Friday, 11 December 2009
Republished from April 2008
In the online competitive intelligence world, the right knowledge, at the right time - is absolute power!
So much so that executives are now moving faster than ever to invest in online competitive intelligence resources
Today, intellectual property owners want to use the Internet to identify who has stolen their hard-earned digital assets and bring criminals to justice.
Copyright and Trademarks owners want to know who is infringing their legal rights.
Brand custodians want to know where the reputations of their sponsors are being compromised.
Business managers want to know about their competitors plans, in order to secure their position in the markets.
Security services want to track the money streams of terrorists and fraudsters.
Over the past 2 years we at Brand Killer Robots have been quietly taking note of the plethora of new website services being invested in, with the sole aim of trawling the internet for competitive intelligence data.
There are tools for searching search engines to uncover details about your company that you would never think of publishing freely, tools for searching social networks to locate competitive intelligence information about your employees or ex-employees, tools for digging into content to locate copyright materials and tools for conducting linguistic scans for flagging up dirty words associated with your products or derogatory associations with your brand.
It would seem that Online Competitive Intelligence Acquisition is a viable and potentially valuable resource which every business could use, for one purpose or other.
Until you consider the possible implications of your company's competitive data going missing!
The very fact you as a business engage a third party to help you develop competitive data in the first place, may be a step in the wrong direction. Many of these online analysis systems are just that (online), meaning servers could be hosted from here to Namibia. Who knows where your data is and worse still - who really knows whether your competitiors can get hold of it!
So we say, before you take up any contracts with Online Competitive Intelligence providers or Online Reputation Monitoring Services, consider the potential risk of this data going missing and more importantly, the impact on your business plan - if such data did go astray.
Sunday, 29 November 2009
The Hacker will expose the secrets of our time, until the Illuminati are no more.
Then he will lay down and die, tormented by his past futile deeds.
He will never awake again, to see the suffering he has conjured.
Tread carefully in anger Hackers, lest you disenfranchise your children from this earth.
Dali used to talk about systemising confusion using a surrealist technique called paranoaic critical method, for re-creating perspective.
He used a device of unbalanced perspectives to re-visualise the world and in so doing, systemise confusion. This device led to enhanced vision, or if not enhanced, alternate vision.
I would certainly argue that great leaders are exceedingly unbalanced in one way or other, which i would argue embues them with greater capacity for systemising confusion. It is the mental unbalanced state that endows the subject with vision, beyond the norm.i.e Use the disordered mind to reverse disorder.
The more profoundly flawed you are it seems, the greater the potential for leadership. At least this is the case for those who lead people in times of struggle or where a massive change is required of the organisation.
Great leaders over the centuries were not born of Harvard or adorned with honours and MBA's. Great leaders were above even those who would bestow such fancies. When i say "above", i really mean "beyond" in the sense that they needed a bigger arena.
I for one believe that people like Bill Gates realised this when he was at college, which is why he knew he had to get the hell out of these limited spaces, in order to perform to his potential.
Thursday, 26 November 2009
Human Capital Value is equal to the combined motivation, intellect and creativity of the workforce at its lowest externally motivated point, divided by the quantity of politics, secret agendas and dumb people in the organisation, multiplied by the influence of the greatest, most powerful leader on earth.
Then divide by 2, just to cover for the circumstances where leaders are undermined by corruption.
Monday, 23 November 2009
In a world which has been rocked by imcompetant leadership of the highest magnitude, there is only a place for strong, individual, buck stops here, visionary leadership to get us out of this mess.
Had this kind of leadership been sufficiently present in the economic markets of the world, nations would not now be trillions of dollars in debt through systemic failures, caused by what i would call "convenient leadership responsibility displacement".
"Convenient leadership responsibility displacement" manifests by spreading the responsbilty for failure to such an extent that the focus falls away from those leaders who really are to blame and falls in a way where responsibility can be denied by any particular leader.
This "leadership disease" is the greatest vulnerability known to man.
It is a get out clause for incompetant leaders, who enjoy power way beyond their capacity to lead.
Monday, 16 November 2009
This is a poem of mine about how i see the world right now. How i see some folks and institutions who are privileged and some folks who are not. Some folks who can live their lives under a safe, strong umbrella and some folks who are doomed to live in the rain. Its a poem about kings and queens, children in poverty and umbrella'ness.
Crushed in isoloation from childhood
The grown man did manueoveur for the umbrella
Forsaking 'Self' the Universe grows 'I'
Yet, The grown man did still manueoveur for the umbrella
Its sense is strong and bright
It keeps me warm in bed tonight
Forsaking 'Self' the Universe grows 'I'
Yet, The grown man did still manueoveur for the umbrella
What doth qualify your umbrella right?
Is it fame, fortune, genius or birthright?
Forsaking 'Self' the Universe grows 'I'
Yet, The grown man did still manueoveur for the umbrella
Does the threat of terrorism come from black or white, fear and fright?
Or does it come from those without umbrella right?
Forsaking 'Self' the Universe grows 'I'
Yet, The grown man did still manueoveur for the umbrella
A poverty child, a dispossessed family, a mind driven insane with umbrella fright
Who will inherit the non-umbrella world this night?
Forsaking 'Self' the Universe grows 'I'
Yet, The grown man did still manueoveur for the umbrella
So if you are an umbrella hogger
A world bank, A crowned prince, a celebrity, a wealthy
Forsaking 'Self' the Universe grows 'I'
One day you will wish that you had never ever known that golden umbrella
Those without umbrella will someday inherit the earth.
Sunday, 16 August 2009
I have been researching the self-inflicted affects of torture on the human soul and i came across this article by David Dobbs who was writing about Dr Vaughn Bell's comments relating to the psychological impact of torture and the results of "learned helplessness". My interest in his article was particulary acute when he introduced the notion that depression is really the result of a process of "learned helplessness". Having suffered years of "self-torture" where my mind constantly remined me i was just about to die, which finally ended in a complete emotional and intellectual breakdown, i really can see the similarities between a largely self-imposed torture by the ego and the torture administered by the CIA.
