Source: www.schneier.com – Author: Bruce Schneier
Friday Squid Blogging: Illex Squid in Argentina Waters
Argentina is reporting that there is a good population of illex squid in its waters ready for fishing, and is working to ensure that Chinese fishing boats don’t take it all.
As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.
Read my blog posting guidelines here.
Tags: squid
Comments
Please, may we sometimes change the topic here sometime to some kind of security recommendations rather than mostly just documentation and discussion of problems?
Sorry if this seems absurd, I’m just an amateur, no kind of expert at all.
I’m not seeking a class or anything, just a different set of varieties than just the ordinary.
Please let me know, anybody, what you think about that.
And yet, I cannot guarantee that I’ll see your reply (yet someone else may).
sincerely, “i.postimg.cc/NjQfsmSZ/Fridae-PNG.png”
C U Anon •
@Anonymous: I’m not seeking a class or anything, just a different set of varieties than just the ordinary.
Your future is in your hands.
Post on the Friday Squid a topic you would like to see, in the form of a “starter seed”.
If it’s seen as good it will get picked up and nurtured either by the host or other commentors or both.
Many of the threads on this blog can be found to have come from topics raised and talked about in the Friday Squid by many different people. Importantly this blog is not a “Hot Topic” blog like some “ticker-tape blogs”. That is sometimes it might take a while for a subject to come up in a non Friday Squid thread. The Host here is a busy person but also likes to think things through for particular aspects of relavance. It’s why many come here to lurk, read, comment and suggest.
It’s upto you what related subject you put a seed down for, but don’t give up if your first attempts fail.
But do yourself a favour stop using “Anonymous” as your Identity here. Because many people will just skip over your comments because of it.
Secondly be plain not enigmatic people have busy lives and don’t have time to spare for that.
Thirdly don’t be contentious again people have busy lives.
Forth don’t pollute threads, non Friday Squid pages are topic based, try and stay on topic even if it is tangentially. People tend to be forgiving if they can quickly see how you get from the thread topic to a related / foundational topic.
Finally as always read the blog guidelines (guiding rules) you will find a link to them at the top of every Friday Squid for such a long time now it feels like forever.
But also scan, “100 Latest Comments”,
https://www.schneier.com/blog/newcomments.html/
It will give you, not just a heads up on what is being discussed currently, but importantly it will let you see when someone makes a post to an older thread that is highly relavant. This happens more often than you might at first think.
Likewise as with FAQ’s take the time to see if the subject you want to talk about has already been raised. Quite often it has more often than you might expect “years before”. Some here like the host have the ability to see things more than a half a decade or longer before they become mainstream.
Red Team •
@Anonymous
I’m sure others will disagree, but I’d suggest looking into Kali or similar distros. Learning how to use the breadth of open source hacklng tools against your own network and devices might help better understand how to secure yourself.
JonKnowsNothing •
@C U Anon, @Anonymous, All
In addition to what @CU mentioned
When you see a comment thread that has gathered several posters, notice the names of those who you find “most illuminating”. Try to follow their posts and how they write up a topic.
You do not have to be an expert (see my handle) so when a topic is running and you have lost some of the trail, do a bit of hunting in wikip (or other) to get an overview of the topic themes. You won’t become an expert but it may direct you towards something that is interesting to you.
Don’t be afraid of laying an egg with a question. I’ve certainly laid a good few and people for the most part are polite and if you don’t get a response, it maybe because you have framed the question too vaguely.
Also be mindful that these topics tend to be either at the 10,000ft level or at the 10,000mm level. Any specific advice on How To Do X is probably not something found here.
echo •
It’s a mistake to post “high level views” and “nitty gritty detail” and nothing in between if for no other reason it can fall into the trap of being conceited or showing off. Myself I feel a more practical and accessible balance is better. There’s a place for high level abstracts and detail. Of course there is. But it’s going to sail by most people if it forgets “solving problems relevant to them”.
