Search Results for: node/It takes a good prosecutor to convict a guilty man

Good news and Bad news

By | | , ,
2 Comments

First the good news, Guess who’s coming for Boomershoot this year and staying at my place?

Oleg

Now for the bad news.  My goal this year was to manage at least one blog post every day.  This was to hopefully improve my ability and to decrease the amount of time it takes me to make a post; practice that’s how it’s done.  However I may end up blogging a little more on home projects or quick links than thought out posts.  The reason being is I have a couple projects that I figured would be handy for Oleg that have now been confirmed as being something that would be helpful.  Thus for the next many weekends the project for above ground storage in the garage, as well as reorganizing and storage of stuff in the shop.  The goal is to have everything in the shop properly stored, and everything in the garage cleared out by end of March.  This also includes moving all my shop tools currently living in my garage.  Due to conflicting schedules though most of this work is going to be relegated to the weekends.  I don’t run power tools at home by myself, it’s a great way to end up dead.

In the mean time here’s a couple pictures that Oleg took last year at Boomershoot.  If you think my face looks pink, you should have seen it the next morning.  I had second degree burns all over my face.

_MG_3410

_MG_3992_MG_3635

_MG_3978

Quote of the Day – Weer’d Beard (12/9/2011)

By | |
Comments Off on Quote of the Day – Weer’d Beard (12/9/2011)

If your God asks you to not defend yourself, you rightly should tell him
to F-Off, because either he deserves it, or he’s testing you on the
brass content of your balls.

Weer’d Beard – Quote of the Day TMM

[It was a comment to something I said.  Weer’d saw exactly my philosophy on the subject.  There are many things I will not waiver my integrity on.  Throwing self-defense to the wind and letting evil triumph is the most despicable thing in the world.

Any person or god that states I should stand by and do nothing is not worthy of my support.  I don’t want to get to far into my personal feelings on the subject because I hate talking about religion unless someone actually brings it up and asks me about it.  It’s a pet peeve of mine mainly because it is a very personal thing and I find bitching at someone because they don’t believe what you believe to be a down right horrible thing to do, this includes believing there’s nothing.  This joke though puts my thoughts quite well.

There was an old man sitting on his porch watching the rain fall. Pretty
soon the water was coming over the porch and into the house.

The old man was still sitting there when a rescue boat came and the
people on board said, “You can’t stay here you have to come with us.”

The old man replied, “No, God will save me.” So the boat left. A little
while later the water was up to the second floor, and another rescue
boat came, and again told the old man he had to come with them.

The old man again replied, “God will save me.” So the boat left him again.

An hour later the water was up to the roof and a third rescue boat
approached the old man, and tried to get him to come with them.

Again the old man refused to leave stating that, “God will grant a miracle & save him.” So the boat left him again.

Soon after, the man drowns and goes to heaven, and when he sees God he
asks him, “Why didn’t you save me? I thought you would grand me a
miracle and you have let me down.”

God replied, “You idiot, I don’t know what you’re complaining about. I sent three boats after you!!

Get it?  -TMM]

SSCC #288-#290–Spokane

By | | , ,
Comments Off on SSCC #288-#290–Spokane

Federal obstruction charges are expected to be filed soon against two more Spokane Police officers in connection with the city’s handling of the Otto Zehm investigation, which U.S. Department of Justice officials have called an “extensive cover-up.”

What were they covering up I hear you ask?

Thompson was the first officer to arrive that night at the Zip Trip, 1712 N. Division St., after two young women erroneously reported that Zehm had taken their money from a nearby ATM machine. A jury convicted Thompson after the video showed him strike the unarmed and retreating Zehm almost immediately during a struggle that later included six other officers.

Zehm was struck as many as 13 times with a baton, shocked with a Taser multiple times and was eventually hogtied. After a plastic mask was placed on his face, he stopped breathing and never regained consciousness. He died two days later.

It gets worse.

The 2006 police confrontation that led to the death of Zehm, a Spokane man with schizophrenia…

While the primary officer was responsible, what he was found guilty of was not for the homicide he committed.  Instead he was found guilty of needlessly beating him and then lying to cover up his actions.  He is punishment for the cold blooded murder of an innocent man who committed no crime other than not being able to grasp what was happening?  Six to 8 years.  Most depressing in all of this:

Otto Zehm’s last words were, “All I wanted was a Snickers Bar

Had it been any civilian who had done something like that it would have been a murder charge.  The officer initiated force without any indication it was required.  Beat the hell out of the suspect who was innocent, hog tied him, and then placed a non rebreather mask on him without oxygen.  Where I’m from at minimum that’s manslaughter since the mask was the final blow.  He was negligent and it resulted in a mans death.  That fact though was ignored and that’s not what he went to jail for.

