Thousands of SonarQube Instances Publicly Exposed

The FBI recently released an alert that hackers are targeting SonarQube, software designed to scan source code for vulnerabilities. Specifically, hackers are targeting unsecure, default instances which have not been locked down and have a default username and password of admin/admin.

A search using Shodan reveals several thousand public facing SonarQube instances, most of which are hosted on Amazon on Microsoft Azure.

The FBI recommends changing default credentials, as well as changing the default port. An additional recommendation I would make would be to restrict SonarQube access to only authorized IP address spaces, or even better yet, don't make SonarQube publicly facing.

While it's wonderful to have more security tools available, be aware that hackers will also begin attacking those same security tools.

Ken Buckler is a Cyber Security professional. The opinions expressed in this article are his own, and do not reflect those of his employer or clients.

Social Media Companies' Suppression of News is Equal to Voter Suppression

It doesn't matter if you're a conservative or liberal, Democrat or Republican, Libertarian or Green. If you're a decent human being, you'll agree that voter suppression is wrong.

By now you've probably heard how Facebook and Twitter attempted to suppress the distribution of an article by the NY Post on Hunter Biden's emails which are "potentially harmful" to him as well as his father, Presidential candidate Joe Biden.

Unfortunately, I predicted this. Facebook and Twitter Censorship of the NY Post article on Hunter Biden was an attempt to prevent the motivation of conservative voters to take a trip to the polls.

I wrote about in my book a potential method for social media sites to increase voter turnout for a specific candidate. In this case, Facebook and Twitter attempted to prevent the sharing of a news article which would have significantly increased conservative turnout less than 30 days before the election.

Quote from "Hacking of the Free":

Sadly, today winning elections today isn't about convincing people who to vote for, but simply about convincing enough people to show up and vote. Political strategists know this, and social media companies know this. Add to this that social media is now outpacing print newspapers as a new source, and you'll quickly understand that suppressing news on social media can be very damaging to ensuring that the public is properly informed of news.

Since the social media companies are fully aware of this information, suppressing information which will make voters angry at a candidate is absolutely equivalent to attempting to suppress their votes. So while Facebook and Twitter will suppress an article which puts a negative light on Joe Biden, they'll happily show me an article about who a squirrel predicted will win the 2020 Presidential Election.

The only reason that people knew about the censored article is that the news that Facebook and Twitter were preventing sharing the article went viral. Unfortunately in the process of this news going viral, several high profile accounts were completely silenced by Twitter for speaking out against this censorship, including James Woods.

Social media companies have already lost a lot of their users' trust. This latest incident could further damage the companies reputations, as users begin to flock to other social media platforms including MeWe or Parler.

Censorship is wrong. Censorship with the intention of manipulating the results of an election is even worse.

Ken is a Cyber Security Professional and author of the book Hacking of the Free. The views expressed in this post do not reflect the views of his employer or clients.

Before Photoshop: 1960s CIA Computerized Photo Processing

 

In the 1960s, computers were typically large, bulky machines used for the processing of text data or mathematical equations. Processing was typically performed using punchcards, or if you're really lucky, a terminal with a monochrome display. A pocket calculator typically contains more computing power than a 1960's computer, and a smartphone contains more computing power than the average 1960's data center.

It came to me as quite a surprise then, when I found documentation for a 1960's CIA computer system designed to process aerial photographs.

It's no secret that for decades the CIA has relied on aerial photography to collect foreign intelligence essential to our armed forces. However, the computerized capabilities which the CIA had available are absolutely remarkable.

According to declassified documents from the CIA's Freedom of Information Act Reading Room, the CIA possessed at least one computer in the 1960's capable of performing automated analysis of photography, including edge analysis and auto correlation. This computer would not only record to magnetic tape and print out analyzed versions of the photos, but even send the photo to a plotter for basically on-the-fly printing of a basic map/sketch of the photo.

One of the main goals of this system development was Automatic Target Recognition. For example, identifying the location of enemy aircraft in a photo, and automatically flagging the photo as containing aircraft.

If the CIA had this sort of technology in the 1960's, just imagine what their computer systems are able to do today.

This article is part of a series relating to my upcoming book Spy Machines, which explores technology used by the early CIA and other members of the intelligence community.

One positive from COVID-19 - I finally get to attend BlackHat - Virtual Attendance

One of the things I've always struggled with as a Cyber Security professional is that I'm typically too busy to take off work to attend conventions such as BlackHat.

