Categories
journalism news technology writing

#PayForJournalism

What a beautiful May long weekend this has been! The weather has been good (for the most part – especially if we ignore last night’s rain), the schedule has been light so that it hasn’t felt too hectic and the kids have been having fun all weekend which makes things more enjoyable around the house.

And I have found some time this weekend to sit and catch up on some of my reading. I’m always reading something, but my magazine pile tends to stack up over time as it is always my last priority given that my iPhone, iPad and Kindle are almost always within arms reach. I don’t know if it is the influence of Digital Minimalism, which I am working my way through on my Kindle, or if it is just the chance to sit on the back deck in the sunshine and relaxing lay flip through a magazine, but either way, I chipped away at my magazine pile a bit this morning.

Side note: Is it ironic that I am reading Digital Minimalism on my Kindle? It is a digital device, but it is a purpose-built digital device designed to allow for uninterrupted reading. I’ll go with the later, but am curious to hear your thoughts too!

In the June 2019 issue of The Walrus, Jessica Johnson, in the Editor’s Letter (sorry… I couldn’t find a copy of her letter online so you’ll have to find the paper copy if you want to read the whole thing), Jessica provides an overview the business model of writing for pay in journalism (from the 1929 Saturday Evening Post to Apple News+ and everything in between!). The decline in revenue in the newspaper space has been well documented over the last two decades. The Internet set out to make information free, yet the free model cannot sustain quality and accuracy.

The tide is starting to turn though. As Jessica says, “The good news is that there are pivotal conversations taking place in government, in boardrooms, and in newsrooms about the role of journalism in our society”. We are seeing the hashtag #PayForJournalism more often. And Jessica’s call to show our appreciation for quality journalism via our wallets is an important reminder of the need to support quality journalism.

I’ll leave it to Jessica to wrap up this post with her parting words from her Editor’s Letter:

If you read a free article – or ten – online today, please make a donation or subscribe to The Walrus or the independent journalistic outlet of your choice.

Categories
missions news

Cryptogeddon Mission Pack 4: Mobile Chop Shop is now available!

Mission Cover - Mission Pack 4Folks,

I must apologize for the long delay in launching Mission Pack 4. The last two months have been filled with various personal issues that have kept me from focusing on getting this Mission Pack out to you. And for that, I am truly sorry.

But rest easy. Cryptogeddon Mission Pack 4: Mobile Chop Shop is now available!

You can purchase your copy on Amazon.com. It’ll be available on Kobo shortly.

Mission Pack 4 brings with it some interesting new challenges:

We have recovered an Android smartphone that belongs to an organized crime member who goes by the name Joe “The Fence” Arduino. Joe, and at least two other unknown individuals, were recently involved in the theft of a large volume of electronic equipment from a large electronics superstore.

Joe’s Android phone is the only evidence that we currently have.

Your assignment is to identify Joe’s accomplices and the inventory and distribution points for the stolen goods. We suspect that 3 local drop points exist in the Greater Toronto Area.

Mobile virtual devices, social media stalking, password hacking, website monitoring and more await!

And, in a new twist, Cryptogeddon is introducing the concept of “First Hackers”:

Starting with Mission Pack 4, Cryptogeddon is challenging participants to solve the mission pack without the solution. Participants have 1 week from the time this mission pack is released to complete the mission pack. After the first week, the complete Mission Pack, including the solution, will be published. The first 3 participants to complete the mission pack in the first week will be included in this First Hackers section when the updated mission pack is released. Depending on the number of responses that I receive in the first week, I may adjust the final number of First Hackers that are included in this section.

And don’t worry – anyone that purchases the mission pack in the first week will receive a copy of the updated mission pack when it is released at no additional charge.

