![]()
|
Company InformationIntroductionCompany principles Certifications and qualifications Why choose BladeSec IA? News and comment < |
Products and ServicesTypical workEngaging us Specific highlights |
MoreContact usPrivacy statement Terms and conditions Environment statement Equality and diversity statement |
|
Latest news and comment.Comment: 2022/05/24 - Mark Zuckerberg sued in on-going spat over Cambridge Analytica. We speculated at the time that Facebook should be implicated in the Cambridge Analytica scandal. Now, it turns out that Washington DC's Attorney General has filed a civil suit against Mark Zuckerburg.
Comment: 2022/05/20 - Patching research.
Comment: 2022/05/19 - Vangelis Papathanassíou, 1943 - 2022. Leap forward a number of years, and I saw Blade Runner for the first time. From the point you see the huge plumes of fire reflected in an eye in the opening sequence, to the otherworldly sounds of the market, before resting on the death of an almost human android and being propelled into a high-energy closing title, this was the soundtrack above all others. It all fitted so well. It took a while for an "official" version of Blade Runner: The Original Motion Picture Soundtrack to appear, but when it did, it was as epic as the film, representing every emotion and image you experience in the film. No other film soundtrack has ever come close. Even when Blade Runner 2049 was released with a soundtrack by Hans Zimmer, I was overjoyed when he clearly recognised the importance of what had gone before. He gave us another interpretation of Tears in Rain that was as fitting and raw as the original. Many composers have tried to copy Vangelis, but for inducing stories in your mind's eye. I, for one, am deeply saddened that I will never hear his musical mastery again.
Comment: 2022/05/01 - And the kindness of others.... I was never good enough to play a musical instrument at school, but I remember my friend, Andrew Hay, being amongst the earliest forays of the new "Fochabers Fiddlers", and him writing music for the late Lady Gordon Lennox at Mr Alexander's behest. Having returned to the north-east in 1998, I ran into Mr Alexander at a Wolfstone concert in Elgin at some point in 1999. I was looking for a ceilidh band for my upcoming wedding with one requirement; the opening wedding dance had to be Hector the Hero by James Scott Skinner. Mr Alexander - with his usual extraordinary kindness - called me a few days later with some local recommendations, and the promise that if none were suitable, he'd come along with some of the current Fochabers Fiddlers. As it was, Makarakit from Keith did an exemplary job. The next time I heard from him was when I came across the Peatbog Faeries. They were revolutionary, and I thought they would go down well at Speyfest. I sent Mr Alexander a link. The next thing I know was that they were announced as the headliners for the Saturday night. That particular Speyfest (in 2000) goes down in time as the best ever one ever, but also the most tiring (the weekend was shared with seeing Capercaillie at Gordon 2000 on the Sunday afternoon as well as Wolfstone on the Friday). I ran into Mr Alexander at some point over the weekend, where he thanked me for remembering him and suggesting the Peatbogs in his usual humbling manner. Leap forward a good few years - and a good few Speyfests. The last time I saw Mr Alexander was the last time I attended a concert with my late mother. Three generations of Birnie's - and a few hangers on - went to the ARC Session, "James Alexander & Friends" in October 2019. I didn't get the chance to speak to him then, but it was clear that whilst the old stalwarts of Charlie McKerron and Paul Anderson were there, the baton was being handed over to the next generation of fiddlers. And so, I am deeply saddened by the passing of Mr Alexander. I am grateful that whilst I was never musically good enough at school, he didn't put me off music and didn't write-off my views. As it says on Speyfest social media:- It is with the heaviest of hearts and a feeling of immense loss, that we share the news that our Founder, long-term Chairman and dear friend James Alexander has passed away, following a bravely fought sustained period of illness.
The thoughts of everyone at the festival, and the wider Speyfest community, are with James' loved ones at this difficult time.
Comment: 2022/04/26 - The missed opportunity to fix the Post Office scandal. In May 2009, Rebecca Thompson, a junior reporter for Computer Weekly published a story entitled "Bankruptcy, prosecution, disrupted livelihoods: Postmasters tell their story". Ms. Thompson spent six months speaking to Post Office workers about faults in Horizon and discovered they were being told they were the only ones with accounting errors, even though there were multiple prosecutions underway. Computer Weekly was never challenged over publishing their story. Only now is Ms. Thompson getting the credit for uncovering the story that took a further decade to resolve. In that time, The Post Office stole the lives, livelihoods, reputations and time of hundreds of good people who had done nothing wrong. To my mind, it's also a travesty why, following the publication by Computer Weekly, the story disappeared into a hole within the mainstream press. It's been a year since the BCS proposed changes to the burden of proof of UK computer evidence. Once again, there's been little traction....
