Search Results for: denial

Quote of the Day – John Robb (8/8/2012)

By | | , ,
2 Comments

While there are still some details to sort out, it’s pretty clear that making weapons at home using 3-D printers from commonly available materials is going to become much more commonplace in the near future. In fact, as 3-D printing technology matures, materials feedstock improves, and designs for weapons proliferate, we might soon see the day when nearly everyone will be able to print the weapons of their choice in the numbers they desire, all within the privacy of their own homes.

John Robb – A Working Assault Rifle Made With a 3-D Printer

Popular Science (7/26/2012)

[When even Popular Science is admitting the obvious we all see, it makes me ponder how much longer our opponents will remain in denial.  Every once in a while we see glimmers of anger.

I will say this right now though.  There will be no bargaining.  We will not negotiate with those who would deprive us our rights.  Their attitude towards us has been scorched earth, if only by piece meal.  It has been us who have compromised historically, no more.  It is time to sweep these people into the dust bin of history with the likes of other bigots throughout history. -B]

ht Sebastian

The 2011 Brady Scorecard with 2010 UCS

By | |
9 Comments

Please see the update at the bottom or this post!

So the Brady Campaign released their updated scorecard for 2011 this year.  I saw it earlier last week and kept meaning to update my spreadsheets.  I know it’s pointless but it’s still good to numerically show how pointless it is.

If you actually believed the doom and gloom provided by the Brady Campaign you would think that the streets were rivers of blood.   I uncovered something that you might want to stick around for.  Read to the end for the icing on the cake that I found after comparing 2010 to 2011.

Before getting into that, lets get the quick run down of charts out of the way.  For reference, here is the 2010 card with the 2010 UCR.  Here is the similar data from a year ago with the 2010 score card with the 2009 UCR.  It must be noted that this data does not reflect the UCR data from 2011 as it has not been released by the FBI yet.  Expect an update later this year when it becomes available.

Here is the straight comparison of the score versus the violent crimes per 100k.

image_4_1(Old Graph, incorrect, old comments remain below)

image

(corrected graph details)

R2 dropped again to a value of 0.0016 and the correlation was calculated out to be 0.040117, while it did increase by 0.01, it is still completely insignificant and indicates there is no correlation between the Brady Score and violent crime.  Moving forward though lets just limit this to the top 10 Brady Scores.

image_6_3

(Old Graph, incorrect, old comments remain below)

image

(corrected graph details)

Again the correlation is non-existent with it coming in at –0.047.  Anything that could be indicated by the trend line is irrelevant due to the very low correlation.

image_8_3

(Old Graph, incorrect, old comments remain below)

image

(corrected graph details)

All scores above 50 had a correlation of 0.78 while the sample size renders it truthfully statistically irrelevant, it is trending in the direction opposite to which the Brady Campaign would claim.  Next up though is all those with low murder rates.

image_10_1

(Old Graph, incorrect, old comments remain below)

image

(corrected graph details)

There are 20 states who’s violent crime rate is below 300 per 100k.  The average Brady Score is 11.85.  Only three states have a score above 20, and those with crime rates below 200, the lowest in the country, all have scores below 10.

As I said above I’m now working on collecting historical data for the Brady Scores as well as UCR data.  The latter is much easier.  One item that is critical and worth noting is that the Brady Data is suspect.

Not only is it suspect, but some states will have a decrease in their score not because they passed pro or anti rights legislation, but another state has.  When the new legislation is passed the Brady’s to make their system look better will modify their categories to reflect it.  Most importantly though, as noted above, they may falsely grade states inflating their scores.  The biggest problem with that is the effect it can have by skewing the data to one side.  Currently as Florida ranks #4 in the UCR for violent crime rates it would benefit them better to not inflate the score, however what’s to stop them from inflating the scores of the states with lower crime rates.

In closing on the straight comparison, as the last two times I did this exercise, there is no correlation between higher violent crime rates and a lower Brady Score.  This can be taken as an indicator that the laws and “common sense legislation” does not have the effects they claim.

Bonus Discovery!

Now I said to read through to the icing on the cake at the end.  It has become obvious as of late our opponents have been in denial and anger.  They have been lashing out, some have been very angry, well here’s a wonderful graphical indicator as to why!

image_12_1

(Old Graph, incorrect, old comments remain below)

image

(corrected graph)

Every one of those blue lines represents a state who’s score had lowered.  The reasons for the drop in score were tied to laws passed respecting the rights of gun owners.  That sole red line is California who’s score increased by 1.  The net score shift over the past year was –34 points.  There were 14 states who helped with increasing the downward fall of the anti-rights organizations.

