close
Skip to main content
packscott u/packscott avatar

packscott

u/packscott

Overview Posts Comments
Feed options
Hot
New
Top
View
Card
Compact
My Keybase proof [reddit:packscott = keybase:scottpack] (NzB83dnVPfY9aZlNKo-jCkw6o1UwNmBIK6mLo3f7rXE)
Image
r/KeybaseProofs
My Keybase proof [reddit:packscott = keybase:scottpack] (NzB83dnVPfY9aZlNKo-jCkw6o1UwNmBIK6mLo3f7rXE)

Keybase proof

I hereby claim:

  • I am packscott on reddit.

  • I am scottpack on keybase.

  • I have a public key whose fingerprint is 42FE CAFE F755 2033 3325 4FE4 090F 0515 BE37 E20A

To claim this, I am signing this object: 

{
    "body": {
        "key": {
            "fingerprint": "42fecafef755203333254fe4090f0515be37e20a",
            "host": "keybase.io",
            "key_id": "090f0515be37e20a",
            "uid": "83a3eb081b944a2d141cc3b727b60d00",
            "username": "scottpack"
        },
        "service": {
            "name": "reddit",
            "username": "packscott"
        },
        "type": "web_service_binding",
        "version": 1
    },
    "ctime": 1412987446,
    "expire_in": 157680000,
    "prev": "37e4116ef32980e69f0afdea554d9ba7e88921a55fcff0371444c6f54bdcf135",
    "seqno": 15,
    "tag": "signature"
}

with the PGP key whose fingerprint is 42FE CAFE F755 2033 3325 4FE4 090F 0515 BE37 E20A (captured above as body.key.fingerprint), yielding the PGP signature: 

-----BEGIN PGP MESSAGE-----
Version: Keybase OpenPGP v1.1.3
Comment: https://keybase.io/crypto

yMHYAnicO8LLzMDF+N/65GLVbreLjKcPvC1lCLGoMqtWSspPqVSyqlbKTgVTaZl5
6alFBUWZeSVKVkomRmmpyYlpqWnmpqZGBsZAYGRqkpZqYmBpkGZgamialGpsnmpk
kKiko5SRXwzSATQmKbE4VS8zHygG5MRnpgBFsagvBUtYGCcapyYZWBgmWZqYJBql
GJoYJicbJ5kbmSeZGaQYGIAUFqcW5SXmpgJVFyfnl5QUJCZnK9XqKAGFyzKTU0GO
hkoXpaakZJagagGpBmsDaSmpLACJlacmxUN1xydl5qUAvQzUVJZaVJyZn6dkZQhU
mVySCdIOdI6RpYW5iYmZjlJqRUFmUWp8JkiFqbmZhQEQ6CgVFKWWAY0EesvE0NAs
Nc0YqN4g1cwyzSAxLSU10dTUJMUyKdE81cLC0sgQyE1LTkszMDY3NDExSTZLMzVJ
SklOMzQ2VQL5pzAvH2Q20J2J6SDfZqbnJZaUFqUq1R46EMPCwMjFwMbKBIo1Bi5O
AVhcppez/7NlN7NSmMJkkVDd139LsvLsn8DQORtnluilmnXnvCi6lt6mNbk1buKV
i8nfbq7rYetZutn0oftS1avxIWVCRziP1cct2idol833S+a5i25b2pbyE/0pSw45
RjQxO4q//3/DZXnw3cjzh+Y/WPjBgZVviST3ou6GXuazaTmbv1/+FXMx4kTCm01L
ulbI72HUWHvolnCBfZBsjInE6QsrF1zt/qp9zOHYjNOT/cwmHXld9My8e8aHjeLh
tWYqk97qfvGZdKh/i0LM27aZ7ttqvn1XrprT0FEg3vHZWrzodMi6uoB9Wn+Z/0Ur
B08PL95VP+dUSNaCpcqTs/5znJZ8OI+9nefp9+eTzVhLtgenvAUACZMUsQ==
=bBxt
-----END PGP MESSAGE-----

And finally, I am proving ownership of the reddit account by posting this on the subreddit KeybaseProofs.

