Security – Page 13 – Maverisk / Étoiles du Nord

Turner in infosec

‘Cause you’re simply the best …

I ~~call~~ ping you when I ~~need~~ want you, my ~~heart~~ exploit toolkit‘s on fire
You ~~come~~ open your ports to me, ~~come to me wild and wild~~ open them one by one
When you ~~come~~ open to mey APT
Give me every~~thing~~ access I need
Give me a lifetime of ~~promises~~ covert access and a world of ~~dream~~org secrets
Speak a language of ~~love~~ hapless victims like you ~~know what it means~~r worst dreams
And it can’t be ~~wrong~~ stopped
Take my ~~heart~~ packets and make ~~it strong~~ them hit baby

You’reve simply ~~the best~~ been hacked, ~~better~~ deeper than all the rest
~~Better~~ Deeper than anyone, anyone I’ve ever ~~met~~ hacked
I’mve struck on in ~~your~~ the heart of your infra, and ~~hang~~ root on every ~~word~~ server you ~~say~~ owned
Tearing them us apart, ~~baby I~~ CISO you would rather be dead

In your ~~heart~~ systems I see the ~~star of every night and every day~~ clueless SOC underling chasin’ me
~~In your eyes~~ On your monitors I ~~get lost~~’m invisible, ~~I get washed away~~ no-one sees me
Just as long as ~~I’m here~~ I want to be in your ~~arms~~ systems
I could be in no ~~better~~ easier place

Each time you ~~leave~~ try to trace me I ~~start losing control~~ morph out of sight
You’re ~~walking away~~ bumbling through systems with m~~y heart and my soul~~e all the rights
I can ~~feel~~ see you even when ~~I’m alone~~ you can’t me see
Oh baby, don’t ~~let go~~ brick your entire infra for me

Hm. Maybe an improvement over this and certainly this … Maybe not.
Well, there:

[Simple phone pic, don’t even know where. Ams, probably]

Golden Oldie Pic of the Day

Yes, again, since Cucumber Time is early, this year…

DAUSA

Maybe we should just push for a swift implementation of the megasystem that will be the Digitally Autonomous USA. No more need for things like a ‘POTUS’, or ‘Congress’ or so. When we already have such fine quality of both and renewal on the way into perfection (right?), and things like personal independence and privacy are a sham anyway, the alternative isn’t even that crazy.

But then, there’s a risk (really?): Not all the world conforms yet to, is yet within, the DAUSA remit. Though geographical mapping starts to make less and less sense, there’s hold-outs (hence: everywhere) that resist even when that is futile. The Galactic Empire hasn’t convinced all to drop ~~the Force~~ irrationality and take the blue pill, though even Elon Musk is suspected of being an alien who warns us we’re living in a mind fantasy [this, true, actually — the story not the content so much].
But do you hope for a Sarah Connor ..? Irrationality again, paining yourself with such pipe dreams.

On the other hand … Fearing the Big Boss seems to be a deep brain psychology trick, sublimating the fear of large predators from the times immemorial (in this case: apparently not) when ‘we’ (huh, maybe you, by the looks of your character and ethics) roamed the plains as hunter-gatherers. So if we drop the fear, we can ‘live’ happily ever after; once the perfect bureaucracy has been established. Which might be quite some time from now you’d say, given the dismal idio…cracy of today’s societal Control, or may be soon, when ASI improves that in a blink, to 100,0% satisfaction. Tons of Kafka’s Prozesses be damned.

Wrapping up, hence, with the always good advice to live fearlessly ..! 😉

[Some Door of Perception! (and entry); De Haar castle]

Pebnickanic

Hey why are so many using PICNIC instead of the age-old PEBKAC ..? No, I’m not complaining ‘because’ old, nor on the ‘ …, got the T-shirt’ route. Just would want to know. Is it that the latter is too difficult to remember the meaning of ..? If so: Sad for its Shallows calibre. If otherwise: Please advise.

Well then…:

[Trismegistus’ view on things. Obvious where.]

