Author: J.C. Cross

Stability

Write a constitution, and you generally have a more stable government.

Once you have it, defy it, and your actions are evident. The constitution is a witness against you. It looms large. The nation’s citizens are its citizens.

Its footprint shadows you. Now that the government is intended secure, culture and society thrive.

Those protected under the constitution can prosper, in wealth, mind, spirit. The pursuit of happiness is given to them to work out.

Poverty emerges in those countries without such a support. The weak have no place to rest. They are subject to violence and theft.

And so here: we hold these truths to be self-evident.

It is/is not written

It’s irksome, the idea that destiny is written. It’s a great thing if you have faith enough. He promised the work would be completed. It is written.

Yet, if we sin and fall into judgment, is that written?

So that is a known problem.

I aspire. I hope. Let that not die.

But is the history of ideas written, ideas that can contradict Him? We open our mouths, and we contradict.

It becomes difficult to function if you think too much. And I know my thinking. To be free of that kind of thinking.

Let go. Let go my soul.

“Bring him my ring and coat.” Let me glorify your name.

Ransomware Timeline

Utilities and infrastructure, government agencies, hospitals and healthcare institutions, schools, food production and distribution industries–even ferry service to Martha’s Vineyard, all have been attacked by cybercriminals using ransomware, probably now the most used kind of exploit of network systems.

“Even as we speak there are thousands of attacks on all aspects of the energy sector and the private sector generally…it’s happening all the time,” said Energy Secretary Jennifer Granholm to CNN. Continue reading “Ransomware Timeline”

What in the World is a Penetration Test?

A penetration test is an agreed-upon simulated, offensive cybersecurity engagement that tests for vulnerabilities in the target’s systems. The red team is the offensive team and the defenders are the blue team. The organization being tested is looking for weaknesses in their systems.  (Optionally, an organization may set up a purple team to support the engagement.)

In order to do a penetration test you need written permission with specific rules of engagement. You cannot deviate from the plan that is agreed upon. Even scanning the ports of the target system can throw up red flags for the responsible organization and can lead to legal trouble for you if not documented.

Though many red-team/blue-team exercises use in-house teams for both, an outside hacker can actually make some good money doing this. Some hackers make a career out of it. I’ve heard of a contract tester making $50,000 for one engagement; though in-house team members can make $140,000.  There’s even two certifications specifically for penetration testing, the Certified Ethical Hacker and PenTest+ certs.

Halo’s red team/blue team borrows from this concept: Spartan Showdown: Blue Team vs Red Team – YouTube

Another difficult passage: grain sacrifice

The disapproval of God for the grain sacrifice versus meat is another difficult passage. I know there are some explanations, but it’s one of those where you wonder: why the meat and why does God like the pleasant smell of the meat?

Why the human sacrifice of Christ for that matter?

After the beauty of Christ, doesn’t it seem almost blasphemous?

 

Old places

Last time I was in the U.K. I spent some time in the New Forest. Wild ponies.

I didn’t return to my childhood school, but the places where we lived in Northbourne gave rise to memory. Walking to the local store, down by the river with my uncles, the pub frequented by dad and uncle.

There is a quietness of the chill air.

In summer, my nan sat in the yard, bathing in the sun, a little bold perhaps.

But the neighbors are gone now, too.

Sometimes, returning to old places, the ones from our childhood the most, destroys the dream.

Defense in Depth

Layering security measures is called Defense in Depth. Though zero trust is the phrase of the day, defense-in-depth can be a complementary approach to security.

Preventive measures can prevent breaches of confidentiality, for example, measures such as file encryption, TLS encryption for websites, or protecting a certificate key.

Detective measures include intrusion detection/prevention systems (IDS/IPS) or other measures that alert you when there is an unauthorized intrusion on the network.

Recovery measures include backups and other measures to maintain resource availability. Whether daily, incremental, or full, you need a backup plan.

Continue reading “Defense in Depth”

Captain Fantastic

What to make of the millennial want of the Winnebago lifestyle.

