I worked on Wall Street. I am skeptical Hillary Clinton will rein it in | Chris Arnade | Opinion | The Guardian

I owe almost my entire Wall Street career to the Clintons. I am not alone; most bankers owe their careers, and their wealth, to them. Over the last 25 years they – with the Clintons it is never just Bill or Hillary – implemented policies that placed Wall Street at the center of the Democratic economic agenda, turning it from a party against Wall Street to a party of Wall Street.

That is why when I recently went to see Hillary Clinton campaign for president and speak about reforming Wall Street I was skeptical. What I heard hasn’t changed that skepticism. The policies she offers are mid-course corrections. In the Clintons’ world, Wall Street stays at the center, economically and politically. Given Wall Street’s power and influence, that is a dangerous place to leave them.

Source: I worked on Wall Street. I am skeptical Hillary Clinton will rein it in | Chris Arnade | Opinion | The Guardian

Wounded Warrior Project spends lavishly on itself, ex-employees say – Houston Chronicle

Friends don’t let friends donate to the Wounded Warrior Project.

Since its inception in 2003 as a basement operation handing out backpacks to wounded war veterans, the charity has evolved into a fundraising giant, taking in more than $372 million in 2015 alone – largely through small donations from people over 65.

Today, the charity has 22 locations offering programs to help veterans readjust to society, attend school, find work and participate in athletic endeavors. It contributes millions to smaller veterans groups.

But in its swift rise, it has also embraced aggressive styles of fundraising and personnel management that have caused many current and former employees to question whether it has drifted from its original mission.

Source: Wounded Warrior Project spends lavishly on itself, ex-employees say – Houston Chronicle

Amazon’s customer service backdoor — Medium

Everything you do to secure your Amazon account Customer Service can undo in a heartbeat. A scary tale of how easily Amazon’s customer service can be socially engineered.

As a security conscious user who follows the best practices like: using unique passwords, 2FA, only using a secure computer and being able to spot phishing attacks from a mile away, I would have thought my accounts and details would be be pretty safe? Wrong.

Because when someone has gone after me, it all goes for nothing. That’s because most systems come with a backdoor, customer support. In this post I’m going to focus on the most grievous offender: Amazon.com

Source: Amazon’s customer service backdoor — Medium

A fake diary of the Y’allQaeda siege

My friend Van Alston had been writing a fake diary of the Y’allQaeda/Vanilla ISIS siege. It is hilarious!

Diary, Day 11

Things have been sort of up and down. I thought I was going to come out here and get to shoot my gun, bully some secretaries and make unpopulated areas safe for white men and cows. Nope. One of those Bundy fuckers made me go out in the cold and work on fences for three hours yesterday. If I wanted to work. I wouldn’t be using my unemployment to move out here and bitch about the government, would I? On the plus side, I do believe the locals are coming around to our way of thinking. At first they didn’t much care for us, even the two dipshits that went to jail for burning the field didn’t want to associate with us. All that has changed. When the townsfolk heard that our snack bar had no snacks, they got together and sent us a few big ol’ bags of food. Never heard of the place before, but this Chipotle stuff sure smells good.

Diary, Day 12

This is not working out at all. Yesterday they had me out working on fences in the freezing cold. I complained and today they had me building a website. I know less about building a website than I do about women. Believe me, if I knew anything at all about women I wouldn’t be out here with these fuckwits. The Bundy-in-Charge must be related to Dick Cheney. All I heard for weeks leading up to this was how we would be welcomed with open arms, how the locals would rise up and support us, how the women would adore us (yep, there’s my ignorance-AGAIN) and how there would be a shit ton of snacks.

Well, the two guys in jail we are trying to free have disavowed us. The locals want us to leave. The only difference between here and Iraq is that no one ever lost a toe to frostbite in Iraq.
Continue reading →

The most elegant solution to Denial of Service (DoS) attacks I’ve ever seen

OMG. This is network security poetry. It is the most exquisitely beautiful solution to Denial of Service (DoS) attacks I’ve ever seen. If excessive connections are made to select ports in a certain timeframe, the source IP is added to an escalated list of iptables rules which eventually lock that IP out for over a month!

Initially I blocked attacks on an IP-by-IP basis, but this resulted in hundreds of separate iptables rules which as you can imagine became unwieldy quickly. Next, I implemented iptables rules using the iptables recent module (ipt_recent), which stopped attacks in a certain timeframe but did not prevent the same IP address from starting a new attack a short time later, scot free. The solution below keeps a long-term memory of offending IPs and thus really punishes attackers by putting their zombie hosts on the sidelines for a long time. It is also better than the IP-by-IP way I used to do it because after the longest ban (monthlong or whatever) expires, the IP is trimmed from the list.

Brilliant! I will soon adapt my rules to implement these clever ideas.