Here is the article.
Amid my flu frenzy I missed Vaughn Bell's excellent consideration of CIA psychology through the declassified memos:
I've been reading the recently released CIA memos on the interrogation of 'war on terror' detainees. The memos make clear that the psychological impact of the process is the most important aim of interrogation, from the moment the detainee is captured through the various phases of interrogation.As Vaughn notes,
Although disturbing, they're interesting for what they reveal about the CIA's psychologists and their approach to interrogation.
A couple of the memos note that the whole interrogation procedure and environment is designed "to create a state of 'learned helplessness'.. This is a concept originally developed by psychologist Martin Seligman who found that dogs given inescapable electric shocks would eventually just give up trying to avoid them and remain passive while electrocuted. The theory was related to depression where people with no control over their unpleasant lives supposedly just learnt to be withdrawn and passive.Vaughn points out that while the concept is not particularly well validated, "if it was and you were an interrogator, you'd want to avoid learned helplessness at all costs, because the detainee would see no point in co-operating."
I'd add another point: Some studies have shown "learned helplessness" to be an apt model for major depression from both a behavioral and even a neurological perspective. In a sense, then, to intentionally produce it in someone by causing them pain and distress in a situation they are powerless to change is to inflict on them a mental illness.
You can argue that depression is not a mental illness (i'd argue back). But the point here is that the prevailing medical view is that depression is a mental illness, and that it may be defined (among other ways) as a state of learned helplessness, despondency, and hopelessness. It follows that intentionally producing that state through torture is to intentionally make someone quite ill. And regardless of the ridiculous arguments over whether waterboarding and beating and hanging by the arms for days is torture, the act of making intentionally making someone sick -- indeed, seeking to give them an illness known to carry a risk of death (by suicide) -- would seem rather not okay.
Wednesday, 12 August 2009
I listened to this person explain the concept and feeling of enlightenment.
After i finished hearing it, i understood that there were three paths i could follow.
1. I could sit in a cupboard all day and do nothing. Because being enlightened is a place where there is no concept of anything. Just an awareness. So sitting doing nothing is what i'd do.
2. I could live life "IN" the "CONTENT" of life - through the imagination.
3. I could dart between Enlightenment and Content.
I chose number 3, because there is not enough action in Enlightenment.
Ok, in the spirit of disruptive naughtieness i thought i'd publish this report by Anton A. Chuvakin Phd considering the Myth of the Security Expert. Whilst i don't necessarily agree in what he says about "how security experts must be accorded authority and status by their peers or the public in order to be credible", i do agree with him that Security Experts should try to develop their careers around one particular area of specialism. I also understand the dilema that security people face where clients expect generalist all round knowhow. My own advice being for security people to develop a broad perspective on the security and intelligence world, but concentrate more accutely down one particular line.
Anyways, here is Anton's report.
In the future, it will become clear why I am writing this... For now, please treat this as some random analysis of our profession as well as of the dreaded definition of “a security expert.” Some might say it is a rant, but I prefer to tag it as “musings.”
Lately I’ve run into too many people who [claim to] “know security” or are [claim to be] “security experts.” Now, as some of you recall, I used to do theoretical particle physics before I came to information security. In my physics days, I’d be pretty shocked if I were to meet a colleague in the hallways of the C.N. Yang Institute for Theoretical Physics who would self-identify as “a scientist” or, for that matter, even as “a physicist.” It is overwhelmingly more likely that he would say “quantum chromodynamics” or “lepton number violation in electroweak gauge theories” or “self-ionization of the vacuum” or some such fun thing :-) However, as we all know, some folks in our industry have no shame introducing themselves to a colleague as “security experts.”
So, you are “a security expert.” Awesome, happy to hear it! Please let me know whether you are Case A or Case B.
Case A: you know more than an average person on the street about every single area (or many, many areas) of information security: from ISO27001 to secure coding in Ruby?
Case B: you know more than your peers in security about one particular area (or a few areas) of information security: log management, Java security code review, penetration testing, NIDS/NIPS rule creation, firewall management, wireless scanning, etc?
Let’s see which one is consistent with how people in other professions define “expertise.” The obvious start is Wikipedia. As of today, http://en.wikipedia.org/wiki/Expert entry says:
“An expert is someone widely recognized as a reliable source of technique or skill whose faculty for judging or deciding rightly, justly, or wisely is accorded authority and status by their peers or the public in a specific well distinguished domain. An expert, more generally, is a person with extensive knowledge or ability in a particular area of study.”
Other sources (such as Google “define:expert”) present similar results; expert can only be an expert in a specific narrow area.
Now, notice that the farther you are from a certain area, the more it seems like a narrow one (example: “science” to a average janitor is a narrow area). On the contrary, the deeper you are inside a particular area , the more it seems like a wide area (example: “brain tumor surgery” to a neurosurgeon is a broad area or “quantum gravity” to a physicist).
Despite such relativism, other professions somehow managed to converge on their definitions of “an expert.” After all, you don’t get to “enjoy” a neurosurgery from somebody who “knows more about medicine than an average layperson.” However, as we all know, many organizations “enjoy” having their NIDS tuned by a just-hired CISSP (aka proof of being “a light-year wide and a nanometer deep” in security :-)). What’s up with that?
I think this has a lot to do with the fact that the area of security is too new and too fuzzy. However, my point here is that a little common sense goes a long way even at this stage of our industry development. In light of this, next time you meet “a security expert,” ask him what is his area of expertise. If the answer is “security”, run! :-)
Finally, career advice for those new to information security: don’t be a generalist. If you have to be a security generalist, be a “generalist specialist;” namely, know a bit about everything PLUS know a lot about something OR know a lot about “several somethings.” If you ONLY know “a bit about everything,” you’d probably die hungry...
