after reading ridiculous, made up story of british SAS, hiding under alias “Andy McNab”, trying to tell his version of Rambo&Commando-style fictious account of Iraq operation i couldn’t find story that was so exaggerated and made-up. in reality, his total ineffectual commanding style and bravado led to death one of his own team members, and injuries as well as captivity for rest of them. that was independently verified by Michael Asher and Peter Ratcliffe. ...
on the upcoming thursday, 10th of october at 7pm i’ll do a short talk with Maciej Broniarz from Warsaw University about security from not-so-typical point of view. please register and see you in Leon Koźmiński Academy hall.
…are better at building TCP stacks than we are. i came across the track of an interesting project - RemyCC, providing greater efficiency and at the same time a better division and lower delays (on average). it is worth to look.
for a moment, let’s assume those are rumblings of man worn out by pulling couple of all-nighters in one row. we have to assume that security intelligence services will want to listen to everything and everywhere. that includes NSA sniffing all traffic in major interconnection points at largest service providers. and, obviously - we don’t like it. why we can’t get back to original idea, that all point to point communication should be protected by IPsec (ALL COMMUNICATION). widely deployed IPv6 with devices that will support it makes this possible. the fact that nowadays even small devices can encrypt traffic at very high speeds helps. one of the less known IPsec discussions before standarization, was idea that nodes using IPsec should constantly generate traffic - but not exceeding available link bandwidth (to avoid buffer bloat). service providers generally removed data caps (apart from mobile operators - which may change after migration to LTE). our sniffers can’t record all of this traffic, and decrypting IPsec traffic is unfeasible to say the least. you can’t also selectively record, as all is encrypted. will intelligence agencies have money and power to break AES? well, not now, but let’s say it will be possible in near future. but your idle device is anyway generating gigabytes of random connections to fill up the link (of course there’s question of how analytics and statistical traffic monitoring can help select only interesting pairs, but given programmers invention i bet it’s doable with some level of effort). ...
Maciej Broniarz invited us to take part in new security focused conference. Aegis (just like Aegis - American integrated naval weapons system) will take place on 2nd and 3rd July at University of Warsaw. i hope that most of you will decide to take part of it, as judging from agenda. together with Maciej we’d like to also have a panel on DDoS attacks, and then we’ll deliver session together - ‘security by duct tape’. in other words, we’re going to show you best examples of security practices to avoid following. ...
…a book by Steve Davies is a very interesting coverage of USA pilots testing Russian Soviet-era MiG 15s, 17s, 19s, 21s and 23s at Tonopah range. the same that was used to test Lockheed F-117 and launch to simulated sorties with F-4, F-14, F-15, F-16 and F-18s coming in from Nellis AFB as part of Top Gun training. there’s next book on the same topic waiting for me in stack. recently, i was digging through a lot of air combat material, mainly because of getting hold of Osprey Combat Aircraft series. that included Vietnam-era series on MiG-17/19/21s, on F-14 in Iraqi Freedom and Enduring Freedom, F-15C, F-15E and F-117 during Desert Storm and SR-71 operating over Europe and middle East. on top of that, i recently read Skunk Works by Leo Janos, Flying the A-10 in the Gulf War and Flying the F-15E in the Gulf War. i highly discourage you for even trying to get hold of “Bandits Over Baghdad”. it contains a lot of errors, wrongly described photos and it seems - a lot of other content from both Skunk Works and F-117 books. ...
you could meet me sometimes during late night hours on Call of Duty Modern Warfare 2 multiplayer servers. now, i decided to change environment a bit and return to love of my life - flight simulators. i dusted off CD with Microprose Falcon 4.0 and i’m downloading BMS patches while reading about Allied Force (CD is already on my way from one of the Amazon warehouses). i’m still using Saitek Fly 5 but if i’ll be able to find more time to fly - there are couple of better sticks out there. after watching some youtube videos, old memories are coming back - with packs of friends doing missions together. ...
…you have to get back to good old CLI. i’m trying to export VM from very remote VMware vSphere 5.1 to OVA. unfortunately, packing 40GB is not apparently easy, as the whole process fails at different stages with error called by VMware simply timeout (yeah, kudos for brevity). so you have to enable SSH and then copy whole directory with SCP. for optimal transfer from remote location it make sense to use additional parameters: -C and -o CompressionLevel=9 to get locally fully functional and packed OVA: scp -C -o CompressionLevel=9 xyz@zdalne_IP:/vmfs/volumes/very-long-uuid-string/vm_name/\* . ...
next thursday, april 11th, i’ll be visiting Warsaw University on invitation from Maciej Broniarz to have a chat about security from service provider point of view. note it will be mechnism and best practice related talk, not vendor pitch. i’ll mention blackholing as well ;) i may have some gadgets and freebies to give away - so please prepare good questions and see you there!
last CloudFlare DDoS demonstrated, that 300Gbps is no longer some magic barrier for attackers. given such throughput, you can easily drop country like Poland from Internet. of course, immediately such concepts like ‘critical infrastructure’, country financial stability come to mind. i’ll be one of the panelists of RIPE 66 meeting dedicated to BCP 38. it’s one of the things (implementing BCP38!) that you just have to do, to make sure internet is safer. of course closing open resolvers is another one. take care of your network hygiene! and big FIBs! and 100GE interfaces! ...