I have previously written a bit about using IPTables to limit brute-force attacks. For the past month, that system has been working quite well. The typical attack pattern resembled that in [graph 1, graph2]. A few days ago, however, an attack was implemented which ‘fell under the radar’, so to speak – instead of being a short-lived, high volume (60/min for 5 min) attack, this one was a slow and prolonged attack (1/2 min for 11 hrs) [graph 3, graph 4].

Improvements

Due to this, I have decided to augment my IPTables ruleset somewhat. There are a couple of points I found lacking in the previous revision. Firstly, repeat offenders did not have any extra consequences – whether you attacked for the first time or the tenth time, you were treated equally. Secondly, a slow attack was not effectively dealt with. Thirdly, the nature of the attack (quick vs slow) was not considered in the consequence. Finally, I wasn’t that pleased with the logging implementation – the log file was not exclusive, and no log rotation was setup. All of the above are addressed in this revision.

Source: Escalating Consequences with IPTables « That’s Geeky

Script kiddie fail

Watch out, we’ve got a badass over here.

Some bored kid out there has taken to brute force attacking my webserver in the early morning. I just noticed this referrer entry on the URL:

[Redacted IP] – – [19/Jan/2016:03:33:28 -0500] “POST /wp-login.php HTTP/1.1” 200 3416 “-” “–user-agent=Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:39.0) Gecko/20100101 Firefox/39.0”

Catch that? Whatever script Dr. Evil is trying to run here sets the referrer value by using –user-agent= as an argument. Instead, our boy genius is passing…

–user-agent=”–user-agent …”

Brilliant. Simply brilliant.

Principal Asks Parents To ‘Take The Time To Get Dressed’ For Drop Off – Scary Mommy

This blog post generated some lively discussion on a friend’s Facebook page, both pro and con. There were lots of defenders of the UK principal’s position but I’m not one of them.

School starts way too early in the United States. Ungodly early. I don’t think it’s fair to expect anyone to put two thoughts together before the sun even comes up, much less to be looking their best.

If you’re dropping kids off at school and never leave your vehicle, no one should care what you look like. I agree with the author here: the principal needs to relax.

A UK principal wrote a note to parents to ask them to please “take the time to get dressed” in the morning and stop doing drop off in their pajamas. She insists the letter has been well received. Mkay. I’m an adult and I do what I want. And that includes wearing whatever the hell I can get on my body before I get the kids packed up for school.

Kate Chisholm, headteacher at Skerne Park Academy, Darlington, wrote to all parents imploring them to “dress appropriately” in day wear. “I have noticed there has been an increasing tendency for parents to escort children to and from school while still wearing their pajamas and, on occasion, even slippers,” reads the note The Telegraph managed to get a copy of. “Could I please ask that when you are escorting your children, you take the time to dress appropriately in day wear that is suitable for the weather conditions?”

No. No you cannot.

Source: Principal Asks Parents To ‘Take The Time To Get Dressed’ For Drop Off Scary Mommy

Offensive lineman John Urschel starting PhD at MIT – Business Insider

John Urschel

I am in absolute awe of this.

Continuing to show he is one of the more unusual (and impressive) players in the NFL, Baltimore Ravens offensive lineman John Urschel announced via Twitter his plan to start his Ph.D. in mathematics at the Massachusetts Institute of Technology this year, ESPN reported.

Put another way, the 24-year-old, 305-pound lineman got into the No. 1 ranked graduate school for mathematics, all while having a full-time job in a field other than math.

Source: Offensive lineman John Urschel starting PhD at MIT – Business Insider

Google Search Console fail

Google gets it wrong

I got a helpful email from Google today (and, yes, I checked the headers. It is indeed from Google), alerting me that my blog is apparently running a version of WordPress which is five years old. This is news to me since I regularly update WordPress (currently on version 4.4). I’m not sure how the all-knowing Goog got fooled into thinking I haven’t updated my blog platform for five years. It’s a rare miss for this ubiquitous search company.

What to do During an Electrical Outage

After an extended power outage during a winter storm, your heat pump refrigerant will be sluggish when the power finally returns. To avoid damage, you should run your unit on supplementary (or emergency) heat for the first few hours. Not doing so could damage your heat pump.

Also note that in older neighborhoods, the sudden demand for electric power might cause power quality issues that might also damage your heat pump.

If your home is equipped with an electric heat pump, special care is needed when turning the unit on after an extended outage. It takes a period of time for the lubricant in the refrigerant to warm-up. This is approximately one and one-half hours per ton of cooling capacity. This could vary from brand to brand and a call to your dealer could prevent problems. During this compressor warm up time you should use the supplemental or emergency resistance heating elements of the heat pump to heat the home.

Source: What to do During an Electrical Outage