On the eve of bSides Belfast 2018, one starts to tidy up the estate.  Except in this case, I’ve got too much crud all over the place, so no point in making critical infrastructure changes now anyway.  Nobody will notice!

Just like that picture of the lake up above.  Buttermere in Cumbria.  Walk around the shore, stare into the crystal clear waters and at a certain point, look really carefully and you’ll see a submerged submarine telecoms cable disappearing into water.  It runs across the lake bed and lifts out the other side and rises up over the Wainwright hills and mountains to the valleys on the other side.  Telecoms, they didn’t lay that in a day.

No-one notices, its just there.  Data, Voice, packets, bits and bytes, all in plain sight.  See if you can find your hidden infrastructure. It’s hiding in plain sight.

Further reading, if you fancy a dander:

https://en.wikipedia.org/wiki/Alfred_Wainwright

https://en.wikipedia.org/wiki/List_of_Wainwrights

Last night I caught up with CryptoParty Belfast (@cryptopartybfs) down at Farset Labs (@FarsetLabs), Belfast.

If you’ve never been to a CryptoParty it’s a global movement to (in their own words)

‘introduce the most basic cryptography programs and the fundamental concepts of their operation to the general public’.

There was a reasonable number of people in attendance, a nice mix of the aforementioned ‘general public’ and tech / security enthusiasts and as usual the hosts did a great job of making everyone feeling welcome, followed by two talks on VPN usage and Protecting Yourself Online with a smattering of anti surveillance tips, geography (i.e which countries are good vpn hosts etc) and a look at common security vulnerabilities that abound across the web.

Unfortunately I missed the June event in the Crescent Arts Centre, which looked like it was a very well attended evening; but it’s great to see regular events such as these running here.

Whilst CryptoParties are aimed at the general public, the nature of these events draws security / tech enthusiasts to them and I certainly feel it’s a great way to engage with the security community in this island.  No matter your level of knowledge and experience, you are sure to pick up some tips from the shared experience of the attendees and I’d encourage you to attend if you haven’t been before.

As usual, a big thanks to Padraig, Sean and farset labs for hosting, get their upcoming podcast Hex on Fire when it hits the wires.

Check out the twitter stream and the CryptoParty site for details on the next event and make a date to come along.

https://www.cryptoparty.in/belfast

https://www.cryptoparty.in/index

https://twitter.com/cryptopartybfs

http://www.farsetlabs.org.uk/

See you there!

On the 73rd anniversary of the Normandy landings Infosecurity Europe lands in London. 
From what I’ve heard, it’s the trade show, the bells and whistles, the shiny; the latest greatest products for the information security market. 

For me, it’s the pre-event to bsideslondon 2017 and a new event to go to. 

My peers have asked me in the past why didn’t I go to infosec? Probably because I was only aware of it on the periphery. 

The thing is, I first learned about bsides London back in 2012, whilst taking part in an early Cyberchallenge UK at the former WWII Radar station in Malvern, subsequently a Qinetiq facility. 

Talking to people brings knowledge. Everyone has experience worth talking about. Going to Malvern amongst other things, taught me about BSides. Then I went and haven’t looked back. We’ve even got a BSides Belfast now. 

As I fly across the sea, vastly more comfortable and expecting a smoother landing than those paratroops crossing the channel in 1944, it’s worth remembering the work and sacrifice of others to get us to where we are now. 

I’m looking forward to this new infosec and BSides London combo, here’s to catching up with old friends and making some new ones. 

Straight down the rabbit hole we go. 

With the BBC today publishing an article on the rise of Identity theft due to the amount of data people publish on social media, http://www.bbc.co.uk/news/uk-36701297 I’ve just gone and added a new page called info-x because I needed somewhere to put down some notes on how to do things, knowing fine well that my capacity for remembering everything can only be stretched so far.

Now, reflecting on the increase in identity theft and its relation to open-source intelligence gathering, you could well assume that since I’ve scribed an article on how to use a feature of Office365, then perhaps I am using Office365 myself.  Does this make me more vulnerable?

Do potential attackers now know that I may be an Office365 user and can target an attack using an unknown vulnerability in Office365? Who knows.

Therefore, I can neither confirm nor deny that I am using Office365.

All I will say it that there wasn’t a lot of useful information on the Technet forums.  2012 publication dates don’t really cut it for a product with a profile as big as Office.

So if you can’t find out how something works, endeavour to work it out and share it!

*I may be more vulnerable after this post, but then we are all vulnerable.

Nothing is totally secure, it just takes longer to break in.

So.

POST381 eh?

First step, after sitting on this for far too long: Set out the stall.

POST381 was an Air Raid Wardens post in Belfast during the blitz in the 2nd World War.

The Air Raid Wardens provided Guidance, Shelter and Protection to the people during the nightly bombing raids.  They provided security to those who did not know what to do, where to turn or how to protect themselves.  It seems appropriate in this age of never ending bit-based terror that this blog can be a source of information and support to carry on the fine traditions of those brave people who worked on a nightly basis to protect a way of life.

It seems appropriate after the recent 70th anniversary commemorations of the Operation Overlord D-Day landings that liberated Europe, that I finally get round to cranking this site into action.

‘Evil triumphs when good men do nothing’ – Therefore… Get it done.

More to follow as this develops.

POST381