ating discussion on topics that the public may have difficulty even asking.
PirateBox is also beneficial in that it encourages tinkering and exploration. Users who deploy a PirateBox may look for ways to improve the project or to find alternatives that better fit their use case scenario. Can I improve connectivity by adding new antennas? Deploying more devices? Adding a method to support different types of encryption for different layers of use? All of these questions could come up and users might look for answers.
Privacy
Internet surveillance is a topic that raises serious concern for both law enforcement as well as citizenry. The public perception of law enforcement is that they should be able to solve crimes, stop crimes, resolve issues after crimes have occurred, and do all of this without ever making a mistake or causing an issue. They must also do all of this without ever glancing at anything that others have done or posted online and must respect the privacy of all peoples but must also stop terrorists from conducting attacks and organizing online. Internet based surveillance is not going away and will continue to grow thanks to the number of always connected online enabled devices that exist in homes and on persons nearly everywhere.
Some individuals seem to believe that they have a right to privacy when they share their information because there is a continued notion that companies like Facebook, Twitter, or Reddit have your best interests. This is false. These companies use you as a product that they distill, condense, package, and sell for a profit while expecting you to constantly produce content for them to data mine. Every thing you upload to the internet through these companies should be considered compromised by every government, institution, group, and person on this planet.
PirateBox removes you from the digital data mining circle and encourages you to develop your own methods of communication. You can operate independently of these companies and are encouraged to do so. If you wish to use a device in a manner in which only people you trust are allowed to communicate with you, you can.
Open Standards
Open Source is not Free Software. Richard Stallman states that open source software is released as a practical advantage that does not campaign for principles. Free software respects a users ability to run it, study it, change it, and to redistribute copies with or without changes. Open Standards are the policies and technology that exist in a non-proprietary manner while allowing any other device to be able to communicate if they too share in those open standards.
So does PirateBox profess to be free software friendly? No. It is an open source project that exists to use open standards. This means that devices that include proprietary drivers could potentially function. Is this good or bad? Neither. It is an ideology and a design choice based on practicality. PirateBox does not appear to be approved as Free Software Foundation friendly.
You can search for yourself at the FSF Directory.
Development
Development of the PirateBox is done using Github. The PirateBox teams keeps a large number of repositories available for your perusal and their website has excellent documentation on how to locate their projects. I recommend reviewing their development repositories to build your knowledge of how the device works, how to improve on it, and how to deploy your changes.
Deployment
Deployment of the PirateBox provides infinite possibilities. You can pretend to be a spy, setup a mesh LAN for your neighborhood, or provide an intranet for use during an emergency. The PirateBox is an awesome tool.
Dead Drops
Emergency Operations
Meetups
Dead Drops
The PirateBox allows for anonymous communication and file transfers between multiple parties. You can also use the device for chat or as a forum. This behavior is independent of the internet and does not require anything beyond normal WIFI networking tools to function. An individual could setup a PirateBox at a location, leave it connected to a battery
PirateBox is also beneficial in that it encourages tinkering and exploration. Users who deploy a PirateBox may look for ways to improve the project or to find alternatives that better fit their use case scenario. Can I improve connectivity by adding new antennas? Deploying more devices? Adding a method to support different types of encryption for different layers of use? All of these questions could come up and users might look for answers.
Privacy
Internet surveillance is a topic that raises serious concern for both law enforcement as well as citizenry. The public perception of law enforcement is that they should be able to solve crimes, stop crimes, resolve issues after crimes have occurred, and do all of this without ever making a mistake or causing an issue. They must also do all of this without ever glancing at anything that others have done or posted online and must respect the privacy of all peoples but must also stop terrorists from conducting attacks and organizing online. Internet based surveillance is not going away and will continue to grow thanks to the number of always connected online enabled devices that exist in homes and on persons nearly everywhere.
