Certifications and qualifications
Why choose BladeSec IA?
News and comment <
Products and ServicesTypical work
Terms and conditions
Equality and diversity statement
Latest news and comment.
Comment: 2022/11/17 - Upgrade of Gateway Server.
We think we've ironed out the bugs sufficiently to upgrade the main BladeSec IA Gateway Server to Ubuntu 22.04.1 LTS. We will commence this after customers have downloaded their daily reports on Saturday the 19th of November at approximately 14:00.
Comment: 2022/11/16 - The cyptic good news.
The reason for the odd links were:-
Comment: 2022/11/13 - Good, old fashioned spycraft, part three.
Comment: 2022/11/03 - NCSC to scan the UK's internet space....
In truth, as a security consultancy of last resort, we use a number of NCSC services including Active Cyber Defense. In our experience, the generated reports make for interesting reading, but in our own case they were beset with false positives. We contacted NCSC to explain this and in response we were told that they were highlighting it because they thought we didn't know it was open to the internet. How they can deduce that from port scanning a fully patched Ubuntu Server with only a single port open, I have no idea, but I guess it's true to say that the road to hell is paved with good intentions!
Comment: 2022/10/21 - Microsoft drops the ball....
Comment: 2022/10/20 - Rest of world cut off from Shetland.
I'm shortly returning to the Isle of Lewis where I started school. I always said the island adopted me, and I consider it to be my second home*. As a consequence, it's where I (and my wife) spend a significant chunk of time.
The Outer Hebrides's suffered from a catastrophic power outage in 2020 that was attributed to under-investment in the power supply infrastructure. That meant that every property on the islands was powered by the diesel generator at Battery Point, two streets over from our adopted residence. Equally, whilst being at the risk of breaching our apolitical stance to pass comment on "resilient communities", there cannot be a single resident in the Highlands of Scotland, hundreds of miles away from the Central Belt and it's Parliament, that isn't at least aware, never mind significantly impacted by the continually deteriorating saga of the CalMac Ferries.
Turning to my own upcoming trip.... In light of the situation in Shetland, I'll be taking a set of VHF radios just in case....
Comment: 2022/09/17 - Reports that Uber has been hacked.
More information available from Dark Reading, The Register and the BBC.
Comment: 2022/09/16 - Network outage.
As a complete humorous aside, I personally didn't notice for about twenty minutes as I had been testing a new VPN. The network went down at the *exact* time that I rebooted the test chassis for the first time. When it came up with no connectivity, I automatically blamed the most obvious thing - me!
11:26: Updates will be posted here, as we get them.
12:52: Normal network connectivity has been resumed. Initial analysis suggests absolutely no impact on service.
Comment: 2022/09/15 - When The Queen came to Lewis.
Thanks to The Stornoway Gazette for publishing these photos from when The Queen and Prince Philip came to Stornoway in 1956 and 2002. I am equally delighted to have become reacquainted with Mr Matheson, the former Lord Lieutenant, earlier this year having not seen him for over forty years.
Comment: 2022/09/15 - Information on card skimmers.
Towards the end of the article, Brian makes a very valid point, "covering the PIN pad with your hand defeats one key component of most skimmer scams". Something that we've been saying for years - as readers of Safer Travel can attest to. The particularly interesting thing that Brian observes from captured criminal video footage, is how few people actually do it.
News: 2022/09/08 - The death of Her Majesty Queen Elizabeth II.
As we enter into a period of national mourning, there can't be a single person who hasn't been touched by the humility and sense of duty of Her Majesty The Queen. As a world leader, her trials were surely bigger than ours, albeit different. Yet, the way she was remains an example to us all.
I think my first encounter with Her Majesty was as a very small boy who had a first hand smile and wave as she arrived one Sunday at Crathie Church near Balmoral. Then, in 1979, it was as a group welcoming her, and Prince Philip when they came to open the new office of the Western Isles Council (now the Comhairle nan Eilean Siar). This was something that I was able to revisit when I returned to work there briefly in 2014 where the kindness of strangers produced the official photo album of the day.
On Saturday, I'm participating in an activity that Her Majesty loved too. It is saying something that what she would have seen as familiar even as a wee girl hasn't changed that much in all that time. She was one of our own, and as a mark of respect, I shall wear a black tie and where there is a lull in activities, I shall offer a small toast to the new King.
Comment: 2022/08/29 - Facebook settles class action out of court.
Comment: 2022/08/26 - Linux is user friendly, it's just selective about who it chooses.
A news article highlighting why you should always take backups of critical travel documentation - just like we pointed out earlier this year.
