For those that read my last few updates on SmartTech, Inc. and the massive cluster bomb of associated conspiracies, there is more to wonder about. The main technical player, Mike Connell, recently died in a fiery solo plain crash. Flying a plain by myself is NOT one of the things I would do, if I were going to turns states evidence.
May you rest in peace Mike Connell (unless you helped steal the Ohio elections and helped the Whitehouse hide illegal activity by hosting their external e-mail accounts to bypass federal laws on data retention).
Tuesday, December 30, 2008
Wednesday, November 5, 2008
SmarTech Inc., Rove, Ohio 2004 and 2006
Now that the U.S. election has not been stolen, again -- as far as I can tell -- I'm curious if anybody has heard anything significant about the recent revelation regarding SmarTech Inc. and their possible role in hijacking the 2004 and 2006 Ohio election results.
Documents reveal how Ohio routed 2004 voting data through company that hosted external Bush Administration email accounts
"Newly obtained computer schematics provide further detail of how electronic voting data was routed during the 2004 election from Ohio’s Secretary of State’s office through a partisan Tennessee web hosting company."
2004 Network Schema Diagram
2006 Network Schema Diagram
I really hope this sees the further light of day.
UPDATE: Cyber Security Expert Says KingPin Attack Benefited Bush They're trying to expedite the investigation, as much as possible.
Documents reveal how Ohio routed 2004 voting data through company that hosted external Bush Administration email accounts
"Newly obtained computer schematics provide further detail of how electronic voting data was routed during the 2004 election from Ohio’s Secretary of State’s office through a partisan Tennessee web hosting company."
2004 Network Schema Diagram
2006 Network Schema Diagram
I really hope this sees the further light of day.
UPDATE: Cyber Security Expert Says KingPin Attack Benefited Bush They're trying to expedite the investigation, as much as possible.
Thursday, October 9, 2008
Edifices of Stone and Sky
At the center of Union Square, San Francisco, I found myself in the shadow of this towering columnar memorial statue, with it's elegant Corinthian capitol, and the lady (victory), raising her trident and laurel wreath. Looking up at the sun falling behind the St. Francis Hotel, you can see light carving between the planes of the building and a massive flag crackling in the wind. If you look closely, there's also a seagull arcing through the top of the sky.
Thursday, August 7, 2008
BlackHat Day 1 -- DNS: Dan Kaminsky and Research Persistence
Black Ops 2008: Its The End Of The Cache As We Know It
Dan Kaminsky
I just have to say how happy I am that Dan Kaminsky found this vuln and handled it the way he did. This guy has playfully danced all over DNS for much of his career and finding a problem like this gets to the heart of how the Internet works. This just might even top streaming video over DNS! The amazing thing about DNS is that's it's highly resistant to change, so it hasn't exactly been evolving rapidly. Anyhow, this talk had the normal level of Dan enthusiasm and was packed -- standing, sitting, in the aisles. Dan exhaustively demonstrated what can happen when you can own DNS at the highest levels. When you think about it, it's really insane. He also went into depth about the massive patch orchestration effort that went on behind the scenes. Kudos to everybody involved for making it all happen.
Dan Kaminsky
I just have to say how happy I am that Dan Kaminsky found this vuln and handled it the way he did. This guy has playfully danced all over DNS for much of his career and finding a problem like this gets to the heart of how the Internet works. This just might even top streaming video over DNS! The amazing thing about DNS is that's it's highly resistant to change, so it hasn't exactly been evolving rapidly. Anyhow, this talk had the normal level of Dan enthusiasm and was packed -- standing, sitting, in the aisles. Dan exhaustively demonstrated what can happen when you can own DNS at the highest levels. When you think about it, it's really insane. He also went into depth about the massive patch orchestration effort that went on behind the scenes. Kudos to everybody involved for making it all happen.
