6 January 2021 was a security clusterfuck.

  uspol coup capital infosec opsec physical_security espionage wtf government

Note the first: I started working on this article last week, but didn't post it until now because I wanted to let all of the (usually astoundingly bad) hot takes die down. While I realize that the Internet has given everyone an attention span rivalled only by the lifespan of the adult mayfly, I think it might be useful to have something laying around that can be pointed to later if need be.

Note the second: A reminder that I do not speak from an official position. I do not speak for or represent my employers, past, present, or future …

Read more...

'twas the week before DefCon.

  conference defcon hacking las_vegas opsec threat_models con_life

UPDATE - 20170902 - Typos, finding emergency exits.

So, after many years I've decided that it's my turn to write a first-timer's guide to Defcon.  There are many like it, so I'll try to be as frank as I can about the topic.  I'm going to try to write for people who've never been to Defcon before (but may have been to other hacker cons).  I'm not going to lie or joke around (which some of the guides tend to do) and give as much personal advice as I can.  I'm also going to try to not sound like your parents, because …

Read more...

How to move your /boot partition onto removable media.

  boot_device infosec linux malware opsec syslinux travel tricks usb howto libreops

Part of every traveler's threat model today should include the following scenario:

When you're trying to fly into or out of an airport en route to someplace else, it is entirely possible that the airport's security staff will take you aside for a more thorough search and questioning while your stuff is taken someplace out of your control and analyzed. We know that there are malware packages available today that boobytrap the boot device of laptop computers to install various forms of surveillance malware which run the next time you start your machine up and compromise the OS even though …

Read more...

US Army worries more about bloggers than leaks back home.

  army blogging censorship classified leaks monitoring oops opsec

Since almost the beginning of Iraq II, the US military has been concerned about bloggers leaking information about upcoming operations and situations in the field that hadn't been cleaned up yet. Lately, they've been commanding troops to police their weblogs and clear all posts through a superior officer before actually posting in the hopes of minimizing the amount of sensitive information that gets out, which makes sense when you think about it. Remember what Geraldo Rivera did back in 2003? URLs and names of blogs have to be registered with the chain of command so that they can keep an …

Read more...