Some individuals seem to believe that they have a right to privacy when they share their information because there is a continued notion that companies like Facebook, Twitter, or Reddit have your best interests. This is false. These companies use you as a product that they distill, condense, package, and sell for a profit while expecting you to constantly produce content for them to data mine. Every thing you upload to the internet through these companies should be considered compromised by every government, institution, group, and person on this planet.
PirateBox removes you from the digital data mining circle and encourages you to develop your own methods of communication. You can operate independently of these companies and are encouraged to do so. If you wish to use a device in a manner in which only people you trust are allowed to communicate with you, you can.
Open Standards
Open Source is not Free Software. Richard Stallman states that open source software is released as a practical advantage that does not campaign for principles. Free software respects a users ability to run it, study it, change it, and to redistribute copies with or without changes. Open Standards are the policies and technology that exist in a non-proprietary manner while allowing any other device to be able to communicate if they too share in those open standards.
So does PirateBox profess to be free software friendly? No. It is an open source project that exists to use open standards. This means that devices that include proprietary drivers could potentially function. Is this good or bad? Neither. It is an ideology and a design choice based on practicality. PirateBox does not appear to be approved as Free Software Foundation friendly.
You can search for yourself at the FSF Directory.
Development
Development of the PirateBox is done using Github. The PirateBox teams keeps a large number of repositories available for your perusal and their website has excellent documentation on how to locate their projects. I recommend reviewing their development repositories to build your knowledge of how the device works, how to improve on it, and how to deploy your changes.
Deployment
Deployment of the PirateBox provides infinite possibilities. You can pretend to be a spy, setup a mesh LAN for your neighborhood, or provide an intranet for use during an emergency. The PirateBox is an awesome tool.
Dead Drops
Emergency Operations
Meetups
Dead Drops
The PirateBox allows for anonymous communication and file transfers between multiple parties. You can also use the device for chat or as a forum. This behavior is independent of the internet and does not require anything beyond normal WIFI networking tools to function. An individual could setup a PirateBox at a location, leave it connected to a battery
or other form of power, and allow individuals passing by to communicate with the device and leave messages or other data at their leisure that could be later retrieved.
Emergency Operations
The very nature of an emergency invariably means that the normal situation is no more and we may require tools like the PirateBox to communicate in a grid down or grid damaged event. Shelter standup could be conducted when there is no access to the internet and a tool like the PirateBox could be deployed to allow communication locally. Minor changes to the PirateBox could be made to provide an announcements tool allowing users to connect and view information being posted by emergency management personnel. This could include scheduling, orders, or lists of casualties updated in real time. The PirateBox can be upgraded to provide an amazing connection capability.
Meetups
The PirateBox could also be a fun tool to stand up during meetings or conventions. You can deploy the device and see who finds it and what they do with it. The very nature of the PirateBox will encourage interaction and sharing. Will someone attempt to upload malware? Photos of their pets? Or will they use it to spread discord or chaos? No way to know until you stand one up and wait and see what happens.
Answers
A mesh network is a method by which infrastructure is deployed to allow bridges, switches, and other devices to communicate directly and non-hierarchically as possible with each other.
A mesh network can be deployed during an emergency to allow computers and other devices to communicate with each other over a wireless connection when the grid is damaged or otherwise unavailable.
The PirateBox is an anonymous offline mobile file-sharing and communications system that can be deployed using off-the-shelf hardware and free software.
The PirateBox provides an image board as well as file sharing.
Conclusion
A mesh network is a vital tool for off grid communication and provides a promising base for developing a local method of communication that is divorced from standard infrastructure. Mesh networking is a defense against the control exerted by centralized resources and their decision on what you may or may not do with the internet.
Projects like the PirateBox can be privacy respecting as is claimed in the goals of the project itself. These projects are often intended to help individuals who are interested in removing themselves from the Facebook, Google, and Ad powered ecosystem that most people are beholden to.
You as a user have an opportunity to contribute to a free internet by adding mesh networking to your equipment or gear bag. You can use battery powered Raspberry PI based devices as well as other alternatives to create and distribute a powerful network that can host any number of files. Contribute to a free internet by building a free internet.
