BladeSec IA Logo

Company Information

Introduction
Company principles
Certifications and qualifications
Why choose BladeSec IA?
News and comment <

Products and Services

Typical work
Engaging us
Specific highlights

Travel Advice

More

Contact us
Privacy statement
Terms and conditions
Environment statement
Equality and diversity statement
 

Latest news and comment.

Comment: 2022/05/24 - Mark Zuckerberg sued in on-going spat over Cambridge Analytica.
We speculated at the time that Facebook should be implicated in the Cambridge Analytica scandal. Now, it turns out that Washington DC's Attorney General has filed a civil suit against Mark Zuckerburg.

Comment: 2022/05/20 - Patching research.
In an actual item about information assurance rather than personal heroes, there is some fascinating research that makes a mockery of one of my fundamental controls for good security architecture. That said, key to this research is effective monitoring of exploits in the wild. I would speculate that most organisations are actually fairly poor at that, so I will stick to my mandate for "robust" patching for the time being!

Comment: 2022/05/19 - Vangelis Papathanassíou, 1943 - 2022.
As a very small child, I can remember hearing the sweeping synthesizer-based majesty of the Chariots of Fire soundtrack one weekend when my brother came home from university. The principal track (originally called Titles, but popularised as Chariots of Fire) was such an epic piece of music, I conspired to commit it all to memory - after all, small boys had very little money to spend on music. It was the first time, I had ever been inspired to do this for any piece of music - I just knew I had to remember it.

Leap forward a number of years, and I saw Blade Runner for the first time. From the point you see the huge plumes of fire reflected in an eye in the opening sequence, to the otherworldly sounds of the market, before resting on the death of an almost human android and being propelled into a high-energy closing title, this was the soundtrack above all others. It all fitted so well.

It took a while for an "official" version of Blade Runner: The Original Motion Picture Soundtrack to appear, but when it did, it was as epic as the film, representing every emotion and image you experience in the film. No other film soundtrack has ever come close.

Even when Blade Runner 2049 was released with a soundtrack by Hans Zimmer, I was overjoyed when he clearly recognised the importance of what had gone before. He gave us another interpretation of Tears in Rain that was as fitting and raw as the original.

Many composers have tried to copy Vangelis, but for inducing stories in your mind's eye. I, for one, am deeply saddened that I will never hear his musical mastery again.

Comment: 2022/05/01 - And the kindness of others....
I have just heard about the death of James Alexander, former music teacher at Milne's High School, founder and chair of Speyfest, fiddle player extraordinaire, organiser of my wedding ceilidh band, and one of the nicest lads in modern traditional music.

I was never good enough to play a musical instrument at school, but I remember my friend, Andrew Hay, being amongst the earliest forays of the new "Fochabers Fiddlers", and him writing music for the late Lady Gordon Lennox at Mr Alexander's behest.

Having returned to the north-east in 1998, I ran into Mr Alexander at a Wolfstone concert in Elgin at some point in 1999. I was looking for a ceilidh band for my upcoming wedding with one requirement; the opening wedding dance had to be Hector the Hero by James Scott Skinner. Mr Alexander - with his usual extraordinary kindness - called me a few days later with some local recommendations, and the promise that if none were suitable, he'd come along with some of the current Fochabers Fiddlers. As it was, Makarakit from Keith did an exemplary job.

The next time I heard from him was when I came across the Peatbog Faeries. They were revolutionary, and I thought they would go down well at Speyfest. I sent Mr Alexander a link. The next thing I know was that they were announced as the headliners for the Saturday night. That particular Speyfest (in 2000) goes down in time as the best ever one ever, but also the most tiring (the weekend was shared with seeing Capercaillie at Gordon 2000 on the Sunday afternoon as well as Wolfstone on the Friday). I ran into Mr Alexander at some point over the weekend, where he thanked me for remembering him and suggesting the Peatbogs in his usual humbling manner.

Leap forward a good few years - and a good few Speyfests. The last time I saw Mr Alexander was the last time I attended a concert with my late mother. Three generations of Birnie's - and a few hangers on - went to the ARC Session, "James Alexander & Friends" in October 2019. I didn't get the chance to speak to him then, but it was clear that whilst the old stalwarts of Charlie McKerron and Paul Anderson were there, the baton was being handed over to the next generation of fiddlers.