Tuesday, 11 August 2009
Here is a report from zanasser on the enormous money mountain, derived from what some are calling "scareware".
I received a very nice phone call a couple of weeks back from a very kindly gentleman in India who seemed concerned that one of my computers was calling him up and apparently screaming help, help, help down the phone line.
He said my PC was reporting a fault and numerous infections and that as he as the head of the Internet Cybercrime Department would take care of it so long as i sent him $29.99 to cover the work. Suffice to say that since i had half an hour to kill i let him explain to me (in roundabout terms) just how this scam was supposed to work.
Anyway, i thought this report would give some background to this new line in crackery.
According to a study by Panda Security, fraudsters are making approximately $34 million per month through what is being called “scareware attacks”. These are scams designed to trick surfers into purchasing rogue security packages supposedly needed to deal with threats which don’t really exist. Also termed as “rogueware”, distributors of such software are successfully infecting 35 million machines a month.
Utilizing the concept of social engineering, whereby information on such fake security software is marketed through social networking sites and tools, user are tricked into visiting sites hosting scareware software, downloading it and telling a friend.
Other tactics to find users include manipulating the search engine rank of pages hosting scareware. Panda Security believes that there are over 200 different families of rogueware, with more new variants coming on stream all the time. The technical director at Panda Labs explains that "Rogueware is so popular among cyber-criminals primarily because they do not need to steal users' personal information like passwords or account numbers in order to profit from their victims.
By taking advantage of the fear of malware attacks, they prey upon willing buyers of their fake anti-virus software, and are finding more and more ways to get to their victims, especially as popular social networking sites and tools like Facebook and Twitter have become mainstream." And the figures support the concern that this trend is growing. In the second quarter of 2009, four times more new strains were created than in the whole of 2008, primarily to avoid signature-based detection by proper security packages. Another technique, behavior-based detection, is an approach that works well with Trojans and worms, but is limited when applied against scareware packages.
The real issue now emerging is how sacreware is emerging as an organized crime. There are dedicated software creators and distributors of scraeware. They go through a set of procedures: writing the rogue applications, establishing distribution platforms, payment gateways, and any other back office services.
There are also affiliates (distributors) tasked with the job of distributing scareware to as many victims as possible in the fastest possible time. Stay out of this cycle. Don’t be ‘scared’ into downloading anything. Only obtain well-known industry standard security software. Forget about small, unknown vendors. Just applying common sense is the best protection against scareware, rogueware or any kind of new ‘threatware’.
Zeid Nasser's Tech Blog
Monday, 10 August 2009
We thought this report by IDG News was very ironic in more ways than one. The US Air Force are recruiting hackers at the same time as attempting to extradite Gary Mckinnon for acts of a similar nature. Perhaps the intelligence agencies have finally realised that a lot of these guys do want to help and that guys like Gary Mckinnon are better off being listened to rather than abused.
Here is the report.
The Air Force recruited 60 at last year's hacker conference; this year it's back for more.
The U.S. Air Force has found an unlikely source of new recruits: The yearly Defcon hacking conference, which runs Thursday through Sunday in Las Vegas.
Col. Michael Convertino came to Defcon for the first time last year, and after finding about 60 good candidates for both enlisted and civilian positions decided to come back again.
"The principal reason that I'm here is to recruit," said Convertino, commander of the U.S. Air Force's 318th Information Operations Group, speaking Thursday during a panel discussion at Defcon's sister conference, Black Hat. "We have many empty jobs, empty slots that we can't fill."
Federal agencies have only recently begun embracing the hacker crowd. When U.S. Department of Defense (DoD) director of futures exploration Jim Christy hosted his first Defcon "Meet the Fed" panel on 1999, he was one of two people onstage. At this week's Defcon, there may be several thousand federal employees in attendance, he said.
Federal government employees first started coming to Defcon to get information and build relationships from the hacker community, Christy said during an interview, but now it is becoming more acceptable to find new recruits at the show, despite its reputation as a subversive hacking conference. "The character of Defcon has changed over the years," he said in an interview. "Ninety-five percent of the people here are good guys."
And federal agencies have changed too, particularly since the terrorist attacks of Sept. 11, 2001, said Linton Wells II, the former CIO of the U.S. Department of Defense (DoD), now a research professor with the National Defense University in Washington D.C. "The federal government has engaged with a lot of people they wouldn't have even talked to before 9/11," he said.
Christy expects that a couple of hundred of this year's attendees will be recruited by federal agencies, but no one is recruiting more aggressively than the Air Force. "The Air Force has always been the leader in this area," he said.
Convertino's efforts reflect a government-wide effort to step up cyber-security recruiting. On Monday, the DoD co-sponsored an effort to recruit 10,000 young computer through a series of cyber-contests, known as the U.S. Cyber Challenge
In an interview, Convertino said that by next year many of his recruits will have completed the hiring process and will be able to attend the conference and encourage others to enlist.
The federal government has long had a hard time attracting and keeping top computer security talent, even at the very top.
Although the Obama administration created a new high level cyber security advisor position earlier this year, it remains unfilled. According to a Forbes Magazine report, the job has already been turned down by several qualified candidates.
Cyber-security is becoming a hot-button issue, which means more congressional interference, and for people in the field more time spent responding to political pressures instead of real security threats.
The recruitment process is long and tedious -- obtaining a security clearance can take 18 months -- and the pay is generally lower than in the private sector.
But the challenges are unique and at Defcon this week the DoD's chief security officer made a recruiting pitch to attendees, describing it as a place where geeks could develop world-class cyber security skills. "I have never seen in my entire career a more concerted effort.... to focus on this are area of education, training and awareness," CSO Robert Lentz told conference attendees. "Any one of you in this room who want to seek positions in the government…. the opportunities are there; the resources are there. "
There might be one other reason why a government job could appeal to Defcon attendees.
