Bitcoin and crime

I just came across this old screenshot from from the FT.

Alex Stamos made a similar point on the Risky Biz podcast recently. I am paraphrasing but he was stating the obvious point that a substantial amount of Bitcoin’s value is based on ransomware and other cycbercrime.

Patrick Grey also made a good point in the Zane Lacky episode that the explosion in infosec interest really started with Lulzsec. I tend to agree. At least, it was what pushed me from general security interest into making it a career interest.



Pi-hole is a little open source Linux-based DNS ad blocker that you run on your network to soak up all the ad junk before it hits your browser.

I tried it in a VM and was amazed at the speed difference it made despite the fact I already have uBlock Origin installed in my browsers.

I decided to get a Raspberry Pi 3 from Amazon (the starter kit with Pi, case, micro usb, and power cord). I had Pi-hole installed and configured within a few minutes and it works beautifully. The speed gains are very noticeable.

I strongly recommend this, and encourage anyone who uses it to support the project.

Some conspiracies are real

In the 90’s I used to believe any and all conspiracy theories were utter rubbish. Over the years my confidence in my hard skeptic position has diminished.

The first knock came when Echelon turned out to be true. I was told about it by a drunken colleague at British Telecom a few years before it was publicly revealed. The same person also told me about the Five Eyes intelligence agencies tapping the core internet trunks, something Snowden confirmed nearly 20 years later.

Another knock came from the realization that the 40 year war on dietary fat turned out to be misguided at best, if not criminally negligent.

The book and later film the Merchants of Doubt exposed the unbelievable scale and boldness of the industrial disinformation campaigns waged against us all.

Recently I witnessed an anti-conspiracy staple take a fatal hit. “Conspiracies cannot be real because people cannot keep secrets”. I used to believe this until I was involved in the recent Specter and Meltdown response. For months, hundreds of not thousands of security professionals across the industry worked together – conspired – in total secrecy, to patch all major operating systems against the vulnerabilities.

Now it seems like every week I am hearing about conspiracy theories that turn out to be true.

Today the “baby powder causes cancer” conspiracy theorists appear to have been right. Reuters has revealed that the company did indeed find asbestos in some of its talk products as far back as 1971. I can remember dismissing that one too.

There are two good books that address this topic.

William Dershowitz on Multitasking

“Multitasking, in short, is not only not thinking, it impairs your ability to think. Thinking means concentrating on one thing long enough to develop an idea about it. Not learning other people’s ideas, or memorizing a body of information, however much those may sometimes be useful. Developing your own ideas. In short, thinking for yourself. You simply cannot do that in bursts of 20 seconds at a time, constantly interrupted by Facebook messages or Twitter tweets, or fiddling with your iPod, or watching something on YouTube.

I find for myself that my first thought is never my best thought. My first thought is always someone else’s; it’s always what I’ve already heard about the subject, always the conventional wisdom. It’s only by concentrating, sticking to the question, being patient, letting all the parts of my mind come into play, that I arrive at an original idea. By giving my brain a chance to make associations, draw connections, take me by surprise. And often even that idea doesn’t turn out to be very good. I need time to think about it, too, to make mistakes and recognize them, to make false starts and correct them, to outlast my impulses, to defeat my desire to declare the job done and move on to the next thing”