And so, I am deeply saddened by the passing of Mr Alexander. I am grateful that whilst I was never musically good enough at school, he didn't put me off music and didn't write-off my views.

As it says on Speyfest social media:-

It is with the heaviest of hearts and a feeling of immense loss, that we share the news that our Founder, long-term Chairman and dear friend James Alexander has passed away, following a bravely fought sustained period of illness.

The thoughts of everyone at the festival, and the wider Speyfest community, are with James' loved ones at this difficult time.
...
Please join us by raising a glass as we remember James doing what he did best with this moving performance of Hector the Hero at Speyfest 2018.

Comment: 2022/04/26 - The missed opportunity to fix the Post Office scandal.
The Post Office scandal has been held up as a travesty of injustice with the wrongful prosecution of 732 postmasters and sub-postmasters. Last night, Panorama drew together the strands of the investigation and highlighted that an opportunity to identify the faults in the bug-ridden Horizon accounting system was missed.

In May 2009, Rebecca Thompson, a junior reporter for Computer Weekly published a story entitled "Bankruptcy, prosecution, disrupted livelihoods: Postmasters tell their story". Ms. Thompson spent six months speaking to Post Office workers about faults in Horizon and discovered they were being told they were the only ones with accounting errors, even though there were multiple prosecutions underway.

Computer Weekly was never challenged over publishing their story.

Only now is Ms. Thompson getting the credit for uncovering the story that took a further decade to resolve. In that time, The Post Office stole the lives, livelihoods, reputations and time of hundreds of good people who had done nothing wrong.

To my mind, it's also a travesty why, following the publication by Computer Weekly, the story disappeared into a hole within the mainstream press.

It's been a year since the BCS proposed changes to the burden of proof of UK computer evidence. Once again, there's been little traction....

Comment: 2022/04/09 - The evil that men do....
Yesterday, I received a registration for a website that I didn't register for. It was a well known high-street bookmaker. The e-mail was to a protected e-mail address that I use to prevent giving away my real address. I immediately went to the website, hit the "recover my password" option and changed the password when the "click here to change your password e-mail" arrived.

I then took a breather and I remembered that in October last year, I had noticed a soft search in my credit file against an exceptionally old address. It was from another on-line bookmaker and somewhat worryingly, it used my correct date of birth. When I went into my credit file to look again at the detail, I saw that another search was done at the beginning of this month.

I was trying to remember why the date in October rang a bell. A quick look through my diary brought the inspiration that I was looking for. On the 18TH of October I sold my car to a individual who had travelled from England to buy it. On the 22ND I had received a Notice of Intended Prosecution as the individual had left mine and three hours later passed a police speed trap at 86mph.

The good thing was that even before I had clapped eyes on this individual, his behaviour was such that there was little doubt in my mind that he was far from being trustworthy. I responded by doing everything by the book. When it transpired he had given me a fake name and address, I was not in the least surprised.

I never told this individual what I do for a living. So when he reads this, I would imagine there will be a few moments where he thinks that he will be able to get away with it. Eventually the magnitude of the horror will hit him - probably in the next sentence.

The police were very helpful - as was I when I used my skills to track down and recover his real identity. It's clear from the individual's local press that he has been prosecuted previously for the supply of unroadworthy vehicles. Somewhat alarmingly, there's even a reference to a prosecution under The Terrorism Act as he received training on chemical and biological weapons that would be useful to terrorism.

So, the lesson here is to make sure that when you hand over car service history receipts in good faith, always take the time to go through them. It may be worth asking somebody else to check it, to ensure that there is nothing that would be useful to a criminal - and that includes addresses on garage invoices....

Comment: 2022/04/08 - Good, old fashioned spycraft, part two.
Following his arrest in Potsdam, Germany last year, the UK authorities are charging an individual with offences under the Official Secrets Act. Despite statements to the contrary - at the time - that he would not be extradited and would face charges in Germany, Mr David Smith arrived back into the UK last Wednesday.

I would speculate that Mr Smith's alleged Russian links, and the war in the Ukraine has perhaps altered things. In the face of failed and failing military tactics and tools, it might yet appear that the last bastion of Russian trade-craft is limited to what they learned in the Cold War, that the west has forgotten.