Final Recommendations
Choose *nix.
Build or join a mesh network.
Network and build relationships in real life locally.
Develop your equipment and gear.
Choose freedom.
Emergency Operations
The very nature of an emergency invariably means that the normal situation is no more and we may require tools like the PirateBox to communicate in a grid down or grid damaged event. Shelter standup could be conducted when there is no access to the internet and a tool like the PirateBox could be deployed to allow communication locally. Minor changes to the PirateBox could be made to provide an announcements tool allowing users to connect and view information being posted by emergency management personnel. This could include scheduling, orders, or lists of casualties updated in real time. The PirateBox can be upgraded to provide an amazing connection capability.
Meetups
The PirateBox could also be a fun tool to stand up during meetings or conventions. You can deploy the device and see who finds it and what they do with it. The very nature of the PirateBox will encourage interaction and sharing. Will someone attempt to upload malware? Photos of their pets? Or will they use it to spread discord or chaos? No way to know until you stand one up and wait and see what happens.
Answers
A mesh network is a method by which infrastructure is deployed to allow bridges, switches, and other devices to communicate directly and non-hierarchically as possible with each other.
A mesh network can be deployed during an emergency to allow computers and other devices to communicate with each other over a wireless connection when the grid is damaged or otherwise unavailable.
The PirateBox is an anonymous offline mobile file-sharing and communications system that can be deployed using off-the-shelf hardware and free software.
The PirateBox provides an image board as well as file sharing.
Conclusion
A mesh network is a vital tool for off grid communication and provides a promising base for developing a local method of communication that is divorced from standard infrastructure. Mesh networking is a defense against the control exerted by centralized resources and their decision on what you may or may not do with the internet.
Projects like the PirateBox can be privacy respecting as is claimed in the goals of the project itself. These projects are often intended to help individuals who are interested in removing themselves from the Facebook, Google, and Ad powered ecosystem that most people are beholden to.
You as a user have an opportunity to contribute to a free internet by adding mesh networking to your equipment or gear bag. You can use battery powered Raspberry PI based devices as well as other alternatives to create and distribute a powerful network that can host any number of files. Contribute to a free internet by building a free internet.
Final Recommendations
Choose *nix.
Build or join a mesh network.
Network and build relationships in real life locally.
Develop your equipment and gear.
Choose freedom.
Hacked Networks Will Need to be Burned 'Down to the Ground'
http://feedproxy.google.com/~r/Securityweek/~3/pgUAl_uZYFw/hacked-networks-will-need-be-burned-down-ground
It’s going to take months to kick elite hackers widely believed to be Russian (https://www.securityweek.com/pompeo-blames-russia-massive-us-cyberattack) out of the U.S. government networks they have been quietly rifling through since as far back as March in Washington’s worst cyberespionage failure on record.
read more (https://www.securityweek.com/hacked-networks-will-need-be-burned-down-ground)
http://feedproxy.google.com/~r/Securityweek/~3/pgUAl_uZYFw/hacked-networks-will-need-be-burned-down-ground
It’s going to take months to kick elite hackers widely believed to be Russian (https://www.securityweek.com/pompeo-blames-russia-massive-us-cyberattack) out of the U.S. government networks they have been quietly rifling through since as far back as March in Washington’s worst cyberespionage failure on record.
read more (https://www.securityweek.com/hacked-networks-will-need-be-burned-down-ground)
Securityweek
Hacked Networks Will Need to be Burned 'Down to the Ground' | SecurityWeek.Com
Experts say it’s going to take months to kick elite hackers widely believed to be Russian out of U.S. government networks, after a complex supply chain attack allowed access to thousands of organizations.
