“Have you ever dressed up specifically to bypass physical security or blend in where you shouldn’t be?”
“No, never. Why do you ask?”
Recherches récentes
Options de recherche
#hackerlife
0 message0 participant0 message aujourd’hui
Discovering a useful feature you didn't know about in a piece of software you have been using EVERY DAY for YEARS is one thing. Discovering a useful feature that you'd forgotten about, in a piece of software that you use every day, that YOU WROTE, is another thing entirely.
Ha ha. Oops.
While this blog post is from 2022 (after Roe v Wade was overturned) it is quite relevant to today - especially in light of current events and various protests. So I'm sharing it again. Normally I'd say "enjoy" but frankly it's sad I had to write it at all. Basically it is paranoid tips and tricks to avoid being digitally tracked by The Man.
https://www.markloveless.net/blog/2022/6/28/digital-tracking
Mark LovelessDigital Tracking — Mark LovelessI can’t fix the government or the court system if there is something I think is unjust or unfair. But as a paranoid hacker type, I might be able to change my digital footprint so I feel safer.
Okay this isn't an unpopular opinion as much as it is a realistic one as far as I am concerned. It involves #xz and the person/persons behind it. For simplicity's sake in explaining, assume just a person.
They have a really high skill level, they were not working on xz constantly, but sporadically. You know, like a contributor doing this in their spare time would, with a few bursts of activity. Someone at that level of skill certainly is not just doing this, I would strongly suspect they have other "projects" they are working. Some have probably been completed, some are probably still in progress. I cannot imagine this being an isolated incident.
I also cannot imagine this being a single "technique", as it were. Another project might include committing code that actually solved a problem but introduces a tiny conditional security flaw, just waiting for an additional tiny security flaw to make the whole thing "work".
I could also imagine this person could have a day job as a contractor or even a full remote employee writing their little "projects" for closed-source applications that may or may not involve something security or infrastructure related.
Or all of the above. Yes this is a mess of unknown unknowns, but this is the type of things I think about. I've been considering them for ages, the whole xz thing has simply given me a reason to publicly pontificate.
A blog post about why I self host, because, well, you all have seen the Internet, right?
Mark LovelessWhy I Self Host — Mark LovelessNot everyone self hosts, but I do. I get asked a lot as to why, so I’ll try and answer. Spoiler, I’m paranoid and a nerd.
Since I have grey hair, when I hear the word "cyber" used by itself my 12 year old inner self has a giggle. You see, it has a bit of history...
#infosec #HackerLife #hacker #OldManLaughsAtCyber
https://www.markloveless.net/blog/2023/12/1/the-history-of-the-word-cyber
Mark LovelessThe History of the Word "Cyber" — Mark LovelessUsed alone, the prefix “cyber” as a word by itself has a weird history.
More tales from my past - when ones were ones, and we the evil hackers of the early Internet days were zeroes. Some of us wanted to fix things....
https://www.markloveless.net/blog/2023/8/29/tftp-not-getting-caught-part-two
Mark LovelessTales from the Past: Not Getting Caught Part Two — Mark LovelessVendors are the worse. Sometimes you had to report security problems to them in weird ways to get them to act at all.
I was recently interviewed on the @system76 podcast. For the impatient non-nerds I'm at about the halfway point in the podcast.
When buying a car like I did recently, I had a couple of "demands". The first one was no dealer branding on the car (yes you can ask for that). The second one always raised questions - no window tinting.
The reason for no window tinting has a lot to do with my security mindset. One, it is easier to see around you in a dark parking lot at night. Two, if I am approaching my vehicle at night I can see inside if there is an intruder hiding in the backseat ready to machete me. Three, it helps to see pedestrians or stray animals better, again especially at night. I know there are people out there who are concerned that people can look in and see them, however I deem the #opsec advantages of better nighttime vision in and around my car to outweigh people looking in at my ugly mug while I’m out and about.
I blame my #infosec background most of all.
I find the people bitching about the #FBI and the #juicejacking warning kind of funny. Based on previous "warnings" I think this means they were/are dealing with a nation state attack against a specific target, and this is their way of letting the adversary know "we know what you did."
It's also funny because many of these same people bitching, while avid being security pros that lock down their personal computers still will physically cover the cameras, find nothing wrong with recommending camera blocking.
FWIW I use USB data blockers and block my cameras, and recommend it to everyone especially non-techie friends. I also point out that if they #patch regularly and are careful they should be fine, but the habits of using data and camera blockers is a good reminder for them to at least think about #security.
Alright @qcon #London here I come!! Gotta let someone else do the flying but these accomodations definitely make up for that. 
#HackerLife #FeelingFortunate
I was asked (yet again) why I wasn't on TikTok. And I stated (yet again) I downloaded and spent 5 (maybe 6) minutes looking inside the APK and thought there is no fucking way I'm loading that on my phone.
I have no idea why #infosec people are using it or on that platform.
You know you're old when you mention you once had to deal with Token Ring and someone assumes you're talking about Frodo or you're talking about some type of competitor to HashiCorp Vault.
You also know you're old when you mention you used to have 10base2 in your house and someone assumes it is a math problem or you're having a stroke that impacts your speech.
A before pic and an after pic. Also a blog post.
#homelab #HackerLife #infosec #RemoteWork
https://www.markloveless.net/blog/2023/2/7/cleaning-up-the-rack
Researcher rules:
1. Trust but verify. Especially the verify bit.
2. Assume if there is the smallest possibility of someone getting annoyed as a result of your research, they will become furious to the point of an irrational state of shutting down actual reasoning.
3. Someone somewhere will get annoyed.
4. Stay calm, be politically neutral, and even-toned. The irrational sound more irrational even to themselves by contrast.
5. Stick to the facts. Don't say things like "your 'opinion' doesn't change the findings at offset 0x08 in frame 12 of the pcap!" simply restate "the offset 0x08 in frame 12 holds this value".
6. If you are disclosing a bug to a vendor and they start saying weird stuff like "PGP sign your disclosure policy and email it to us, we need this before we can respond" or some other weird thing, involve your Legal department, and if you're an independent researcher ask for legal help. (yes this has happened to me)
Summation of the “good old days” for hackers: We didn’t call it “red teaming”, we called it “felonies.”