The feds like to talk about developing cyber-security capabilities to protect the nation's infrastructure, but they may also be spending time at Defcon looking for people who know how to attack systems as well, said Mikko Hypponen, chief research officer with security vendor F-Secure. "If you want people who know how to attack, this is the place."
The IDG News Service is a Network World affiliate.
The police are bracing themselves for online security breaches, particularly intentional cyber attacks like those that occurred recently.
The National Police Agency will allocate professional cyber investigation agents in individual police stations to collect, analyze and report the use or leakage of illicit intelligence information on the internet, according to officials yesterday.
So far, as such agents were only available in the NPA and regional police agencies, police stations required assistance from central organizations in investigating complex cyber crimes.
The NPA's plans followed the DDoS cyber attacks that brought down several major online networks last month.
As an attempt to secure the cyber investigation workforce in each station, the NPA also added a clause in the regulations preventing cyber security agents from being transferred to other departments.
The NPA will set up inspection committees in order to thoroughly select qualified experts in the online security and cyber crimes, said officials.
The NPA will also invest in educating the selected agents into veteran cyber troops, said officials.
"We have come up with a reinforced cyber police intelligence system to guard ourselves against the North's cyber attacks and any other online crimes," said an NPA official.
The police suspect that North Korea, possibly in coordination with other groups, initiated the DDoS attacks to put pressure on the South.
By Bae Hyun-jung
Friday, 7 August 2009
We thought you might like this report from USNews.com discussing what we have been talking about for years.
That of the value of hackers in securing our nation(s) from cyberthreats. It is time that governments realised that they can no longer rely on corporate suits to defend the nation state. Its time to start trusting the creative mind.
The U.S. Cyber Challenge aims to identify 10,000 patriotic geeks and make them experts
The potential threats against the United States from malicious foreign hackers are as poorly understood as they are scary. China's military has trained more than 60,000 "information troops," and its official doctrine calls for pre-emptive strikes on networks of nations it sees as a threat. Russian hackers—probably with Kremlin support—have attacked Internet sites in pro-Western Estonia and Georgia. And a mysterious "worm," Conficker, infects an estimated 5 million computers around the world. Authorities don't know who controls it; cyberintelligence expert Jeffrey Carr calls it "the equivalent of a nuclear bomb" that could shut down the entire Internet.
It's the kind of shadowy, nonstate threat that the U.S. defense and intelligence bureaucracies are traditionally ill equipped to fight, but a new initiative announced last week aims to try. A consortium of government agencies and private organizations has set up a series of competitions, called the U.S. Cyber Challenge, to identify up to 10,000 patriotic geeks and then nurture them to become "top guns," as the Cyber Challenge organizers call them, at the Pentagon, the National Security Agency, and elsewhere.
The Department of Defense trains only about 80 cybersecurity experts a year, far fewer than what are most likely needed. "People in the Pentagon know that the guy who looks good in a flight suit and can do 100 push-ups isn't necessarily the guy who will be the world's best hacker," says Noah Shachtman, editor of Wired magazine's Danger Room blog, who has briefed Pentagon officials on cyberwarfare. "So they know they have to reach out beyond traditional military recruiting models to find the top people. They're not sure exactly how to do it, though, and this is one attempt."
President Obama's announcement in May of a new cybersecurity initiative, including a cybersecurity coordinator who will report directly to the president, showed that the administration recognizes the threat from foreign hackers. "In today's world, acts of terror can come not only from a few extremists in suicide vests but from a few keystrokes on a computer—a weapon of mass disruption," Obama said in announcing the program. But two months on, the coordinator has yet to be named, and there is no information about the budget the office will have. "There are still huge questions about what it's going to do," Shachtman says.
And the Cyber Challenge only highlights a huge handicap Washington faces in its fight against cyberattacks: The hacking culture is antiestablishment, and the United States is the establishment, the Microsoft of geopolitics. That's a boon to Russian and Chinese government efforts to recruit hackers to their side, but it will hurt the United States, Carr says. A hacker wants "to align with the underdog against the big, bad U.S., and it's going to be hard to reverse that," he says. And there are signs the United States doesn't quite get it yet. The Cyber Challenge Web pages are laden with the kind of massive PowerPoint presentations that plague the Pentagon, "the most conventional, staid way to try to recruit innovative people," Shachtman says. Clearly, Washington is likely to face an uphill battle.
Joshua Kucera (08/06/2009)
The popular micro-blogging site was unavailable as the company defended itself against the attack.
The Twitter micro-blogging and social networking service was hit with a denial-of-service attack over night that rendered the site unavailable for users.
Twitter reported the attack in a post on its blog at about 3am local time and is continuing to deal with the problem.
"We are defending against this attack now and will continue to update our status blog as we continue to defend and later investigate," the company said in a blog posting by Twitter cofounder Biz Stone.
In a status report about an hour following its acknowledgement of the attack, Twitter reported that the site was back up, but users still were having trouble reaching it. The site itself was down for about two hours before it resumed service, although Twitter remained under attack and warned users in another status update that as it recovered, users would experience "some longer load times and slowness," as well as network timeouts.
A DoS attack is an attempt to make a website or service unavailable to intended users by flooding the service or site with incoming data requests, such as emails. Motives for DoS attacks vary, but perpetrators mostly target companies with high-profile, highly trafficked websites, and usually there is some kind of financial motivation for the attack.
Graham Cluley, a senior technology consultant with security software vendor Sophos, said it's unlikely money is the motive here, since Twitter does not have much of its own to part with because the business is not yet profitable.
DoS attacks also can be politically motivated, he said, and while some countries' governments don't like Twitter -- notably, Iran -- he doubts the attack is politically motivated. "It's most likely to be a teenager in a back bedroom somewhere showing off," Cluley said.
