#just my op onion obvs | Explore Tumblr Posts and Blogs

lovemesomesurveys · 4 years

Text

What color... Are your second best friend's eyes? -- Is your math binder? I’m done with school. Is your English teacher's hair? ^^^ Is your bathrobe? I don’t have one. Was the shirt of the last person you spoke to? Black.

Was the shirt of the last person you kissed? I don’t remember, it was years ago. Is the kind of jam in the fridge? Purple; it’s grape jelly. Is your MSN font? I don’t use MSN, never have. Is that even still a thing? Is your bathtub? White. Are the socks you're wearing? White. Is your home phone? Black. Is your cellphone? Coral. Is the last pair of earrings you wore? Rose gold. Is the hallway walls? White. Is your alarm clock? I use an app on my phone, which like I said is coral. Is your favorite book? I have way too many favorites to choose. Is your dream house? Hm. I’m not sure what color I’d want my dream house to be. I always think about the interior. Is your dream boyfriend/girlfriend's car? *shrug* I wouldn’t care. Is your computor chair? I don’t have one, I go on my laptop on my bed. Is your tightest shirt? Uh, I don’t have any tight shirts. Is your tighest pair of pants? Most of my jeans are dark wash (dark blue), with the exception of a pair of black jeans. Is/was your school mascot? I’m not sharing that. Nails does the last girl you laughed with have? Burgundy. Are your pets? Tan, white, black. Is your bzoink profile? I don’t have one. Is/was your locker? Never had one. Is your most itchy and uncomfortable sweater? I don’t own any itchy and uncomfortable sweaters, only comfortable ones. Is the frame your favorite picture is in? Black. Is your favorite CD case? I don’t have any CDs. Do you... Enjoy your job? I don’t have a job. Find shyness attractive? It can be cute. Have someone to call your own? No. Drink at least one glass of Pepsi every day? No. I don’t drink soda anymore (except the bit I drink with my medicine cause I have to crush my pills and I mix it with soda). I used to drink soda everyday for a long time, but it was Coke or Dr. Pepper mostly. Swoon over accents? Some are attractive. Use violence to get your own way? Never. Smoke cigarettes? No. Keep track of all the things you need to do? I sometimes make a list or set reminders if needed. Spend too much money on makeup? I haven’t bought any makeup in like 3 years. Spend too much money on books? No. I use Kindle Unlimited, which is a subscription service that gives access to a shitload of books for a low monthly price, but I’m on my mom’s account. Get everything you want? No. Prefer guys with hair or bald? With. Say 'obvi'? I sometimes say “obvs.” Read books about vampires? I was into the whole Twilight phase back in the day when the books were coming out. Know anyone who is trying to have a baby? I don’t know, maybe. Treat customers at your work nice? Have dark eyes? Yeah. Have bright eyes? No. Have a display picture of only yourself on facebook? Yeah. Aspire to look/be like Paris Hilton? No. Listen to music or watch TV more? I watch more TV. Have a display picture on bzoink? I don’t have Bzoink. Sleep during class? I never did that. Have the guts to shave your head for cancer? I would donate money to a cancer research charity. Have more then four piercings? Nope. Have a lot of money on you right now? No. Know anyone who is anorexic? No. Talk on the phone or MSN more? Neither. Go online shopping? Yeah. That’s how I’ve done all my shopping in recent years. What's the best... Kind of cookie? Sugar or shortbread. Location to have a romantic kiss? I don't know. It's not so much about the setting, really. It's moreso how it's done and how the person comes onto you. <<< Yeah, it could take place anywhere. Although, I do think it’d be cute to share a kiss at the beach with the sunset behind us or a cute photo op at Disneyland. Location to have a romantic date? Somewhere cozy or like overlooking the ocean. Veggie in salad? Spinach and green onions. Sickness to pretend to have when faking sick? I never had to pretend cause I actually felt sick often enough, but I do admit to exaggerating or milking it a few times :X Way to sit on a couch? Uhh sometimes with my legs to the side or “criss cross applesauce” lol whatever you want to call it. Outfit to wear on a date? I’d go with a nice pair of jeans and a cute, dressy top. Junk food to have at a sleepover? Pizza and chips. Way to get your mind of someone? I’ve always had a hard time with that.