BlackHat Day 1 -- Bad Sushi and Phisher on Phisher Crime
Bad Sushi:Beating Phishers at Their Own Game
Nitesh Dhanjani and Billy K Rios
These guys easily infiltrated a bunch of phishing forums by pretending to be a young kid wanting to learn how to do it. They were very quickly "helped out" and handed tons of phishing kits, after claiming they couldn't afford the exorbitant prices for the kits. Some of the observations from the presentation were quite comical. The phishing scene (sub-culture?) is one of bravado and backstabbing. They even found lists of other phishers that will rip off other phishers. They called it "phisher on phisher crime." One phisher generously gave the two a bunch of kits, but had clearly attempted to obfuscate something in the primary php uploader code, so that each stolen identity would also have a copy sent to the author. Another hilarious example, was a guy that was giving "instructions" on how to hack yahoo. There were pages of completely fake instructions -- that only someone non-technical would write or believe -- but at the end, to get it to work, you had to enter a working credit card number! When they e-mailed the guy that it didn't work, he simply told them that they "did it wrong" and "do it again". They also talked a bit about the various pricing they saw for stolen credit cards and what some of the likely return rates were. Very fun, stuff.
Nitesh Dhanjani and Billy K Rios
These guys easily infiltrated a bunch of phishing forums by pretending to be a young kid wanting to learn how to do it. They were very quickly "helped out" and handed tons of phishing kits, after claiming they couldn't afford the exorbitant prices for the kits. Some of the observations from the presentation were quite comical. The phishing scene (sub-culture?) is one of bravado and backstabbing. They even found lists of other phishers that will rip off other phishers. They called it "phisher on phisher crime." One phisher generously gave the two a bunch of kits, but had clearly attempted to obfuscate something in the primary php uploader code, so that each stolen identity would also have a copy sent to the author. Another hilarious example, was a guy that was giving "instructions" on how to hack yahoo. There were pages of completely fake instructions -- that only someone non-technical would write or believe -- but at the end, to get it to work, you had to enter a working credit card number! When they e-mailed the guy that it didn't work, he simply told them that they "did it wrong" and "do it again". They also talked a bit about the various pricing they saw for stolen credit cards and what some of the likely return rates were. Very fun, stuff.
Wednesday, August 6, 2008
BlackHat Day 1 -- Wake Up, Register, Eat, Get Punched in the Face
I was up early this morning and off to Ceasar's, where I quickly registered, grabbed a bagel, coffee, and took the lay of the land. There seems to be a lot more people this year and quite a few more vendors. I saw a few folks I know and managed to call one person by the wrong name. So, I hit the Intro and the Keynote.
Key Note Speech -- Complexity in Computer Security
Ian Angell, Professor Information Systems, London School of Economics
This was a really great knock-in-the-jaw speech (Okay, I was speaking metaphorically!). One of the main points he made was that our instincts to use statistics and risk analysis to simplify complex systems is doomed to fail by its nature, especially when that system has human pressures applied to it. When people ask me about info security risk, I often make a similar point by drawing a standard bell curve with lines for two standard deviations from the mean. For some instinctive reason, people seem to be very comfortable trying map to this distribution world view of risk. Then I draw an arrow pointing to around 2% with a snarky caption like, "Owned". The problem is that, things just don't follow simple models when dealing with emergent systems, because the rules of evaluation can change at any time. There really are no rules that can fully work. I'm going to have to think about it some more ... seriously.
More on Day 1 talks as I get them written up.
Key Note Speech -- Complexity in Computer Security
Ian Angell, Professor Information Systems, London School of Economics
This was a really great knock-in-the-jaw speech (Okay, I was speaking metaphorically!). One of the main points he made was that our instincts to use statistics and risk analysis to simplify complex systems is doomed to fail by its nature, especially when that system has human pressures applied to it. When people ask me about info security risk, I often make a similar point by drawing a standard bell curve with lines for two standard deviations from the mean. For some instinctive reason, people seem to be very comfortable trying map to this distribution world view of risk. Then I draw an arrow pointing to around 2% with a snarky caption like, "Owned". The problem is that, things just don't follow simple models when dealing with emergent systems, because the rules of evaluation can change at any time. There really are no rules that can fully work. I'm going to have to think about it some more ... seriously.
More on Day 1 talks as I get them written up.
Subscribe to:
Posts (Atom)