Comment: 2022/04/09 - The evil that men do.... I then took a breather and I remembered that in October last year, I had noticed a soft search in my credit file against an exceptionally old address. It was from another on-line bookmaker and somewhat worryingly, it used my correct date of birth. When I went into my credit file to look again at the detail, I saw that another search was done at the beginning of this month. I was trying to remember why the date in October rang a bell. A quick look through my diary brought the inspiration that I was looking for. On the 18TH of October I sold my car to a individual who had travelled from England to buy it. On the 22ND I had received a Notice of Intended Prosecution as the individual had left mine and three hours later passed a police speed trap at 86mph. The good thing was that even before I had clapped eyes on this individual, his behaviour was such that there was little doubt in my mind that he was far from being trustworthy. I responded by doing everything by the book. When it transpired he had given me a fake name and address, I was not in the least surprised. I never told this individual what I do for a living. So when he reads this, I would imagine there will be a few moments where he thinks that he will be able to get away with it. Eventually the magnitude of the horror will hit him - probably in the next sentence. The police were very helpful - as was I when I used my skills to track down and recover his real identity. It's clear from the individual's local press that he has been prosecuted previously for the supply of unroadworthy vehicles. Somewhat alarmingly, there's even a reference to a prosecution under The Terrorism Act as he received training on chemical and biological weapons that would be useful to terrorism. So, the lesson here is to make sure that when you hand over car service history receipts in good faith, always take the time to go through them. It may be worth asking somebody else to check it, to ensure that there is nothing that would be useful to a criminal - and that includes addresses on garage invoices....
Comment: 2022/04/08 - Good, old fashioned spycraft, part two. I would speculate that Mr Smith's alleged Russian links, and the war in the Ukraine has perhaps altered things. In the face of failed and failing military tactics and tools, it might yet appear that the last bastion of Russian trade-craft is limited to what they learned in the Cold War, that the west has forgotten.
Comment: 2022/04/07 - More on QR codes.
Comment: 2022/04/01 - April Fool's Day.
Comment: 2022/03/22 - Telemetry from Google Messages and Google Dialer.
Comment: 2022/03/21 - European travel in a time of COVID. On the whole, it was great to be back and despite the political shenanigans of Brexit, the Germany border guards were polite and efficient when enquiring what we were doing there and where we were staying. Indeed, they seemed pleased that we were back! (Note to the wise; always ensure you get your passport stamped on entrance and exit to the EU now.) The main concern was COVID and how odd that would make things. Germany, currently only recognises the effectiveness of FFP2 masks that have to be worn in most inside, public areas. Once your COVID pass has been validated and you are seated, you can remove your mask when eating or drinking. (There had to be a security point to this, hadn't there?) On one occasion, our Scottish-issued NHS COVID passes were given a cursory inspection by the restaurant staff. No validation was undertaken on either the COVID Status App or the paper certificate for this first visit. On the other hand, when we visited a very busy bierkeller one evening, our QR codes were scanned and our identities were compared to Government issued photo-ID. (Another note to the wise; whilst in Germany you do not need to carry some form of ID, it does make it much easier these days.) And that's where it became interesting. The scanner that the receptionist used had no issue in scanning my COVID Status App QR code - but it failed to scan the QR code on my wife's paper certificate. (So a final note to the wise; be prepared and take both the paper certificate and the COVID Status App in case one does not work.) Here's an interesting take from Mr. Schneier. On a complete aside, this trip had been a long time in the planning. We had originally intended to visit before Christmas before deciding it was entirely irresponsible to travel due to the Omicron variant. As a consequence, preparations were "extensive" including building a specific laptop to test public wireless internet access. The results were quite interesting and will feed into this year's update to Safer Travel.
Comment: 2022/03/09 - "Z" is for Zelenskyy.
Comment: 2022/03/07 - Boots on the ground. In the face of Putin declaring that economic sanctions against Russia are "akin to a declaration of war", it appears that an FSB whistle-blower has decided that it has been a "total failure". Needless to say, the West aren't the ones occupying foreign soil whilst armed with weapons all-the-time whilst denying it's a war.
Comment: 2022/02/27 - Russia invades the Ukraine. What is clear is that Russian forces have invaded a sovereign nation. That sounds like war to me. I'd wager a significant amount of money that at some point in the next decade Putin will be dragged to The Hague to be tried as a war criminal. For what it's worth, BladeSec IA have always been mindful of the source of our funding. We have no Russian customers, no Russian contracts and receive no payments that we have the slightest concern may have come from Russia or Russian-sympathetic countries.