Salad dressing? Ranch. Kind of shoes to wear to the beach? My usual sneakers/tennis shoes/whatever you wanna call ‘em. I never, ever wear sandals, flip flops, or any kind of open toed shoe, so. Way to get over somebody? It takes me a long time, but it just starts to ease up over time, really. One day turns to two, then a week turns to weeks, a month to months, etc. Time keeps going and it just starts to get easier eventually. Especially if you don’t see or talk to them anymore. Fruit in fruit salad? I don’t eat fruit salads. Way to propose to someone? I don’t plan on getting married or having that happen for me, but I gotta admit the cheesy, kinda over the top ones can be cute. Music to listen to if you're sad? Sad, relatable music. Thing to do when you're staying up all night? Scroll through Tumblr, surveys, watch YouTube/listen to ASMR. Way to cheer someone up? Try to do something they enjoy, maybe get some food or something, and help take their mind off whatever. Well, unless they want to talk about it. Book to read on a rainy day? Whatever I happened to feel like reading. I wouldn’t choose a certain type of book because it was raining. Time to go to bed? My norm this year has become like 7 or 8AM for some awful reason. Today it’s already 820AM and here I am... Time to wake up at? Lately, I’ve been getting up after 3PM, sometimes after 4PM. Party makeup? I didn’t have party makeup. Way to get someone to like you? Ha, I’m definitely not the one to ask. Thing to sleep on? (Other then a bed) Uh, but beds are the best thing to sleep on. Way to do your hair when having a bad hair day? My hair is always just up in a bun. Video game to play all night when you can't sleep? I used to do that with The Sims, but it’s been a couple years since I last played. Now I play Animal Crossing for a bit, but mostly I’m just scrolling through Tumblr, doing surveys, and watching YouTube. Girly movie? I have several favorite “chick flicks.” Joke to tell? I love punny jokes. Movie to watch when you're in the mood for something scary? Oooh there’s so many to choose from. It would just depend on what I felt like watching. Way to show someone you love them? Telling them of course, but showing them is very important as well. Spend time with them, make their favorite meal, surprise them with something they like, do something with them that they enjoy, write them sweet little notes, etc.

#personal #text #survey #surveys

2 notes · View notes

shirlleycoyle · 5 years

Text

A Roundtable of Hackers Dissects ‘Mr. Robot’ Season 4 Episode 1: ‘Unauthorized’

It’s been one year, nine months, and 23 days since the sizzling season 3 finale of Mr. Robot, and the show is back for its last season.

This week, we discussed [SPOILERS, obvs] the probability of getting an envelope with a ringing dumb phone with a hacker on the other end of the line, dead man’s switches, hacking cameras at Grand Central Station, and honeypot houses. (The chat transcript has been edited for brevity, clarity, and chronology.) This week’s team of experts include:

Emma Best: a former hacker and current journalist and transparency advocate with a specialty in counterintelligence and national security.

Bill Budington: a long-time activist, security trainer, and a Senior Staff Technologist at the Electronic Frontier Foundation.

Jason Hernandez: Solutions Architect for Bishop Fox, an offensive security firm. He also does research into surveillance technology and has presented work on aerial surveillance.

Harlo Holmes: Director of Digital Security at Freedom of the Press Foundation.

Micah Lee: a technologist with a focus on operational security, source protection, privacy and cryptography, as well as Director of Information Security at The Intercept.

Freddy Martinez: a technologist and public records expert. He serves as a Director for the Chicago-based Lucy Parsons Labs.

Matt Mitchell: a hacker and Director of Digital Safety & Privacy at Tactical Tech. He founded cryptoharlem, which aims to teach basic cryptography tools in the inner city.

Christina Morillo: a New York City-based information security and technology professional working as an information protector on Microsoft’s cloud & engineering security team.

Zachary Julian: Security Associate at the security consulting firm Bishop Fox.

Freddy and His Package

Yael: Are there instances where you get a package with a ringing phone, or is that just in TV/the movies? Like has that happened in real life?

Harlo: I don’t know about in real life, but this is a thing in Black Mirror, and American Vandal.

Micah: For it to happen, Elliot would have had to be tracking the package and waiting outside the building to know exactly when to make the call. Which he was.

Emma: If the phone had GPS enabled, Elliot could have tracked it and known when it arrived, assuming there wasn't already a webcam compromised in there. Elliot also could have been listening in through the phone’s microphone in real-time. He hears the phone arrive. Hangs up. Dials back.