When a site is hit with a DoS attack, administrators will try to distinguish between valid requests to access the site and malicious ones, and redirect the malicious ones to another domain if possible, he said. As Twitter's site was up and running a couple of hours after the attack, it's likely the company was able to do this, or the hacker may have simply ended the DoS attack, Clulely said.
Twitter had not yet provided an update on where it thought the attack was coming from or how it was handling the attack as of Friday morning. The company's public relations team did not immediately respond to a request for comment Friday.
In just three years, Twitter has become an enormously popular internet service with about 30 million unique users and counting. In addition to being a social tool for people to share constant status updates about their activities, it also has become a tool for journalists, public relations specialists, businesses and public figures to share information with millions of users.
Like Facebook and Google, Twitter also has become an integral part of popular culture, with the slang word for posting something on Twitter, "tweet," becoming part of English vernacular.
Twitter is no stranger to outage problems, although it had been starting to improve its availability level in the past year. According to a report by Pingdom released in February, Twitter recorded 84 hours of downtime in 2008, but 84% of that was in the first half of the year. The site finished 2008 with uptime of 99.04%, which still lagged behind other popular social-networking sites like Facebook and MySpace.
By Elizabeth Montalbano / Friday, August 07 2009
Automated Web Application Security Testing tools are in the core of modern penetrating testing practices. You cannot rely 100% on the results they produce, without considering seriously their limitations. However, because these tools are so good at picking the low-hanging fruit by employing force and repetition, they still have a place in our arsenal of penetrating testing equipment.
These tools are not unfamiliar to modern day penetration testers. In fact, there are plenty of them to choose from, ranging from low-grade command line utilities to high-end frameworks. There are plenty of commercial tools as well some of which are a lot better, in terms of features and false-positives rate, when compared to open source alternatives. People often choose what they are more familiar with. I prefer to use tools that are right for the job without discriminating a particular operating system, platform, and style.
Without further ado, I would like to introduce you yet another tool to compete in the market of automated web application security scanners (not only), released as part of our own Websecurify initiative. The tools is called Websecurify (big surprise) and it is written on the top of common web technologies, which provide significant benefit over other technologies used in open source and commercial alternative products.
Here are some of the key features of Websecurify:
- It is 100% open source, GPL, CC product, ready to benefit the open source movement
- The engine employs technologies, such as Web Workers, from the latest HTML5 specs
- The core engine can be taken out from the binary bundles and used as part of self-defending web applications. I will talk about this soon.
- The testing and reporting mechanisms are asynchronous. This means that the report is cooking while the test is performed. It also means that decisions are taken immediately, i.e. they are not scheduled.
- The tool is cross-platformed thanks to xulrunner
- Everything is written with extensibility in mind
- It can be extended in pretty much the same way you can extend Firefox and Thunderbird
There are many other features, which I am going to talk about soon.
At the moment the tool is only available as a MacOS DMG package and source code. The Windows and Linux versions will be released soon. In the future we are planning release all platform specific packages at the same time. Now is just an exception as we are mostly interested to get an early feedback. I am sure that that there will be a lot of bugs to fix and features to add/improve before we reach version 1.0.Download Version 0.2 from http://code.google.com/p/websecurify/
Published by GnuCitizen on 7th August 2009
Monday, 3 August 2009
Boris Johnson writes in the Telegraph
Since it is now obvious that the British state is about to commit one of the most protoplasmic acts of self-abasement since Suez, and since the clock is now ticking to the moment when Gary McKinnon, 43, will be taken from his home in north London and put – if necessary by force – on a plane to America, it is time to pose the question everyone seems to have ignored. Leave aside, for a moment, the morality of exporting the Asperger’s sufferer for trial in America. Can I ask, what is the point of having a trial at all? I simply do not understand what proposition is to be so expensively tested in this American courtroom. Gary McKinnon is accused of hacking into American military computers.
He is charged with roaming around the cyberspace of the Pentagon, and leaving such insulting spoor as “your security is cr-p”. He is accused of guessing passwords, and trying to view secret photos of unidentified flying objects in Nasa databanks. All this will be put to him in court by some brace-twanging prosecution counsel, as though it were the crux of the matter. And yet Mr McKinnon has never denied it. He has always said that he hacked into American military computers, and that is because he earnestly believes that there is a conspiracy between Uncle Sam and Big Oil to cover up the interception of alien craft that are running on some kind of renewable energy.
For all I know he may be right. It might just be that the Vulcans have discovered some way of making cucumbers from moonbeams, and then boiling those cucumbers up into bioethanol. It may be that he is right in thinking that alien life forms did land at Roswell. It may be that the securocrats of the Pentagon have for decades been concealing the fact that Elvis is alive and well, and living on Mars. If the trial were to get to the bottom of that or any other big UFO mystery, then it might be worth the admission. But, of course, the trial turns on no such question. The only point to be proven is whether or not Gary McKinnon did the hacking, and on that there is no doubt. He says he did. He says it freely. So the only questions remaining are: whether his actions constitute a crime that deserves the seven-year torture of the extradition process, whether he deserves the possibility of a 60-year jail sentence, and whether the British authorities are right to be engaged in this dog-like grovelling to America. To all those questions the answer must be an emphatic no. I do not believe for a moment that the Pentagon and Nasa sustained half a million pounds’ worth of damage to their systems, as they bleatingly allege.
But even if it were true, Gary McKinnon has performed a service that must be rated cheap at the price. He may be a crank, but then he is certainly no terrorist. He may believe in little green men, but he was not operating as a fifth columnist on behalf of these Venusians. He was not trying to cripple American defences in preparation for an assault from outer space. He was simply following up a weird intuition that UFOs exist, with all the compulsiveness that he has exhibited since he was a child. In so doing, he has generously helped America to prepare against attack from a more sinister foe. If it was so ludicrously easy to penetrate these encryptions, then what could al-Qaeda have done? Just imagine if America’s defence establishment had commissioned IT consultants to probe their systems as exhaustively as Gary McKinnon.