Trump Downplays Russia in First Comments on Cyberattack
http://feedproxy.google.com/~r/Securityweek/~3/Fp9-Xqyhs2w/trump-downplays-russia-first-comments-cyberattack
Contradicting his secretary of state and other top officials, President Donald Trump on Saturday suggested without evidence that China — not Russia — may be behind the cyberattack against the United States and tried to minimized its impact.
read more (https://www.securityweek.com/trump-downplays-russia-first-comments-cyberattack)
http://feedproxy.google.com/~r/Securityweek/~3/Fp9-Xqyhs2w/trump-downplays-russia-first-comments-cyberattack
Contradicting his secretary of state and other top officials, President Donald Trump on Saturday suggested without evidence that China — not Russia — may be behind the cyberattack against the United States and tried to minimized its impact.
read more (https://www.securityweek.com/trump-downplays-russia-first-comments-cyberattack)
Securityweek
Trump Downplays Russia in First Comments on Cyberattack | SecurityWeek.Com
Contradicting his secretary of state and other top officials, President Donald Trump suggested without evidence that China — not Russia — may be behind recent cyberattacks against the United States
Cybersecurity experts 'freaking out' about SolarWinds cyberattack - Business Insider Business Insider
https://www.businessinsider.com/cybersecurity-experts-freaking-out-solarwinds-russia-hack-2020-12
https://www.businessinsider.com/cybersecurity-experts-freaking-out-solarwinds-russia-hack-2020-12
Business Insider
Security experts are 'freaking out' about how foreign hackers carried out the 'most pristine espionage effort' in modern history…
"This could just be the tip of the iceberg," said a former NSA analyst. "No one had a solution to preventing an attack like this and here we are."
Why Strong Cybersecurity is a Must-Have for Hospitals and Health Systems Now Security Boulevard
https://securityboulevard.com/2020/12/why-strong-cybersecurity-is-a-must-have-for-hospitals-and-health-systems-now/
https://securityboulevard.com/2020/12/why-strong-cybersecurity-is-a-must-have-for-hospitals-and-health-systems-now/
Security Boulevard
Why Strong Cybersecurity is a Must-Have for Hospitals and Health Systems Now - Security Boulevard
More than a year ago, we wrote about the increased need for better cybersecurity in the healthcare sector. What a difference a year makes. Hospitals are particularly vulnerable right now as they struggle to provide patient care during the course of COVID…
CISA Issues ICS Advisory for New Vulnerabilities in Treck TCP/IP Stack
http://feedproxy.google.com/~r/Securityweek/~3/XqBVnvG31-Q/cisa-issues-ics-advisory-new-vulnerabilities-treck-tcpip-stack
Security updates available for the Treck TCP/IP stack address two critical vulnerabilities leading to remote code execution or denial-of-service. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an advisory to warn organizations using industrial control systems (ICS) about the risks posed by these flaws.
read more (https://www.securityweek.com/cisa-issues-ics-advisory-new-vulnerabilities-treck-tcpip-stack)
http://feedproxy.google.com/~r/Securityweek/~3/XqBVnvG31-Q/cisa-issues-ics-advisory-new-vulnerabilities-treck-tcpip-stack
Security updates available for the Treck TCP/IP stack address two critical vulnerabilities leading to remote code execution or denial-of-service. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an advisory to warn organizations using industrial control systems (ICS) about the risks posed by these flaws.
read more (https://www.securityweek.com/cisa-issues-ics-advisory-new-vulnerabilities-treck-tcpip-stack)
Securityweek
CISA Issues ICS Advisory for New Vulnerabilities in Treck TCP/IP Stack | SecurityWeek.Com
The Treck TCP/IP stack is affected by two newly disclosed critical vulnerabilities leading to code execution and denial of service.
US Treasury officials’ Email Accounts Hacked by the Threat Actors Behind SolarWinds Attack
https://gbhackers.com/solarwinds-cyberattack/
https://gbhackers.com/solarwinds-cyberattack/
GBHackers On Security
US Treasury officials’ Email Accounts Hacked by the Threat Actors Behind SolarWinds Attack
Last week we had reported that SolarWinds was subject to a massive cyberattack and it had left the data of many organizations.
