Author Archives: 0hbrian

About 0hbrian

A life-long New Yorker who works in cybersecurity, studying IA, cuts wood, and watches way too much NBA basketball.

Getting Virtually Started

OK.  Once you’ve downloaded Ubuntu the next decision will be where to install it. My suggestion is go virtual.  I run Linux on my corporate laptop and on my personal iMac; both using VMware Fusion.  As of this writing I am running v8.5 and the current version for Mac is v10.  The other way of going is to install VMware ESXi on a server and create a Linux virtual machine.  That’s a great way of learning not only about Linux but also virtualization.


Getting Jiggler with it….

One of the modern corporate technology problems I used to deal with almost every working day was the screen saver settings on my corporate laptop.  The corporate security team has done an amazing job of locking my PC down and making it safe. The down side of that is that they control the screen saver settings so that after 5 minutes my PC will display the screen saver and require a password to make it go away.  If I’m presenting or delivering a demo this is not good.

Then I purchased and installed a WeiebeTech Mouse Jiggler ( This tiny USB device looks like another mouse to my PC.  More importantly it behaves like a mouse that is always moving.  Not moving so much that you see the mouse on the display move; but enough so that the screensaver doesn’t start.

Now I can plug in this very small USB device during preparation for a presentation or demo and not have to concern myself about the screen saver.

The Jiggler has other uses.  If you are a security or forensics professional you should probably have one of these in your pocket at all times.  If you are asked to examine a computer plugging the Jiggler in will make sure that the screen saver (and potentially a password challenge) doesn’t happen there.


It all in the Cloud(s)

The Internet is changing yet again. One of my predictions for 2018 is that everyone will witness a migration from corporate or private data centers to the ‘Cloud’, or Internet hosted data centers. There have been tremendous advances made in both securing the Cloud and sharing with the broader technical community how to secure the Cloud.

Some important reading material about Cloud security includes:

Amazon’s Shared Responsibility Security Model,

Azure’s Security Center, and

Google’s Application Layer Transport Security.

International Cyber Conflicts @ Coursera

I just finished the course ‘International Cyber Conflicts’ at Coursera.  The course was developed and led by professors Sanjay Goel and Kevin Williams from the State University of New York at Albany.  This was a five week course that consisted of recorded presentations with inline questions; discussion forums; and end of week quizzes.

The presentations and readings for this course were good.  After several readings referred to Cybersecurity and Cyberwar by Singer and Friedman; I elected to buy the book.  I had been able to obtain the book through my local library on an inter library loan.  After the second reading I really enjoyed the book and purchased it via Amazon.

I would say the only downside to this course like others that I have viewed is that the discussion forums were not really that good.  The discussion forums themselves merged comments from previous offerings of the course (from about a year ago).  I can appreciate why the instructors did this ; in an attempt to seed the discussion forums and get more people contributing.  I didn’t think that worked.  and then as with many Coursera offerings some people just don’t understand or seek to contribute to the discussions. Tighter moderation might help there.

I enjoyed the course and would recommend it to anyone interested in cyber security.  The cost for the course was free unless you request a completion certificate.


USB Forensics

I recently came across two very good articles about USB forensics.

The Hitchhiker’s Guide to USB Forensics was published at the Cyberforensicator site by Oleg Skulkin and Igor Mikhaylov.  It is a very well thought out an written description of how to find out by operating system analysis what files have been copied to a USB device.  They used a Windows 10 virtual machine and the Oxygen Forensics AXIOM tool to conduct a basic analysis.  They are locating evidence about what files have been copied or moved.

I was looking for references to how to investigate just the USB drive itself.  I found the SANS Computer Forensic Guide to profiling USB Thumbdrives on Win7, Vista, and XP. This is a blog post by Rob Lee dated September of 2009.  This was more in line with what I was looking for given I that one found the USB device and wanted to start treating it as evidence. Rob had written about the differences between analyzing USB thumb drives and drive enclosures.  There was much good info in both posts.



Understanding the Real Threat (NY Times Editorial)

Today the New York Times Opinion pages offered an editorial titled ‘Combating the Real Threat to Election integrity’.  Authored by the Times Editorial Board the essay has two faults.  One is that it continues to pile on the story that the Russian Government is responsible for cyber attacks aimed at the United States electoral system.  The second perhaps more glaring fault is that the United States Federal government should somehow pay for securing the voting infrastructure to be used in future elections.