We won in 14 states, significantly based on their scores, while they barely got a point.  That is why we are now seeing them go through the stages of grief.  We must continue the fight less the cancer stop being in remission.  I want the cancer attempting to destroy our rights to be dealing with the 5 stages of grief, not the law abiding citizen who’s rights they want to trample.

It’s so nice of them to keep score for us on how badly they’re loosing.

*You are free to repost these graphs, however I must request that you provide a direct link back to these posts. Some individuals seem to think that providing credit to those who put forth the effort to create these doesn’t really matter.  Please, don’t be that dick.  It takes a lot of time to organize the data and graph it. If you don’t feel it takes that much time, do it yourself. So if you want to use these graphs, feel free, please just provide proper credit.

Update (2/27/2012 1000 Pacific):I screwed up.  Thank you to the observant individual who spotted it.  I used the wrong spreadsheet for the UCS data and that is actually the 2006 census data.  I will be updating everything to be correct tonight.  I should have noticed that California shifted upward in the axis that should have stayed static.  Attention to detail fail.  I will write a post tonight along with a link to the spreadsheet for people to look at.  These graphs will be updated to be correct as well, I will rewrite the current images for those who linked them.

So without further ado:

  1. I screwed up, and I used the wrong data set for these graphs.
  2. To many this could be considered misleading and attempting to hide the truth which impacts our credibility.
  3. Tonight I will fix all the graphs affected within this post overwriting the current images to be correct with the 2010 UCS.  I will create a new post with this information as well and include a link to the spreadsheet used.

Those are the three parts of an apology being used in execution for those who aren’t familiar.

Update 2/27/2012 1930:  See this post for more info (charts are being updated).

2011 Brady Scores with 2010 UCR XLSX document.

Can you say “Winning”

By | | , ,
Comments Off on Can you say “Winning”

Via FarmDad in the GBC chat room:

A new gun range is in the works for Lewisville, that hopes to offer the community a family-friendly experience and kids’ birthday parties on the shooting range.

But according to those elites in the Brady  Campaign and CSGV that has to be impossible.  For you see according to them interest in the shooting sports is at an all time low.  As we all know, this is them obviously in the first stage of grief.

Given we know they suffer from “Peterson Syndrome”*, I am wondering if their condition will relegate them permanently to the first stage of grief.  Given they disassociate from reality anyway, they can continue to live in denial without ever changing.

Think about it, what would actually cause Joan** to admit that she is on the loosing side of this proposition?  There is nothing that I can currently fathom that would induce her or her compatriots with a dose of reality to the point where they move on to stage two.  Their view of reality is so skewed and tainted they can rationalize away reality.  What is there left to move them forward?

All the while, we’re winning with instances like the above.  What’s the goal of the gun range I hear you ask?

The Eagle Gun Range hopes to offer a new experience for families seeking to educate their children about proper, safe gun use.

See, we on this side say educate and train.  The other side says ignore them and be an ostrich.  Kids on our side of the fence though know how to behave when they find a firearm.  On their side of the fence, little bobby shoots baby Randy and they scream for more gun control.  Never mind the following:

  • Prohibition of Alcohol Failed
  • Prohibition of Drugs has Failed
  • Prohibition on Murder doesn’t stop it
  • Prohibition on Rape doesn’t stop it

All those prohibitions do is affect the law abiding.  The only thing a prohibition on gun control accomplishes is the prevention of the law abiding citizen being armed to the best of their ability for their own defense.

*Peterson Syndrome seems tied to Cognitive Distortion.  I also found an article about reality distortion which seems to match as well.

Hallucinations and delusions, the phenomena that lie at the heart of psychosis, are perhaps the most enigmatic of all mental  symptoms. Both entail a mismatch between a compelling representation of reality produced by the individual’s own mind and the representation supported by objective evidence.

**I am linking her purely for Farm Dad’s enjoyment.

<+FarmDad> japate’s asshole should swallow her head when she sees that lol

The Greatest Equalizer…

By | | , , ,
1 Comment

This is a little long, but read the whole thing. It is another example of “Why I Carry.”