Knowing how to do something effectively (emphasis “effective”) is worth more than gimlet eyed duck and roll teeth grinding purism. Neither is anyone going to do a search of the past ten years of freeform scattergun egotism.
So in that respect I tend to agree with the OP and less so with the old lags. It’s easy to forget the idea of nurturing and give people both barrels when they walk in the door because “n00b”. The point being is we are all someone else’s idiot. The places I have worked or interacted with which forgot this all went bust later down the line. Every single one. Every organisation I’ve had interactions with which had a dictatorial management chain and know you place dumbing down all, eventually, got done for criminal activity.
echo •
https://www.youtube.com/watch?v=zvwDen1Wrx8
The Ministry Of Ungentlemanly Warfare (2024) Official Trailer.Based upon recently declassified files of the British War Department and inspired by true events, THE MINISTRY OF UNGENTLEMANLY WARFARE is an action-comedy that tells the story of the first-ever special forces organization formed during WWII by UK Prime Minister Winston Churchill and a small group of military officials including author Ian Fleming. The top-secret combat unit, composed of a motley crew of rogues and mavericks, goes on a daring mission against the Nazis using entirely unconventional and utterly “ungentlemanly” fighting techniques. Ultimately their audacious approach changed the course of the war and laid the foundation for the British SAS and modern Black Ops warfare.
OMG. Super title and lots of well dressed commando types blamming off like no tomorrow in exotic locations. The sharp eyed will spot the trailer shows a few bullet points lifted from the real WWII from Churchill’s “set Europe ablaze” to riffs on Nancy Wake (of French Resistance and later SOE fame codenamed by the Nazi’s “White Mouse”) to the SAS airfield raids and onwards so happy with this. Pinching the bosses cigars? That fits. lol. I also like the action cartoon style.
Uuuuh. A Guy Richie movie. Not so great. I just feel uncomfortable with his undertone of toxic behaviour and women always being second fiddle cardboard cutouts. That… does… get… up… my…. nostrils. On the plus side he does actually make an effort to have a story. Of course it’s going to be CGI’d up the wazoo which softens the edge of danger. The world hasn’t been the same since movie stars didn’t have the risk of breaking both legs and ending up in hospital for six months, or six car flaming pile ups in Formula 1.
The last war movie I really enjoyed was Where Eagles Dare but that was yonks ago. Flipping amazing theme tune! It really helped it was based on a ripping good yarn written by Alistair MacLean!
It’s a shame that the previous Cavill vehicle The Man From U.N.C.L.E. didn’t turn out too well because it had a duff story. Let’s hope this one is better.
A Most Ungentlemanly Way of War: The SOE and the Canadian Connection
Colonel Bernd HornAn examination of the SOE, its accomplishments, and the Canadian connection to the organization.
During the Second World War, British Prime Minister Winston Churchill created the Special Operations Executive (SOE) to conduct acts of sabotage and subversion, and raise secret armies of partisans in German-occupied Europe. With the directive to “set Europe ablaze,” the SOE undertook a dangerous game of cat and mouse with the Nazi Gestapo. An agent’s failure could result in indescribable torture, dispatch to a concentration camp, and, often, a death sentence.
While the SOE’s contribution to the Allied war effort is still debated, and many of its files remain classified, it was a unique wartime creation that reflected innovation, adventure, and a fanatical devotion on the part of its personnel to the Allied cause.
The SOE has an important Canadian connection: Canadians were among its operatives and agents behind enemy lines. Camp X, in Whitby, Ontario, was a special training school that trained agents for overseas duty, and an infamous Canadian codenamed “Intrepid” ran SOE operations in the Americas.
And:
https://www.veterans.gc.ca/eng/remembrance/history/second-world-war/uncommon-courage
One WWII show I liked was the Candian/Hungarian production “X Company”. It was based loosely on training camps set up in Canada and Canadian’s participation in WWII with SOE and MI9. Ooof. That had some rough moments which make you think.
Outside of the movies and propaganda movies I know real war is not fun.
