Podcast Episode 4: Roombas, Guns, and Money - Pornhub, in Splendid Isolation

in

Podcast Episode 4 show notes:

 

This week we learn about the website that will keep humanity sane and safe during this worldwide quarantine, and beyond.

 

Absolutely not sponsored by PornHub.

 

Before the episode, Robin mentioned that she found a great certification for n00bs and career-switchers, IT Fundamentals+ (ITF+):

 

--CompTIA website: https://www.comptia.org/certifications/it-fundamentals 

--Free full ITF+ course with ITProTV: https://www.youtube.com/playlist?list=PLc6zqGSJMvCSQ3djLlfS_2LnliS-Q-FKV

 

Terms used:

 

DDOS Attack: a malicious attempt to reduce the target system's availability; often involves the use of botnets (see below)

 

DNS: Domain Name Service; aids Internet users by resolving plain-language URLs (such as www.securityzed.com) into the IP address of the machine hosting the intended content (the securityzed blog and podcast)

 

Botnet: a group of machines, often quite large (sometimes, thousands of devices), used to perform some less-than-legitimate activity (DDOS attacks, reporting inflated ad clicks/link calls to generate ad revenue, performing mathematical work to try to crack password/credentials/content that has been encrypted, etc.); typically, the owner of each device in the botnet is not even aware that their device is participating.

 

Internet of Things: Current trade name for consumer products that have an IP address but main purpose is to function in the physical world, not as compute/storage devices.

 

If you are a nerd and like physics, cats, and weaponized vacuums, check out William Osman on YouTube: https://youtu.be/7haDZWR3MYU

 

Brian Krebs, INFOSEC rockstar and the target of the giant Mirai attacks (as well as his hosting service, DYN), discussing all the topics associated with Mirai: https://krebsonsecurity.com/tag/mirai-botnet/

 

SecurityWeek article about the Mirai attacks, which includes PornHub's DNS redundancies/mapping: https://www.securityweek.com/whats-fix-iot-ddos-attacks

 

A good background on what DNS is and how it works: https://en.wikipedia.org/wiki/DNS_hosting_service

 

 

Traveling Time

in

                We’ve all heard of the Butterfly Effect: one small action somewhere can be traced to larger effects somewhere else. The idea is that everything touches everything else, because we’re basically living in a soup of molecules (on the planet, anyway-- space is more like a thin broth, not because of absence of stuff --there is, in fact, a lot of stuff in space-- but because that stuff is spread out over a very large volume). Molecules bump into each other all the time, causing reactions to those bumps.          

                Right now, we can reconstruct causes from their effects at a macro level-- after two cars collide, we can looked at the smashed vehicles and determine which one struck the other, estimating the speed each were traveling, etc. But the ability to do that on the micro-micro-micro-micro level --the quantum level-- is only a matter of sufficient computing capacity. By capturing a model of what is happening right at this moment, it is possible to reach backwards into all the possible combinations of molecular and subatomic collisions, and tell what occurred prior, leading up to the moment.

                Not time travel-- there’s no way to go back and modify what occurred. But close-to-perfect time vision. The ability to see everything that happened prior to right now. Everywhere.

                The math is staggering. We’d have to account for every atom, worldwide. And there would be some variables, as space introduces externalities to the (not-closed) system-- dust and rock and energy is constantly bombarding the planet, in non-negligible amounts.

                But once we nail the formula...nothing that ever happened before would be unobservable.

                Forget the end to privacy-- that’s already underway. But the end of ignorance...the end of not knowing. The end of mystery. We will always know exactly what happened.

                It won’t be predictive-- human beings are the reason; free will is the chaos in the soup. We add too much randomness to the formula, because we act from motivations other than instinct or reason.

                But nothing that has already happened will be shrouded from anyone. We will all know what happened, everywhere, always. The applications and implications are vast-- the ways in which this will change how we behave, interact, and function are almost unimaginable and incalculable.

                Almost.

Anatomy Of A Troubleshooting Session

in

- I wake up. Sit down at laptop, quickly notice there are aberrant issues with the keyboard: certain keys do not work, but the rest do.

- I freeze all my work/open resources. Immediately start searching for info about malware that attacks only specific keyboard keys.

- Reboot.

- Do a quickscan. No hits.

- Look over my restore points, just to make sure I still have my current data.

- Check hardware drivers, make sure they are all up to date.

- Search for more info about malware, particularly for certain apps (browser/Office). Spend a good half-hour reading about funky viruses.

- Girlfriend wakes up. I tell her that some of the keys on my keyboard aren't working. She has no tech background whatsoever.

- "Dog hair?" she asks.

- Take out the can of compressed air, spray beneath keyboard.

Dammit. Problem solved.

The Benefits of Late Adoption

in

Perhaps my greatest shortcoming as a nerd is my reluctance for early adoption of technology; I simply have no interest in the latest, bestest, newest, coolest gadgets on the market.

Yes, this can cause me to lag in my estimation of IT solutions. Yes, I am mocked (and rightly so) by students and colleagues when I tell them I still have an AOL email account. Yes, I am old and everybody should get off my lawn. But there is also an upside to late adoption:

- Huge cost savings. Huge. I can wait two years for the novelty of a thing to wear off, and get a much-reduced price when I get around to buying it. This is especially true in software, and especially especially true for games.

- I'm never involved in the proof of concept. Back when I was a young (read: stupid) man, I bought the first year-model of a new car. Within the first year of owning it, all the defects and design problems inherent in that model became quickly apparent, and there were multiple recalls. Waiting a while to buy a thing means that the first wave of customers have taken the brunt of field testing, and the thing is now ready for actual regular use.

- No false sense of security. The latest suite of products are often seen as inviolable, because they use the latest security protocols and tools; this can lead to sloppy practice and habits (like crafting and transmitting data with sensitive info, even when it could be avoided) because users feel a reliance and trust for the product. This puts them one zero-day exploit away from feeling very silly.

- Strangely enough, legacy platforms may be more secure in some ways than their new-fangled replacements...mainly because aggressors won't actually believe that those legacy products are still being used for viable purposes, and won't include legacy attack methods/gear in their toolkits. I mean, I really don't think the script-kiddies even know what AOL is, much less how to hack it. Sure, a dedicated adversary won't have a tough time getting the proper attack tools once they know a target is using a legacy system, but a dedicated adversary is going to get in eventually, regardless of the age of your platform.

- Utility/productivity is always a tradeoff with risk and security. The more I can do with a tool, the more I can lose. Losing a 256K flashstick in a hotel lobby will cause me a lot less damage than dropping a 2Tb flashstick. My old flipphone had no identifying data on it (other than some texts and a rudimentary Contacts list), in stark contrast to my smartphone (which, I think, has my DNA, cocktail preferences, innermost thoughts, and secret cookie cravings embedded in the BIOS).

No, I'm not saying that everyone should immediately regress to a Luddite position of rolling back three generations of tech in order to gain some slight advantage...but buying up the latest and greatest shiny boxes and zippy software is not the best choice, either.