I received a text from a relative the other night… this is what it said:So, I’m busy at the time at a business open house and on my way home I give the relative a call.

Background:

TMM For Scale…

Before I get into the details of the story, let me relate the following. This relative is 74 years old, under 5 foot, and has silver-gray hair and is a breast cancer survivor. From now on we will just refer to her as: “Short Lady with the Gray Hair” or SLwtGH for short.  She drives a retired police car we picked up used for a decent price after her previous car finally began to die after 23 years of use.

Story:

I call the SLwtGH and she informs me of the events from her day.  For whatever reason that morning she decided that she needed to carry Tweety, her revolver with her.  She headed into Tacoma to play bridge with some friends.  For those who aren’t familiar with the People’s Republic of Puget Sound, Tacoma isn’t exactly the friendliest depending on where you are, but this was going to be mid day and she would be traveling home by 1500 so it’s not like the animals would be prowling right?

She leaves her friend’s house and at about 1440 she turns left off of E 38th street and heads North on East Portland Ave.

The full frame of the incident. The distance from E38th to Fairbanks is .4 miles.

At the time she turned left she checked her rear view mirror and saw no one behind her, blind spot clear she moved from the left lane to the right lane.

At East Fairbanks she noticed two dark color vehicles approaching from the rear. She maintained speed at 40 thinking  this is nothing significant, other than traffic.

One vehicle rapidly speeds past, immediately pulls in front, rapidly stops forcing the SLwtGH to slam on her brakes. The second car blocks the drivers side preventing immediate egress from the area. The only exit is backwards or through the vehicles.

Three men get out of the vehicles. Two out of the vehicle directly in front. The third got out of the vehicle blocking the driver side. One has a revolver at his side, another has a knife, the third has a semi-automatic pistol. At this point the SLwtGH is dialing 911 and drawing her firearm. She places it in a retention position on her chest.  About midway through their approach of the vehicle the men stop their approach. They begin conversing, the words said are unknown.  At this same time the SLwtGH is relaying her location to dispatch.

Suddenly there is a siren and lights approaching from the east. The officers pull in front of the two black cars blocking any attempted egress and the officers exit the vehicle weapons drawn.  The officer and his partner in the first car immediately took control of the situation and put the individuals in custody. Two other cars arrived shortly after.

After the officers had placed the individuals in custody they approached the SLwtGH , asked to see her weapon and carry permit.  She was then informed they were well acquainted with subjects, she was absolutely justified and had nothing to worry about. They would be going away for an extended period on multiple warrants. She was thanked for maintaining poise and thoughtfulness.

She let the officers clear the scene and then she did so.

Major notes, the criminals were traveling in packs, attempted to attack what they thought they was a soft target. This event happened in broad daylight on a thoroughfare.

AAR and my takes:

Most likely this was an attempted car jacking. As the SLwtGH was driving a retired police car it is both hardened, as well as useful if you want to imitate being an officer to rob people.  Overall the event happened quickly, it was lucky there were officers in the immediate vicinity. The SLwtGH kept her cool and remained calm event though she was under stress.

In this incident all three elements for deadly force existed:

  1. Ability: They were armed and there was no question about them being so.
  2. Opportunity: Two of the individuals were armed with ranged weapons capable of piercing the windshield.
  3. Jeopardy: The men out numbered an elderly, short, woman, blocked her vehicle, were approaching it armed, with no legal reason to be doing so.

Alternative Weapons:

While giving a debrief she noted that even if she attempted to back up, she would have still had difficulty fleeing because of the distance required to get around them. I reminded her of two things.

  1. She was in a hardened vehicle that gives her an advantage others don’t have. She could have backed up enough to wedge through the two vehicles.
  2. Her vehicle has enough power and is reinforced on the front that she could have pushed that front car out-of-the-way.

Remember your vehicle is a weapon, don’t be afraid to use it as such.

It happens fast, remain calm:

This kicked off fairly fast, I’m impressed SLwtGH was able to get 911 on the horn and have her firearm ready to rock.

This was most likely because she did not sit in denial of the events happening in front of her. Many people when confronted will deny what’s going on, trying to rationalize that this isn’t really happening or that they’re being hyper critical and the danger they’re seeing isn’t really there.  Process your input and act on it, don’t deny what you’re seeing, don’t down play it. Let the data and events speak for itself. If new data says it’s not as dangerous, great, but don’t trying and play the hypotheticals as it is happening.