Two other officers then attempted to aid him in his cover up.  They are just as culpable in this mans death by their actions.

State Sponsored Criminal Count #288: Officer Karl F. Thompson Jr.

#289: Officer Sandra McIntyre

#290: Officer Tim Moses

Because when someone wants a snickers bar, you beat the hell out of them and then suffocate them.

SSCC #291–Lorain

By | | , ,
Comments Off on SSCC #291–Lorain

Lorain police Officer Bill Lachner pleaded no contest Friday to a disorderly conduct charge that stemmed from his Dec. 23 arrest on allegations he had physically assaulted his girlfriend and was fined $150.

Originally officer Lachner faced a domestic violence charge which would have placed him under the Lautenberg Amendment if he was found guilty.  This would have prevented him from being able to own or carry a firearm even if on duty.  In other words he would have to be fired from his job.  The victim appears to be pleased with the results however I doubt a prosecutor would be as lenient with someone who was not anointed. 

State Sponsored Criminal Count 291: Bill Lachner

Because being a cop means you can escape a domestic violence charge when it would also mean you would loose your job.

About All Those Felonies

By | |
2 Comments

A basic principal to our criminal justice system centers around intent.  The increase in felonies, victimless laws, and other crimes in which no intent is required is becoming increasingly disturbing.  Thankfully someone else is noticing.

For centuries, a bedrock principle of criminal law has held that people must know they are doing something wrong before they can be found guilty. The concept is known as mens rea, Latin for a “guilty mind.”

This legal protection is now being eroded as the U.S. federal criminal code dramatically swells. In recent decades, Congress has repeatedly crafted laws that weaken or disregard the notion of criminal intent. Today not only are there thousands more criminal laws than before, but it is easier to fall afoul of them.

The article goes on to state how a man was arrested and served time in jail for much the same as selling a firearm.  His mistake was he hadn’t fully vetted the person buying the product.  He had no intent to break the law, he had a reasonable belief the transaction was legal, but that was not good enough.

The whole point of our legal system no longer centers around protecting the innocent but bringing in as many as possible.  Convicted felons have numerous rights stripped, including some that cannot even be restored through the courts.

It gets better though because those creating the laws and enforcing them are also confiscating the property of those they charge.  Then you have State Sponsored Criminals walking off with the confiscated materials.  How bad could this over criminalization be though?

Overall, more than 40% of nonviolent offenses created or amended during two recent Congresses—the 109th and the 111th, the latter of which ran through last year—had “weak” mens rea requirements at best, according to a study conducted by the conservative Heritage Foundation and the National Association of Criminal Defense Lawyers.

(Emphasis mine.)  Do you really think that is by accident?  It certainly isn’t a coincidence.  What better way to control the public than by criminalizing all of them.  The government is continually driving that wedge of us vs. them.  Any law that is victimless, I.E. ownership and possession laws, do nothing other than criminalize many who would otherwise be law abiding.

Remember, the government is not your friend.

The 2011 Brady Scorecard with 2010 UCS

By | |
9 Comments

Please see the update at the bottom or this post!

So the Brady Campaign released their updated scorecard for 2011 this year.  I saw it earlier last week and kept meaning to update my spreadsheets.  I know it’s pointless but it’s still good to numerically show how pointless it is.

If you actually believed the doom and gloom provided by the Brady Campaign you would think that the streets were rivers of blood.   I uncovered something that you might want to stick around for.  Read to the end for the icing on the cake that I found after comparing 2010 to 2011.

Before getting into that, lets get the quick run down of charts out of the way.  For reference, here is the 2010 card with the 2010 UCR.  Here is the similar data from a year ago with the 2010 score card with the 2009 UCR.  It must be noted that this data does not reflect the UCR data from 2011 as it has not been released by the FBI yet.  Expect an update later this year when it becomes available.

Here is the straight comparison of the score versus the violent crimes per 100k.

image_4_1(Old Graph, incorrect, old comments remain below)

image

(corrected graph details)

R2 dropped again to a value of 0.0016 and the correlation was calculated out to be 0.040117, while it did increase by 0.01, it is still completely insignificant and indicates there is no correlation between the Brady Score and violent crime.  Moving forward though lets just limit this to the top 10 Brady Scores.

image_6_3

(Old Graph, incorrect, old comments remain below)

image

(corrected graph details)

Again the correlation is non-existent with it coming in at –0.047.  Anything that could be indicated by the trend line is irrelevant due to the very low correlation.

image_8_3

(Old Graph, incorrect, old comments remain below)

image

(corrected graph details)

All scores above 50 had a correlation of 0.78 while the sample size renders it truthfully statistically irrelevant, it is trending in the direction opposite to which the Brady Campaign would claim.  Next up though is all those with low murder rates.

image_10_1

(Old Graph, incorrect, old comments remain below)

image

(corrected graph details)

There are 20 states who’s violent crime rate is below 300 per 100k.  The average Brady Score is 11.85.  Only three states have a score above 20, and those with crime rates below 200, the lowest in the country, all have scores below 10.