News: 2022/08/10 - Ubuntu 22.04.1
We've noticed that this hasn't been the smoothest upgrade on a few devices, so we've submitted some bug-reports to Ubuntu and are working with Canonical to resolve these. Whilst the file server transitioned easily to Ubuntu 22.04.1, we're wary about migrating the gateway server at this point because it's high-availability mate wanted to remove the current kernel when it was fed "sudo do-release-upgrade".
The gateway server is currently running 20.04.4 LTS and is, therefore, fully patched and supported. We will perform the upgrade before the end of the year and will announce the downtime on this website.
News: 2022/08/01 - Safer Travel 2022
Comment: 2022/07/31 - Congratulations!
Well done, ladies..... well done.
Comment: 2022/06/02 - The Platinum Jubilee.
Comment: 2022/05/25 - When your kids do adulting....
Fundamentally, I do it because he's my son, and I'm his Dad....
Yesterday, it made me amazingly proud when I found out that Jack has passed his final placement, and will start the next academic year as a probationary primary school teacher.
Comment: 2022/05/24 - Mark Zuckerberg sued in on-going spat over Cambridge Analytica.
Comment: 2022/05/20 - Patching research.
Comment: 2022/05/19 - Vangelis Papathanassíou, 1943 - 2022.
Leap forward a number of years, and I saw Blade Runner for the first time. From the point you see the huge plumes of fire reflected in an eye in the opening sequence, to the otherworldly sounds of the market, before resting on the death of an almost human android and being propelled into a high-energy closing title, this was the soundtrack above all others. It all fitted so well.
It took a while for an "official" version of Blade Runner: The Original Motion Picture Soundtrack to appear, but when it did, it was as epic as the film, representing every emotion and image you experience in the film. No other film soundtrack has ever come close.
Even when Blade Runner 2049 was released with a soundtrack by Hans Zimmer, I was overjoyed when he clearly recognised the importance of what had gone before. He gave us another interpretation of Tears in Rain that was as fitting and raw as the original.
Many composers have tried to copy Vangelis, but for inducing stories in your mind's eye, I, for one, am deeply saddened that I will never hear his musical mastery again.
Comment: 2022/05/01 - And the kindness of others....
I was never good enough to play a musical instrument at school, but I remember my friend, Andrew Hay, being amongst the earliest forays of the new "Fochabers Fiddlers", and him writing music for the late Lady Gordon Lennox at Mr Alexander's behest.
Having returned to the north-east in 1998, I ran into Mr Alexander at a Wolfstone concert in Elgin at some point in 1999. I was looking for a ceilidh band for my upcoming wedding with one requirement; the opening wedding dance had to be Hector the Hero by James Scott Skinner. Mr Alexander - with his usual extraordinary kindness - called me a few days later with some local recommendations, and the promise that if none were suitable, he'd come along with some of the current Fochabers Fiddlers. As it was, Makarakit from Keith did an exemplary job.
The next time I heard from him was when I came across the Peatbog Faeries. They were revolutionary, and I thought they would go down well at Speyfest. I sent Mr Alexander a link. The next thing I know was that they were announced as the headliners for the Saturday night. That particular Speyfest (in 2000) goes down in time as the best ever one ever, but also the most tiring (the weekend was shared with seeing Capercaillie at Gordon 2000 on the Sunday afternoon as well as Wolfstone on the Friday). I ran into Mr Alexander at some point over the weekend, where he thanked me for remembering him and suggesting the Peatbogs in his usual humbling manner.
Leap forward a good few years - and a good few Speyfests. The last time I saw Mr Alexander was the last time I attended a concert with my late mother. Three generations of Birnie's - and a few hangers on - went to the ARC Session, "James Alexander & Friends" in October 2019. I didn't get the chance to speak to him then, but it was clear that whilst the old stalwarts of Charlie McKerron and Paul Anderson were there, the baton was being handed over to the next generation of fiddlers.
And so, I am deeply saddened by the passing of Mr Alexander. I am grateful that whilst I was never musically good enough at school, he didn't put me off music and didn't write-off my views.
As it says on Speyfest social media:-
It is with the heaviest of hearts and a feeling of immense loss, that we share the news that our Founder, long-term Chairman and dear friend James Alexander has passed away, following a bravely fought sustained period of illness.
The thoughts of everyone at the festival, and the wider Speyfest community, are with James' loved ones at this difficult time.
Comment: 2022/04/26 - The missed opportunity to fix the Post Office scandal.
