Notes | Brutkey

I don't know about the new decorations in the Trump-Kennedy Center auditorium...

Photo of the stage at the 1939 German-American Bund rally at Madison Square Garden, with a large portrait of George Washington flanked by American flag banners and swastikas, with a band on the stage dressed in Nazi uniforms.

- The photos of the pipe bombs are exactly what you think pipe bombs would look like, complete with wires coming out of them and a kitchen timer. They were just out in the open, and they don't appear to have been concealed inside a bag or anything. Anyone who saw them would very likely run and call the cops.

- Apparently recently discovered cell phone records (held by the feds) were instrumental in identifying the suspect.

Matt Blaze
@mattblaze@federate.social

- Again, when they say "you're under arrest for planting bombs", this is a situation where you DEFINITELY want a lawyer.

- They don't say how powerful the bombs would have been (assuming they weren't completely inert), but improvised bombs of that size with real explosives could definitely do some real damage.

- The combination of the guy's savvy (he wasn't caught for almost five years, after all) and ineptitude is striking.

Matt Blaze
@mattblaze@federate.social

Very interesting summary of the alleged J6 pipe bomber's interrogation in this filing: https://storage.courtlistener.com/recap/gov.uscourts.dcd.287328/gov.uscourts.dcd.287328.17.0.pdf

A couple observations:

- Friends don't let friends plant pipe bombs, but if you somehow find yourself accused of doing so, please shut up and ask for a lawyer before waving your Miranda rights.

- The recipe for the homemade powder came from a video game(!). He does not appear to have tested it.

- The bombs were duds, but still, holy crap.

Matt Blaze
@mattblaze@federate.social

- The photos of the pipe bombs are exactly what you think pipe bombs would look like, complete with wires coming out of them and a kitchen timer. They were just out in the open, and they don't appear to have been concealed inside a bag or anything. Anyone who saw them would very likely run and call the cops.

- Apparently recently discovered cell phone records (held by the feds) were instrumental in identifying the suspect.

Matt Blaze
@mattblaze@federate.social

Very interesting summary of the alleged J6 pipe bomber's interrogation in this filing: https://storage.courtlistener.com/recap/gov.uscourts.dcd.287328/gov.uscourts.dcd.287328.17.0.pdf

A couple observations:

- Friends don't let friends plant pipe bombs, but if you somehow find yourself accused of doing so, please shut up and ask for a lawyer before waving your Miranda rights.

- The recipe for the homemade powder came from a video game(!). He does not appear to have tested it.

- The bombs were duds, but still, holy crap.

Matt Blaze
@mattblaze@federate.social

More yelling from the homeowners association

#The #hashtag #mob #can #go #fuck #right #off.

Matt Blaze
@mattblaze@federate.social

I know you think I'm ruining this place for you. Let me offer some solutions that work better than telling me how, or about what topics, I should post (which works very poorly):

- Don't follow me
- Mute me
- Block me

These also work if you replace "me" with any other accounts you find irritating or uninteresting.

Matt Blaze
@mattblaze@federate.social

More yelling from the homeowners association

#The #hashtag #mob #can #go #fuck #right #off.

Matt Blaze
@mattblaze@federate.social

The bottom line here is that while being the subject of attack by a deranged internet mob is never fun, sometimes it's the cost of doing business for doing interesting work.

And for those who yell at me for posting black and white photos or not putting content warnings on discussions of current events or not using enough hashtags or whatever, don't bother. I've stared down angry locksmiths and come out the other side.

Matt Blaze
@mattblaze@federate.social

I've gotten a few replies asking me if I regret publishing this or would do anything differently.

No. I'm proud of this work. I think it has value. I would do nothing differently. I am, evidently, remorseless and incorrigible.

Matt Blaze
@mattblaze@federate.social

So while openly publishing offensive security techniques might indeed help criminals, that harm is outweighed by significant benefits. Every properly trained computer science student should understand how to exploit vulnerabilities. Because the attackers DEFINITELY understand it.

Matt Blaze
@mattblaze@federate.social

The bottom line here is that while being the subject of attack by a deranged internet mob is never fun, sometimes it's the cost of doing business for doing interesting work.

And for those who yell at me for posting black and white photos or not putting content warnings on discussions of current events or not using enough hashtags or whatever, don't bother. I've stared down angry locksmiths and come out the other side.

Matt Blaze
@mattblaze@federate.social

It occurs to me that people outside the security field might find it odd that we openly publish stuff like this. Why help people who might use the knowledge to do bad things?

There are a number of reasons. The first is that only through open discussion are we able to identify and fix problems. Another, which is what motivated my work, is educational: you can't learn to defend systems unless you understand how they are attacked.

Matt Blaze
@mattblaze@federate.social

So while openly publishing offensive security techniques might indeed help criminals, that harm is outweighed by significant benefits. Every properly trained computer science student should understand how to exploit vulnerabilities. Because the attackers DEFINITELY understand it.

Matt Blaze
@mattblaze@federate.social

I wrote that paper after I had moved from AT&T Labs to U. Penn. The Penn locksmith went totally apoplectic, and wrote regular angry letters to the dean and to the head of campus security warning about what an irresponsible, dangerous menace I am. But for whatever reason, his efforts were unsuccessful in getting me fired; the administration just forwarded me his letters, which I taped to the door of my office.

Matt Blaze
@mattblaze@federate.social

It occurs to me that people outside the security field might find it odd that we openly publish stuff like this. Why help people who might use the knowledge to do bad things?

There are a number of reasons. The first is that only through open discussion are we able to identify and fix problems. Another, which is what motivated my work, is educational: you can't learn to defend systems unless you understand how they are attacked.