OpenPGP Encryption on All the Things (Linux Box, Gmail, iPhone)

So I stopped being lazy and have encryption implemented across all of my devices. Now, I have a 4096-bit RSA OpenPGP key, The Chrome extension Mailvelope is handling Gmail encryption, Thunderbird and Enigmail are configured on the Linux box, and IPGMail is setup for the same on my iPhone.

For the record I’m not worried about Edward Snowden and the NSA. Governments are going to do what they need to do. And sadly, I don’t really generate much, if any, content really worthy of encryption. Most of us don’t and frankly that’s why we’re collectively lazy. I’m just trying to learn more, better manage my personal security and make it easier and safer for people in less-free places (as many Blogs of War readers are) to contact me.

Hak5 – Email Encryption for Everyone – Using Mailvelope



This is actually a pretty good primer (no pun intended) on PGP for the moderately technical. There are a lot of ways to implement encryption but the Hak5 crew smartly recommends Mailvelope which I use on Chrome. Mailvelope makes implementing encryption about as painless as possible and is ideal for those new to process. If you’ve been thinking about encrypting your communications this is a great place to start.

Anyway, now you have no excuse for putting this off. Set aside a few minutes to watch the video, install the Mailvelope extension and create your key. You will then be able to grab my public key on the contact page and send me an encrypted email.

Dual Booting: Linux Mint 15 “Olivia” Cinnamon Edition Installed

 
I ran Linux exclusively for several years up until 2010 or so when I bought a Windows 7 box. The Windows box is reasonably secure and generally less annoying than previous versions of Windows so I kept the OS around. Plus, I’ve sort of needed access to Windows for a few things.

Anyway, I’ve missed Linux. It still has it’s annoyances but they’re few and far between and it’s a great platform for easy and free access to a ton of security, networking, and programming tools. That’s why I finally set aside the time to install it tonight.

Installation was straightforward and painless – as most Linux installs are these days. Everything worked out of the box and I was able to install some of my favorite applications and configure it to my liking in just a few minutes. Not much has changed since I’ve left. That’s good.

You can download Linux Mint here.

Malicious Software and its Underground Economy: Two Sides to Every Story



I thought I’d missed the deadline for this course (it started a week ago) but was able to register today. I’m super excited about this one. Dr Lorenzo Cavallaro (@lcavallaro) with the University of London is teaching.

About the Course
Cybercrime has become both more widespread and harder to battle. Researchers and anecdotal experience show that the cybercrime scene is becoming increasingly organized and consolidated, with strong links also to traditional criminal networks. Modern attacks are indeed stealthy and often profit oriented.

Malicious software (malware) is the traditional way in which cybercriminals infect user and enterprise hosts to gain access to their private, financial, and intellectual property data. Once stolen, such information can enable more sophisticated attacks, generate illegal revenue, and allow for cyber-espionage.

By mixing a practical, hands-on approach with the theory and techniques behind the scene, the course discusses the current academic and underground research in the field, trying to answer the foremost question about malware and underground economy, namely, “Should we care?”.

Students will learn how traditional and mobile malware work, how they are analyzed and detected, peering through the underground ecosystem that drives this profitable but illegal business. Understanding how malware operates is of paramount importance to form knowledgeable experts, teachers, researchers, and practitioners able to fight back. Besides, it allows us to gather intimate knowledge of the systems and the threats, which is a necessary step to successfully devise novel, effective, and practical mitigation techniques.