Comment: 2022/04/07 - More on QR codes.
The threat posed by QR codes as highlighted in Safer Travel has been picked up by Dark Reading.

Comment: 2022/04/01 - April Fool's Day.
I confess that this one almost got me. I had only just woken up, your honour.... We can only dream of such advanced transport integration!

Comment: 2022/03/22 - Telemetry from Google Messages and Google Dialer.
This makes for somewhat scary reading, even ignoring the apparent data protection breach. Here in the security card-shed, we've been running a project to determine the suitability of both Ubuntu Touch and LineageOS* for about a month now. We're about to commence on an operational deployment to see if either can genuinely replace Android.
--
* What some may find interesting is that we have previously deployed CyanogenMod (what LineageOS was forked from) on Samsung Galaxy SIIs and S3s for an interesting job back in May 2018 with much acclaim.

Comment: 2022/03/21 - European travel in a time of COVID.
On a brighter note to recent news, I have recently been in Germany visiting extended family. This marks the first visit post-Brexit and certainly post-COVID.

On the whole, it was great to be back and despite the political shenanigans of Brexit, the Germany border guards were polite and efficient when enquiring what we were doing there and where we were staying. Indeed, they seemed pleased that we were back! (Note to the wise; always ensure you get your passport stamped on entrance and exit to the EU now.)

The main concern was COVID and how odd that would make things. Germany, currently only recognises the effectiveness of FFP2 masks that have to be worn in most inside, public areas. Once your COVID pass has been validated and you are seated, you can remove your mask when eating or drinking.

(There had to be a security point to this, hadn't there?)

On one occasion, our Scottish-issued NHS COVID passes were given a cursory inspection by the restaurant staff. No validation was undertaken on either the COVID Status App or the paper certificate for this first visit. On the other hand, when we visited a very busy bierkeller one evening, our QR codes were scanned and our identities were compared to Government issued photo-ID. (Another note to the wise; whilst in Germany you do not need to carry some form of ID, it does make it much easier these days.)

And that's where it became interesting. The scanner that the receptionist used had no issue in scanning my COVID Status App QR code - but it failed to scan the QR code on my wife's paper certificate. (So a final note to the wise; be prepared and take both the paper certificate and the COVID Status App in case one does not work.)

Here's an interesting take from Mr. Schneier.

On a complete aside, this trip had been a long time in the planning. We had originally intended to visit before Christmas before deciding it was entirely irresponsible to travel due to the Omicron variant. As a consequence, preparations were "extensive" including building a specific laptop to test public wireless internet access. The results were quite interesting and will feed into this year's update to Safer Travel.

Comment: 2022/03/09 - "Z" is for Zelenskyy.
Interesting.... Clearly, no plan survives first contact.

Comment: 2022/03/07 - Boots on the ground.
It's been two weeks since Putin invaded The Ukraine. There are numerous reports that suggested that Russian forces expected to be welcomed with open arms and what little resistance they encountered would give up after two weeks. What is clear is that supply chain issues have meant that Russia are struggling to maintain their lodgement. There are rumours that Russia has lost 10,000 troops and that portable crematoria have been seen so that the scale of their defeat can be buried.

In the face of Putin declaring that economic sanctions against Russia are "akin to a declaration of war", it appears that an FSB whistle-blower has decided that it has been a "total failure". Needless to say, the West aren't the ones occupying foreign soil whilst armed with weapons all-the-time whilst denying it's a war.

Comment: 2022/02/27 - Russia invades the Ukraine.
Because of the work we do, the headlines over the last few days have sadly been expected. We'd heard various delays attributed to milder winters and supply chain issues, but there is now a war in Europe. I note that at the time of writing Putin is stating that it's not a war, and indeed is arresting people (including his own) that claim it is an "illegal war". Instead, he's calling it "special military action" because that makes all the difference.

What is clear is that Russian forces have invaded a sovereign nation. That sounds like war to me.

I'd wager a significant amount of money that at some point in the next decade Putin will be dragged to The Hague to be tried as a war criminal.

For what it's worth, BladeSec IA have always been mindful of the source of our funding. We have no Russian customers, no Russian contracts and receive no payments that we have the slightest concern may have come from Russia or Russian-sympathetic countries.