Bill: I'm assuming Elliot had either delivery confirmation or a GPS unit to know when the phone and video was delivered.

Micah: I don't think he would have needed GPS. He could have just watched delivery person enter the building with the package, and as soon as they left the building made the call.

Emma: True, Micah. Even simpler, he had an in-progress call to the phone going.

Jason: There are Android apps that will trigger sending a text or whatever when they're in proximity to a given Wi-Fi access point or at a certain latitude / longitude. It's pretty simple to set up.

Matt: Tasker app does this.

Harlo: It doesn't seem to be Android. It's a dumb phone (probably a Tracfone or something similar). So it's likely Elliot has it tracked via… maybe skip tracing?

Bill: Yeah, it looked like a dumb burner phone.

Micah: I think it was like a pay-with-cash Tracfone, which is the smart way to do it anonymously anyway.

Freddy: The simplest explanation is that he had someone else watching him and tracking the dude and reporting back.

Yael: What's a Tracfone?

Harlo: It's a brand of pay-as-you-go phones you can buy from pharmacies, 7-11s and other places. it has only mobile text and voice; no data.

Micah: It’s just one of several types of cheap phones you can purchase at corner stores in cash. You don't need ID or credit card or anything, and they have fairly cheap options with old flip phones, even today.

Matt: Buying a Tracfone with cash, buying service for it with cash, and then not talking when you call the service number to set it up is a pretty anonymous way to get a U.S. cell phone.

Harlo: I agree with Emma that the easiest way might be keeping a live call on during delivery, then listening for the pick-up. Or having actual surveillance on the office. Or maybe even tapping into any video surveillance on premises.

Yael: He had access to Freddy’s screen too, right?

Bill: I don't think he had access to the screen… maybe he just saw via binoculars that he was watching the video.

Yael: Okay so flash forward to the call. So then Mr. Robot/Elliot is trying to get Freddy to click on a phishing link (which he thought was ransomware, but it wasn’t)—and to copy the .pst file in his inbox to the thumb drive. How does that work?

Micah: Since Freddy was copying the .pst file himself, and not the malware, my guess is clicking the phishing link was simply to get malware on the law firm's network for future use.

Harlo: Maybe this is either 1) a diversion for the IT admin to not notice the immediate export/download of an employee’s entire inbox, or 2) one of those things where you gotta hack the admin to complete the exploit.

Zach: It seems like the malicious link was just to provide an excuse as to why the inbox was compromised.

Freddy: If he had network access, he would just dump the active directory [a Windows service that controls access to shared resources on a network, like user logins and credentials], but the point of the plot was to incriminate the lawyer. It wasn’t about getting the emails. It was about incrimination.

Jason: Owning active directory usually takes a while and it can be kind of a hassle.

Micah: Elliot did need the emails to find all the banking details he needed.

Harlo: But if you want to hide your involvement, you're also pinning it on the mark who "clicked a link, oops totally not an orchestrated op by Mr. Robot."

Freddy: The way to get the emails isn’t really how you would do it if you already have malware on the network.

Micah: PST files are an Outlook inbox. A lot of the big email leaks that get reported on start out as a PST file. He was using a cool tool to import them and search through them, "Expansion Inbox," which I've never heard of.

Yael: So shout out to Iceweasel! We saw it on Elliot’s laptop on the train.

Bill: Debian's Iceweasel had resolved its naming issues with mainline Firefox in early 2016 but remember this is still in late 2015. So they're staying true to the time period.

Yael: Is Iceweasel like an open source Firefox? Wait, isn't Firefox open source?

Micah: Firefox is open source, but there was a trademark conflict for use of the "Firefox" name and logo inside Debian. Debian handled it by just renaming it to Iceweasel and providing their own logo.

Dead Man’s Switch

Yael: Elliot said he could get the videos to send to Freddy’s kids and the FBI… like a dead man's switch…

Micah: OnionShare has a dead man's switch feature. You can set a time in the future to start sharing files, and it gives you the Tor onion address right away. It wouldn't work for this exact use case, but you could, for example, tweet an onion address and a date, and if you don't manually close OnionShare before that date, it automatically starts sharing whatever data you want.