As I said above I’m now working on collecting historical data for the Brady Scores as well as UCR data.  The latter is much easier.  One item that is critical and worth noting is that the Brady Data is suspect.

Not only is it suspect, but some states will have a decrease in their score not because they passed pro or anti rights legislation, but another state has.  When the new legislation is passed the Brady’s to make their system look better will modify their categories to reflect it.  Most importantly though, as noted above, they may falsely grade states inflating their scores.  The biggest problem with that is the effect it can have by skewing the data to one side.  Currently as Florida ranks #4 in the UCR for violent crime rates it would benefit them better to not inflate the score, however what’s to stop them from inflating the scores of the states with lower crime rates.

In closing on the straight comparison, as the last two times I did this exercise, there is no correlation between higher violent crime rates and a lower Brady Score.  This can be taken as an indicator that the laws and “common sense legislation” does not have the effects they claim.

Bonus Discovery!

Now I said to read through to the icing on the cake at the end.  It has become obvious as of late our opponents have been in denial and anger.  They have been lashing out, some have been very angry, well here’s a wonderful graphical indicator as to why!

image_12_1

(Old Graph, incorrect, old comments remain below)

image

(corrected graph)

Every one of those blue lines represents a state who’s score had lowered.  The reasons for the drop in score were tied to laws passed respecting the rights of gun owners.  That sole red line is California who’s score increased by 1.  The net score shift over the past year was –34 points.  There were 14 states who helped with increasing the downward fall of the anti-rights organizations.

We won in 14 states, significantly based on their scores, while they barely got a point.  That is why we are now seeing them go through the stages of grief.  We must continue the fight less the cancer stop being in remission.  I want the cancer attempting to destroy our rights to be dealing with the 5 stages of grief, not the law abiding citizen who’s rights they want to trample.

It’s so nice of them to keep score for us on how badly they’re loosing.

*You are free to repost these graphs, however I must request that you provide a direct link back to these posts. Some individuals seem to think that providing credit to those who put forth the effort to create these doesn’t really matter.  Please, don’t be that dick.  It takes a lot of time to organize the data and graph it. If you don’t feel it takes that much time, do it yourself. So if you want to use these graphs, feel free, please just provide proper credit.

Update (2/27/2012 1000 Pacific):I screwed up.  Thank you to the observant individual who spotted it.  I used the wrong spreadsheet for the UCS data and that is actually the 2006 census data.  I will be updating everything to be correct tonight.  I should have noticed that California shifted upward in the axis that should have stayed static.  Attention to detail fail.  I will write a post tonight along with a link to the spreadsheet for people to look at.  These graphs will be updated to be correct as well, I will rewrite the current images for those who linked them.

So without further ado:

  1. I screwed up, and I used the wrong data set for these graphs.
  2. To many this could be considered misleading and attempting to hide the truth which impacts our credibility.
  3. Tonight I will fix all the graphs affected within this post overwriting the current images to be correct with the 2010 UCS.  I will create a new post with this information as well and include a link to the spreadsheet used.

Those are the three parts of an apology being used in execution for those who aren’t familiar.

Update 2/27/2012 1930:  See this post for more info (charts are being updated).

2011 Brady Scores with 2010 UCR XLSX document.

This is Gonna Get Ugly

By | | , , ,
Comments Off on This is Gonna Get Ugly

So my focus is shifting largely due to focus on my professional career, limited time, and frankly the political scene is something that has me so damn angry I need shit to take my mind off of it. For instance I’ve spent my past three weekend moving servers around for a bunch of gun bloggers I take care of hosting for.

For those who don’t know I’m a host, who’s having random sabbaticals, over at The Gunblog Variety Cast.  And well if you know me or have been lucky enough to friend me on Facebook, sorry I don’t just accept anyone, overall I have a solid bead on the tech security space.

The Problem

So incase you’ve been under a rock there have been some major events recently about computer security. First up was “WannaCry“.