However, thanks to COVID-19, BlackHat is being offered in a completely virtual format this year. As such, I can attend virually while still accomplishing my daily job duties!

There is a "free" option if you're interested.

Enjoy!

The Virus Will Lose: Why The Atlantic Got it Wrong

The Atlantic recently wrote an article titled "The Virus Will Win" filled with doom and gloom about the coming "second wave" of the Coronavirus and how polarized public opinion is with regards to re-opening the country, and a full list of reasons why the "virus will win" with everything from the World Health Organization to the Trump administration to the protests over the death of George Floyd. Simply put, they're flat out wrong. The virus will lose, because we as a country will not allow it to win, ever.

Ohio Unemployment Data Breach Victims - Claim Your FREE Copy of My Book "Death by Identity Theft"

In response to the news that the Ohio Department of Jobs and Family Services has suffered a data breach relating to their unemployment system, I'm giving away copies of my book "Death by Identity Theft" for the next 30 days.

News Media Claims "Facts Not Fear" While Spreading Fear During COVID-19

What do South Korea, Maryland, Los Angeles CA, San Francisco CA, and Alabama all have in common? Apparently the same two workers in yellow suits with the same patient in a red isolation chamber have been spotted in all of these locations, according to news media. As discussed in my latest book, "Hacking of the Free", news media often uses imagery and stories designed to invoke emotion, just so they can get better ratings.

I first noticed the photo on March 3rd, when Fox 45 Baltimore ran a story about 7 Marylanders being tested for Coronavirus. I thought it was a bit excessive to have someone on a stretcher in an isolation chamber while wearing hazmat suits, just in order to test for the presence of the virus.

About a month later I see the exact same photo in another Fox 45 article. Only this time the photo is labeled as a "file photo".  While it's not uncommon for news organizations to re-use some of their own photos for future stories, this photo just stuck out to me as odd, so I started digging.

Hacking of the Free - Learn the secret techniques used to influence YOUR vote in the 21st Century

After what seemed like an eternity, I'm happy to announce that my latest book, Hacking of the Free, is now available for purchase.

The Internet age has ushered a new type of warfare - digital warfare. This isn't just warfare among "hackers" gaining unauthorized access to computer systems, but a war to influence public opinion through data analytics, propaganda and "fake news". Waging a war against the minds of the people isn't a new strategy, but the Internet age has ushered in the ability to rapidly produce simultaneous attacks against democracy and free elections.

This book explores the digital threats our democracy faces in the 21st century, and how to guard against those threats.

This book will normally sell for $16.99, but I'm offering a launch special with an extremely low price. This price is so low, I can't even list it here, and will only be available until June 5, 2020.

To purchase, CLICK HERE to get access to this launch special, before it's gone!

Contact Tracing Privacy Concerns and You

While many are challenging that mandatory stay-at-home orders which have been enacted in many states across the United States are unconstitutional and a violation of our right to assemble, an often overlooked issue is how "contact tracing", tracing who has been in contact with someone infected with COVID-19, is threatening our privacy.

Before diving into the privacy concerns with contact tracing, I'd like to take a moment to say that COVID-19 is absolutely a serious health issue which should not be ignored. People should take reasonable precautions to reduce the chance of infection. Personally, I've been wearing a respirator mask in public since the beginning, as well as frequently using hand sanitizer. I'm not downplaying how serious this situation is. However, I do have concerns that through all this we're losing our ability to freely travel, we're losing many small businesses which have been the lifeblood of our communities for decades, and we're losing our privacy. At some point a line must be drawn, and people must say "enough".

The fact of the matter is, just like with identity theft, you can only reduce the risk, you can't eliminate it. Between social distancing, masks, and frequent hand washing, we've already greatly reduced the risk of spreading infection at a rate which our healthcare system can't handle.

COVID-19 Restored My Faith in Humanity

Several years ago, we lost a great man named Walter Haxton. Walter was an entrepreneur with a huge heart who wanted to fix the homeless issue we face in Hagerstown, Maryland. As of June 2019, Washington County had approximately 249 homeless people. One of the challenges these people face is that most of our shelters are only open during winter months. Walter believed that the solution to this problem was not private industry, not government. As such, Walter created Hagerstown Maryland Summer Homeless Shelters Incorporated. It was a very bold plan devised by Walter - buy a home, then have homeless move in and fix up that home as their rent. After the home was fixed up, sell the home and purchase more homes. Unfortunately Walter fell prey to a romance scam, believing that a foreign woman overseas was romantically interested in him. He spent much of his time trying to help a woman who didn't even exist. Ultimately Walter had to sell the home he had worked so hard on, and passed away shortly after finding out he had been scammed. Many of us truly believe that Walter passed away from a broken heart.