Emma: A dead man's switch would be super easy to set up. Have a couple of computers running a check every 10 minutes on a data file, see if it's been 24 hours yet. If it has, send the emails. If not, check again in 10 minutes. The email doesn't have to have the data, just a key and instructions on how to access it. The data can be anywhere. Elliot could check in with infected machines via a command and control system and reset the clock in the data file. The data could be stashed on some random server. The email to the FBI could contain the target’s IP address, user/password and decryption key. The files would be too large to just send to the FBI directly, and if they were forcibly dropped on an FBI system, they wouldn't touch it. But of course, Elliot didn't need a dead man's switch. He just needed the mark to believe he had one.

Bill: I mean I don't think Elliot really wants Freddy to formally do something incriminating, it would be easy enough to frame Freddy, and Elliot doesn't care about laws. Maybe he just didn't have time to code the malware that would do all this email-copying for him. After all, he mentions to Mr. Robot that they only had two weeks to prepare for this target.

Harlo: Two weeks, and everybody's on drugs, so subpar performances all around.

Yael: Haha so much coke.

Freddy: Lawyers reading this chat: please don’t do illegal drugs.

Bill: Clearly you've never been in a 1980s law firm before.

Yael: It’s… not illegal if you don’t get caught?

Harlo: ALSO, it WAS SENT as a DVD. Which he left in the player. So the FBI will see the evidence when they go to his office anyway.

Zach: Perhaps Elliot was expecting him to clean up the evidence instead of killing himself ¯\_(ツ)_/¯. I think eventually it would become public that this law firm's emails were compromised, and Elliot/Mr. Robot needed a plausible excuse in place about why that happened to take the heat off of them.

Image Credit: Micah Lee

Grand Central Station

Bill: I like how Elliot mentioned to Freddy to turn off and leave behind anything "with an on/off switch"—but Elliot forgot about the fact that an RFID ping can also be used to determine location.

Harlo: It’s Bluetooth, actually!

Yael: I saw the Bluetooth symbol.

Bill: So is it actually Bluetooth? I mean, cheap RFID cards might have that symbol anyway.

Jason: Most access cards don't support Bluetooth, but you can buy access cards that include Bluetooth low energy (BTLE) beacons. They're a little more expensive and I wouldn't expect a law firm with what looks like kind of cheap IT and security to go for them, but they exist (about $10/unit on Alibaba).

Emma: It could be both RFID and Bluetooth. The presence of a Bluetooth connection is annoyingly used as a layer of security verification by some systems. -_-

Jason: Yeah, the cards I found have RFID and BTLE.

Image: USA

Zach: It’s interesting he left all electronics behind to go to the station, but I assume he would still be trackable through Tracfone pings to the cell towers.

Yael: Even with a dumbphone.

Zach: Those phones will still ping the cell towers.

Emma: That's not super precise, though.

Yael: Yes, it still pings but is not as precise, at least according to Serial podcast season 1.

Jason: You have to consider the setup time to follow a brand-new mobile phone with a fresh IMEI [device serial number] and IMSI [user identifier].

Micah: Those phones still ping cell phone towers, but I don't see how Dark Army would know which IMSI to try tracking in crowded NYC, assuming they had no idea about this phone thing ahead of time.

Bill: You could use something as simple as this Bluefruit LE sniffer to triangulate the location of the badge.

Jason: There are a lot of apps that scan Bluetooth for navigation. there's even one by Amtrak that is designed to help you navigate Penn Station (it might also support Grand Central now). if you had access to an ad network that fed back Bluetooth MAC addresses within range, you could get pretty accurate tracking.

Yael: How did Elliot get eyes inside Grand Central Station? Did he hack into a surveillance camera or something?

Zach: Seems that way.

Harlo: With an app that I think is made-for-TV. I can’t find it. CamSec Pro? Anybody? But I guess it's worth noting for the audience that, you don't have to restrict your Kali Linux setup to what comes pre-installed. You can totes outfit your Kali USB with persistence [preserving the filesystem instead of wiping everything every time the OS shuts down] and other cool things.

Fred: It’s movie magic for sure, most of those networks require some kind of VPN access and username / password. Hard to believe it’s hacked that quickly.

Jason: There are plenty of internet connected cameras with default credentials.

Micah: I would assume he pre-hacked the Grand Central Station cameras in anticipation of this operation, so he could have spent a few days on it.

Freddy: But to be able to get that level of access and to be able to move PTZ (pan-tilt-zoom) you would need access to the network operations center (NOC) for Grand Central.

