Showing posts with label Archive. Show all posts
Showing posts with label Archive. Show all posts

Monday, February 3, 2014

February Infosec Links

Security

The PCI Council is delusional: claims the standard is solid when breach after breach confirms it is not.  Blames the victims for poor architecture.
http://www.bankinfosecurity.com/interviews/pci-council-responds-to-critics-i-2175

Good overview of the security landscape.  Good tools with easy configuration will be key.
https://securosis.com/blog/securitys-future-six-trends-changing-the-face-of-security

Cryptography


Privacy


Training

A hackable iOS App used to teach the OWASP Top Ten Mobile App Vulnerabilities.  Great tool to catch up with mobile security and secure application design.

Tuesday, January 7, 2014

Finalized: January InfoSec Links

Security

Researcher gets hacked and details how he investigated, mitigated, and responded to it.  Enjoyable 'mea culpa.'
https://securosis.com/blog/my-500-cloud-security-screwup

Sigh...It's not just Target that was a target over the holidays:
http://krebsonsecurity.com/2014/01/hackers-steal-card-data-from-neiman-marcus/

Krebs gets the details on how Target was compromised.  Malware on each POS relaying data back to the attackers:
http://krebsonsecurity.com/2014/01/a-first-look-at-the-target-intrusion-malware/

Cryptography

Interesting perspective on RSA and NSA kerfuffle.  Emgage the community around RSAC to counter the actions of the company, RSA.
http://www.mckeay.net/2014/01/06/still-going-to-rsa/


CryptoLocker's new Sibling PowerLocker.  Back...up...everything:
https://www.schneier.com/blog/archives/2014/01/powerlocker_use.html

Privacy

Essay on Twitter's block/unfollow implementation. Serious insight into how public services chose to protect user privacy:

Well reasoned counter-arguments to the surveillance state excuses:
http://addxorrol.blogspot.de/2014/01/why-intelligence-reform-is-necessary.html

Internet governing bodies meet to discuss how to fight pervasive monitoring (seen as an attack on the internet):
https://www.w3.org/2014/strint/

Privacy concerns from Angry Birds?  Why aren't customer usage statsencrypted?  Anyone could read this information...
http://www.theregister.co.uk/2014/01/27/leaking_smartphone_apps_nsa_gchq/

Training

Matasano teams up with Square (the Credit Card Merchant Aggregators) for an exploit CTF through a web browser:
http://www.matasano.com/matasano-square-microcontroller-ctf/

Wednesday, December 18, 2013

December InfoSec Links

NSA and Government
Shame on Feinstein: There is a cost to surveillance.
http://www.siliconvalleywatcher.com/mt/archives/2013/12/shame_on_feinstein_co.php?utm_source=buffer&utm_campaign=Buffer&utm_content=buffer54e85&utm_medium=twitter
RSA took $10mil to backdoor their crypto libraries.
http://www.reuters.com/article/2013/12/20/us-usa-security-rsa-idUSBRE9BJ1C220131220
EFF reviews how the CFAA ruined lives and slowed innovation out of fear:
https://www.eff.org/deeplinks/2013/12/2013-review-tragedy-brings-cfaa-spotlight
Getting the ungettable: The NSA's Tailored Access Operations Unit
http://www.spiegel.de/international/world/the-nsa-uses-powerful-toolbox-in-effort-to-spy-on-global-networks-a-940969-2.html
Backdoors R Us: NSA's backdoor catalog
http://www.spiegel.de/international/world/catalog-reveals-nsa-has-back-doors-for-numerous-devices-a-940994.html
Practical Tamper-evident Techniques
http://www.wired.com/threatlevel/2013/12/better-data-security-nail-polish/


Security and Cool Exploits
Via Chavaukin: 10 things Security should stop doing in 2014
http://blog.anitian.com/2014-stop-doing/
Acoustic cracking of PGP keys.  Fantasy attack made real:
http://www.cs.tau.ac.il/~tromer/acoustic/
SD Card Hacking
http://www.bunniestudios.com/blog/?p=3554

Target Breach Madness
International cards and those associated with a zip code fetch a premium:
http://krebsonsecurity.com/2013/12/non-us-cards-used-at-target-fetch-premium/
Putting a face on the Target breach:
http://krebsonsecurity.com/2013/12/whos-selling-credit-cards-from-target/
Target's faster checkout system explained:
http://www.quora.com/What-is-the-new-instantaneous-payment-system-being-used-at-Target
All PINs in the world leaked! (Tongue in Cheek)
http://pastebin.com/2qbRKh3R

Also hilarious: What happens when the common folk get a glimpse at the code behind:
https://twitter.com/neave/status/415533230579019777/photo/1

Thursday, November 14, 2013

InfoSec Links for Thursday, November 14, 2013



Adobe Breach Link Blitz:
Root Cause: Cold Fusion
Also Owned: Limo Company to the rich, famous and well connected.  Note the targeted attacks (often called spear phishing) based on the original hack:
AT&T owned too:

An interesting article on how most security amounts to Integration concerns and not true security problems.
Also, putting financial security in perspective:

Tuesday, January 12, 2010

Bitz Boxes

Old pics of my bitz I'd amased while building armies for friends and my own personal Heirs of Vulcan.