The contract would have been worth far more than £500,000. McKinnon did it without charge, sitting up all the night, hardly eating, smoking heavily and spending so long tap-tapping in his dressing gown that his girlfriend gave up on him. The Americans shouldn’t be threatening him with jail. They should be offering him consultancy. Even if you still believe – and I don’t – that there was some element of malice in his actions, that does not make him a fit person to be sent for trial and incarceration in America. The diagnosis of Asperger’s has been confirmed by the world’s leading expert in the field, Simon Baron-Cohen. He says that if this dreamer were to find himself in prison, there is a risk that he would take his own life. This 2003 extradition treaty – supposedly aimed at al-Qaeda – has caught the wrong man in its gin. My objection is not that the treaty is lopsided, though of course it is.
The crucial point is that Gary McKinnon is not some smooth-talking banker accused of fraud, nor is he a terrorist. He is a classic British nutjob, who passionately believes something that is irrational but cannot be easily controverted, and he is a prime candidate for the protection of the Government.
In a tortuous apologia for his decision to extradite, the Home Secretary yesterday wrote – as if it were a good thing – that “one of the most important features of the 2003 Act was the deliberate removal of any discretion the Home Secretary may have in relation to extradition”. On this account, we may wonder why we have elected politicians at all. On this account, the treaty is like a kind of computer-assisted catapult that pings people across the Atlantic whenever the Americans require. In reality, the Home Office has no such excuse. It could easily have decided, on humanitarian grounds, that the extradition should not go ahead. The High Court has merely confirmed that its decision to ignore common sense and decency was not, in itself, illegal. It was just immoral.
I can identify at least one mysterious flying object over the skies of London, and that is the buck being passed, at high speed, by the Home Secretary. Not since the waters retired from the face of the earth has there been such a display of blob-like invertebracy in Whitehall. Let us hope that a British court will have the courage in the next few days to stop this madness, shame the Government, and prevent the martyrdom of a harmless eccentric.
Sunday, 19 July 2009
We are still working on cracking the matrix. And in so doing, remove its illusory power from your psyche. We have begun to understand how David Icke came to invent the concept of the Matrix and the intentions behind its creation.
There are two schools of Matrix evangelist. There are the deliberate marketers like Alex Jones and there are the people like David Icke, who have fallen into a state of conditioning through particularly difficult experiences, which leads to conjuring and evangelising the self-fullfilled prophecy of the Matrix. Conspiracy plays a big part in this - but so too does depression.
The CIA use a process of torture on their victims that leads the victim to "learn helplessness".
Depression is a form of "learned helplessness".
This learning for some is the result of years of relentless loss and failure. You become 'conditioned' by a different kind of torture. A largely self-imposed torture, which is largely the product of setting too high an expectation on yourself, which never seems to ever get realised.
So you see that the pieces are starting to come together.
We are realising that the very basis for the Matrix is to teach people how to "learn helplessness". Quite the opposite of the message that is conveyed. This "learned helplessness" is a direct reflection of David Ickes own depression - his own "learned helplessness".
We are close to cracking the Matrix for once and for all.
Reclusiveness seems to be very much a part of what some call
The CIA use a process of torture on their victims that leads the victim to "learn helplessness".
Depression is a form of "learned helplessness". This learning for some is the result of years of relentless loss and failure. You become 'conditioned' by a different kind of torture. A largely self-imposed torture, which is largely the product of setting too high an expectation on yourself, which never seems to ever get realised.
When you "learn helplessness" you want to hide away from the world and become entirely self indulgent.
So i would say, if you are learning helplessness, better stop.
Why would you ever do that when you can think in so many better ways?
Friday, 17 July 2009
From an article at
Pentagon’s New Robots Eye Creepy New ‘Flex Fuel’
Will Future US Military Vehicles, Robots Feast on the Flesh of the Slain?
The real downside to the Pentagon’s planned army of merciless killbots, besides the inevitable robot rebellion (which the Pentagon is spending billions trying to head off) is all that fuel. Robots need really big batteries, or internal combustion engines, or something. No matter how they’re powered though, it’s not free. Until now.
A Pentagon contractor in Maryland is now working on a robot that can forage for its own food. It could use any biomass in the area. And lets face it, in any really big war there’s plenty of biomass just lying around all shot up or bombed to death and not doing anything for the war effort. So the robots, and potentially vehicles based on the same design, will be feeding off the flesh of slain humans to continue on their mission to slay humans and feed off their flesh.
Besides the obvious ethical issues of creating man-eating, killer robots (which presumably don’t concern the Pentagon any more than the non-man-eating but still killer robots did), the plan will also raise serious concerns about the reliability of body counts. It is difficult enough to get an accurate death toll out of the military when villages present the bodies to local officials. Imagine the skepticism if the villagers have to explain that Pentagon battle droids consumed all the slain villagers and sped off for more mayhem.
Saturday, 11 July 2009
Don't go full time in this business, until you are making some good consistent money month on month on month. Take a day job and work at this in the evening and weekends.
Don't be a one trick pony. Have lots of different strategies on the go so that if one fails, the others will sustain your income.
Don't half digest different strategies. Do your research on what is going to make money and then
focus on giving it a really good try to make it work.
If you have to fail - fail FAST.
KNOW YOUR MARKET. Don't waste your time doing any campaigns unless they are concentrated on understanding who your market is and what they desire.
Don't spend any time on Internet Marketing forums. Well maybe 10 minutes a day. They kill your soul.
Make sure you get a good education and are accepted by others outside of this business. Again the more strings to your bow the better.
Don't listen to anyone that talks about FREE stuff or making easy money. One strategy that works with one person, doesn't necessarily work for everyone. We are all different as people and some of us are not cut out for this business.