Her firearm made the difference.

The presence of her firearm interrupted their game plan. This was a defensive gun use, however statistically this wouldn’t be counted.  As a side note this makes for 5 defensive gun uses in my family, in all 5 instances there wasn’t a shot fired. They had their own preconceived notion of how this was going to go down. They figured it was a soft target and would need little effort other than intimidation. When they approached the vehicle, the firearm caused them to suddenly need to start working on a new game plan. I’ve seen this happen personally in another incident where the individual was armed.

If you find yourself in a similar situation that is the moment you need to capitalize on. What has happened is the initiative has flipped, they no longer have the edge of their plan. This is when you can either talk the person down, I did in one case, wait and see if they’re going to decide discretion is the better part of valor, as the SLwtGH did here.

Additional side note, if they are already committed to performing an act of violence in their plan such as shooting you, they will likely not freeze or stop. I suspect this is because mentally that haven’t counted on the escalation path and the probability of them not surviving the encounter. Someone already committed to the violent act will most likely not waver.

Final thoughts:

Sean’s notes on this are spot on. We’ve got yet another crap gun control initiative in this state being funded by Bloomberg and company. In two weeks time there were two defensive gun uses within my family.

The issue isn’t with firearms, it isn’t with law-abiding gun owners, it’s with the tolerant behavior surrounding violent crime. We’re restricting the rights of the innocent under the guise of stopping criminals, and then acting surprised criminals are becoming bolder, because they don’t care. In the end, criminals prey on the weak. Why are we wanting the people who’ve contributed to society and continue to do so turned into prey?

Final though, don’t tell me you want to ban firearms or otherwise disarm innocent people, I am sick of playing that game. The only way the SLGH had any chance there was a firearm. Even if they had just had clubs, she’s old, small, and out numbered. You’re a sick horrible person and honestly, the body count of innocent people being dead isn’t on us. We carry every day to protect ourselves and those we love. Just look at the pastor who stopped a car jacker when he was taking his 6th car after previously shooting numerous people.

So don’t you dare tell me blood is on our hands for supporting gun owners and law-abiding citizens. 5 defensive gun uses, not a single shot fired in any of them, and in the last one:

The Short Lady with the Grey Hair stared down a bunch of armed thugs to the point where they’re now sitting in jail.

How ready are you for when violence shows up unexpectedly? Remember it doesn’t call ahead, you’re not really going to get a warning until it happens. Are you ready to be like the Short Lady with the Gray Hair?

I Think Someone Found Acceptance

By | |
2 Comments

I don’t know if he has truly accepted the truth, but the under the radar departure makes me think so.

A little Googling later, and I see that Dennis Henigan has left his employer of 23 years without so much as an announcement from the organization thanking him for his contributions. He’s now working with Peter Hamm at the Campaign for Tobacco-Free Kids.

Think about that for a second.  One of the big flag bearers of the gun control movement has packed up and left, without so much as a goodbye, after 23 years.  The way the Brady Bunch shed him is quite interesting, especially in light of their financial situation.

That situation though is yet another example of how they are constantly living in a world of denial.

Dennis, I’m glad that it seems you have finally accepted the truth.  Either that or you accepted your position was doomed to failure, either of which works.

h/t Joe and Sebastian. It was Joe’s post that made me connect it to the stages of grief.

Priceless…

By | | , , , , , , ,
3 Comments

So last weekend Joe came out and did a private party for Barb L. and her son.  This had been planned for at least a couple of weeks earlier and since it was October we figured we’d do a pumpkin shoot.

The last two we actually did after the elections for one reason or another that’s just how it worked out.  The upshot was that’s when pumpkins end up being dirt cheap since it’s after Halloween.  Well I swung by the store the Friday before and picked up over 300lbs of pumpkins. The trick is to buy pumpkins larger than their scales.

Now why would I discuss our plans about pumpkins… Well it seems that Joan Peterson (link safe), went into full PSH(link unsafe) over a video from Hickok45Joe promptly stated that he was in agreement with Joan because there’s a better way to carve pumpkins, you just use the gun as the detonator!  So without further ado, here’s a new commercial I did…

Some things are absolutely priceless.  While certainly sending Joan over the edge to spout quotes like:

So wouldn’t it be great if families got together in their neighborhoods and carved pumpkins with handguns?

