Short: Cybersecurity and the Castle Doctrine

This shows up in my Twitter feed

No.

Attribution is already a fucking joke. Don’t believe me? All I gotta say is Sony Pictures.

Now we’re proposing allowing Joe Blow to “investigate” who popped him and authorize him to “hack back” whoever he points at? Just… no.

As for adding networks to the castle doctrine, it’s super important to point out that the castle doctrine usually comes with a responsibility to attempt to deescalate the situation without using deadly force. If you discover someone’s popping you right now, not only is hacking them back probably not gonna stop the attack, but if there’s a similar duty to retreat, you’re never gonna get “authorization” to use… whatever the cybersecurity equivalent of deadly force is… when stopping the attack is almost always gonna be possible by removing affected machines from the Internet, or at least walling off your attacker.

On “cheating” League’s Instant Feedback System

tl;dr I got sick of being punished for being toxic in League but also seeing everyone be toxic towards me with no repercussions. So I figured out how to cheat Lyte’s cute little filter system

Riot’s solution to toxicity

Update: This post is about the problem. I also posted my solution.

22 October 2017: Looks like someone took this information and went. fucking. nuts. Some dudebro on the League forums claims he systemically found zero-tolerance patterns/rules for the IFS, and further found a way to force/coerce people into tripping them. As if that wasn’t funny enough, then he supposedly started some racket fooling kids into thinking they’d get paid by VMC to funnel them traffic.

I thought for sure this was just some guy shitposting (The whole thing reads like copypasta), but eventually he pulled me into a Discord server where, sure as shit, a bunch of people continuously post ban pops. When they know for a fact they’ve nailed someone, they invite them into the Discord server, and both parties talk shit. It was one of the funniest things I have ever seen.

I’m actively adding citations to red posts.

For what it’s worth, here’s a post where Tantram admits people are doing this now and he’s gotta make some changes to compensate. Love it.

The Instant Feedback System is the formal name of a collection of server-side processes in League of Legends that handles player reports and automatically issues punishments in cases ranging from toxic/negative in-game chat, feeding/”inting”, and AFK/”Leaver” behaviors. In the latter case, there is a line between IFS and LeaverBuster, but it’s pretty blurry.

Riot’s really secretive about this system, and when you take it apart, it’s easy to see why. The biggest thing Riot hides, because of the obvious implications, is that the Instant Feedback System is **FULLY AUTOMATED**. While that may seem obvious, I do mean fully. There’s literally zero human oversight during normal operation. It was specifically designed to remove humans from the equation as much as possible; whether that’s for reasons of avoiding bias or cost savings is up to the imagination.  Continue reading

Seizure-causing Tweet could set dangerous precedent

In which Kurt Eichenwald definitely deserved that seizure.

Don’t worry Kurt, it’s not animated

Epileptic journalist is Anti-Trump
Trump supporter sends journalist a strobe gif

So this is just the Internet on a normal day, right? Nothing special, no high crimes, this is just what your normal, reasonable person expects to happen on the Internet. Everyone knows the Internet has trolls, and trolls are gonna troll, right? Apparently not… A Maryland man was arrested today on a federal criminal complaint charging him with cyberstalking after he, among other things, sent an animated picture of a strobe to Newsweek writer Kurt Eichenwald.

John Rayne Rivello, 29, of Salisbury, Maryland, was arrested in Maryland today on a criminal complaint filed in the Northern District of Texas.  The complaint was unsealed today following his initial appearance in the District of Maryland.

According to the allegations in the affidavit filed with the complaint, on Dec. 15, 2016, the victim, who is known to suffer from epilepsy, received a message via Twitter from Rivello.  The tweet contained an animated strobe image embedded with the statement, “You deserve a seizure for your post.”  Upon viewing the flashing strobe image the victim immediately suffered a seizure.

At first glance, it looks an awful lot like somebody just got arrested, by the feds no less, for sending a flashing picture to somebody on the Internet, and nothing else. In fact, the victim even implied as much when he paraded his “victory” on Twitter…  Continue reading

Thought longer than a Tweet

This is presented with great care taken to not show any political affiliation or opinion on any political issue whatsoever. 

Chromecast shows a news article…

Washington Post (Mobile) – ICE nabs young ‘dreamer’ applicant after she speaks out at a news conference
CNN – DREAMer speaks out on immigration, gets arrested by ICE  

tl;dr: After her parents were arrested by ICE a few weeks prior, a person who was part of the DREAM program, who let her visa lapse, and as such was not “legal”, spoke out at an immigration rally, and was arrested by ICE on the way home.

You can have your political affiliation. Either side. You can have your opinion on whether or not DREAM should exist. Hell, I’m not even that familiar with the program. You can have your opinion on whether or not this person should be deported.

But, if I ever found myself in this person’s situation, in a country illegally, and a target for arrest, speaking out at a rally, of any kind, would not be particularly high on my list of things to do. The fact that it was a rally on immigration is just adding insult to injury.

If you’re a target for arrest, for any reason, be it warrants, immigration status, or you’re still holding a murder weapon, making yourself front and center at a protest is probably not the smartest idea. Especially if it’s about the thing you’re being targeted for.