I should be able to catch up over the weekend. Here is week one’s reading:

“BotMiner: Clustering Analysis of Network Traffic for Protocol- and Structure-Independent Botnet Detection”
Guofei Gu, Roberto Perdisci, Junjie Zhang, and Wenke Lee
USENIX Security Symposium, 2008

“Mining the Network Behavior of Bots”
Lorenzo Cavallaro, Christopher Kruegel, and Giovanni Vigna
Technical Report 2009-12, Department of Computer Science, University of California, Santa Barbara (UCSB), Jul 2009

“Behavioral Clustering of HTTP-Based Malware and Signature Generation Using Malicious Network Traces”
Roberto Perdisci, Wenke Lee, and Nick Feamster
USENIX NSDI 2010

“From Throw-Away Traffic to Bots: Detecting the Rise of DGA-Based Malware”
Manos Antonakakis, Roberto Perdisci, Yacin Nadji, Nikolaos Vasiloglou, Saeed Abu-Nimeh, Wenke Lee, David Dagon
USENIX Security Symposium, 2012

Another Online Class: Social Network Analysis with Lada Adamic



I do quite a lot of this but I am entirely self-taught. Once again a little formal instruction can’t hurt. Right? This Coursera signature track class is being taught by Lada Adamic (@ladamic) of the University of Michigan. The class has it’s own Twitter account too – @SNAcourse. The details:

About the Course
Everything is connected: people, information, events and places, all the more so with the advent of online social media. A practical way of making sense of the tangle of connections is to analyze them as networks. In this course you will learn about the structure and evolution of networks, drawing on knowledge from disciplines as diverse as sociology, mathematics, computer science, economics, and physics. Online interactive demonstrations and hands-on analysis of real-world data sets will focus on a range of tasks: from identifying important nodes in the network, to detecting communities, to tracing information diffusion and opinion formation.

Course Syllabus
Week 1: What are networks and what use is it to study them?
Concepts: nodes, edges, adjacency matrix, one and two-mode networks, node degree
Activity: Upload a social network (e.g. your Facebook social network into Gephi and visualize it ).

Week 2: Random network models: Erdos-Renyi and Barabasi-Albert
Concepts: connected components, giant component, average shortest path, diameter, breadth-first search, preferential attachment
Activities: Create random networks, calculate component distribution, average shortest path, evaluate impact of structure on ability of information to diffuse

Week 3: Network centrality
Concepts: betweenness, closeness, eigenvector centrality (+ PageRank), network centralization
Activities: calculate and interpret node centrality for real-world networks (your Facebook graph, the Enron corporate email network, Twitter networks, etc.)

Week 4: Community
Concepts: clustering, community structure, modularity, overlapping communities
Activities: detect and interpret disjoint and overlapping communities in a variety of networks (scientific collaborations, political blogs, cooking ingredients, etc.)

Week 5: Small world network models, optimization, strategic network formation and search
Concepts: small worlds, geographic networks, decentralized search
Activity: Evaluate whether several real-world networks exhibit small world properties, simulate decentralized search on different topologies, evaluate effect of small-world topology on information diffusion.

Week 6: Contagion, opinion formation, coordination and cooperation
Concepts: simple contagion, threshold models, opinion formation
Activity: Evaluate via simulation the impact of network structure on the above processes

Week 7: Cool and unusual applications of SNA
Hidalgo et al. : Predicting economic development using product space networks (which countries produce which products)
Ahn et al., and Teng et al.: Learning about cooking from ingredient and flavor networks
Lusseau et al.: Social networks of dolphins
others TBD
Activity: hands-on exploration of these networks using concepts learned earlier in the course

Week 8: SNA and online social networks
Concepts: how services such as Facebook, LinkedIn, Twitter, CouchSurfing, etc. are using SNA to understand their users and improve their functionality
Activity: read recent research by and based on these services and learn how SNA concepts were applied

I’ll update once it starts in October.

Metadata: Organizing and Discovering Information



I just registered for Metadata: Organizing and Discovering Information. It’s an eight week online course offered by The University of North Carolina at Chapel Hill through Coursera. I’m pretty comfortable with Metadata concepts and I’ve consumed quite a bit of it in my projects but a slightly more formal education might be helpful.

About the Course
If you use nearly any digital technology, you make use of metadata. Use an ATM today? You interacted with metadata about your account. Searched for songs in iTunes or Spotify? You used metadata about those songs. We use and even create metadata constantly, but we rarely realize it. Metadata — or data about data — describes real and digital objects, so that those objects may be organized now and found later.

