non-school books at a time), the project above, some followup OSINT posts, a paper from last year to finish water marking and sharing on here, and a few other things. But those have to wait until I have some free time. Now… where did I put those crayons for intro to art?
Book Review: Infiltration Presents: Access All Areas
I’ve finally finished “Infiltration Presents: Access All Areas – A User’s Guide to the Art of Urban Exploration” by Ninjalicious (Amazon affiliate link). This is one of a handful of books I have on Physical Security, and it’s taken me a couple of years to read it, because it kept getting lost in moves, and forgotten about when I when class loads got heavy.
I like this book, because it’s about accessing the area’s that are normally off limit to the public. It talks about Social Engineering, the equipment you’ll need (hint leave the lock picks at home), but most importantly HOW to find the places to explorer, and how to by-pass the systems put in place. Nice alarm there, shame you disconnected it due to all the false rings.
If you have an interest in the physical side, or an interest in historical building and abandoned things, this is a decent read.
* Update 2024-10-05: changed to Amazon Affiliate Link, which I earn a commission from qualifying purchases.
Zero Day by Mark Russinovich and Howard Schmidt
I recently finished reading Zero Day (Amazon affiliate link). Over all I liked the concept. The end was interesting but easy to see coming. The biggest issue I had with the book though was it came off under-researched when it came to the cultures.
The portrayal of foreign cultures in the book were very stereotypical of what we’ve seen from American propaganda, known as television and movies. It doesn’t fit with other books that I’ve read that have taken place in those cultures. Mostly they have been non-fiction and travel books.
Over all the story was pretty good, but the they were not as good as Daniel Saurez‘s books, I’m not sure if I’m going to get the book by Mark Russinovich yet.
I like the fact that we’re seeing more techno-thrillers coming on to the market, especially since they’re written by people that know the technology. They’re good reads, for general mass market reads. It also makes what we do accessible to people outside of our industry.
* Update 2024-10-05: changed to Amazon Affiliate Link, which I earn a commission from qualifying purchases.
Duo’s two factor was easy
Finally got around to setting up two factor auth on the blog, using the Duo Security Plugin. Took less than 5 minutes, like their video at the plugin site said. I remember the SSH being harder to set up than that.
knowing what your tools do
When I changed my firewall rule policy, part the reason for doing it was because I was getting tired of seeing dovecot:auth failures in the logs. People around the world were brute forcing my mail server, and the rules were 100 lines long of just blocking. I had thought that they were coming from people hitting port 993 (IMAPS), and to a point there were. You can see below where it is dropping port 993 access attempts.