In May 2009, Rebecca Thompson, a junior reporter for Computer Weekly published a story entitled "Bankruptcy, prosecution, disrupted livelihoods: Postmasters tell their story". Ms. Thompson spent six months speaking to Post Office workers about faults in Horizon and discovered they were being told they were the only ones with accounting errors, even though there were multiple prosecutions underway.
Computer Weekly was never challenged over publishing their story.
Only now is Ms. Thompson getting the credit for uncovering the story that took a further decade to resolve. In that time, The Post Office stole the lives, livelihoods, reputations and time of hundreds of good people who had done nothing wrong.
To my mind, it's also a travesty why, following the publication by Computer Weekly, the story disappeared into a hole within the mainstream press.
It's been a year since the BCS proposed changes to the burden of proof of UK computer evidence. Once again, there's been little traction....
Comment: 2022/04/09 - The evil that men do....
I then took a breather and I remembered that in October last year, I had noticed a soft search in my credit file against an exceptionally old address. It was from another on-line bookmaker and somewhat worryingly, it used my correct date of birth. When I went into my credit file to look again at the detail, I saw that another search was done at the beginning of this month.
I was trying to remember why the date in October rang a bell. A quick look through my diary brought the inspiration that I was looking for. On the 18TH of October I sold my car to a individual who had travelled from England to buy it. On the 22ND I had received a Notice of Intended Prosecution as the individual had left mine and three hours later passed a police speed trap at 86mph.
The good thing was that even before I had clapped eyes on this individual, his behaviour was such that there was little doubt in my mind that he was far from being trustworthy. I responded by doing everything by the book. When it transpired he had given me a fake name and address, I was not in the least surprised.
I never told this individual what I do for a living. So when he reads this, I would imagine there will be a few moments where he thinks that he will be able to get away with it. Eventually the magnitude of the horror will hit him - probably in the next sentence.
The police were very helpful - as was I when I used my skills to track down and recover his real identity. It's clear from the individual's local press that he has been prosecuted previously for the supply of unroadworthy vehicles. Somewhat alarmingly, there's even a reference to a prosecution under The Terrorism Act as he received training on chemical and biological weapons that would be useful to terrorism.
So, the lesson here is to make sure that when you hand over car service history receipts in good faith, always take the time to go through them. It may be worth asking somebody else to check it, to ensure that there is nothing that would be useful to a criminal - and that includes addresses on garage invoices....
Comment: 2022/04/08 - Good, old fashioned spycraft, part two.
I would speculate that Mr Smith's alleged Russian links, and the war in the Ukraine has perhaps altered things. In the face of failed and failing military tactics and tools, it might yet appear that the last bastion of Russian trade-craft is limited to what they learned in the Cold War, that the west has forgotten.
Comment: 2022/03/22 - Telemetry from Google Messages and Google Dialer.
Comment: 2022/03/21 - European travel in a time of COVID.
On the whole, it was great to be back and despite the political shenanigans of Brexit, the Germany border guards were polite and efficient when enquiring what we were doing there and where we were staying. Indeed, they seemed pleased that we were back! (Note to the wise; always ensure you get your passport stamped on entrance and exit to the EU now.)
The main concern was COVID and how odd that would make things. Germany, currently only recognises the effectiveness of FFP2 masks that have to be worn in most inside, public areas. Once your COVID pass has been validated and you are seated, you can remove your mask when eating or drinking.
(There had to be a security point to this, hadn't there?)
On one occasion, our Scottish-issued NHS COVID passes were given a cursory inspection by the restaurant staff. No validation was undertaken on either the COVID Status App or the paper certificate for this first visit. On the other hand, when we visited a very busy bierkeller one evening, our QR codes were scanned and our identities were compared to Government issued photo-ID. (Another note to the wise; whilst in Germany you do not need to carry some form of ID, it does make it much easier these days.)
And that's where it became interesting. The scanner that the receptionist used had no issue in scanning my COVID Status App QR code - but it failed to scan the QR code on my wife's paper certificate. (So a final note to the wise; be prepared and take both the paper certificate and the COVID Status App in case one does not work.)
Here's an interesting take from Mr. Schneier.
On a complete aside, this trip had been a long time in the planning. We had originally intended to visit before Christmas before deciding it was entirely irresponsible to travel due to the Omicron variant. As a consequence, preparations were "extensive" including building a specific laptop to test public wireless internet access. The results were quite interesting and will feed into this year's update to Safer Travel.
Comment: 2022/03/07 - Boots on the ground.