WannaCry propagates using EternalBlue, an exploit of Windows’ Server Message Block (SMB) protocol. Much of the attention and comment around the event was occasioned by the fact that the U.S. National Security Agency (NSA) had discovered the vulnerability in the past, but used it to create an exploit for its own offensive work, rather than report it to Microsoft.[22][23] It was only when the existence of this vulnerability was revealed by The Shadow Brokers that Microsoft became aware of the issue,[24] and issued a “critical” security patch on 14 March 2017 to remove the underlying vulnerability on supported versions of Windows, though many organizations had not yet applied it.[25]

The thing is, there’s way more that was in the Shadow Brokers dump and the hits keep coming. CVE-2017-7494 came out May 30th, 2017. This affects “SAMBA”, which is the implementation of the Windows Server Message Block protocol for Linux. I expect a decent chunk of my readership, at least of what’s left since I haven’t written in a year, just went “What!?” It’s at this point I’m going to try to break it down Barney style, ask questions in the comments.

The Windows SMB protocol is how Windows does file sharing.  So when you type something like \mymachinename\ and you see a list of folders available, it’s making use of that protocol. This protocol is also  implemented for Linux that allows you to have a Linux server serving files for Windows machines.

So before I get too much further lets talk about these exploits.  Including a very recent CVE-2017-8543 that was patched Tuesday June 13th. All of them through various methods allowed for whats called “Unauthenticated Remote Code Execution.” The scary thing about 8543 is that it is a zero day, which means that it was found being actively exploited in the wild before the release of the patch.

Logo via Softpedia.

What does that mean, someone, anyone, could cause the end point service to execute arbitrary code sent to it. This wasn’t intentional, that is what makes this an exploit. Someone found a bug that causes the service to behave in this way.  What does that really mean though? It means anyone can send a carefully crafted message to your computer that will make it does whatever they want, including encrypting your data to deny you access.

What does this mean?

So, I hear many of you saying, “Well I have Windows not Linux so I’m good just applying the Microsoft patches right?” This is where I scare the crap out of everyone.

Embedded Linux is used almost everywhere, from cell phones, to ATMs, Network Attached Storage, to the common home wireless router. The good news is really old routers didn’t really offer this as a feature, the bad news is starting around 2013 routers started shipping with USB and eSATA ports so one could connect an external hard drive and share it across the network. It basically was a feature that allowed people to quickly deploy a NAS.

Image via Bob McKay

These embedded devices are all using the SAMBA service as they’re running embedded Linux. It’s worth noting the vulnerability exists going all the way back to March 1st of 2010. So basically any and every router with these features is affected. Going a step further every NAS (Network Attached Storage) device on the market is likewise affected.

So the devices have a software bug, which allows arbitrary code execution which can result in the following:

  • Denial of access to data. It’s encrypted and only decrypted, if they feel like it, after you pay them a ransom.
    • Do NOT pay the ransom. There is no escrow and thus no guarantee you will actually recover your data.
  • Exfiltration of data. Someone searches through your data, saves what they can make money from. Could be IP theft or blackmail.

But it’s a software bug, we just need to get the patch from the manufacturer and life is going to be good right?

The Rub

Image from PCWorld.com

Most of these devices aren’t being updated anymore. That is to say, manufacturers will most likely not be releasing an update to patch this issue if the device is more than a year old.

I’ve got a very nice WRT-1900AC.  The last firmware update was in the middle of 2015. It has features that fall under this and tools show it is vulnerable to the exploit. Let me put this another way. My 300 dollar router, yes that’s what it cost when I bought it, got updates for a year and was then out of service and now critical bugs are being found and left unfixed by the vendor.

Unlike Windows and WannaCry, manufacturers of these devices will leave users vulnerable. Worse, removing them from the network will remove one of the more beneficial features, Network Attached Storage. In the case of routers, these devices are often placed on the border between a users private network and the internet so they are exposed to malicious traffic.

Ideally the router does not present the SMB interface to the internet, however this isn’t to say malicious packets will not find their way into the interior network from the internet if other issues are found with the router. At which point the router will fall victim.

It gets worse…

While working on this post an article came out over at SearchSecurity, discussing CherryBlossom. This was a project by the CIA to attack router security issues including a lack of firmware validation.

“On the enterprise side, the big router manufacturers have offered validation of signed firmware for quite some time. The problem is that it’s not enabled by default for the most part, and it requires that a network admin actually go and do something,” Kuzma told SearchSecurity. “Both the Cisco and Juniper tools rely on MD5 hashes. MD5 is broken as a hashing algorithm, with several known and feasible techniques for generating identical hashes from wildly different binary content.”

Image from Fossbytes.

So this isn’t event just a commercial issue but even an enterprise level issue. Firmware can be updated remotely, over wireless in many cases and has no validation of the code being installed as being from the vendor. Additionally the router provides a fantastic vantage point for an attacker. He can sit in the middle and analyze all your traffic undetected.