For a long time now, I've seen a very large divide in our nation. This has been a divide forged by biased, sensationalist media reporting and propaganda. This divide has been growing out of control for at least the past 10 years, possibly more. I've seen the ugly side of humanity - resorting to not just vicious personal attacks and firing people for their political views, but even violence against elected officials simply because of their political party.

I had almost given up home in people being able to set aside their differences and work towards a common good.

Then the coronavirus, aka COVID-19, came along.

Now don't get me wrong - yes the virus resulted in a complete emptying of shelves, including respirator masks, hand sanitizer, toilet paper, milk, bread, and canned goods. However, was that truly unexpected when people are required to quarantine themselves for 14 days just because they were in contact with someone who had the virus?

But what truly restored my faith in humanity is how people have come together to try and help each other. All of these solutions have been implemented voluntarily without government mandate.

Do you need toilet paper?

Yes, the lack of available toilet paper became a serious problem for those of us who don't purchase toilet paper in bulk from Sam's Club or Costco. But one of the things I've seen locally is that people who had an excess supply started giving away that excess supply at no cost to those who needed it.

Undoubtedly these unsung heroes of the great toilet paper shortage of 2020 deserve medals. You'll most likely never read a news article about them, but they exist all across the country.

Sewing for health

In response to the dwindling supply of protective equipment for healthcare workers, businesses such as JoAnn Fabrics started giving away kits to create masks and gowns for healthcare workers.

This business has been forced to close their doors in many states due to being deemed "non-essential", but instead of tightening the belt to cover expenses during this downturn, the company starts giving away fabric to help those in need.

3D Printing Finds its Niche

For many years now, 3D printing has found its niche in the healthcare industry by printing prosthetic limbs, significantly reducing the time and cost for traditional amputee patients. With the spread of the coronavirus 3D printing has taken on a new role - supplying equipment to healthcare workers.

This is probably an incomplete list, but here's a list of medical equipment I've seen being 3D printed for hospitals all across the United States, and probably the rest of the world:

• Face Shields
• Respirators (still need to add filter cartridges afterwards)
• Ventilator valves
• Ventilator splitters - allowing up to four patients to share a single ventilator
• Valves turning snorkel masks into protective equipment for healthcare workers
• Safety Goggles

Open Source Off The Shelf Ventilators

One of the biggest challenges many healthcare providers face during a crisis is the lack of available ventilators. These devices which enable people to breath typically cost between $25,000 to $50,000 each.

Researchers at the University of Florida are working on developing an open source ventilator which can be assembled using components from hardware stores such as Home Depot or Lowe's. The estimated cost of these ventilators? $125 to $250 each.

They say the "necessity is the mother of all invention". I have to admit that today I'm proud of my fellow humans for their invention in this time of crisis.

Ken is a Cyber Security professional, real estate investor, and author.

Why I Regret Not Buying "Rich Dad Poor Dad" 20 Years Ago

Please note this post contains paid affiliate links. By using these links to purchase a book or other product, you're supporting my blog. Thank you!

Recently I started listening to "Rich Dad's Guide to Investing" on Audible.

It's a follow-up to Robert Kiyosaki's "Rich Dad Poor Dad" book.
If you've never read the book, I highly recommend it.

When I was younger, I spent all my time reading computer programming books and books on computer security. I went to college and learned computer programming, just like my parents always wanted.

Looking back, I truly do regret not picking up personal financial books such as this one. Memory is a funny thing - I remember seeing the original Rich Dad Poor Dad book in the local book store on a very large display when it first came out. I looked at the book for a moment, shrugged my shoulders because it wasn't a computer book, and proceeded to head to the computer book section. I've always been told that computers are my future, because that's what I'm good at and what I enjoy.

If I could go back in time, I'd certainly yell at myself for bypassing that opportunity. It wasn't until about 15 years later that I finally obtained a copy when I realized I'm never going to be able to retire, even with a 401(k). I realized that I have to do more, now, and stop leaving my future in the hands of others.