Or even better, Evil Black Rifles™ like we used here.  But you know what’s even more priceless, something her and her ilk can never recreate.  Go back and look at the smile on that kids face at the end of the video.

Or this smile:

DSC_0216

Or this one:

DSC_0217

And that was despite being soaked to the bone and freezing cold.  But wait, there’s more!

DSC_1516

Honestly I could keep on going with picture after picture and video after video of the grins Boomerite have created.  But since it’s Boomerite, that means a firearm has to be involved too!

We all know why Joan says these things, she’s a delusional Puritan who thinks the world revolves around her and her feelings.  I’m sure she would object to my method of celebrating the 4th of July as well.  (Not to mention this video has yet another grin and expression of happiness!).

The crux of Joan’s rant was that bullets go through stuff, evidently most bullets contain PFM that allows them to penetrate everything and keep going forever.  You see evidently, according to her, the bullets Hickok used after leaving the pumpkin were blood seekers and sought out his neighbors and killed them.  Evidently somehow the bullets can just go straight through the berm and then fly until they find a person.

Now she does use a couple of examples of people who violated the 4 rules and tries to use that as justification for disarming everyone.  First is this quote from Tam:

I don’t care if every other gun owner on the planet went out and murdered somebody last night. I didn’t. So piss off.

Second is that she’s in a world of denial, her side lost, and her only grasps for relevancy are when people break existing law and then she claims just one piece of paper would have stopped evil or stupid.  She’s wanting to prohibit exercise of this right by everyone for the actions of a few.

Honestly the thing I think she hates most about that video, is she knows there is no way for her side to compete with the joy that shooting pumpkins brings.  So I will bring that joy to someone new every chance I get.

*Now while I was actually going to spoof Mastercard to begin with, Joan’s PSH made finding a good punchline that much easier.

This is Gonna Get Ugly

By | | , , ,
Comments Off on This is Gonna Get Ugly

So my focus is shifting largely due to focus on my professional career, limited time, and frankly the political scene is something that has me so damn angry I need shit to take my mind off of it. For instance I’ve spent my past three weekend moving servers around for a bunch of gun bloggers I take care of hosting for.

For those who don’t know I’m a host, who’s having random sabbaticals, over at The Gunblog Variety Cast.  And well if you know me or have been lucky enough to friend me on Facebook, sorry I don’t just accept anyone, overall I have a solid bead on the tech security space.

The Problem

So incase you’ve been under a rock there have been some major events recently about computer security. First up was “WannaCry“.

WannaCry propagates using EternalBlue, an exploit of Windows’ Server Message Block (SMB) protocol. Much of the attention and comment around the event was occasioned by the fact that the U.S. National Security Agency (NSA) had discovered the vulnerability in the past, but used it to create an exploit for its own offensive work, rather than report it to Microsoft.[22][23] It was only when the existence of this vulnerability was revealed by The Shadow Brokers that Microsoft became aware of the issue,[24] and issued a “critical” security patch on 14 March 2017 to remove the underlying vulnerability on supported versions of Windows, though many organizations had not yet applied it.[25]

The thing is, there’s way more that was in the Shadow Brokers dump and the hits keep coming. CVE-2017-7494 came out May 30th, 2017. This affects “SAMBA”, which is the implementation of the Windows Server Message Block protocol for Linux. I expect a decent chunk of my readership, at least of what’s left since I haven’t written in a year, just went “What!?” It’s at this point I’m going to try to break it down Barney style, ask questions in the comments.

The Windows SMB protocol is how Windows does file sharing.  So when you type something like \mymachinename\ and you see a list of folders available, it’s making use of that protocol. This protocol is also  implemented for Linux that allows you to have a Linux server serving files for Windows machines.

So before I get too much further lets talk about these exploits.  Including a very recent CVE-2017-8543 that was patched Tuesday June 13th. All of them through various methods allowed for whats called “Unauthenticated Remote Code Execution.” The scary thing about 8543 is that it is a zero day, which means that it was found being actively exploited in the wild before the release of the patch.

Logo via Softpedia.

What does that mean, someone, anyone, could cause the end point service to execute arbitrary code sent to it. This wasn’t intentional, that is what makes this an exploit. Someone found a bug that causes the service to behave in this way.  What does that really mean though? It means anyone can send a carefully crafted message to your computer that will make it does whatever they want, including encrypting your data to deny you access.

