posted Feb 21, 2016, 6:51 AM by Sami Lehtinen
updated Feb 21, 2016, 6:52 AM
- Today was all about Different Hyper Convergence solutions for VMware, Scalability, High SLA, Performance, Off site backups, Multi-Tiered storage systems, Redundancy, Automatic recovery from hardware failures, 'Nodes', Peering, Networking, Rack Layout, Clustered Databases and storage and so on. As well as different RESTful APIs being used to manage those automatically etc.
- Once again, I have to say that Windows Licenses are real pain point. Sometimes unfortunately those are the most expensive part of lower end nodes.
- Had so much fun with JMail and ASPemail components. I love when stuff runs on hosted server where you can't do anything, nor have rights to even view the logs. It's just educated guess, and blind trial until it works, or not. And if it doesn't work, well, try again. Until you have exhausted all non-working methods. If something happens to work great, if not, you're out of luck. - Joy, joy, joy.
- TCP/IP OS fingerprinting. Yeah, no surprises there. Also if you have non standard TCP/IP configuration, like I do. It's naturally finger printable and most probably got unique signature.
- Checked out new reduced Microsoft Azure pricing. Yep, it's better than AWS, so is Google Cloud Compute. But service providers like UpCloud go even cheaper yet still providing excellent reliability. Afaik, host stability on UpCloud is much better than on AWS.
- Read document "Central Intelligence Agency (CIA) research Paper: Deception Maxims: Fact and Folklore, April 1980) - Intelligence Analysts Detection Deception, analysing and evaluating foreign deception schemes. - Deception, preconception and surprise. Conditioning and gradual acclimatization deception technique. The greater risk, the less likely it seems, and the less risky it actually becomes. Surprise, location, strength, intention, style and timing. Cry-wolf syndrome, conditioning, debilitating effect, false alerts, reducing the sensitivity to alarms. Using multi-channel detection and different means to confirm and authenticate potential alarms and indications. It's always good to use different independent means of detection in parallel. Increasing the noise to feed so large amount of disinformation that it's impossible to tell which parts are true. Use two different styles of deception, ambiguity (lower probability of correct perception by "dilution") and misdirection (reduced ambiguity in the victim's mind about particular falsehood). It's important that the disinformation and misdirection is still completely credible. Mathematical analysis using concepts from information theory in order to characterize or quantify the uncertainty/ambiguity produced by ambiguous deception. Misdirection reduced uncertainty and makes the enemy quite certain, very decisive and wrong. Composite deception schemes typically utilize the two variants. Professionals prefer often misdirection. Calculated risk of opportunities and compromise, the optimal threshold. Distributions of future opportunity analysis shows that it pays to wait for high stakes, despite the risks of compromise. It's important to wait for sufficiently large stakes before exploiting opportunity and surprise. Information warfare. Deception security is so important, that you might end up misleading your own forces. Carefully crafted and spread rumors. Bogus encrypted communications. Communications discipline. Yet deception can have unintended effects. Always plan on actions not on thoughts. If they think something, they still might act differently. Always do proper cost / benefit calculus. Real leaks are often under circumstances thought improbable. It's very hard to know if the information was genuinely captured or leaked or if it was planted or leaked on purpose. Was it too easy or obvious? Maybe it's not true, or maybe it is? Who knows. Misclassification is very easy. Ironically, false positives and false negatives appear to be more the rule than the exception. Delicate balance of obviousness and subtlety with the attendant twin risks that the message will be either misunderstood or dismissed as a plant. Always capitalize victim's preconceptions and other exploitable weaknesses. Elaborated counter-deception implications and principles. Who leaked what and why, that's always a great question. What about false flag strikes?
- In the movie Bridge of Spies they unsurprisingly used a dead drop. Micro printing and encrypted (ciphered, cipher text, encipher, enciphered) text. That clean palette was quite way too obvious. Couldn't have worked actually.
- I've seen so many queue systems. Most common fail seems to be that the stuff is either stuck in queue blocking it completely. And the another option is that the stuff in queue is flagged as invalid without any real reason and rejected. I've seen both of these problems, over and over again in more than dozens of systems. Including all kind of banking, ERP, BI, CRM, Credit Card, Data Transfer, Bonus, Web Shop, etc systems. It seems that making queues to work is really hard. ;) At least if you're not doing it right. It's just like logging, what should be logged, why and does nobody care. It's great if you got detailed logs, but if you got terabytes of error logs daily which are unclear, nobody even starts looking at those, because it's such a mess and achieves the goal of 'false alerts and Cry-wolf syndrome' above very efficiently. Also the Air Crash (Mayday) series showed this as a reason of aviation crashes over and over again. Alarm system goes crazy, what shall we do? Disable the darn system completely. Now all alerts from the system are going to /dev/null and it's silence finally! Yet, most of time nothing bad happens at least immediately.