Comment: 2022/02/16 - Google Chrome Flex.
Here in the security cart-shed, we've been well aware of the benefits of using Neverware's Cloudready for many years. On every customer deployment, the binary install file goes with our consultant just-in-case. For overseas deployments, a full Google Chromebook is our particular tool of choice. Not only has it got anti-tamp that would make GCHQ jealous, but it's dead easy to flatten and re-install when it comes back to friendly soil. We do not hide that fact that our e-mail infrastructure is built on Google Workspace. Whilst the integration that you get was not a decision point for us, it is a welcome benefit.

Google bought Neverware in 2020 and now we know why. This can only be a good thing....

Comment: 2022/02/11 - The on-going saga of ssh attacks.
Could this be what's behind the sudden and almost-exponential set of ssh scans?

It is interesting that DShield is now showing a marked increase in scanning activity.

Comment: 2022/02/09 - Douglas Trumbull, 1942 - 2022.
You only have to realise the name of this company to understand the importance of Blade Runner to me. Mr Turmbull was as important to the look, feel and legacy of Blade Runner, not to mention Close Encounters of the Third Kind and 2001: A Space Odyssey. As I read about the films that he had been involved in, I remembered that he had been responsible for Silent Running. The first film that, as a small child, broke my heart.

Comment: 2022/02/08 - Safer Travel 2022.
We had an enquiry asking if we'd stopped the development of Safer Travel. Indeed, if you look at the Travel Advice page, you'll see the graphic was never updated in 2021 or 2022. In truth, with the pandemic, the changes to the 2021 edition were very small, but there were three issued versions in March, September and November.

Watch this space....

Comment: 2022/01/25 - Brute force ssh attempts.
It's been an interesting few days. The attempts against our gateway server increased almost exponentially:-

16:58:18[~]$ f2b-report summary 10
Banned IPs on 2022-01-25 - 2
Banned IPs on 2022-01-24 - 20
Banned IPs on 2022-01-23 - 16
Banned IPs on 2022-01-22 - 30
Banned IPs on 2022-01-21 - 48
Banned IPs on 2022-01-20 - 35
Banned IPs on 2022-01-19 - 33
Banned IPs on 2022-01-18 - 24
Banned IPs on 2022-01-17 - 12
Banned IPs on 2022-01-16 - 4
Whilst we still can't see similar increases of activity being reported elsewhere, it seemingly remains a less than sophisticated attack:-

16:58:20[~]$ f2b-report users sort
     20 admin
     19 test
     14 user
     10 pi
      3 ubnt
      2 worker
      2 student
      2 gitlab
      1 vpn
      1 vmware
      1 upload
      1 uftp
      1 support
      1 srvadmin
      1 sistemas
      1 redhat
      1 public
      1 operador
      1 openstack
      1 oot
      1 mailnull
      1 logcheck
      1 jenkins
      1 httpd
      1 ftpuser
      1 freebsd
      1 fmaster
      1 english
      1 cxwh
      1 admin1
      1 adam
      1 1
Yesterday, we opted to add a few more /16s to the permanently blocked list:-

17:09:40[~]$ sudo ipset list denylist | egrep "^[1-9]"
116.98.0.0/16
1.15.0.0/16
199.19.0.0/16
178.128.0.0/16
116.105.0.0/16
176.111.0.0/16
122.3.0.0/16
107.189.0.0/16
185.73.0.0/16
45.88.0.0/16
81.161.0.0/16
116.110.0.0/16
206.189.0.0/16
82.65.0.0/16
199.195.0.0/16
171.251.0.0/16
104.244.0.0/16
211.36.0.0/16
205.185.0.0/16
92.255.0.0/16
209.141.0.0/16
178.73.0.0/16
198.98.0.0/16
On Saturday, the service that we use to perform geolocation of source IPs started throttling our lookups, so we had to temporarily switch that off. Whilst geolocation and VPNs do fuzz matters somewhat, this still makes for interesting reading:-

17:10:24[~]$ f2b-report countries
-- Top ten worst offending countries of all time --
    132 China 
     99 United States 
     46 Viet Nam 
     30 Brazil 
     25 India 
     24 Indonesia 
     21 Korea, Republic of 
     19 Netherlands 
     18 Russian Federation 
     17 Germany 
The bottom line is that we aggressively patch the gateway server and we only permit SSH access using looonnnnggggg authentication keys. Passwords are verboten!