ResearcherZero •
Part of learning is unfortunately through experience. You have to try things to find out what does not work. There is nothing wrong with asking questions either. The web has many guides how to accomplish a task, but solutions do not work for every situation.
If someone is having difficulty with a particular problem and needs some help then asking can sometimes be the solution. The best way to learn is to have an old or cheap system that you can break, because you can render a system without a GUI fairly easily.
A Live CD of a Linux distro is also very helpful for getting back up an internet connection and repairing misconfigurations in system files.
Learning the command line and how to setup a firewall is a great learning experience.
The first step is to learn how to repair a system from a recovery console or terminal without a GUI. The next step is to learn all the individual components in your device and their chipsets. Most recent operating systems these days, handle device drivers and firmware updates for the user, but it is good to make a list of the actual hardware.
If you want to learn or attempt more advanced customised configuration changes, you need to know what specific CPU you have, and what features your CPU supports, what chipset the motherboard uses to communicate with the CPU and other devices. Network adapter models, drives and their specific controllers, other ports (like USB) and their controllers, display adapters, keyboard layout…
Before trying any of the following you may want to first try a VM. Running a vrtual install of an operating system is very simple, but it does require plenty of free drive space. You can run any operating system within 10GB of free space. A little extra helps.
A Linux Live image on a USB stick is also useful to test if a device is supported by that version of Linux and the network adapter, touchpad, sound, display will all work properly.
It is better to run Linux on a system without Windows.
It is often better to add another hard drive if you want to dualboot.
Do not modify your Windows partition, Win Recovery partition, or Boot partition from within the Linux installer if you decide to add Linux to a Windows system. You must make changes to Windows partitions from within Windows first, such as resizing a partition to make room for a Linux install.
(modifying Windows partitions from within Linux is only for the hardcore)
Of course you must backup first because you are going to break stuff and a recovery install may not be possible. Learning how to do a custom Linux install is a great first step in discovering how a system is formatted and how it boots.
For old legacy systems with MBR to fix the bootloader from the recovery console…
“Use the “FixMbr” option when you need to repair Master Boot Record corruption problems or when you need to clean the code from the MBR.”
(with the ‘bootrec /FixMbr’ you won’t damage partition info and lose your data)
https://www.digitalcitizen.life/command-prompt-fix-issues-your-boot-records/
‘https://www.ionos.com/digitalguide/server/configuration/what-is-mbr/
A Linux system can be repaired with a recovery install using a Linux install image on a USB stick.
Newer systems use GPT and a GUID for uniquely identifying each partition.
https://uefi.org/specs/UEFI/2.10/05_GUID_Partition_Table_Format.html
“A Universally Unique Identifier (UUID) is a 128-bit label used for information in computer systems. The term Globally Unique Identifier (GUID) is also used”
‘https://en.wikipedia.org/wiki/Universally_unique_identifier
ResearcherZero •
The open remoting software provider AnyDesk has been breached.
Source code and private code signing keys (certificate) possibly stolen.
‘https://anydesk.com/en/public-statement
–
You also need to be an administrator to fix the bootloader.
‘https://windowsreport.com/bcdedit-windows-11/
If you are still using MBR (legacy BIOS, not UEFI) and the system was not set up as GPT…
Modern windows such as Windows 11 uses a different system and a slightly different syntax for the command to repair it’s bootloader. If you damage the bootloader and startup repair will not work then further steps may be required if you do not want to perform a fresh install.
‘https://woshub.com/how-to-rebuild-bcd-file-in-windows-10/
Once you get a hand on Linux, it is like a dream in comparison to install, setup, and repair, but there are a few things that Linux does not include as default and must be added manually. Non free (non-free), and additionally for newer linux distributions, non free firmware (non-free-firmware), must be added to the sources list to support closed source software and firmware and get the latest firmware security updates.
Many Linux distributions do not include encrypted DNS and randomised MAC addresses as default options, this may need to be added manually. Hence it is first best to learn how to use the distributions package manager, the terminal, and how to repair the system before you break the DNS settings, the network manager, and the system will not boot.