In the face of Putin declaring that economic sanctions against Russia are "akin to a declaration of war", it appears that an FSB whistle-blower has decided that it has been a "total failure". Needless to say, the West aren't the ones occupying foreign soil whilst armed with weapons all-the-time whilst denying it's a war.
Comment: 2022/02/27 - Russia invades the Ukraine.
What is clear is that Russian forces have invaded a sovereign nation. That sounds like war to me.
I'd wager a significant amount of money that at some point in the next decade Putin will be dragged to The Hague to be tried as a war criminal.
For what it's worth, BladeSec IA have always been mindful of the source of our funding. We have no Russian customers, no Russian contracts and receive no payments that we have the slightest concern may have come from Russia or Russian-sympathetic countries.
Comment: 2022/02/16 - Google Chrome Flex.
Google bought Neverware in 2020 and now we know why. This can only be a good thing....
Comment: 2022/02/11 - The on-going saga of ssh attacks.
It is interesting that DShield is now showing a marked increase in scanning activity.
Comment: 2022/02/09 - Douglas Trumbull, 1942 - 2022.
Comment: 2022/02/08 - Safer Travel 2022.
Watch this space....
Comment: 2022/01/25 - Brute force ssh attempts.
16:58:18[~]$ f2b-report summary 10 Banned IPs on 2022-01-25 - 2 Banned IPs on 2022-01-24 - 20 Banned IPs on 2022-01-23 - 16 Banned IPs on 2022-01-22 - 30 Banned IPs on 2022-01-21 - 48 Banned IPs on 2022-01-20 - 35 Banned IPs on 2022-01-19 - 33 Banned IPs on 2022-01-18 - 24 Banned IPs on 2022-01-17 - 12 Banned IPs on 2022-01-16 - 4Whilst we still can't see similar increases of activity being reported elsewhere, it seemingly remains a less than sophisticated attack:-
16:58:20[~]$ f2b-report users sort 20 admin 19 test 14 user 10 pi 3 ubnt 2 worker 2 student 2 gitlab 1 vpn 1 vmware 1 upload 1 uftp 1 support 1 srvadmin 1 sistemas 1 redhat 1 public 1 operador 1 openstack 1 oot 1 mailnull 1 logcheck 1 jenkins 1 httpd 1 ftpuser 1 freebsd 1 fmaster 1 english 1 cxwh 1 admin1 1 adam 1 1Yesterday, we opted to add a few more /16s to the permanently blocked list:-
17:09:40[~]$ sudo ipset list denylist | egrep "^[1-9]" 22.214.171.124/16 126.96.36.199/16 188.8.131.52/16 184.108.40.206/16 220.127.116.11/16 18.104.22.168/16 22.214.171.124/16 126.96.36.199/16 188.8.131.52/16 184.108.40.206/16 220.127.116.11/16 18.104.22.168/16 22.214.171.124/16 126.96.36.199/16 188.8.131.52/16 184.108.40.206/16 220.127.116.11/16 18.104.22.168/16 22.214.171.124/16 126.96.36.199/16 188.8.131.52/16 184.108.40.206/16 220.127.116.11/16On Saturday, the service that we use to perform geolocation of source IPs started throttling our lookups, so we had to temporarily switch that off. Whilst geolocation and VPNs do fuzz matters somewhat, this still makes for interesting reading:-
17:10:24[~]$ f2b-report countries -- Top ten worst offending countries of all time -- 132 China 99 United States 46 Viet Nam 30 Brazil 25 India 24 Indonesia 21 Korea, Republic of 19 Netherlands 18 Russian Federation 17 GermanyThe bottom line is that we aggressively patch the gateway server and we only permit SSH access using looonnnnggggg authentication keys. Passwords are verboten!
Comment: 2022/01/19 - Brute force ssh scans.