But why should she go into hiding? It’s not going into hiding. It’s common sense. ICE isn’t going to be crawling your college campus nearly as hard as they’ll be crawling a protest specifically related to immigration.

But free speech! She was not arrested for speaking or for the content of her speech. She was arrested for not being in the country legally. Did speaking at an immigration protest put a spotlight on her? Abso-fucking-lutely. If you’re a target for arrest, try to stay away from podiums.

Fixing QEMU poor USB audio quality

zehJVarQuick note here, in case somebody else runs into this problem.

I’m currently using Windows 10 in a virtual machine (this problem also happened on 7) using QEMU on GNU/Linux, with PCI and USB passthrough. Passing through USB devices works fine, but when a USB audio device (like a headset) is passed through, the audio sounds like shit, with popping and crackling. I’d even get a VHS “wow”-like effect when playing League. Until the upgrade to Windows 10, I’d get around this by letting QEMU emulate an audio device, passing to PulseAudio (which was really nice and I’d rather go back to doing), but this broke with the upgrade. The only way to get audio again was to passthrough my USB headset. But that sounded like shit.

After some Googling, somebody suggested upping the buffer for the audio device, so I went inside the properties for the headset. Nothing about a buffer, but I did find an option to set the sample rate in the Advanced tab. Setting the sample rate to 16 bit, 48000 Hz (DVD Quality) fixed the problem. If this does not work for you, you may also want to install the manufacturer’s drivers for your audio device instead of using the generic Microsoft USB audio drivers.

Another solution that worked for others was to use PCI passthrough to introduce a USB controller (and dedicate it to the VM), perhaps even one on your motherboard if it has more than one. I didn’t test this because I’m all out of PCI slots.

Fixing Intermittent IPv6 Kickstart Issues

For a work project, it became necessary to kickstart CentOS installations using only IPv6. This is because the provisioning VLAN is separate from everything else, we needed to set static IPv4 addressing in the kickstart, and there’s (currently) no way to have “installer only” network settings in a kickstart configuration.

It’s simple enough, just create a local-only IPv6 network on the provisioning server, announce it with radvd (and DHCPv6, for good measure), and just use those addresses for Anaconda’s boot parameters and kickstart’s url line. However, in Anaconda’s haste to start the installation, a small bug came forth…

On a seemingly random basis, it would show a dialog box like the one above, saying it could not download the kickstart file. (Note: The same thing can also happen during download of install.img) The most peculiar thing about this problem is that hitting OK, even just a few seconds later, would almost always result in the installation being successfully kicked off. So what’s the problem? Continue reading

Skids Will be Skids

Okay so, this shows up on my Twitter notifications…

Screenshot from 2016-02-10 12:41:10

Reality? r000t.com runs inside a virtual container. In fact, every website, daemon, service, etc. that I operate runs in either a container or a full blown virtual machine. When the hypervisor restarts, for example, after regular updates, not every container is set to start with the system. r000t.com didn’t start with the system. This, of course, didn’t stop these skidiots from trying to take credit for it when trying to scare somebody else.

So I started the container and bagged on them a little bit. But, looking at the server logs, it does look like an attack is ongoing. But it’s a particularly shitty attack. Only about 5-10 requests per second, from one IP address. Easily walled off at any number of places, including the CDN, the hypervisor, the container, the webserver, or WordPress. Here’s a video of the saddest attack I’ve ever seen.

Those useragents look a bit… dated. Next time, try an off-the-shelf tool that was made in the last five years.

Cox fined $595K after Lizard Squad “hack”. Good.

It's sad how much mileage I get out of this picture

Getting a LOT of mileage out of this image.

I’ll have to resist making a “Hackers love Cox” joke.

If you’ve ever heard of PHI, PII, or any other industry-specific term for “customer’s private information”, CPNI shouldn’t be too hard of a concept to grasp. Just like PHI refers to your health information stored with, for example, your health insurance provider, CPNI (Customer Proprietary Network Information) refers to personal information stored with your telephone provider. Just like PHI and all the rest, CPNI is, under federal law, considered pretty sacred. So much so, that service providers who mishandle CPNI are subject to six-figure fines per occurrence, per day.

The FCC just handed down such a fine, to the tune of nearly $600,000, after Lizard Squad script kiddie “EvilJordie” (also operating under the alias “GDKJordie”), posing as Cox IT support, socially engineered a Cox representative into entering her work credentials into a webform he controlled. This allowed the child to log into private Cox systems under the representative’s name, giving him unauthorized access to a large amount of CPNI for a short while until the account was disabled.

This fine is a wonderful thing, and we need to start seeing more of them, and for larger amounts.

Continue reading

Zeekill Has a Bouncy Feeling!

Lizard Squad script kiddie RyanC/Zeekill/Julius Kivimaki was taken to the loony bin for a BOUNCY FEELING! And sending lots of CP to the Finnish police. So here’s a video where his face is superimposed on a white puffy dude singing a Finnish song about bouncy feelings.

(Vimeo embed will be used until I can coax AfterEffects into exporting in MKV format)