Space Marine Vehicle


IG Vehicle


IG Infantry

Tuesday, November 10, 2009

A Slight Diversion...

Pic from the ending of our group's campaign. This is the finale of Cormyr: The Tearing of the Weave where the black dragon monologues about making a deadzone of magic for miles around before getting slaughtered by the PCs. The players started saying, "We're dead, aww crap" as soon as the Gargantuan Black dropped on the table, but it was soon swapped for a more economical Large Steel Dragon as a proxy (wasn't able to get the Large Black Dragon from D&D Minis in time).

This shows a little bit of my DM style: lots of props and terrain. Dungeon Tiles make up most of the room. Plain kid's blocks give elevation and represent simple shapes, the red counters represent sacrifices for the ritual to tear the Weave and are by Chessex. The minis are a mix of Reaper and DnD Minis, some I even painted myself. In the very center is a piece of fabric my wife taught me how to gather to form a rough ball of Weave stuff.

Monday, October 5, 2009

Fimo Monsters

Assassin Vine
Will-o-wisp

Shambling Mound, "Poop Monster"

Above Miniature Points: Fimo x2 (1) + Special Techniques (Fimo armature, synthetic grass) x2 (10) = 11
Current Point Total: -200

I created these monsters as part of a recent campaign from Sculpey III. The Assassin Vine is my favorite here. I made it around an armature of wire that held together pretty well, even after the oven. The white sphere is a will-o-wisp. I attempted to use the blond synthetic grass and failed miserably. We'll see how it works next time. The third is what my group affectionately calls "The Poop Monster" and was my attempt at a Shambling Mound. It nsupposed to be covered in lichen and have rocks for eyes and teeth. The rocks worked well, but the lichen never got done by game time. We'll see if I ever get around to finishing it.

Monday, September 28, 2009

Massive Terrain Dump

Manhole Covers
Storage Tank
Dam Pump House
Dam Turbine
Mechanicus Memorial Tower

Fallen Powerline

Above Miniature Points: 51 (cancels out terrain section from the previous archive post)
Project Ideas Included Below: 50
Current Point Total: -211

I will have pictures of these guys soon. I did this terrain up for a fellow player of mine from stock on hand and buildings he wanted tweaked. I had initially gathered these materials when I decided not to try to amass a whole table's worth of terrain.

I plan on doing some water effects to make an inner-city water channel. It might count as much as 50 points after all included pieces and the new techniques I'm trying. I should have everything I need to do this project, apart from the water effects, so we'll see how soon this happens.

03302: Balthazar Ironfaith, Cleric


Above Miniature Points: N/A (Archive Shot)
Current Point Total: -262

Sunday, August 23, 2009

Warhammer: Age of Reckoning Orc Warboss

Above Miniature Points: 2
Current Point Total: -250

I'm painting this miniature for a friend. It is the Orc Warboss miniature from Warhammer: Age of Reckoning's Collector's Edition. I converted it from it's static pose by standing him atop an Empire Cavalryman that has been unhorsed and stood on. I added the shield shaped like an Orc head, and the scenic base is from cork. Pics as I take them.

Tuesday, August 18, 2009

Taking Stock

Current Point Total: -250

Here's a listing of my current projects in broad categories, once done they will be stuck through:

Warhammer 40k Heirs of Vulcan: -100 or more
  • 2 Dreadnoughts
  • 3 Land Speeders
  • 1 Land Raider
  • 8 Rhino Chassis
  • Random servitors and characters
Hordes Legion of Everblight: -46


Completed September 2009
Terrain: -51 Completed September 2009

  • Man-hole Covers (6 pts) for Sewer Rats stratagem in Apocalypse, Cities of Death
  • Dam Pump House (5 pts)
  • Dam Turbines (10 pts)
  • Storage Tanks (10 pts)
  • Fallen Powerline Area Terrain (5 pts)
  • Downed Aquila Lander (15 pts)

RPG/Random Figs: -50.5 pts


So I have at least 200 points to paint before I get to buy anything else. Small Fimo one-offs are always helpful, but I don't want to rely on that to get me anywhere when I'm under such a mountain of stuff.
Current Point Total: - 1,000,000

I don't rightly know how many miniatures I have to paint. However, here's how I'd like to document my projects:

-Picture of Original or Assembled Miniature
-Choose a Color Palette
-Explain Techniques (if using a new one)
-Work-in-Progress Pictures
-Finished Pro Shot

Techniques will be coming from the Cool Mini or Not book. I'm going to start at drybrush and move up from there. Let me know if there are any techniques you'd like to see me try.