The Times Editorial Board attribution of various cyber attacks to the Russian government is just plain wrong.  While various unnamed sources in the United states Intelligence Agencies (we are told by the US Media) have evidence that the Russian Government is responsible for these attacks; I’ve not read any report from any credible Internet security specialist that ca provide hard evidence to back these claims.

Suggesting that the US Federal government pay to secure the electoral system is wrong.  A vote is the right of every US citizen.  Sadly, slightly better than half choose to exercise this right.  However the US voting system is structured so that citizens vote where they live.  Local election officials should bear the responsibility of securing elections.  Providing them with financing care of the Federal government is a mistake in that those local officials would not be accountable to the source of the funds.  Local election officials and local governments should bear the cost of securing the vote and be accountable to local citizens.

What is needed from the US Federal government are standards regarding cyber security and the electoral process  that local election officials can both understand and implement.

The State of Internet Privacy? In Shambles. Moving on.

Many would consider me an Internet Old Timer.  I used ‘The Internet’; then ARPAnet back in the days when I worked as a Software Engineer for a US defense contractor. Securing communications and having confidence in message integrity; both in the identity of the sender and in the integrity in the content have always been important if not vital to communications over the Internet.  I was struck by this blog post in part because I have heard of Filippo’s work but most of all because I completely agree with his message.


Digits that Define Your life? Look at your Cellphone.

It’s always interesting when a technology story makes the front page of the Sunday New York Times.  On this day ‘Your trusty Cellphone Number: 10-Digit Code to Trove of Secrets’ by Steve Lohr grabbed mu interest from the lower left corner of the paper.  Lohr writes an interesting and well researched article about about the use of an individual’s cellphone number effectively not only taking place of another more sensitive value (the social security number).  Lohr also points out that the importance in communications (as people move away from landlines) as well as a means of creating a numeric index.

The article references a second line service available for smart phones; a free application called Line 2.  Computerworld’s Rick Broida wrote a good review of second line services in May of this year.  That article features a comprehensive comparison chart that included services such as Google Voice, Sideline, and eVoice in addition to Line 2.


1Password & Chrome on the Mac: “code signature could not be verified”

Over the past two weeks I’ve noticed that on my iMac 1Password and Chrome have not been playing nice together.  When i try to use 1Password to fill in passwords in Chrome I’m seeing the message “code signature could not be verified” pop-up.  In typical 1Password fashion the message includes a link to the troubleshooting guide with steps that need to be taken to resolve the problem.  I thought I ran this down twice or three times.  Was it my AV?  Was it a needed login?  Was it a needed update?   It turns out the fix was incredibly simple.  Chrome had gotten stuck on a version upgrade.  Opening up Preferences from the Crome menu you need to look at the ‘About’ section.  My instance was not up to date.  The fix was easy; I just selected ‘Relaunch’ from that same menu.  Problem solved.

Screen Shot 2015-08-09 at 7.56.15 PM

Websites Intentionally Disabling Password Managers

It wasn’t just me.  The folks at Wired have noticed that some web sites are not really very password manager friendly.

I travel fairly often.  Lots of that travel is for work but I do get around on personal business and to get away.  One of my go to sites for travel is Hilton dot com.  I’ve been a Hilton customer for a long time.  I like their hotels.  I think they treat me well where ever I go.  This isn’t an advertisement for Hilton; your mileage (and accommodations) may vary.

When you sign in at the Hilton site you typically see a prompt for a user name and password along with a check box for ‘remember me’; where the site drops a site cookie to your browser.  This window also has ‘forgot your sign in’ and ‘register for site’ dialogues.

The annoying thing is that Hilton has added a check to see if you are a robot.  It seems like if the cookie isn’t found in your browser, the site will add a robot test to see if the session has a user attached.  I found the test usually involves matching text to pictures.  The annoying thing about the test is that if you often clear cookies (like many security researchers and I do) you’ll run into this robot check more often than the general public (many of whom unknowingly tolerate cookies).

If I use my password manager this test comes up after that software has filled in the username and password fields and submits that data; so my login fails.  Once that fail happens I have to complete the form and the robot test manually and then submit.

It is mildly annoying but I’m still spending lots of time at Hilton properties.