Comment: 2022/02/16 - Google Chrome Flex. Google bought Neverware in 2020 and now we know why. This can only be a good thing....
Comment: 2022/02/11 - The on-going saga of ssh attacks. It is interesting that DShield is now showing a marked increase in scanning activity.
Comment: 2022/02/09 - Douglas Trumbull, 1942 - 2022.
Comment: 2022/02/08 - Safer Travel 2022. Watch this space....
Comment: 2022/01/25 - Brute force ssh attempts. 16:58:18[~]$ f2b-report summary 10 Banned IPs on 2022-01-25 - 2 Banned IPs on 2022-01-24 - 20 Banned IPs on 2022-01-23 - 16 Banned IPs on 2022-01-22 - 30 Banned IPs on 2022-01-21 - 48 Banned IPs on 2022-01-20 - 35 Banned IPs on 2022-01-19 - 33 Banned IPs on 2022-01-18 - 24 Banned IPs on 2022-01-17 - 12 Banned IPs on 2022-01-16 - 4Whilst we still can't see similar increases of activity being reported elsewhere, it seemingly remains a less than sophisticated attack:-
16:58:20[~]$ f2b-report users sort 20 admin 19 test 14 user 10 pi 3 ubnt 2 worker 2 student 2 gitlab 1 vpn 1 vmware 1 upload 1 uftp 1 support 1 srvadmin 1 sistemas 1 redhat 1 public 1 operador 1 openstack 1 oot 1 mailnull 1 logcheck 1 jenkins 1 httpd 1 ftpuser 1 freebsd 1 fmaster 1 english 1 cxwh 1 admin1 1 adam 1 1Yesterday, we opted to add a few more /16s to the permanently blocked list:-
17:09:40[~]$ sudo ipset list denylist | egrep "^[1-9]" 116.98.0.0/16 1.15.0.0/16 199.19.0.0/16 178.128.0.0/16 116.105.0.0/16 176.111.0.0/16 122.3.0.0/16 107.189.0.0/16 185.73.0.0/16 45.88.0.0/16 81.161.0.0/16 116.110.0.0/16 206.189.0.0/16 82.65.0.0/16 199.195.0.0/16 171.251.0.0/16 104.244.0.0/16 211.36.0.0/16 205.185.0.0/16 92.255.0.0/16 209.141.0.0/16 178.73.0.0/16 198.98.0.0/16On Saturday, the service that we use to perform geolocation of source IPs started throttling our lookups, so we had to temporarily switch that off. Whilst geolocation and VPNs do fuzz matters somewhat, this still makes for interesting reading:-
17:10:24[~]$ f2b-report countries -- Top ten worst offending countries of all time -- 132 China 99 United States 46 Viet Nam 30 Brazil 25 India 24 Indonesia 21 Korea, Republic of 19 Netherlands 18 Russian Federation 17 GermanyThe bottom line is that we aggressively patch the gateway server and we only permit SSH access using looonnnnggggg authentication keys. Passwords are verboten!
Comment: 2022/01/19 - Brute force ssh scans. Some will undoubtedly object to the detail here, but it's worth noting that these IPs have no authorisation, no legal right and no credentials to connect to us:- 09:56:19[~]$ f2b-report date 2022-01-14 -- Worst offending IP addresses for 2022-01-14 -- 0 [NO INFO] 09:56:26[~]$ f2b-report date 2022-01-15 -- Worst offending IP addresses for 2022-01-15 -- 2 159.65.148.231 1 [20220116] India City: Bangalore 147.182.202.46 1 [20220116] United States City: Kansas City 09:56:41[~]$ f2b-report date 2022-01-16 -- Worst offending IP addresses for 2022-01-16 -- 4 206.189.136.196 3 [20220112] India City: Bangalore 42.192.200.2 2 [20220117] China City: Beijing 179.103.247.1 1 [20220116] Brazil City: Rio de Janeiro 171.227.203.9 1 [20220117] Viet Nam City: Thu Dau Mot 09:56:43[~]$ f2b-report date 2022-01-17 -- Worst offending IP addresses for 2022-01-17 -- 12 211.36.141.35 4 [20220117] Korea, Republic of City: Taegu 157.245.161.35 2 [20220117] United States City: Santa Clara 117.111.1.78 2 [20220117] Korea, Republic of City: Munsan 92.241.82.242 1 [20220118] Georgia City: Tbilisi 51.75.121.204 1 [20220117] France City: Roubaix 49.235.35.79 1 [20220117] China City: Beijing 36.22.187.34 1 [20220118] China City: Jiaxing 189.50.42.126 1 [20220117] Brazil City: Goiania 180.97.182.111 1 [20220117] China City: Yangzhou 171.244.139.236 1 [20220117] Viet Nam City: Hanoi 139.186.84.46 1 [20220117] China City: Beijing 121.4.68.87 1 [20220117] China