Last week we had reported that SolarWinds was subject to a massive cyberattack and it had left the data of many organizations and government departments exposed and at stake. The fallout continues as earlier this week US Senator Ron Wyden said that dozens of US Treasury email accounts were compromised. Both the US Treasury Department […]
The post US Treasury officials’ Email Accounts Hacked by the Threat Actors Behind SolarWinds Attack (https://gbhackers.com/solarwinds-cyberattack/) appeared first on GBHackers On Security (https://gbhackers.com/).
The post US Treasury officials’ Email Accounts Hacked by the Threat Actors Behind SolarWinds Attack (https://gbhackers.com/solarwinds-cyberattack/) appeared first on GBHackers On Security (https://gbhackers.com/).
GBHackers On Security
US Treasury officials’ Email Accounts Hacked by the Threat Actors Behind SolarWinds Attack
Last week we had reported that SolarWinds was subject to a massive cyberattack and it had left the data of many organizations.
Watcher : Open Source Cybersecurity Threat Hunting Platform
https://kalilinuxtutorials.com/watcher/
Watcher is a Django & React JS automated platform for discovering new potentially cybersecurity threats targeting your organization. It should be used on webservers and available on Docker. Watcher Capabilities Detect emerging vulnerability, malware using social network & other RSS sources (www.cert.ssi.gouv.fr, www.cert.europa.eu, www.us-cert.gov, www.cyber.gov.au…). Detect Keywords in pastebin & in other IT content exchange […]
The post Watcher : Open Source Cybersecurity Threat Hunting Platform (https://kalilinuxtutorials.com/watcher/) appeared first on Kali Linux Tutorials (https://kalilinuxtutorials.com/).
https://kalilinuxtutorials.com/watcher/
Watcher is a Django & React JS automated platform for discovering new potentially cybersecurity threats targeting your organization. It should be used on webservers and available on Docker. Watcher Capabilities Detect emerging vulnerability, malware using social network & other RSS sources (www.cert.ssi.gouv.fr, www.cert.europa.eu, www.us-cert.gov, www.cyber.gov.au…). Detect Keywords in pastebin & in other IT content exchange […]
The post Watcher : Open Source Cybersecurity Threat Hunting Platform (https://kalilinuxtutorials.com/watcher/) appeared first on Kali Linux Tutorials (https://kalilinuxtutorials.com/).
Kali Linux Tutorials
Watcher : Open Source Cybersecurity Threat Hunting Platform
Watcher is a Django & React JS automated platform for discovering new potentially cybersecurity threats targeting your organization.
New Zero-Day, Malware Indicate Second Group May Have Targeted SolarWinds
http://feedproxy.google.com/~r/Securityweek/~3/eGKsmuuNy2A/new-zero-day-malware-indicate-second-group-may-have-targeted-solarwinds
A piece of malware named by researchers Supernova and a zero-day vulnerability exploited to deliver this malware indicate that SolarWinds may have been targeted by a second, unrelated threat actor.
read more (https://www.securityweek.com/new-zero-day-malware-indicate-second-group-may-have-targeted-solarwinds)
http://feedproxy.google.com/~r/Securityweek/~3/eGKsmuuNy2A/new-zero-day-malware-indicate-second-group-may-have-targeted-solarwinds
A piece of malware named by researchers Supernova and a zero-day vulnerability exploited to deliver this malware indicate that SolarWinds may have been targeted by a second, unrelated threat actor.
read more (https://www.securityweek.com/new-zero-day-malware-indicate-second-group-may-have-targeted-solarwinds)
Securityweek
New Zero-Day, Malware Indicate Second Group May Have Targeted SolarWinds | SecurityWeek.Com
A piece of malware named Supernova and a zero-day vulnerability exploited to deliver this malware indicate that SolarWinds may have been targeted by a second, unrelated threat actor.