It’s like climbing to the top of a peak overlooking a valley. You can see everything from the vantage point.  Not only see in this case, because the router can redirect and alter your traffic to do even more.

So What Do We Do?

First, maintain an offline backup of all your data. Grab a hard drive, copy your important files on to it, and update it periodically.  Do NOT leave it connected to your computer or network. Doing so will leave you vulnerable if something does get in. Plan on when, not if, someone gets in and locks up your data.

Part of this also stems from a “Jack of All Trades” view of equipment in the consumer space and improper defaults in the enterprise space. Really, who wants to buy multiple pieces of equipment and who wants to take the extra steps in configuration?

The problem is in the consumer space ongoing maintenance and support of products is nonexistent.  In the enterprise IT space there are products that are undergoing long-term use and support. Hardware that is often used is basically a mini computer and the router software and firewall is like installing an operating system.

This is where I say something I hate. Because honestly I prefer the easy route for anyone and everyone. It needs to be trivial for a user to do. The problem is this route is leading us down a horrible path because manufacturers are not maintaining their equipment for that path to work.

What’s that mean? You need to actually build a proper firewall appliance and use if for your network. I’m going to write-up a multi part series how-to with instructions. There are a bunch of hardware options, which in itself can lead to the paralysis of analysis. My goal through this is to give a guide of hardware and software to put you in a position you can easily succeed.

The thing is, that’s just bare hardware. It’s dumb, doesn’t do anything, and still needs software and a configuration to run.  So what should you use to protect your network.  Currently the desired guard dog is pFsense.  This takes some work to set up and configure, but in the end will last longer, will be better maintained, and protect your data more reliably.

Over the next couple weeks I will be writing up a how-to on deployment and  looking at creating a default deployment image for that hardware if possible. My hardware choice is slightly different, not because that hardware isn’t good, it’s because I’m doing some advanced deployment for my network.

OpenWRT/DD-WRT are both options as well but there’s a few issues. One they don’t solve the secure update problem seen in Cheery Blossom.  You will still need to disable and remove the mass storage features of the router. While one could look at this you’re also going to no longer use the router as a router but merely an access point.

Depending however on the capabilities of the router, you can do advanced things within your network which still will leverage those capabilities. Ideally though you would still update your router software to OpenWRT/DD-WRT to deal with the exploit, but there can still be a lag or lack of support for your router by either of these solutions. Not to mention the process can be unforgiving and leave you with a brick.

Conclusion:

If you know a friend who’s into IT and computers, now is a good time to buy a case of beer and invite him over to see if he can help. These issues are only going to get worse, especially since the Shadow Brokers are now charging for exploit dumps. Meaning Blackhat hackers will be buying the exploits and unless some whitehats also buy them, which is funding criminal enterprise, we will not know what exploits are in the wild until the malware hits.

Putting multiple eggs into the same basket is becoming more and more risky and we need to start diversifying and looking at using the best tools to protect critical assets. The last thing we want to do is combine the defensive position with the material we’re trying to defend.

This is going to get worse, defense is going to get harder, and the time to start building your earthworks and redoubts is now.

Accountabilibuddyable: Wisconsin 12/09/2011

By | |
Comments Off on Accountabilibuddyable: Wisconsin 12/09/2011

Remember the cop who thought that holsters were stupid and unnecessary and did an ND into the ground at the mall?  If you don’t, well you should for no other reason that the chief attempted to claim the officer did nothing wrong.

Well I stumbled across this one today.

Sgt. Michael Edwards was charged Thursday with endangering safety by use of a dangerous weapon. The Milwaukee Journal Sentinel reported online court records show Edwards pleaded not guilty.

According to the complaint, Edwards was at a pretzel shop at Southridge Mall in Greendale on Nov. 2 when he reached into his back pocket for his wallet. The complaint said Edwards’ gun slid out of his waistband and went off. A woman standing nearby suffered a welt on her leg.

That man is unbelievably lucky that no one was hit or otherwise severely injured.  I find this charge fitting considering his negligence in this instance. His department has placed him on administrative duty. 

I say leave his ass behind a desk permanently without a weapon.  He has shown a lack of care towards the carrying and use of a firearm and he needs to prove he no longer has the mental capacity of a fly and takes carrying such a tool seriously.  

This is also a prime time to remind everyone about Rule 5 given the gun slipped out of his waist band and it shot into the ground.

Greendale police say the officer was lucky, and say they’re glad no one was injured. They say the bullet was fired directly into the ground, and disintegrated once it hit the marble floor.

Say it with me now, “Don’t try and catch a gun!