What does this mean?

So, I hear many of you saying, “Well I have Windows not Linux so I’m good just applying the Microsoft patches right?” This is where I scare the crap out of everyone.

Embedded Linux is used almost everywhere, from cell phones, to ATMs, Network Attached Storage, to the common home wireless router. The good news is really old routers didn’t really offer this as a feature, the bad news is starting around 2013 routers started shipping with USB and eSATA ports so one could connect an external hard drive and share it across the network. It basically was a feature that allowed people to quickly deploy a NAS.

Image via Bob McKay

These embedded devices are all using the SAMBA service as they’re running embedded Linux. It’s worth noting the vulnerability exists going all the way back to March 1st of 2010. So basically any and every router with these features is affected. Going a step further every NAS (Network Attached Storage) device on the market is likewise affected.

So the devices have a software bug, which allows arbitrary code execution which can result in the following:

  • Denial of access to data. It’s encrypted and only decrypted, if they feel like it, after you pay them a ransom.
    • Do NOT pay the ransom. There is no escrow and thus no guarantee you will actually recover your data.
  • Exfiltration of data. Someone searches through your data, saves what they can make money from. Could be IP theft or blackmail.

But it’s a software bug, we just need to get the patch from the manufacturer and life is going to be good right?

The Rub

Image from PCWorld.com

Most of these devices aren’t being updated anymore. That is to say, manufacturers will most likely not be releasing an update to patch this issue if the device is more than a year old.

I’ve got a very nice WRT-1900AC.  The last firmware update was in the middle of 2015. It has features that fall under this and tools show it is vulnerable to the exploit. Let me put this another way. My 300 dollar router, yes that’s what it cost when I bought it, got updates for a year and was then out of service and now critical bugs are being found and left unfixed by the vendor.

Unlike Windows and WannaCry, manufacturers of these devices will leave users vulnerable. Worse, removing them from the network will remove one of the more beneficial features, Network Attached Storage. In the case of routers, these devices are often placed on the border between a users private network and the internet so they are exposed to malicious traffic.

Ideally the router does not present the SMB interface to the internet, however this isn’t to say malicious packets will not find their way into the interior network from the internet if other issues are found with the router. At which point the router will fall victim.

It gets worse…

While working on this post an article came out over at SearchSecurity, discussing CherryBlossom. This was a project by the CIA to attack router security issues including a lack of firmware validation.

“On the enterprise side, the big router manufacturers have offered validation of signed firmware for quite some time. The problem is that it’s not enabled by default for the most part, and it requires that a network admin actually go and do something,” Kuzma told SearchSecurity. “Both the Cisco and Juniper tools rely on MD5 hashes. MD5 is broken as a hashing algorithm, with several known and feasible techniques for generating identical hashes from wildly different binary content.”

Image from Fossbytes.

So this isn’t event just a commercial issue but even an enterprise level issue. Firmware can be updated remotely, over wireless in many cases and has no validation of the code being installed as being from the vendor. Additionally the router provides a fantastic vantage point for an attacker. He can sit in the middle and analyze all your traffic undetected.

It’s like climbing to the top of a peak overlooking a valley. You can see everything from the vantage point.  Not only see in this case, because the router can redirect and alter your traffic to do even more.

So What Do We Do?

First, maintain an offline backup of all your data. Grab a hard drive, copy your important files on to it, and update it periodically.  Do NOT leave it connected to your computer or network. Doing so will leave you vulnerable if something does get in. Plan on when, not if, someone gets in and locks up your data.

Part of this also stems from a “Jack of All Trades” view of equipment in the consumer space and improper defaults in the enterprise space. Really, who wants to buy multiple pieces of equipment and who wants to take the extra steps in configuration?

The problem is in the consumer space ongoing maintenance and support of products is nonexistent.  In the enterprise IT space there are products that are undergoing long-term use and support. Hardware that is often used is basically a mini computer and the router software and firewall is like installing an operating system.

This is where I say something I hate. Because honestly I prefer the easy route for anyone and everyone. It needs to be trivial for a user to do. The problem is this route is leading us down a horrible path because manufacturers are not maintaining their equipment for that path to work.

What’s that mean? You need to actually build a proper firewall appliance and use if for your network. I’m going to write-up a multi part series how-to with instructions. There are a bunch of hardware options, which in itself can lead to the paralysis of analysis. My goal through this is to give a guide of hardware and software to put you in a position you can easily succeed.