City: Beijing 09:56:45[~]$ f2b-report date 2022-01-18 -- Worst offending IP addresses for 2022-01-18 -- 24 211.36.145.65 4 [20220118] Korea, Republic of City: Munsan 1.15.144.122 4 [20220118] China City: Beijing 78.128.113.82 3 [20220118] Belgium City: Brussels 5.101.99.198 3 [20220118] Netherlands City: Amsterdam 91.134.173.100 2 [20220118] France City: Roubaix 49.234.102.214 2 [20220118] China City: Beijing 35.194.196.236 2 [20220118] United States City: Mountain View 178.128.236.76 2 [20220118] Canada City: Toronto 157.245.75.41 2 [20220118] Netherlands City: Amsterdam 95.214.53.164 1 [20220118] Poland City: Warsaw 58.220.56.64 1 [20220118] China City: Yangzhou 27.155.101.233 1 [20220118] China City: Fuzhou 23.95.164.237 1 [20220118] United States City: Washington 212.129.250.242 1 [20220118] China City: Beijing 198.199.90.215 1 [20220118] United States City: North Bergen 195.110.58.115 1 [20220118] United Kingdom City: Manchester 181.49.118.186 1 [20220118] Colombia City: Cota 157.230.234.39 1 [20220118] United States City: North Bergen 148.66.132.190 1 [20220118] Singapore City: Singapore 128.199.52.4 1 [20220118] Netherlands City: Amsterdam 111.40.50.116 1 [20220118] China City: Harbin 111.231.201.210 1 [20220118] China City: Beijing 104.168.144.108 1 [20220119] United States City: Seattle 103.92.24.242 1 [20220118] Viet Nam City: Ho Chi Minh CityEven today, as I type this:- 09:56:47[~]$ f2b-report today lookup -- Worst offending IP addresses today - so far -- 13 42.193.144.254 2 [20220119] China City: Beijing 42.193.110.250 2 [20220119] China City: Beijing 178.128.88.244 2 [20220119] Singapore City: Singapore 68.48.240.245 1 [20220119] United States City: Ann Arbor 40.68.90.206 1 [20220119] Netherlands City: Amsterdam 221.2.35.78 1 [20220119] China City: Jining 203.190.55.203 1 [20220119] Indonesia City: Jakarta 183.82.121.34 1 [20220119] India City: Hyderabad 182.61.3.42 1 [20220119] China City: Beijing 139.199.18.200 1 [20220119] China City: Beijing 120.92.89.30 1 [20220119] China City: Beijing 118.195.139.245 1 China City: Liuzhou 103.102.15.182 1 [20220119] Indonesia City: RembangNone of this is causing a problem, it is just curious that they appear to be low complexity attacks:-
10:05:38[~]$ f2b-report users sort 24 pi 10 admin 5 ubnt 3 user 2 username 2 spark 2 demo 1 test 1 telecomadmin 1 support 1 squid 1 service 1 music 1 logcheck 1 kkh 1 kevin 1 johnny 1 engineer 1 dell 1 cisco 1 asmin 1 amanda 1 User 1 DIt is, however, increasing the chances that we're going to enforce some form of geographical IP restriction:- 10:05:24[~]$ f2b-report countries -- Top ten worst offending countries of all time -- 106 China 81 United States 44 Viet Nam 28 Brazil 23 Indonesia 20 Korea, Republic of 20 India 18 Russian Federation 16 Netherlands 15 GermanyWe have a legitimate customer each in Germany and India - but the rest are just noise.
Comment: 2022/01/12 - Alleged remote control vulnerability - in Teslas....
Comment: 2022/01/11 - An invite to a club you probably didn't want. Contrast that with the e-mail about "Socially Distanced Drinks". Somebody has specifically chosen to mark that "OFFICIAL-SENSITIVE". I would hate to think it was because they suspected that the content might actually be sensitive given the efforts of the wider UK population. Equally, I'm fairly sure that drinking alcohol on-site whilst "working" is frowned upon from both a Health and Safety and Civil Service Code of Conduct.
Comment: 2022/01/01 - Happy New Year! In other news, we see the clock tick over into 2022 back on the Isle of Lewis - a place that had such an influence on me growing up, and remains such an important part of my current life. As usual here is our tongue in cheek look at the last twelve months:-
Click here for older News & Comment.
|
||||