It’s hard being a teacher. I most certainly would know, considering over 25 years of experience. I’m used to the hate hurled at teachers, the accusations, the disrespect, the insane charges that we are somehow “indoctrinating” people. (I taught technology. There’s no indoctrination there.) Ruben Navarrette, though, has only one thing to tell anyone who …
“7 Steps to Better Government”: Building an alternative to extremism
There is actually some good thinking going on out there. I saw it recently in the Albuquerque Journal, in an editorial piece by Tim Sarmo and George Orbanek, at this address: https://www.abqjournal.com/2491933/7-steps-to-better-government.html Such ideas. Consider: “We believe fact, supported by irrefutable evidence.” Not long ago I tried to point to that irrefutable evidence, in that …
Continue reading ““7 Steps to Better Government”: Building an alternative to extremism”
Books About Hacking
Rtfm: Red Team Field Manual, 2014 – https://www.amazon.com/Rtfm-Red-Team-Field-Manual/dp/1494295504/ref=sr_1_1?dchild=1&keywords=red+team+field+manual&qid=1622069547&s=books&sr=1-1 Blue Team Field Manual (BTFM), 2017 – https://www.amazon.com/Blue-Team-Field-Manual-BTFM/dp/154101636X/ref=sr_1_4?dchild=1&keywords=red+team+field+manual&qid=1622069547&s=books&sr=1-4 The Cuckoo’s Egg, 1989 – https://www.amazon.com/Cuckoos-Egg-Tracking-Computer-Espionage/dp/B0845PM1M5/ref=sr_1_1?dchild=1&keywords=cuckoo%27s+egg&qid=1621902773&s=books&sr=1-1 Gray Hat Hacking: The Ethical Hacker’s Handbook, 2018 – https://www.amazon.com/Gray-Hat-Hacking-Ethical-Handbook-dp-1260108414/dp/1260108414/ref=dp_ob_title_bk
[ Hacker Night School ] :: The Illustrated TLS Connection
Https://tls.ulfheim.net/ has a beautiful graphical way to see every step of setting up a TLS connection. This is porn for network geeks, but also for hackers (sometimes the same people). To paraphrase Ultra Famous Hacking God Pablos Holman, Here’s the messages between website and client to set up TLS. Every one of these is an …
Continue reading “[ Hacker Night School ] :: The Illustrated TLS Connection”
[ Hacker Night School ] :: the POODLE attack, featuring TLS Downgrade
The KBID XXX – TLS Downgrade I almost every course I teach I discuss the perils of “TLS fallback,” a fatal misconfiguration that negotiates a web server back to an old, insecure SSL/TLS version. From there it’s simple to use known exploits against the web server and boom, now it’s a Russian crimeware server. This …
Continue reading “[ Hacker Night School ] :: the POODLE attack, featuring TLS Downgrade”
Access Blocked Sites: the Holy Unblocker
A fellow teacher tells me about the “Holy Unblocker,” a proxy service that lets school kids get around their school’s web restrictions. It looks to me like it could be useful for other people, perhaps people living under regimes that want to control their access to knowledge and communications. This proxy is insidious: it uses …
[ Hacker Night School ] :: The Holy Unblocker
A fellow teacher tells me about the “Holy Unblocker,” a proxy service that lets school kids get around their school’s web restrictions. It looks to me like it could be useful for other people, perhaps people living under regimes that want to control their access to knowledge and communications. This proxy is insidious: it uses …
Continue reading “[ Hacker Night School ] :: The Holy Unblocker”
CyberChef: The Grandmaster Encoder/Decoder, a lovely gift to you from GCHQ
You do know who GCHQ is, right? So take this gift with that knowledge. You can use it online, or download the software and run your own local service. https://gchq.github.io/CyberChef/
The KNOB Attack: Does this exploit from 2018 still work?
Here’s an awesome Bluetooth exploit from 2018 that EVERY device was vulnerable to, called the KNOB attack. “We found and exploited a severe vulnerability in the Bluetooth specification that allows an attacker to break the security mechanisms of Bluetooth for any standard-compliant device. As a result, an attacker is able to the listen, or change …
Continue reading “The KNOB Attack: Does this exploit from 2018 still work?”
XSS Game :: Learn Cross-Site Scripting, Bug-Test Google Apps, Step 3: Profit
Here’s another Google Appspot pen-testing practice site, this one focused on XSS (Cross-Site Scripting). Oh, it’s so fun to have sites where you can rampage like Hannibal’s elephants without getting condemned to death by gladiator! “In this training program, you will learn to find and exploit XSS bugs. You’ll use this knowledge to confuse and …
Continue reading “XSS Game :: Learn Cross-Site Scripting, Bug-Test Google Apps, Step 3: Profit”