Jason: A lot of these cameras are administered through simple web apps that might not be particularly locked down, even the pan-tilt-zoom controls.

Harlo: What if it were 2015/16? What exploits would we have used? Like, any NOC web app exploits that have been long since patched?

Zach: I saw this online from 2006: stationary Bluetooth devices throughout Grand Central Station. Something like that could be exploited by the Dark Army for Bluetooth tracking.

Bill: Who knows, there could be networks that don't advertise with beacon packets that are protected only with WEP [a weak and outdated security protocol for WiFi networks] or something that can be easily cracked. And the cameras often don't have any authentication layer at all, since it's assumed that the network will provide the security layer. I've seen a lot of these in stores, access points that don't send beacon packets but have devices authenticated with them.

Zach: I think IRL, though, the Bluetooth tracking would be difficult to set up. Either stationary devices in advance or some sooper-leet mass phone ownage to turn their devices into trackers, similar to FSociety's FBI hack. I would think the webcams in Grand Central Station are secure but honestly, who knows. That may be the most realistic part of this scene. Like Bill says, it could be a hidden Wi-Fi network secured with WEP and a bunch of security cameras.

Yael: I guess no cameras on the train that Elliot has evil Freddy meet him at?

Christina: I found that super odd. Like cameras everywhere but there, hmm.

Micah: Maybe there were cameras on the train. Elliot did have his hood up; maybe he didn't care.

Jason: Cameras on the train might not be internet-connected, if they exist. You'd have to figure out the network backhaul for that and it would be expensive and tricky (lots of dead zones in cellular coverage) for limited benefit.

Honeypot Houses

Yael: Did Mossack Fonseca have a distress signal/honeypot house where they torture people? How realistic is this?

Emma: As realistic as a hostile actor wants it to be. Formations House (#29 Leaks) wouldn't have. Some of their clients would, though.

Micah: I don't think it was a Mossack Fonseca-like company with the honeypot house, I think it was more like the Dark Army with one.

Yael: Hmm, do we know any IRL cases where people had a honeypot house? I guess they've kept them secret…

Harlo: Whitey Bulger.

Emma: The mob. Escobar, I think.

Micah: It would be really expensive to run a honeypot house. Like, even just having a normal house is expensive.

Bill: Well, when you own the world's currency it turns out you can buy a building in Manhattan.

Yael: With e-coin.

Emma: Well, the building would have served more purposes. It's fake addresses and mailing points. It's full of safe houses and temp housing. It has no prying eyes.

Yael: I know people have owned buildings for sketchy things but I'm not familiar with the process to get folks there via social engineering as opposed to, like, brute force. Do we know any IRL cases where people had a honeypot house? I guess they've kept them secret…

Christina: No but Jay-Z had a stash house on State Street, Brooklyn.

Harlo: Trump Foundation; I’m just throwing it out there.

Yael: I mean there was that newspaper that owned a bar in the greatest act of undercover reporting of all time…

Harlo: Something I dig about the honeypot house: cellular dead zone. Essentially a SCIF.

Emma: That can be done with the right paint, or even tape. DoD used to have its own special tape that could basically Faraday any surface. Make sure radio signals can't penetrate, soundproof, all panels secure. Often it has entrances guarded. It's usually in a government building of some sort, but Rockefeller had one in his barn IIRC.

Yael: “This doesn't feel right! The building is owned by E-Corp!" (Jump, Elliot, jump!)

Christina: Or like, don’t fucking go in, Elliot.

Bill: They couldn't get out the window. That's why you should Always Carry A Bat.

Harlo: Or a tactical pen?

Yael: And a ladder!

Harlo: Oh also, Christian Slater says something like "be careful, you're on the owner's Wi-Fi," which… hey hackerman: turn your radios off when not in use.

Micah: Did you all notice that at the end, when the Dark Army people were forcing Elliot to overdose, that he has a very old school rotary phone?

Harlo: IT'S A CLASSIC WHITEROSE FLOSS MOVE.

Micah: Man, in season 1 they were all like, "Let's get the Dark Army to help us with the China data center backups," and by season 4 I think they're understanding that was probably a bad call.

A Roundtable of Hackers Dissects ‘Mr. Robot’ Season 4 Episode 1: ‘Unauthorized’ syndicated from https://triviaqaweb.wordpress.com/feed/

0 notes