SolarWinds Hackers Aimed to Access Victim Cloud Assets after deploying the Solorigate Backdoor
https://gbhackers.com/solarsinds-targets-cloud-assets/
https://gbhackers.com/solarsinds-targets-cloud-assets/
GBHackers On Security
SolarWinds Hackers Aimed to Access Victim Cloud Assets
Microsoft security researchers have continued to investigate Solorigate which caused supply chain compromise and cloud accounts.
Microsoft security researchers have continued to investigate Solorigate which caused supply chain compromise and the subsequent compromise of cloud assets and have said that the ultimate ambition of the compromise was to pivot to the victims’ cloud assets after deploying the Sunburst/Solorigate backdoor on their local networks. What is Solorigate attack chain? The Solorigate attack […]
The post SolarWinds Hackers Aimed to Access Victim Cloud Assets after deploying the Solorigate Backdoor (https://gbhackers.com/solarsinds-targets-cloud-assets/) appeared first on GBHackers On Security (https://gbhackers.com/).
The post SolarWinds Hackers Aimed to Access Victim Cloud Assets after deploying the Solorigate Backdoor (https://gbhackers.com/solarsinds-targets-cloud-assets/) appeared first on GBHackers On Security (https://gbhackers.com/).
GBHackers On Security
SolarWinds Hackers Aimed to Access Victim Cloud Assets
Microsoft security researchers have continued to investigate Solorigate which caused supply chain compromise and cloud accounts.
Mobile Endpoint Security: Still the Crack in the Enterprise's Cyber Armor
https://www.darkreading.com/mobile/mobile-endpoint-security-still-the-crack-in-the-enterprises-cyber-armor/a/d-id/1339642?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple
A combination of best practices and best-in-class technology will help keep your enterprise from falling victim to ever-growing threats.
https://www.darkreading.com/mobile/mobile-endpoint-security-still-the-crack-in-the-enterprises-cyber-armor/a/d-id/1339642?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple
A combination of best practices and best-in-class technology will help keep your enterprise from falling victim to ever-growing threats.
Dark Reading
Mobile Endpoint Security: Still the Crack in the Enterprise's Cyber Armor
A combination of best practices and best-in-class technology will help keep your enterprise from falling victim to ever-growing threats.
Linux To Report MIPS Vulnerabilities But They Often Go Unreported Or Dead Vendors
https://www.phoronix.com/scan.php?page=news_item&px=Linux-MIPS-Vulnerabilities
https://www.phoronix.com/scan.php?page=news_item&px=Linux-MIPS-Vulnerabilities
Phoronix
Linux To Report MIPS Vulnerabilities But They Often Go Unreported Or Dead Vendors - Phoronix
Phoronix is the leading technology website for Linux hardware reviews, open-source news, Linux benchmarks, open-source benchmarks, and computer hardware tests.
Backdoor account discovered in more than 100,000 Zyxel firewalls, VPN gateways | ZDNet
https://www.zdnet.com/article/backdoor-account-discovered-in-more-than-100000-zyxel-firewalls-vpn-gateways/
https://www.zdnet.com/article/backdoor-account-discovered-in-more-than-100000-zyxel-firewalls-vpn-gateways/
ZDNET
Backdoor account discovered in more than 100,000 Zyxel firewalls, VPN gateways
The username and password (zyfwp/PrOw!aN_fXp) were visible in one of the Zyxel firmware binaries.
Congressman Langevin says NDAA important for cybersecurity WJAR
https://turnto10.com/news/local/congressman-langevin-says-ndaa-important-for-cybersecurity
https://turnto10.com/news/local/congressman-langevin-says-ndaa-important-for-cybersecurity
WJAR
Congressman Langevin says NDAA important for cybersecurity
President-elect Joe Biden will soon be identifying the nation’s first Senate-confirmed national cyber director after Congress overrode President Donald Trump’s veto on the National Defense Authorization Act. “This bill is so important to our national security…