This book really did open my eyes to a lot of things. Most importantly, it helped me realize that I needed to start investing my money into investment vehicles I control, instead of simply putting my money in the stock market and hoping I chose the right bet, just like at a roulette wheel.

This April will mark one year since purchasing my first investment property. There have been times I've screamed at the sky because of unexpected rental issues, like the water main shattering into a thousand pieces, or almost going through the floor of the rental due to water damage I couldn't see.

But, after the frustration passes, I've fixed the problems. And I keep pushing forward.

I hope to pick up a second investment property this year. Then another the following. And so on.

All of this to build my future, one property at a time.

Think of where I could be today if I would have picked up this book 20 years ago when it first came out.

Iowa Caucus - Are our elections secure enough?

Quite often, the appearance of a problem can be much worse than an actual problem.

The Democratic party is still licking their wounds after reporting inconsistencies as well as clogged phone lines causing reporting delays resulted in many questioning the validity of the Iowa Democratic Caucus for the 2020 Presidential primaries.

But first, how does a caucus work? Time has an excellent write-up of how the Iowa Democratic caucus was supposed to work this year. In a nutshell, the caucus works by having people physically move to different parts of a room based upon which candidate they support. If their candidate it determined to be a "viable candidate" (typically around 15% of those present), their vote is "locked in" and they're free to leave. Everyone who voted for a non-viable candidate must then choose to locate themselves for a viable one, or convince enough other non-viable candidate supporters to pick a non-viable candidate and make them viable. These numbers then get tallied and sent to a central reporting location, which releases the official caucus results.

So what happened? Long story short, the new mobile app which the Iowa caucus used for centralized reporting was plagued by multiple technical problems. But to make matters worse, the app was found after-the-fact to have multiple security vulnerabilities, including the lack of HTTPS encryption when transmitting caucus results as well as reports that the app would display error messages including SQL code, possibly paving the way for further vulnerabilities to be discovered.

To make matters much worse, manual reporting over the phone was then severely delayed by an organized "denial of service" attack of sorts - Internet trolls clogged the caucus phone lines to prevent reporting of results. This further delay of course resulted in many theories that the caucus had actually been hacked, though the Iowa Democratic Party has insisted the system was secure and only suffered from software glitches and clogged phone lines.

Unfortunately, the damage has been done. There are now many who believe nationwide, just like they believed in 2016, that the Democratic primaries are rigged and the party has already chosen the winner. The result? Voter disenfranchisement may result in lower voter turnout, which could prove disastrous at Federal, State, and local levels for the Democratic Party.

Ken is currently writing a book on election security and digital threats to democracy in the 21st Century. You can read more about his book at LeanPub.

All views expressed in this post are my own. This post does not reflect the opinions or views of my employer or clients.

Brushing off the Dust

It's been at least three years since I updated my personal website. With a lot of recent interest in my writing between LeanPub interviewing me about my upcoming book Hacking of the Free, or Frederick News Post's article on my satirical antics making fun of Frederick County's balloon release ban, I figured it was time to brush off the dust.

I'm consolidating my blog activities, and brushing the dust off some of the projects I put on hold at Caffeine Security.

So what am I up to these days? Well, I'm when I'm not writing my books or working on building a radio telescope, I've been revisiting my photography, as well as trying to help grow the economy of Hagerstown and Washington County.

What should you expect on this revised blog? Well, I'm planning on dipping back into my roots and talk about cyber security, especially as it applies to today's events. But I'm also going to talk more about life, more about my community, and more about everything really.

What a wild and crazy trip it's been so far, and how much more there is in store!

Blog. Recaffeinated.

Several years ago, I found myself too busy to work on my cyber security research blog, Caffeine Security.

I really truly enjoyed working on that blog and the research projects which went with it. However, over time, the blog lost its energy, lost its focus.

So welcome to the new beginning.

I'm going to go far beyond just Cyber Security. I'm going to talk business, tourism, and the struggles of a small town trying to redefine itself decades after the decline of its manufacturing boom.

Don't worry, I'll stay true to my roots. I'm currently working on a rather important book on digital threats to democracy, and cyber security will always be my passion. But just like Hagerstown and Washington County must do, it's time for me to grow, but also focus on what matters.

Stay tuned, it's going to be a wild and crazy ride.