Metadata is a tool that enables the information age functions performed by humans as well as those performed by computers. Metadata is important to many fields, particularly Computer Science; but this course is not purely a Computer Science course. This course approaches Metadata from the perspective of Information Science, which is a broad interdisciplinary field that studies how people create and manage information.

Course Syllabus
Unit 1: Organizing Information
Unit 2: Dublin Core
Unit 3: How to Build a Metadata Schema
Unit 4: Alphabet Soup: Metadata Schemas That You (Will) Know and Love
Unit 5: Metadata for the Web
Unit 6: Metadata for Networks
Unit 7: How to Create Metadata
Unit 8: How to Evaluate Metadata

The class starts in September. I’ll post updates as it progresses.

Video: 7 Summits Dedications for Alzheimer’s



So much attention is paid to the climbs (yes I know that’s the idea) but it took Alan years of hard work to pull this campaign together. It didn’t help that he had to pitch it to once company after another in the midst of a severe economic downturn. It looked pretty bleak at times, almost all of the time actually, but Alan tackled the challenge like a true mountaineer – unwaveringly putting one foot in front of the other until he reached his goal. Ida would have been very proud.

I highly recommend his site, it’s how I found my way to this sport, and you can follow him on Twitter too.

Training Update

I just wrapped up a complete month in the gym. I’m very happy with that but I’m even happier that my foot is healing well. I’m at 100% in the gym and pain isn’t an issue. I don’t know how well I’d do on a ten or twenty mile hike but I plan to add some of those into the training mix in January or February.

The routine right now is pretty basic – 45 minutes on the treadmill and about 18 ten rep sets of weights per night. I’m doing that 5 nights per week with Friday and Saturday being rest days. The epic stair climbs probably won’t be back in the mix for another 2 months or so. I want to make sure my foot is completely healed before putting that much stress on it.

The diet is also going extremely well. It’s also pretty basic – chicken, fish, turkey, and veggies make up the bulk of my diet. I don’t bother with low fat or fat free alternatives with the exception of fat free Greek yogurt which I eat almost daily. I’m probably averaging 1500 calories a day, often a little less, rarely a little more. On Saturday I can cheat a little at dinner but for the most part I haven’t. I’m down about 25 pounds and I’ve added some muscle so this is working well.

Search and Rescue on Quandry Peak

Via Alan Arnette comes Daniel Dunn’s account of a SAR operation on Quandary Peak is an excellent read. I don’t know how he managed to capture the essence of climbing in such a short piece but he did:

This particular edge is all funky, rocks going everywhere, it’s off-angle and not clean at all. There is no jumping off involved, it’s more of a belly slide/crawl maneuver, but then I feel my weight being totally on the rope, and I’m hanging. And from here, for me at least, I’m almost on auto pilot. I’m so focused, so involved in the moment, that nothing else matters. I don’t think about the elevation, the drizzle that has started back up, the work that I didn’t do today, the lack of a girlfriend, or any of the other crap in my life. I think about the rock in front of me, keeping my left hand up, and my feet out straight. There is nothing else right now. Ultimate focus.

Colin Dinsmore (red jacket) and Shawn Gorea, set up anchor to lower the missing hikers off a ledge. They are on a pinnacle where the exposure on three sides ranges from 100 to 200 feet, which would most likely result in death should they fall. And then I’m on flat ground, that’s it. About 60 seconds and 200 feet straight down. I call up on the radio, “Off belay”, look up and give the thumbs up. I’m good. Wow! that was incredible, and exactly why I love being high in the mountains. It’s this whole Zen Buddhism thing, being totally committed to the moment, being right here, right now. It’s awesome.

Climbing is, or can be, what a Zen Master friend of mine once referred to as “single minded practice”. Which reminds me of the koan she gave me before one of my climbs:

Who Walks? Never give up until you get the answer….then follow that.

That’s a valid question at any elevation but altitude, physical effort, and a little exposure can sure bring it into focus quickly.