It’s fairly simple to make a misconfiguration error when setting up encrypted DNS which prevents the system finish booting, or some other mistake which takes out the network adapter. Linux has come a long way and there are much fewer problems with dependencies.
Learning to fix such mistakes from a terminal without booting to a desktop makes life easier. Testing things before you reboot the system and how to kill and restart a service (or a daemon) makes this all so much simpler.
SUDO also forces people to learn about permissions, and is very good for setting the access that other user accounts have to the system. Learn to set up SUDO.
Don’t cheat and do everything from root, learn to use user accounts and SUDO.
Once you learn all of the basics it is much simpler system to run than Windows, and much more powerful, as it gives you a greater control over what you want in a system. This does come with a steeper learning curve, but there is also a huge quantity of MAN pages and support. Unix based systems also come with better security out of the box.
ResearcherZero •
As a rule of thumb, do not delete the system partition unless you want to reinstall. 🙂
ResearcherZero •
cred dumping via SMB and calendar phishing through MAPI
“Based on our estimates, from approximately April 2022 until November 2023, Pawn Storm attempted to launch NTLMv2 hash relay attacks through different methods, with huge peaks in the number of targets and variations in the government departments that it targeted.”
‘https://www.trendmicro.com/en_us/research/24/a/pawn-storm-uses-brute-force-and-stealth.html
–
account impersonation and hijacking
‘https://github.com/mastodon/mastodon/security/advisories/GHSA-3fjr-858r-92rw
–
Give users user accounts and assign them access only to what they need. Do not give them administrator access and never give them an admin password.
‘https://steflan-security.com/linux-privilege-escalation-checklist/
tips on how to check
‘https://delinea.com/blog/linux-privilege-escalation
user ID’s and permissions
The range of IDs from 100 to 999 is reserved for system administration.
On Linux and Unix operating systems, any user with a user ID above 1000 is considered a non-default user.
The user ID “0” is reserved for the root account, which grants super-user privileges.
‘https://iasad.me/blogs/linux-privilege-escalation/
Viewing and Understanding File Permissions
‘https://www.howtogeek.com/437958/how-to-use-the-chmod-command-on-linux/
–
Penetration Testing Your Systems for Privilege Escalation
Windows privilege escalation (some Nmap and NetCat knowledge might help here)
‘https://www.youtube.com/watch?v=aD_KlzVK834
SUID, SUDO, dumping, kernel exploits and vulnerabilities
‘https://www.youtube.com/watch?v=w2rElXYV2Fs&t=267
Something you should not try on systems you do not own in case you do gain access. (possible jail time) The law is a little blurry…
‘https://www.theregister.com/2024/01/19/germany_fine_security/
echo •
This sounds like the stuff of movies and, I suppose, it is if framed this way but there is a “shadow operation” out there slowly eating away at the far right. I’m not directly involved. I just know people and what is happening.
I am aware that far right organisations have been penetrated. That’s where the data dump for Project 2025 came from as well as previous leaks. I am also aware of people who have done network analysis to map out far right organisations and individuals and activity, and who combined this with previous data to effectively “out” this network. I know one of the people who did this work. You will have read about this in the legacy media. What you won’t read about in the legacy media is I am also aware of people who have access to raw internet traffic and telecoms data at a pinchpoint level and who have monitored far right activity and events in real time. There are also people working with or adjacent to the International Court of Justice who are building a case against these organisations and individuals for formal submission at a future point, or other action as appropriate and achievable. Personally, I feel it’s a bit irresponsible but someone just published a redacted version of personal information for far right and far right aligned politicians and journalists and celebrities including names, addresses, telephone numbers, email addresses and passwords. (They have the full unredacted data.) It has been publicly confirmed by at least one of the named people the data is accurate.
I’m not posting links or making more comment on this. It’s just interesting how networks can be dual use in the sense they can be used by bad actors and those who oppose them. In a lot of ways by using this “tool of power” they convict themselves. Stripped of power they are often pathetic.
https://www.youtube.com/watch?v=joGisGt2xOY
Sentencing of Brianna Ghey’s killers.