The thing is, that’s just bare hardware. It’s dumb, doesn’t do anything, and still needs software and a configuration to run.  So what should you use to protect your network.  Currently the desired guard dog is pFsense.  This takes some work to set up and configure, but in the end will last longer, will be better maintained, and protect your data more reliably.

Over the next couple weeks I will be writing up a how-to on deployment and  looking at creating a default deployment image for that hardware if possible. My hardware choice is slightly different, not because that hardware isn’t good, it’s because I’m doing some advanced deployment for my network.

OpenWRT/DD-WRT are both options as well but there’s a few issues. One they don’t solve the secure update problem seen in Cheery Blossom.  You will still need to disable and remove the mass storage features of the router. While one could look at this you’re also going to no longer use the router as a router but merely an access point.

Depending however on the capabilities of the router, you can do advanced things within your network which still will leverage those capabilities. Ideally though you would still update your router software to OpenWRT/DD-WRT to deal with the exploit, but there can still be a lag or lack of support for your router by either of these solutions. Not to mention the process can be unforgiving and leave you with a brick.

Conclusion:

If you know a friend who’s into IT and computers, now is a good time to buy a case of beer and invite him over to see if he can help. These issues are only going to get worse, especially since the Shadow Brokers are now charging for exploit dumps. Meaning Blackhat hackers will be buying the exploits and unless some whitehats also buy them, which is funding criminal enterprise, we will not know what exploits are in the wild until the malware hits.

Putting multiple eggs into the same basket is becoming more and more risky and we need to start diversifying and looking at using the best tools to protect critical assets. The last thing we want to do is combine the defensive position with the material we’re trying to defend.

This is going to get worse, defense is going to get harder, and the time to start building your earthworks and redoubts is now.

When to fight?

By | | , , , ,
Comments Off on When to fight?

On Joe’s blog today Joe posted another question from Mark Philip Alger to go along with the “Just One Question“.

To summarize here:

When is it proper, for example, to use force to stop a legislator engaged in unconstitutional actions? Indeed, when is it required of those who have sworn oaths to… protect and defend the Constitution against all enemies, foreign and domestic…?

This is a question I have often asked myself over and over, and it is a very critical item. There have been numerous comments made on the subject and many have different feelings. Ultimately I think everyone has their own independent tripwire of what will “set them off”. Joe’s page on Civil Disobedience serves as a good resource to those who have never pondered the question.

I read that new post just after re-reading the Declaration of Independence. Now if you’re wondering why I would spend my free time reading that, or the Constitution or any other numerous items regarding history, it’s because I don’t want to repeat it. A smart man learns from his mistakes, a wise man learns from other peoples mistakes. History gives you the ability to see events and what occurred because of them.

Back to the point however many only remember a few phrases, such as: “We hold these truths to be self-evident, that all men are created equal, that they are endowed by their Creator with certain unalienable Rights, that among these are Life, Liberty and the pursuit of Happiness.” Many do not remember the laundry list of things that was done by the King that was presented as evidence. Now while many of these may not directly pertain to our present state of affairs, we should however also note other lessons that we’ve learned in the 20th century.

My personal thoughts on the subject is that the denial of the any specifically enumerated right of the people, most especially the right to keep and bear arms is a tripwire. Any and all attempts to prevent the people from being able to arm themselves properly for the defense of themselves, family, or property serve no other purpose to make us subservient to the state. This includes attempting to restrict ammunition by tax, or by requirements. A firearm without ammo is only an expensive club. While some would argue that you can stash weapons and use them at a later time, not everyone will be successful in stashing weapons. With restrictions on firearms, restrictions on travel and speech will exist limiting our ability to organize.

My definite words to live by are the lessons of the 20th century. When it came to New Orleans after Katrina, certainly shoot any soldier collecting weapons, nail the police chief, and the mayor too. At this point their sole goal is to be bigoted against us and kill us. To me it’s like negotiating with a terrorist who only wants you dead, what is there to negotiate? If it reaches this point you must trip and act. As for legislating it’s much harder to say. If someone actually starts collecting after legislation, they are definitely guilty, but who will hold them accountable.

These are just my thoughts on the subject, they’re very fluid and it’s a topic that is very difficult. It is not clear cut like someone attacking you in your house or stealing your property. However it is someone stealing your rights.