Comment: 2022/01/19 - Brute force ssh scans.
Yesterday, we saw an unprecedented increase in attempts made against ssh on our secure reporting server. This doesn't seem to be reflected elsewhere suggesting that something is specifically targetting us. Indeed, DShield suggests that, other than between August and September 2021, the scans have been fairly consistent, verging towards a drop off. As far as I can see, there's nothing on CISP.

Some will undoubtedly object to the detail here, but it's worth noting that these IPs have no authorisation, no legal right and no credentials to connect to us:-

09:56:19[~]$ f2b-report date 2022-01-14
-- Worst offending IP addresses for 2022-01-14 -- 0
[NO INFO]

09:56:26[~]$ f2b-report date 2022-01-15
-- Worst offending IP addresses for 2022-01-15 -- 2
159.65.148.231	1 [20220116] India City: Bangalore	
147.182.202.46	1 [20220116] United States City: Kansas City	

09:56:41[~]$ f2b-report date 2022-01-16
-- Worst offending IP addresses for 2022-01-16 -- 4
206.189.136.196	3 [20220112] India City: Bangalore	
42.192.200.2	2 [20220117] China City: Beijing	
179.103.247.1	1 [20220116] Brazil City: Rio de Janeiro	
171.227.203.9	1 [20220117] Viet Nam City: Thu Dau Mot	

09:56:43[~]$ f2b-report date 2022-01-17
-- Worst offending IP addresses for 2022-01-17 -- 12
211.36.141.35	4 [20220117] Korea, Republic of City: Taegu	
157.245.161.35	2 [20220117] United States City: Santa Clara	
117.111.1.78	2 [20220117] Korea, Republic of City: Munsan	
92.241.82.242	1 [20220118] Georgia City: Tbilisi	
51.75.121.204	1 [20220117] France City: Roubaix	
49.235.35.79	1 [20220117] China City: Beijing	
36.22.187.34	1 [20220118] China City: Jiaxing	
189.50.42.126	1 [20220117] Brazil City: Goiania	
180.97.182.111	1 [20220117] China City: Yangzhou	
171.244.139.236	1 [20220117] Viet Nam City: Hanoi	
139.186.84.46	1 [20220117] China City: Beijing	
121.4.68.87	1 [20220117] China City: Beijing	

09:56:45[~]$ f2b-report date 2022-01-18
-- Worst offending IP addresses for 2022-01-18 -- 24
211.36.145.65	4 [20220118] Korea, Republic of City: Munsan	
1.15.144.122	4 [20220118] China City: Beijing	
78.128.113.82	3 [20220118] Belgium City: Brussels	
5.101.99.198	3 [20220118] Netherlands City: Amsterdam	
91.134.173.100	2 [20220118] France City: Roubaix	
49.234.102.214	2 [20220118] China City: Beijing	
35.194.196.236	2 [20220118] United States City: Mountain View	
178.128.236.76	2 [20220118] Canada City: Toronto	
157.245.75.41	2 [20220118] Netherlands City: Amsterdam	
95.214.53.164	1 [20220118] Poland City: Warsaw	
58.220.56.64	1 [20220118] China City: Yangzhou	
27.155.101.233	1 [20220118] China City: Fuzhou	
23.95.164.237	1 [20220118] United States City: Washington	
212.129.250.242	1 [20220118] China City: Beijing	
198.199.90.215	1 [20220118] United States City: North Bergen	
195.110.58.115	1 [20220118] United Kingdom City: Manchester	
181.49.118.186	1 [20220118] Colombia City: Cota	
157.230.234.39	1 [20220118] United States City: North Bergen	
148.66.132.190	1 [20220118] Singapore City: Singapore	
128.199.52.4	1 [20220118] Netherlands City: Amsterdam	
111.40.50.116	1 [20220118] China City: Harbin	
111.231.201.210	1 [20220118] China City: Beijing	
104.168.144.108	1 [20220119] United States City: Seattle	
103.92.24.242	1 [20220118] Viet Nam City: Ho Chi Minh City	
Even today, as I type this:-
09:56:47[~]$ f2b-report today lookup
-- Worst offending IP addresses today - so far -- 13
42.193.144.254	2 [20220119] China City: Beijing	
42.193.110.250	2 [20220119] China City: Beijing	
178.128.88.244	2 [20220119] Singapore City: Singapore	
68.48.240.245	1 [20220119] United States City: Ann Arbor	
40.68.90.206	1 [20220119] Netherlands City: Amsterdam	
221.2.35.78	1 [20220119] China City: Jining	
203.190.55.203	1 [20220119] Indonesia City: Jakarta	
183.82.121.34	1 [20220119] India City: Hyderabad	
182.61.3.42	1 [20220119] China City: Beijing	
139.199.18.200	1 [20220119] China City: Beijing	
120.92.89.30	1 [20220119] China City: Beijing	
118.195.139.245	1 China City: Liuzhou	
103.102.15.182	1 [20220119] Indonesia City: Rembang	
None of this is causing a problem, it is just curious that they appear to be low complexity attacks:-