I see the sprinters here on the island sometimes. They’re parked along Ocean Drive. I will say that there are fewer messes when compared to the fast food wrapper-spewing lowriders. (What a mess.) At my prior employer, one of the young guys brought us outside to look at his tricked-out camper van.

It gives an honorable sense of not wanting to waste and decreasing your footprint. It’s actually kind of admirable, I think.

It’s difficult for me to comment on family matters as I don’t have any children. But I think there are a few things to say. One does not grow up as quickly as with kids. A friend often lectures me on “growing up.” There could be some anger toward him, but maybe he’s right? I do like the single life, but how would I change?

But with all due respect, I am not immature, .

I have thought about doing the Reese Witherspoon thing and hike for life. Sun-bleached mind tan (TM).

Does one need any responsibility without children? Am I serving society well? What is the debt to society?

I know, no man an island. Fine. But when you read of proud parents and proud friends, you do have a certain sadness/defiance.

Year upon year, time after time. What to leave the world other than children. So what if your name ends? Shakespeare’s lineage was gone in a generation. Posterity gets ideas and creativity.

So we of lesser insight should try something different.

Physical abundance v information abundance

Remembering the old work by Negroponte, bits versus atoms. In the digital economy we learn, organize, and tell stories that are ephemeral.

Electrons versus photons is a close thing to atoms versus bits. It seems that the abundance economy is not physical, but light you’re looking at right here. A simple handshake can move mountains, e.g. a digital transaction with physical tether.

Every object contains its corresponding bits, like an atom with its ghost.

What is the CIA Triad?

No, not the Yankee security agency; the CIA Security Triad is a model organizations can use to guide policies for their cyber and information security. CIA stands for Confidentiality, Integrity, and Availability. It’s also useful during the acquisition of new technology assets and data to guide policymaking.

Confidentiality – Keeping sensitive, confidential, or private information safe from unauthorized access. It’s common to categorize sensitive data by the potential for damage if the data is released or stolen in case of a security breach. The question of who needs what kind of access to the information should be a consideration. Organizations can set access control lists (ACLs), encryption, and permissions for systems, files, and folders.

Integrity – Preventing data from deletion, tampering, or modification by an authorized or unauthorized party. This includes mistaken but authorized changes. Data at rest (stored), in transit, or in use should be protected for consistency, accuracy, and trustworthiness.

Availability – Accessing or refusing access to files, folders, and systems. The information the security measures protect and ensure should be available despite hardware failures, system upgrades, or power outages. The security measures should be consistent and provide ready accessibility by authorized parties.

The difference between tech support and cybersecurity experts lies with CIA. Tech support can help with your availability (connection), but integrity and confidentiality are usually the domains of cyber.

Hacking Paywalls: You Only Thought You Needed To Subscribe

Note: This tutorial is for Chromium browsers, but the developer tools on other browsers are similar. Leave a question if you need help.

Just a brief introduction to this tutorial is needed. Web pages are text files that contain text and HTML. When you go to a website your browser downloads the HTML text file and you now have a copy of the page on your computer. The file also downloads copies of images, videos, and programming that are referenced inside the HTML. Each item on the page is in a box, which may be contained in other boxes and which may have boxes inside it as well. These items are called elements. With the developer tools in each browser you can edit your copy of the page to remove or change elements. If you refresh the page, it will return to the version you downloaded. Continue reading “Hacking Paywalls: You Only Thought You Needed To Subscribe”

Using Publicly-available Information To Learn More About A Target (Passive Footprinting)

Even a novice can research a target using publicly-available information. This is also called passive footprinting and there are numerous tools and commands to find this information: Continue reading “Using Publicly-available Information To Learn More About A Target (Passive Footprinting)”

Concealment

The world of concealment, dark figures, breathing deep. One dimensional creatures slip out into two dimensions briefly, ever so briefly. Into three dimensions. Eternal destiny is three to two to one dimensions, out of sight. They still hide in shade.
Imagination can make the creatures slip into three.
We are no mere mortals, but “gods.”

Every argument is eternal. We don’t think what each means. Words take flight and move mountains.

(working…)