___ _ _ / \/\/\ __ _ __| | /\ /\__ _| |_ _ __ / /\ / \ / _` |/ _` |/ /_/ / _` | __| '__| / /_// /\/\ \ (_| | (_| / __ / (_| | |_| | /___,'\/ \/\__,_|\__,_\/ /_/ \__,_|\__|_| On SDF #Cyber "Pandemic", ramifications and what will survive 07-21-2024 On Saturday, we had a group of friends over for a BBQ dinner - despite being the guest of honor, I was stuck cooking. This past week was interesting because I worked (had worked in one) in two fields that had expertise in both IT and kinetic (physical) security. In the kinetic field, I worked both in the military and in personal protection services (PPS). For the PPS training, I was fortunate enough to go do a course with John C. Desmedt, a retired USSS SAC who handled training for the Secret Service during the 80's and 90's. John was still spry and very fit - a life long martial artist, when I attended his course years ago, so I learned alot from this very famous instructor. So, as the situation in Penn state unfolded, my family and friends reached out for opinions. Other than the official story didn't really make sense, I had nothing additional to offer that could not be found on Youtube. My only public observation on this event is just exactly what I shared, it does not make sense based on my own work experience. I'll leave it up to the reader to do their own research. This is a hot topic that I do not desire to discuss on SDF. ##Bigger Issues More so of interest to me was the field that I the most experience in, IT. I do love kinetic security, however I'm getting up there despite my fitness level and to be honest, unless you get a contract in a war zone, kinetic security does not pay as well. While local politics do affect a good portion of the US, cyber events impact the entire world. Thursday into Friday proved this much to be true. Crowd Strike ended up pushing a .sys file that BSOD'd agents on remote computers and on dedicated sensors. As best as I heard in a stakeholder meeting with their own CTO, it was a relatively easy fix and that they 'apologized'. Still their screw up affected alot of people. Also, during this time, 'actors' were exploiting the moment to get command and control componets onto systems. This aspect was not as publically discussed. Fortunately, my organizational did not use Crowd Strike, but any flight plans I had, were to be cancelled - so we ended up having a BBQ this weekend. For everyone else that had to deal with this mess, my condolances - I know it has been tough. ##Just one file One file brought down the internet - well atleast portions of it. When my wife found that the news was saturated with information about the attack and wanted to know why we were still online. Firstly, we do not use Crowd Strike at home, and second, despite an airgapped security system that I've yet to port over to ZoneMinder, nothing we use at home has Windows. Nothing. I've never trusted Microsoft, I was working in the field with the '_NSAKEY' was discovered in Windows NT. Despite ALOT of speculation, someone did do the time to reverse engineer the keys being called and there may have been more to the story than we'll ever know. Still, Microsoft denied it. So, I assured my wife, we only use BSD, LINUX and Macs at home - the 'mobile' devices are all on custom security roms - for the most part, we control our own security. With my recent 'adventures into Plan9', I've toyed with deploying 9Front meshed devices onto our home network to start handling security sensors on the property. This is an aspect of computing that Plan9 handles well. ##What about Windows To be fair, my wife already told me the guests were going to ask me about the Crowd Strike situation. Halfway through the evening, they did do exactly that - so I explored the situation with them. I answered their questions first by asking a question 'Do you use Windows?'. To my surprise, most did and I was equally surprised when they asked if I did. As stated above, despit one laptop I do not own (my work computer), only one of my systems had Windows - and it does not talk to the internet. However, everyone there, outside of my wife, used Windows or an Android phone (google). The topic of Cyber Polygon, the coming 'cyber pandemic' and all the threats coming out of the WEF came up as well. Yeah, it's a thing, so we discussed it. My concern with European crats is that when they talk about stuff, it usually happens. I'm not saying it's a conspiracy, but it does seem rather odd that they have a nearly biblical record for predicting the future. If such things are true, then Windows would not be the operating system I would want to be using in a 'cyber pandemic', neither would I want to be on an Google Android phone. I like Android purely because it was based on LINUX, but it's not really LINUX as we know it - so using that as a phone's OS is not my idea of security. Even of late, I've been toying with the idea to get a purely LINUX phone - and I really have come to believe that even GrapheneOS doesn't count. LINUX has it's own problems and in my opinion, it's not going to be the 'safe haven' people expect during a 'cyber pandemic'. There are too many CVE's out there for LINUX, with Red Hat being the worse offender. In the past we could have relied on LINUX to be a good back up OS, those days have passed. Still it is far better than Windows. As darth vader like Eurocrats are threatening that we will not be able to even use our computers and phones, it would prudent to believe them - just saying. ##E tu, BSD? So, in the minors, far in the backfield, we have BSD. A few years ago, it would have been difficult to suggest BSD as a possible daily driver for anyone that did not work in our field. I say 'our field' because if you are reading this article, you got here by either a gemini / gopher client or via a shell with those compatiblities. Also, I would wager you also have a firm grasp of BSD. Some of you may also being using Plan 9 or 9Front. You either run that OS, a Mac or even BeOS. Your phone is most likely an iOS or some hacked up version of Android. Regardless, you aren't in the baseline of society. You are different. Just understand, we do not see the world the same as the muggles. So is there an 'ark' for the masses. I doubt it. If there was an 'ark' we could suggest, only FreeBSD or it's friendly fork, GhostBSD, would fit the bill. There really aren't alot better choices. Still, there some hope in such operating systems like Haiku. Haiku has really come of age in recent years. From what I've seen, the OS is somewhat friendly and intuitive. I've not messed with it, I guess I should. Still for those that want some type of solution to keep up and running during 'zee-Scyber Panzdemic', these OS'es offer some hope to provide continuity. The reason I say this is because in the game of 'economy of scale', it's not worth any threat actor's time to focus on these systems. Windows would be the main focus - period. Linux and Android a close second. Compare the code base of Debian now to what it used to be. 2 Billion lines of code on a base install. Now, look at 9Front - it works - if you take the time to understand what it can and can't do; and it does all that with only 100,000 lines of code. Security issues can be located easier in 100k lines of code, comparted to 2 Bil llion lines. No one knows how large Windows is, but it's going to be far north of Debian. And I do not know enough to speculate on MacOS/iOS. ###Where to now At home, we've been looking at Pfsense and DD-WRT to handle our routing and firewall needs, again, with Pfsense, we are talking BSD. This brings me back to my guests, will they heed my suggestions. More importantly, will they take the time? There are solutions out there now ... So what happens when it 'occurs'. Being in fear is not a good time to 'learn' something new. Ff kinetic security taught me anything, it's that people default to what they actually know, not what they want to know. There is no 'movie epic' rise to the occassion where someone sudden says 'I know Kung-Fu' (as if getting an instant download like Neo in the Matrix). If I could add anything to this converstation, it would be now is the time to learn - the shot over the bow has occurred, if this is something that concerns you, your friends or family, then now is the time to switch into these systems. Sure if true, we are going to see a period of technoanacronism for while, with the smolweb being a good place to get information. Still, it's like an oasis in the desert, it's there, it's got water and it's 'safe', but will the public know how to get there?