10:05:38[~]$ f2b-report users sort
     24 pi
     10 admin
      5 ubnt
      3 user
      2 username
      2 spark
      2 demo
      1 test
      1 telecomadmin
      1 support
      1 squid
      1 service
      1 music
      1 logcheck
      1 kkh
      1 kevin
      1 johnny
      1 engineer
      1 dell
      1 cisco
      1 asmin
      1 amanda
      1 User
      1 D
It is, however, increasing the chances that we're going to enforce some form of geographical IP restriction:-
10:05:24[~]$ f2b-report countries
-- Top ten worst offending countries of all time --
    106 China 
     81 United States 
     44 Viet Nam 
     28 Brazil 
     23 Indonesia 
     20 Korea, Republic of 
     20 India 
     18 Russian Federation 
     16 Netherlands 
     15 Germany 
We have a legitimate customer each in Germany and India - but the rest are just noise.

Comment: 2022/01/12 - Alleged remote control vulnerability - in Teslas....
This was always inevitable. It's been nine years since I coined the phrase, the "privacy-illiterate", but I should emphasise that this could be simply bad software engineering where an owner is permitted to make a poor decision without understanding the whole security context. We'll have to wait for more.

Comment: 2022/01/11 - An invite to a club you probably didn't want.
In all my years working in Whitehall and central government departments, at the lower levels of assurance, I don't think I've ever seen a specifically modified, protectively marked e-mail. Most users simply relied on the intrinsic controls of that particular network. Hence, when Friday after work drinks came around, if the network ran at OFFICIAL, the e-mail saying where and when would go out with no specific alterations making it OFFICIAL.

Contrast that with the e-mail about "Socially Distanced Drinks". Somebody has specifically chosen to mark that "OFFICIAL-SENSITIVE". I would hate to think it was because they suspected that the content might actually be sensitive given the efforts of the wider UK population.

Equally, I'm fairly sure that drinking alcohol on-site whilst "working" is frowned upon from both a Health and Safety and Civil Service Code of Conduct.

Comment: 2022/01/01 - Happy New Year!
Ten years ago on this day, BladeSec IA Services, became official and made a small, but revolutionary change to the way IA Consultancy was offered to the government, military and police. I remember the absolute terror of wondering if I had done the right thing, but I can reflect on the fact, that point was the last time that I was ever scared....

In other news, we see the clock tick over into 2022 back on the Isle of Lewis - a place that had such an influence on me growing up, and remains such an important part of my current life.

As usual here is our tongue in cheek look at the last twelve months:-

  • Average distance travelled to work: 3.35 yards - We did manage a few outings this year, so the average has increased!
  • Distance to farthest job: 438 miles (in October).
  • Most interesting place visited: Glasgow - Two weeks before COP26, but for the first time since March 2020.
  • Preferred instant messenger platform of BladeSec IA staff: Signal.
  • Number of new keyboards bought this year: 2.
  • Age of oldest work device still in use: 11 years (A Dell Latitude E6320).
  • Value of donations to Wikipedia as a result of Travel Advice: £25.
  • Value of donations made by BladeSec IA to support other good causes: £135.
  • Amount of time donated by BladeSec IA staff pro-bono: 21.5 days.
  • Number of pages printed on the office colour laser this year: 43.
  • Average rating given to No Time to Die by BIAS staff: Six out of ten.

Click here for older News & Comment.