Family is more important than money.
Look to follow folks who are decent. Not crap people.
Do a search for Dr Andy Williams.
He really does know what he is talking about.
Wednesday, 17 June 2009
But i recalled this scene today because it kind of reminded me of the time not so long ago when i was working as an statistics analyst. Where through repeated brain stresses by my employer, my mind was eventually burned out. This condition wasn't so much arrived at through the sheer intensity of the work, but by the emotional philandering of the executives for whom i worked. Some of this manipulation was deliberate, but the majority simply gross incompetence in the task of managing those who would give up their intellectual mind as a tool to produce that which others could never even imagine.
Can you imagine waking up to a world where your mind doesn't work effectively anymore? Where your mind has a mind of its own. Where panic attacks are frequent. Where your body is in a total fight or flight state. Where you fear going outside, driving, taking a vacation, being in close quarters with other people. Where work is a constant worry. Where you fear they are coming to take your house away from you. Where you cannot go into offices anymore. Where the shame is so great that you want to kill yourself, but you cannot even bring yourself to do that. Where you spend years in therapy with people who couldn't possibly understand. Where you hate yourself and are frustrated that your mind just won't work anymore and that you are letting everyone else down. Where you fester about what they did to you - but feel totally disabled in doing anything to get back at them. Worse still people around you tell you to put your failures behind you and move on, when what you have lost is a mind to move on with.
So you fester in the sin of your past, like you have been buried alive.
Am i imagining this, i think? Or is this the only imagination i have left?
To live a life of hell past all human imagining.
The spirit seeks to move on. The will is strong, But the imagination has been burned, so the mind just goes around and around in black circles.
Frustration sets in as the declining body of humanity atrophies.
And all that is left is the shadow of the form and the whisper.....
"A loving, free, human being used to live here.."
....But now its imagination is dead - because they turned him into a robot.................
Wednesday, 10 June 2009
I was talking to a gentlemen in his 80's at a car boot fair the other day and he was telling me about his time fighting in Korea. Apparently he was a member of an infantry unit and whilst over there got knifed in the back. Not by a Korean as it happens. But by an American Seargent who seemed to have taken a disliking to the British, whilst they were together in the officers mess.
Anyway, to cut a long story short, the fight ended up with the old guy winding up in hospital for a month. Whilst he was convalesing his unit went into battle and all of his comrades were killed.
When he got out he went looking for the American Sergeant, but was told that his unit has shipped back home.
The old guy was also shipped back home, left the army and started a career as a GPO engineer.
What i found very strange about the old guy was that he still spoke with passion about what had befallen him and his comrades. In fact he told me that he intended to travel to the USA the very next year and seek out the American seargent in question. He told me that when he saw him he intended to walk right up to him and look him in the eye. Then shove a knife into his belly. He said there will be no stabbings in the back from me, but i do intend to avenge my comrades who would still be alive today if i had been there.
That Seargent cheated me and them out of a lifetime of comradship.
Why shouldn't he suffer too?
Just shows that revenge can run a lifetime. So better not stab anyone in the back had you?
Tuesday, 9 June 2009
Monday, 8 June 2009
Propaganda comes from the word propogate. The word propagate means to multiply and spread. Two other words that fit this meaning are "pervasive" and "ubiqitous"
In looking at an example, you first start with two rats and then they multiply and you have rats everywhere.
Another example is that of religion. Religions such as Buddhism started in India and then propogated itself across the world. Or Coca Cola started as a localised American brand and then propogated across the world.
So in looking further at this when we talk about propaganda, we are talking about the propogation of ideas. You can think of this as ideas multiplying and spreading out.
Propaganda was first used by the catholic church when in 1718 Pope Gregory 15th formed Congregatio do Propaganda Fide. Which means "the congregation for spreading the faith". This congregation was responsible for spreading catholicism. To do this they sent out missionaires across the world to spread catholic views and ideas.
Many people today think that propaganda is a bad thing or lies. But the intentions behind the catholic idea of propaganda were in fact to the contrary.
Prior to the second world war, it was common for governments to have departments of Propaganda, but today they are called the Departments of information or Department of Public Relations.
In many countries, the word "propaganda" is not thought to be negative, giving way to the idea that propaganda simply means "the most persuasive form of advertising".
So when they watch a commercial on TV, they would naturally think of it as propaganda.
Tomorrow i will be looking at the purpose of propaganda - which is to persuade or influence people.
Continuing to explain the background to many of today's mind control stories.
Sunday, 7 June 2009
Over the next few months I am going to be helping to reduce the misunderstanding over the subject of Propoganda and Mind Control.
It is a fact that we are constantly bombarded by propoganda. Turn on your TV and you are exposed to propoganda. Your children are exposed to propoganda.
Just look at the adverts about loans and offers to fight compensation claims, interwoven in between disney shows and the TeleTubbies. All are methods of conditioning through propoganda.
Read any newspaper and you are exposed to propoganda. To hidden messages that people want you to receive in order so they might gain. Bill boards in the city or placements in choice places. All are attempts to expose you to propoganda of some kind.
Your boss at work exposes you to propoganda through visual reports and presentations. If you watch videos on the internet, they expose you to propoganda.
If you talk to someonce about politics, religion, economics, freemasonary, conspiracy theories or philosophy you are then exposed to propoganda. Go and see a shrink, a counsellor or therapist and you are exposed to propoganda.
We are all constantly exposed to propoganda and for the most part we are not aware of it.
Sometimes it is a bad thing, sometimes a good thing.
What I want to do in the coming months is make you aware of what propoganda is and how it is used, so that i can help you to recognise propoganda so that you will have the ability to deal with it, in a way you feel appropriate. As opposed to being affected by it and not knowing why.
This will enable you to decide whether you want to be influenced by it or not.