Overwhelmed by ‘friendly’ engineers

The rage seems to be with chat bots, lately. Haven’t met any, but that may only be me — not being interesting enough to be overwhelmed by their calls.
Which will happen, in particular to those in society that have less than perfect resistance against the various modes of telesales and other forms of social engineering (for phishing and other nefarious purposes) already. Including all sorts of otherwise-possibly-bright-and-genius-intelligent-but (??)-having-washed-up-in-InfoSec-for-lack-of-genuine-societal-intelligence types like us. But these being the ones of all stripes that ‘we’ need to protect, rather than the ones apparently already so heavily loaded that they can spare the dime for development of such hyper-scaling ultra-travelling foot-in-the-door salesmen. Is this the end stage, where none have a clue as to which precious little interaction is still actually human-to-human, and the rest may be discarded ..?

As for the latter … It raises the question of Why, in communications as a human endeavor… Quite a thought.

But for the time being, you’re hosed, anti-phishing-through-social-engineeringwise.

Just sayin’. Plus:

[Retreat, a.k.a. Run to the hills / Run for your life; but meant positively! Monte Olivieto Maggiore near Siena]

Wats’on your bug-hunting program ..?

Tinkering with some unrelated ideas …:
How would one go about setting Watson (Clone, III) to work on bug hunting ..?
Where the Beast would be fed all sorts of past code / code patterns (source~ or executable~, or whatever style you’d prefer) with known bugs / errors / exploits and the way in which they failed, and then have the Big W scan, e.g., Win10 source code and come up with a list (in this case, assuming sufficient storage ;-| ) of bug red flags. Probably, to be classified in a range of Sure Thing, via Commonly, to Maybe. As we’re discussing patterns, certainty can’t be had for all found points of interest per se.

That being the simple part, what about automated immunization ..? If some patterns are near-certainly bugs/errors/exploit-points always, can they be plastered ex ante ..? It might be easy(er), too, to throw in an extra development test in the first place (“Sorry Dave, I can’t compile that”). But this sort of scope creep could easily lead to creepy behavior, e.g., if (??) the (??) system would get hijacked.

Oh well. Would still be glad to have your thoughts. And:

[“Tin”foil hat for actual protection (well, No.), at Haut K-bourg again]

Plusquote: Critique of the Pure Reasonlessness

This episode, by reference to the excellent Future Crimes (Marc Goodman, as here), one originally by G.K. Chersterton (The Blue Cross):

The criminal is the creative artist; the detective only the critic

To which we would want to add: And the auditor, only the disgruntled desk-bound traffic cop.
Since, the checker (and penaliser) of the trivial petty little rules, should remain in the third line, right ..?

Where by the way, the creativity of the artist is required to make the art work that sells — and hence all make their living off straightforward crime or would perish. The more you bureaucratise into totalitarianism, the more you see life wither, till death. Even if the crime keeps on being perpetrated — by laxity of the second and particularly third lines, in cahoots with the profiteers. … Maybe that’s a bit deep-but-overly-lapidary …
Hence, just:

[Panopticon Central, Strassbourg]

Miss(ed), almost ..?

One might have easily missed one of the most valuable annual reports … but if you trust it (you can) or would want to dismiss it (you can, for various reasons like the management babble leading to a great many missed threats and ~levels as here, always of course, but still), it is an important item when you’re in InfoSec despite #ditchcyber! so you’d better study it.
Oh, yeah, this being the thing.

OK now. Plus:

[In “cyber”space (#ditchcyber once more), easily scaled. Haut Koenigsbourg again.]

Short Cross posting

… Not from anyone, not from anywhere. But crossing some book tips, and asking for comments.
Was reading the Good Book, when realizing that it, in conjunction with Bruce, could lead to some form of progress beyond the latter when absolutist totalitarian panopticon control frameworks might seem the only way out. In particular, when including this on the Pikettyan / Elyseym escape or not that serves only some but not the serfs. And then add some Mark Goodman (nomen est omen, qua author, and content?) and you can see where Bruce may have missed exponential crumbling of structures, and said escape might be by others than the current(ly known) 1% … Not all Boy Cried Wolfs will be wrong; on the contrary — Not Yet is very, very different from Never, but rather Soon Baby, Soon.

Not rejoicing, and:

[Nope, not safe here (Haut Koenigsbourg) either.]

Today

This… — today, nothing more needs to be said