I mention this as on the day sentencing was passed by Judge Yip of the killers of Brianna Ghey that the “usual suspects” swung into disinformation and distraction mode. Disinformation was published by the New York Times, a high profile author who will not be named (“She who will not be named”) was openly attacked a lesbian book author as a distraction, and there was a far right demonstration at Kings Cross railway station also as a distraction. The US LGBT rights organisation GLADD immediately responded by posting a well researched rebuttal. Some names are named and fingers pointed.
Court reporter Andrew Bardsley will bring you the latest from court in our live blog below…
I followed this case from day one. The most responsible sources are the Manchester Evening News, The Liverpool Echo, and the Warrington Guardian. The details of the trial were graphic and distressing. I also followed the sentencing live. The victim impact statements by Brianna Ghey’s family are very emotional. Many have commented on Esther Ghey’s dignity and strength while it was obvious she and Brianna’s sister were deeply effected by the loss of Brianna. The victim impact statements show how utterly devastated and broken they were and how deeply they missed Brianna. I cannot fault the highly respected Judge Yip. She delivered sentencing to a packed court and a packed second overflow court viewing on video link. Her sentencing was professional and exact and left no room for escape. It is clear from her tone the case impacted her. It was an emotional acknowledgement in a system which can appear soulless. While it will never bring Brianna back I felt, for myself at least, this brought a closure.
I remember the deaths of James Bulger and Stephen Lawrence. Names burned on the national consciousness. “Baby P” and other young children who fell between the cracks. A mentally ill black man who starved to death because of the DWP. Bronson Battersby who starved to death clutching the dead body of his father and not found for two weeks. Hate and neglect and loneliness kills. Then there are the wars. A husband clutching the hand of his dead wife. The broken body of a mother and children lying on a road. A mother crying and screaming from the depths of her soul as she touches the broken remains of her only child dragged from the well his killers threw his body into.
I’ve heard the screams of a man being murdered in the distance. Women being beaten. A taxi driver driver having his head smashed against a car. I’ve been ten metres and ten minutes away from the scene and moment of a murder and gave a statement after walking past what I presume to be the murder weapon dropped as the murderer made his escape.
I’m lost for words and numbed just thinking about it. The forces that cause it. Unthinking career opportunism at the top. Privileged middle class chatter at dinner parties. The wealthy connected people who fund the slow drip drip of manufactured hate.
https://www.cheshire-live.co.uk/news/chester-cheshire-news/once-met-never-forgotten-lasting-28353390
“She is dignified, strong and a warrior mother. Being there for Brianna not only when she was alive, but standing strong for her in her death, in a way that I am totally in awe of.
“She is dedicated to making a positive legacy for Brianna in helping other young people. To create something so positive out of such personal pain and tragedy is truly remarkable. She is just that, remarkable, and I am very proud to call her my friend.”
It’s funny how time is a circle. Over a decade ago I lobbied for “mindfulness” to be taken seriously. Nothing much happened until a new government set up a “mindfulness unit” reporting to Downing Street. I still have an email from Lord Layard, a mindfulness enthusiast, from that time. After a few years of inactivity the current government quietly wound up this unit only a few months ago during the trial period for the killers of Brianna Ghey. I’m not 100% convinced this is a coincidence.
Esther Ghey set up “Peace In Mind” a mindfulness charity to roll out in Warrington then nationally as a legacy for Brianna’s memory. She wants Brianna’s death to mean something good and for her to be remembered for the joy she brought into peoples lives. The family also requested that the names of her killers be forgotten.
As alluded to at the top the work continues to bring those who loaded the bullets into the gun that killed Brianna is ongoing.
Subscribe to comments on this entry
Sidebar photo of Bruce Schneier by Joe MacInnis.
Original Post URL: https://www.schneier.com/blog/archives/2024/02/friday-squid-blogging-illex-squid-in-argentina-waters.html
Category & Tags: Uncategorized,squid – Uncategorized,squid