Tomorrow we will be discussing exactly what propoganda is, so please do come back and listen some more.
But remember. It is only my take on this subject and for all i know.
You may just be reading some more propoganda.
Saturday, 16 May 2009
As mankind watched itself in the mirror of self annihilation
Through the mists could be seen the hard lines of the Matrix
The self imposed mind-prison borne of fear of the evil Ones
The Secret hidden eyes, they call the Illuminati
Take humanity out of the equation
And the Matrix dissolves
The Illuminati falls
And the Robots shall fill the void
How will the world be at that time?
Will the world be polluted with human defacements?
Or will it be a peaceful, serene natural space?
When the Robots fill the void
So goodbye Humans
Goodbye illusory fear of illusory ones
Hello Robot Heaven.
Friday, 8 May 2009
Dear Mr Brown,
I am writing to inform you that i am unable to inform you of anything, given the letter i am currently writing will be intercepted and that i may (or may not) be implicated in informing you of anything.
I do hope that this is clear and that some matters of issue can be addressed at some time in the future!!!..
For now i will just sit here and wait and see if you write back.
Wishing you a prosperous new year.
Tuesday, 28 April 2009
There is much on the lips of politicians regarding the future of the world and the light at the end of the tunnel, that being the New World Order or the NWO as it is more commonly known by conspiracy theorists and commentators.
But as humanity begins to feel itself being sucked into a central control vortex, there is a much more sinister game being played out behind the scenes.
This game is called "get your money out and then slip into the wilderness whilst the rest of the world annihilates itself".
Under such circumstances, confidence in the world markets would plummet, anarchy would slowly come to the surface and the bourgeosie would be no where to be seen.
Our advice under these circumstances would be to keep a watchful eye on the movement of this elite and make sure you are ready to follow them wherever they go.
You are sure to be safe then.
Safe in the Alternate World Order.
In order to fully understand the potential of your adversary, it of course important to understand their motivation, capability and position relative to you. In the case of those in the far east there is also a philosophical twist that must be factored in.This philosophical twist enables them to see further outside the box than their western counterparts, thus providing them with a significant competitive advantage.
In times of world turmoil this edge will only grow larger.
They are also able to deploy larger numbers of people to the task and such is their level of organisation can focus on a target much more intensely.
Exploitative algorithms, powers of analysis and testing practices can be implemented far more effectively in the Far East.
Metaphor is used to concentrate the mind on the method, movement and ferocity of the attack.
So the answer to this question is not so much about understanding the individual strategies used to mount an attack, as opposed to the psychology of the attacker.
Fortunately, it is not necessary to infiltrate a Chinese cybergang to understand how they think.
It is a sad truth though that not 0.1% of security intelligence budget goes on understand the pscyhology of the opponent and on visualisation techniques for countering new security threats and 99.9% on enforcement of current policies and known threats (or small variations on a theme).
Sunday, 26 April 2009
A recent call has gone out to consider the question of simulating an entire adversarial attack upon a particular target. The discussion centred on how one might leverage expert security knowledge via simulation to cover broader ground via red team simulation.
I wonder whether such simulations are capable of modeling links between things which rationally are not linked? Can they for example systemize confusion to such a degree as to identify attack vectors that are so subtle to be almost completely invisible?
Are these simulations multi-faceted, multi-domain and multi-integrated across the full spectrum of the "security domain"?
Can they for example model pathological behaviour, delirious phenomena and other forms of spontaneous irrational knowledge and activity of the opponent?
Much of the data that red teams work off to develop the perspective of the security condition is based on rational analysis.
Sophisticated criminals rarely operate entirely rationally. These people didn't learn their trade from school books. Neither did they necessarily grow up without tasting the depths of dispair. Failure and damaging events in their past more often than not give them greater insight than their adversaries.
To develop an effective simulation one would have to work a lot harder and hire different qualities of people to design the inputs to the red team process.
There are methods for approaching the development of a defense against pathological attacks, but these are in the early stages.
Methods such as these are the future of security intelligence though.
Wednesday, 22 April 2009
The current WIKI definition of "hacker artist" is baseless and superficial.
It relies heavily on the use of technology in producing a product. "Hacker art" is more of a philosophical based movement and should not be confused with the clever use of materials and techniques to produce technological artefacts.
I therefore move that an alternative base definition for "hacker artist", and in fact, "hacker art", be developed.
We currently only have a few leaves of the tree to build upon, leaving the root of "hacker art" relatively untouched.
Brand Killer Robots
In the Zone, we actually visualise the battles. We see all!
Image depicting a droid being attacked by black hat hackers when viewed from inside the zone. When seen from outside the zone, you only see messages and descriptions of the battle on your PC screen.
(ethical hacker artists)
From the 2008 book Matrix Hackers
Monday, 20 April 2009
We are all essentially alone.
When you take your last breath, no one is going to be there doing it with you.
Nobody really knows you.
Only you know you.
Therefore you are completely alone.
Surrounding your self with warm bodies doesn't mean that you are not alone.
It just takes your mind off the fact that you are alone.
So get used to it.
Get used to BEING YOU!
That's what you are really afraid of.
Friday, 17 April 2009
"Love is the only truth, everything else illusion"
Thank you for http://www.youtube.com/watch?v=9lp0IWv8QZY
reminding us Susan
I dreamed a dream in time gone by
When hope was high,
And life worth living
I dreamed that love would never die
I dreamed that God would be forgiving.
Then I was young and unafraid
When dreams were made and used,
There was no ransom to be paid
No song unsung,
No wine untasted.
But the tigers come at night
With their voices soft as thunder
As they tear your hopes apart
As they turn your dreams to shame.
And still I dream he'll come to me
And we will live our lives together
But there are dreams that cannot be
And there are storms
We cannot weather...
I had a dream my life would be
So different from this hell I'm living
So different now from what it seems
Now life has killed
The dream I dreamed.