Category Archives: Security

Energy, Security

Binocular Night Vision Goggle II

Leave a comment

One deep dark night on a dirt road on a remote mountain of an even more remote island, I rode swiftly downhill, passenger of a pickup truck. The driver shut our lights off. We sat in silence as the truck skidded and careened along the dusty road.

I barely could see the driver’s hands rolling quickly back and forth on the steering wheel to keep us from driving off the cliff ledge to our left. He didn’t slow down after lights-out, and when I turned my head more towards him he said warmly l’appel du vide or something like that and smiled broadly at the barely visible road ahead.

While the road itself is seen better with headlamps, by shutting them off we actually expanded our visibility further and were safer overall. And of course we revealed ourselves less dramatically (noise and dust still were emitted), which can reduce blindness in oncoming vehicles.

With so many experiences like this in the past, I often see lights as pollution and wonder how much longer we must accept theories of Victorian street-lamps as safer?

Apparently, the original lighting in London was so poor in 1763 that James Boswell was able to have sex with a prostitute on Westminster Bridge. The shadows and gloom of the pre-electrified world not just provided privacy for Mr Boswell’s actions but it was also a haven for crime.

To be fair I have seen couples having sex in the broad daylight on the eastbound platform at Charlton Station (CTN) in London, so it might not just be about visibility. Anyway, developing better vision integrated directly into the windshield, or our glasses seems like a much more sane and modern idea than trying to increase lumens everywhere. We wear sunglasses while driving, why not a night glass?

We save immense amounts of energy when we choose to leverage starlight and ambient heat, and reveal so much more…fortunately the US military is a big investor in technology along these lines and the latest iteration sounds quite nice:

The BNVD amplifies the small amount of existing light emitted by stars, the moon’s glow or other ambient light sources, and uses the light to clearly display objects in detail in very dark conditions. The COTI uses heat energy from the Marine’s surroundings to add a thermal overlay which allows the image to be viewed more clearly.

This seems light years ahead of driving with a common joint electronics Portable Visual Detecting or Range and Bearing, Search (AN/PVS)

Security

LADA Registration Unlocks GRU Database

Leave a comment

Researchers looking into the recent GRU arrests have uncovered a trove of information because sloppy Russian spycraft. Speculation already is that GRU is severely breached.

In the course of researching the authenticity of the personal data of the four individuals, Bellingcat was able to locate one of the four GRU officers identified by the MIVD in a Russian automobile ownership database. As of 2011, Alexey Morenets was the registered user and/or owner of a Lada (VAZ 21093) car. […] By searching for other vehicles registered to the same address, Bellingcat was able to produce a list of 305 individuals who operated cars registered to the same address.[…] The database contains their full names and passport numbers, as well as — in most cases — mobile telephone numbers.

That’s a GRU-some breach with a LADA data!

LADA VAZ 21093, named after the goddess of beauty in Slavic mythology

I used to give talks about medical data (zipcodes of doctors) being connected in this way to de-anonymize people using big data. This new example is superior in so many ways, not least of all because it highlights Russian experts at actively poisoning information, let alone people, haphazardly failing at their own game.

Security

Password Safe (psafe3) and Password Gorilla Import to KeePass

2 Comments

Password managers have become something of a religion, which is a very good sign in theory. People getting passionate about protecting their stored secrets sounds like a win for infosec management. On the other hand, discussions may get heated about an exact password manager one should worship. Imagine office rules soon may be updated to say it is inappropriate to discuss politics, sports and password databases.

Of course for those who see all the religions as roughly equivalent in spirit, none of them being perfect and all having some virtues, they may seek easy conversion paths to embrace options. Come along and don your pope robe, grab a yarmulke, put on your tilak, etc. and covert your belief secret tomes by sliding easily between password databases.

For example, just a few years ago a couple of computer science researchers credited PasswordSafe as the most…

Wait for it…safe implementation.

It seems fair to require that a password manager that asks users to authenticate themselves with a password, at least provides secrecy and data authenticity. This is currently only achieved by a single password database format, namely PasswordSafe v3. As a general rule, a password manager should be explicit about the security offered by the underlying database format.

Thus in 2015 one might rightly be expected to worship the psafe3 scriptures as holier than thou. Now that we are in 2018, however, others have rightly pointed out that PasswordSafe and the cross-platform version PasswordGorilla have seen few updates. As other password managers are iterating more rapidly, the believers wonder when will PasswordGorilla 1.6 drop and can their faith last until such prophecy comes true?

KeePass in particular has been developing a large following, and I’ve been told there’s an entire plugin movement devoted to the art of bringing other faiths under their big tent. This makes it one of the better examples for those looking into multi-platform solutions with flexible options. Apparently the conversion steps are simple.

Prerequisite: This conversion presumes you have a psafe3 file on a running Windows system, such as PasswordSafe installed on a virtual machine easily downloaded from Microsoft.

A) Conversion from psafe3 (version 1, 2, or 3) to kdb (version 1)

  1. Download the old version 1.09 zip file of KeePass (max supported conversion version)
  2. Download the PwSafeDBImport plugin zip file
  3. Extract the KeePass 1.09 zipfile to a new directory
  4. Extract the PwSafeDBImport.dll to the same directory
  5. Start KeePass.exe
  6. Select the Tools drop-down and then Plugins
  7. Right-click on the PwSafeDbImport plugin and choose Enable
  8. Exit KeePass
  9. Start KeePass (to load the PwSafeDBImport plugin)
  10. Click on the New Database icon and set a strong master key (KeePass recommends 96 bits or more)
  11. Select the File drop-down, then choose Import from and select PwSafe database (option at bottom, do not select psafe2 TXT file)
  12. Select the psafe3 database you want to import from
  13. Enter your psafe3 database password
  14. Review KeePass folders to verify integrity of imported secrets
  15. Click on the Save icon and set a kdb filename

B) Conversion from kdb (version 1) to kdbx (version 2)

  1. Start KeePass
  2. Select Database drop-down and then select Import KeePass 1 Database
  3. Select kdb file and enter master key
  4. Click on the Save icon and set a kdbx filename

Can I get an Amen?

In my next post on this topic, we will discuss hosted databases and why nobody expects the cloud inquisition.

History, Security

This Day in History: Munich Agreement

Leave a comment

Ondřej Matějka, the deputy director of the Institute for the Study of Totalitarian Regimes (ÚSTR) provides a fascinating interview on the 80th anniversary of the infamous Munich Agreement:

…the problem wasn’t that the Czechoslovak state couldn’t hold the borders. The problem was more within the society living there, where the pressure from the Sudetendeutsche Partei towards our citizens and people who were sympathetic towards other political parties, especially social democrats and communists, was big. I think the Sudetenland is an extraordinary example of the making of a totalitarian society, where one power, through terror and social pressure, is taking over power in the society

The agreement led to annexation of Czechoslovakian border territory by an expansionist Nazi regime, and the designation of this area as “Sudetenland”.

It also setback plans to overthrow the fascist dictator of Nazi Germany.

Opponents of the Nazi regime leader, such as the head of the German Army, perceived the Munich agreement as foreign states having weak appetite for more permanently ending the Nazi terror and social pressure.