My publicly-auditable identity:

https://keybase.io/scottpack

To join me:

After a day of posting this and completing the proof, I'll be granted invitations to Keybase. Let me know if you would like access to the alpha.

r/athensohio

Suspicious White Powder Mailed to WUSOC (Office of Ohio University's OIT)

packscott
commented

As someone whose office is about 100 feet down the hall from Legal Affairs I was surprised at how localized the reaction was.

Image
r/sysadmin

HIPPA Compliance

packscott
commented

That's usually where I recommend starting too. They're good standards, and much easier to start with rather than building your own from scratch.

r/athensohio

The Athens police department is asking to spend $17,000 on a device that can read all of your phone information including call history, deleted phone data, text messages, contacts, images, and GPS data. How do you feel about this?

packscott
commented

At the risk of totally nerding out let me speak as someone who does computer forensics professionally.

Forensics equipment, and software, is always pretty silly expensive. Part of it is that the vendors often send their product out for 3rd party verification so that any evidence discovered using their can be court admissible. Part of it is that we're dealing with a fairly niche field that has low sale volume. Part of it is that in order to collect evidence there is an insane number of adapters and connectors involved. If we only look at hard drives there are at least 6 different connectors currently in use, at least a dozen if we go back 10 years. Then you have things like flash drives, CD/DVDs, tape backups, etc. Often, in order to be court admissible, one requires special equipment to be used so we can't just plug a flash drive directly into a computer. So in the case of a flash drive expect to pay about $300 for a device like this Tableau T35u.

The mobile device forensics equipment is even more specialized. The gear I've worked with comes with:

  • a Faraday bag (think a portable wifi/cellular dead zone)

  • the collection device that you plug the phone into

  • a 2'x2'x3' case of various adapters and attachments (this one worked with around a hundred models of phones and tablets)

  • the software that allowed you to perform the analysis

The Faraday bag is required because, in order to demonstrate sanctity of the work, the phone cannot be allowed to connect to any cellular towers, wifi hotspots, bluetooth devices, etc. Similarly, the collection device is specially designed to prevent the examiner from making any changes to the phone or tablet. Either event would contaminate the evidence and possibly result in it being thrown out.

At the end of the day, particularly with the mobile device equipment, we're talking about a hefty bit of physical gear included in the purchase and a big beefy piece of software. Based on forensics pricing the 17k price tag seems not entirely unreasonable. Compare that to the cost of outsourcing where $200/hr is considered quite reasonable and the simplest cases can require a minimum of 4 person hours. I generally assume 20 person hours for a typical case; that estimate includes gathering the evidence, setting up the collection, doing the analysis, and writing the report.

TL;DR; I can't speak to whether or not the police do enough investigations involving mobile devices to warrant the cost. I also don't know what they bought, but the price isn't necessarily unreasonable.

Image
r/sysadmin

Solving NFS Mounts at Boot Time

packscott
replied to WesleyNonapeptide

Agreed. RHEL6 still uses the old school SysV init structure, which is a sequential order of events.

It is possible that the netfs service is running by default, which would take care of it. My practices, and recommendations, are to disable nearly all the services at provision time and then use a configuration management system to enable those that are actually in use. That means that if netfs is enabled by distro default, it would be disabled by default in my environment.

The other option, that other guys, have pointed out is to use autofs. Which is fine for a desktop system, but pretty not good for a server.

r/AskNetsec

Help with Nessus initializing?

packscott
replied to grimjr50

When I get stuck on a problem I go soundboard it against the guy whose office is next to mine. After years of doing this stuff you wouldn't believe how stupid some of it sounds coming out of my mouth.

Another thing to keep in mind is that sometimes the plugin database can get a little wonky. If it looks like your plugins aren't updating, or are throwing out errors in the nessusd.messages log, you can try rebuilding it. Stop the service, make sure no instances of nessusd are running, and run 'nessusd -R'.

r/AskNetsec

Help with Nessus initializing?

packscott
commented

That set of logs is pretty typical of the nessusd daemon starting and being ready to run. Have you registered it with a plugin feed code? Did you get any errors? If you log into the web interface and click on the 'Help and Support' button on the top right hand side of the screen that will give you information about what plugin feed type you are, version numbers, etc. Also the timestamp of the plugin set you have. If it's not recent (i.e. from the last day or so) then something's wrong with updating. Otherwise, based on what you're showing us, it should be good to go.