Opsec, Who Needs It?

This article from Sophos’ Naked Security shows some incredible failures of opsec “because it just kept getting used.” Unfortunately for the US and its agents, it didn’t take long to find the moles. That’s due in large part to what one former official called an “elementary system” of internet-based communications – one that was never meant to stand up to sophisticated counterintelligence efforts such as those of China or Iran, let alone one that should have been entrusted with the extremely sensitive communications between the CIA and its sources. [Read More]

Speeding Up BeautifulSoup With Large XML Files

A while back I built a small web app to parse one of our system configuration files because the application’s interface doesn’t have a search function (yeah, it’s that bad…). It worked OK, but over time slowed down as the XML file grew to 2.5MB and ~10k lines. The slow part was definitely BeautifulSoup’s parsing step, but it took a little poking to work out why. At this stage it was taking over 20 seconds to handle the file. [Read More]

Huawei Config Files

Huawei configuration file decryption turns out to be quite easy. It’s just XML in AES-CBC Setting Value Key 3E4F5612EF64305955D543B0AE350880 IV 8049E91025A6B54876C3B4868090D3FC Mode CBC CyberChef is super easy for this Dump the file in, get XML back out! To encrypt ready for usage, just reverse the step. Or if you’re stupidly lazy, click here Tested on B593s-22 References https://www. [Read More]

Eurotrip, the beginning

A long time in planning, it’s finally here - EuroTrip 2018! The rough explanation is 37 days away, nearly two weeks in Iceland, then the rest doing a lap of Eastern Europe. Being from Australia, we can’t just do a merry jaunt to Europe, hence the extended plans. The flights were… as to be expected. Brisbane to London via Singapore, with a six hour stopover. I sleep on my stomach typically, so I just don’t sleep on flights. [Read More]

Getting HEAD

Crass, I know, but it’s part of my charm. We run load balancers for our proxies and we need to monitor they’re working, so we make requests through them out to the internet. I was doing some checking one day on “top utilization by user” and found that the monitoring account had been… rather hungry. Turns out, we were doing a full GET request to two news sites, for every time a proxy appeared in a load balancing pool, from each of the load balancers. [Read More]

DNS Caching

I really love watching the statistics as one makes a change for the better, and collecting the visualistaions is a bit of a hobby for me. This is the graph of active connections on one of our edge appliances. It carries all client internet traffic and also load balances DNS resolution for clients. It was an incredible drop in traffic - over half the active connections on the appliance - and the response time went from ~150ms to ~1ms for repeat requests. [Read More]

Technical Debt

The human body is a perfect example of unresolved technical debt leading to issues. I have a problem where if I eat too quick, my food gets stuck in a spot in the bottom of my throat near my voicebox. Because I’m a giant, it doesn’t choke me straight up - it just makes it really hard to breathe and I can kinda manage it until I get a drink. [Read More]

Popper's Paradox

Popper’s paradox: The paradox of tolerance was described by Karl Popper in 1945. The paradox states that if a society is tolerant without limit, their ability to be tolerant will eventually be seized or destroyed by the intolerant. Popper came to the seemingly paradoxical conclusion that in order to maintain a tolerant society, the society must be intolerant of intolerance. I learned this one as part of a post about Alex Jones on Daring Fireball. [Read More]

OpenSSL CA Trust Weirdness

I’ve been having problems since I installed my own build of OpenSSL - I wanted to be able to use SSL2/3 for testing and some weird ciphers, and the build on Ubuntu wasn’t playing nice. wget and ansible have been giving me grief about SSL trust, and I finally got annoyed enough to sort it out. I knew wget --ca-certificate=/etc/ssl/certs/ca-certificate.crt https://yaleman.org worked, so it wasn’t the certificate store itself. Searching the internet for “wget ssl trust” or “openssl ca trust” is just a waste of time - you might as well search for “cat pictures”. [Read More]

Splunk search head peering authentication issues

I was running up a new set of clustered search heads the other day and ran into some issues with one of the nodes talking to the indexer which stored the data. Unable to distribute to peer named INDEXER.example.com at uri=INDEXER.example.com:8089 using the uri-scheme=https because peer has status="Down". I proved that I could telnet from the search head to the index server on 8089 and could connect successfully, also searches at the same time from other nodes work fine, so it wasn’t actually a connectivity issue. [Read More]