Some will undoubtedly object to the detail here, but it's worth noting that these IPs have no authorisation, no legal right and no credentials to connect to us:-
09:56:19[~]$ f2b-report date 2022-01-14 -- Worst offending IP addresses for 2022-01-14 -- 0 [NO INFO] 09:56:26[~]$ f2b-report date 2022-01-15 -- Worst offending IP addresses for 2022-01-15 -- 2 18.104.22.168 1  India City: Bangalore 22.214.171.124 1  United States City: Kansas City 09:56:41[~]$ f2b-report date 2022-01-16 -- Worst offending IP addresses for 2022-01-16 -- 4 126.96.36.199 3  India City: Bangalore 188.8.131.52 2  China City: Beijing 184.108.40.206 1  Brazil City: Rio de Janeiro 220.127.116.11 1  Viet Nam City: Thu Dau Mot 09:56:43[~]$ f2b-report date 2022-01-17 -- Worst offending IP addresses for 2022-01-17 -- 12 18.104.22.168 4  Korea, Republic of City: Taegu 22.214.171.124 2  United States City: Santa Clara 126.96.36.199 2  Korea, Republic of City: Munsan 188.8.131.52 1  Georgia City: Tbilisi 184.108.40.206 1  France City: Roubaix 220.127.116.11 1  China City: Beijing 18.104.22.168 1  China City: Jiaxing 22.214.171.124 1  Brazil City: Goiania 126.96.36.199 1  China City: Yangzhou 188.8.131.52 1  Viet Nam City: Hanoi 184.108.40.206 1  China City: Beijing 220.127.116.11 1  China City: Beijing 09:56:45[~]$ f2b-report date 2022-01-18 -- Worst offending IP addresses for 2022-01-18 -- 24 18.104.22.168 4  Korea, Republic of City: Munsan 22.214.171.124 4  China City: Beijing 126.96.36.199 3  Belgium City: Brussels 188.8.131.52 3  Netherlands City: Amsterdam 184.108.40.206 2  France City: Roubaix 220.127.116.11 2  China City: Beijing 18.104.22.168 2  United States City: Mountain View 22.214.171.124 2  Canada City: Toronto 126.96.36.199 2  Netherlands City: Amsterdam 188.8.131.52 1  Poland City: Warsaw 184.108.40.206 1  China City: Yangzhou 220.127.116.11 1  China City: Fuzhou 18.104.22.168 1  United States City: Washington 22.214.171.124 1  China City: Beijing 126.96.36.199 1  United States City: North Bergen 188.8.131.52 1  United Kingdom City: Manchester 184.108.40.206 1  Colombia City: Cota 220.127.116.11 1  United States City: North Bergen 18.104.22.168 1  Singapore City: Singapore 22.214.171.124 1  Netherlands City: Amsterdam 126.96.36.199 1  China City: Harbin 188.8.131.52 1  China City: Beijing 184.108.40.206 1  United States City: Seattle 220.127.116.11 1  Viet Nam City: Ho Chi Minh CityEven today, as I type this:-
09:56:47[~]$ f2b-report today lookup -- Worst offending IP addresses today - so far -- 13 18.104.22.168 2  China City: Beijing 22.214.171.124 2  China City: Beijing 126.96.36.199 2  Singapore City: Singapore 188.8.131.52 1  United States City: Ann Arbor 184.108.40.206 1  Netherlands City: Amsterdam 220.127.116.11 1  China City: Jining 18.104.22.168 1  Indonesia City: Jakarta 22.214.171.124 1  India City: Hyderabad 126.96.36.199 1  China City: Beijing 188.8.131.52 1  China City: Beijing 184.108.40.206 1  China City: Beijing 220.127.116.11 1 China City: Liuzhou 18.104.22.168 1  Indonesia City: RembangNone of this is causing a problem, it is just curious that they appear to be low complexity attacks:-
10:05:38[~]$ f2b-report users sort 24 pi 10 admin 5 ubnt 3 user 2 username 2 spark 2 demo 1 test 1 telecomadmin 1 support 1 squid 1 service 1 music 1 logcheck 1 kkh 1 kevin 1 johnny 1 engineer 1 dell 1 cisco 1 asmin 1 amanda 1 User 1 DIt is, however, increasing the chances that we're going to enforce some form of geographical IP restriction:-
10:05:24[~]$ f2b-report countries -- Top ten worst offending countries of all time -- 106 China 81 United States 44 Viet Nam 28 Brazil 23 Indonesia 20 Korea, Republic of 20 India 18 Russian Federation 16 Netherlands 15 GermanyWe have a legitimate customer each in Germany and India - but the rest are just noise.
Comment: 2022/01/12 - Alleged remote control vulnerability - in Teslas....
Comment: 2022/01/11 - An invite to a club you probably didn't want.
Contrast that with the e-mail about "Socially Distanced Drinks". Somebody has specifically chosen to mark that "OFFICIAL-SENSITIVE". I would hate to think it was because they suspected that the content might actually be sensitive given the efforts of the wider UK population.
Equally, I'm fairly sure that drinking alcohol on-site whilst "working" is frowned upon from both a Health and Safety and Civil Service Code of Conduct.
Comment: 2022/01/01 - Happy New Year!
In other news, we see the clock tick over into 2022 back on the Isle of Lewis - a place that had such an influence on me growing up, and remains such an important part of my current life.
As usual here is our tongue in cheek look at the last twelve months:-
Click here for older News & Comment.