Congratulations to the Mini Challenge Winners:

Big congratulations to the winners of the first Cryptogeddon Mini Challenge. Several people were successful in solving the first mini challenge. One person has won a free copy of Mission Pack 4. And, the rest of the winners received an email earlier today as a head start (and a 4 hour discount) for Mission Pack 4. People that successfully cracked the Mini Challenge were asked to send me their favourite hacking movie and/or quote of all time. Here are some of the responses:

  • Wargames (Two people submitted this movie. The first person that submitted this one wins the free Mission Pack – check your email – it should be in your inbox!)
  • “There is no spoon.” (from The Matrix)
  • “There’s a war out there, old friend. A world war. And it’s not about who’s got the most bullets. It’s about who controls the information. What we see and hear, how we work, what we think… it’s all about the information!” –Cosmo, from Sneakers
  • Whistler: “That was very good, Bish. Remind me to make you an honorary blind person.” (from Sneakers)

And, one person asked me, “Do these get harder?” We’ll have to see what i can do with future Mini Challenges.

So don’t delay. Pick up Cryptogeddon Mission Pack 4: Mobile Chop Shop today!

Todd

Categories
news

Cryptogeddon Newsletter – October 18, 2013

Welcome to the official Cryptogeddon Newsletter!

Here’s what I’ll be covering in this newsletter:

  • Mission Pack 3 Launch Challenge
  • Mini Challenge!
  • Official Launch at Sector 2013
  • Kickstarter Project?
  • Request for Additional Feedback
  • In the News
  • Upcoming appearances

Mission Pack 3 Launch Challenge:

Mission Pack 3 is coming very soon and I’m turning the release into a hacking challenge. On launch, I’m going to release the Mission Pack WITHOUT the solution. The challenge is to be among the first to solve the Mission Pack without a solution. The first 3 people to solve the Mission Pack and email me the final “flag” (you’ll know it when you see it) will be added to a special “First Hackers” section within the final Mission Pack that includes the full solution. You’ll have one week to solve the Mission Pack without the solution, after which I will post the full Mission Pack including the solution and the “First Hackers” section (including up to the first 3 people to solve the Mission Pack by the end of the hacking challenge period).

Mini Challenge:

Want to win a free copy of Mission Pack 3? Want to get an email alert as soon as Mission Pack 3 is released (aka a head start)? I’m launching Cryptogeddon’s first Mini Challenge. Here are the rules and the prizes:

Win a free copy of Mission Pack 3 − 1 winner – Be the first person to tweet “I just solved the first @cryptogeddon Mini Challenge. There are no secrets! #Infosec #ctf” AND send an email to me at toddhdow@gmail.com with a copy of the final solution (you’ll know what to send me when you see it).Get an email alert as soon as Mission Pack 3 is released – unlimited winners –tweet “I just solved the first @cryptogeddon Mini Challenge. There are no secrets! #Infosec #ctf” AND send an email to me at toddhdow@gmail.com with a copy of the final solution (you’ll know it when you see it).

The free copy and the email alerts will go out as soon as Mission Pack 3 is available for sale in the Cryptogeddon.com store. I’ll be sending a “Mission Pack 3 is now available” email to my entire distribution list 4 hours after it is available in the sore. That’ll give any early birds a 4 hour head start.

Official Launch at Sector 2013

Sector (Canada’s Premier IT Security Conference) was the initial catalyst behind the creation of Cryptogeddon. Therefore, it was fitting that I used Sector as the official launch trigger for Cryptogeddon. You can read the official press release here.

Kickstarter Project?

I’m debating on running a Cryptogeddon Kickstarter Project. My working title for the project is “The Ultimate Hacker’s Package” and it’ll include a custom Moleskine notebook with the Cryptogeddon logo embossed on the cover and a hacker cheat sheet on the inside cover, a custom USB drive, a t-shirt, printed copies of Mission Packs and more. Anyone interested? Any other suggestions to include in this “Ultimate Hacker’s Package”? Email me or tweet @cryptogeddon with your thoughts.

In the News:

Nat Torkington from O’Reilly Radar listed Cryptogeddon is his Four short links for 17 October 2013. This resulted in the largest one day traffic spike in Cryptogeddon history. Thanks Nat and the O’Reilly team for the shout out!

Slovakian website linuxos.sk mentioned Cryptogeddon in a News article on October 17. (Gotta love Google Translate for helping me understand what the post said!)

Upcoming Appearances:

TASK.TO: I’ll be speaking at TASK.TO (Toronto Area Security Klatch) on the evening of Wednesday October 30. I’ll be offering a repeat performance of my Sector 2013 session entitled, “CRYPTOGEDDON – Sector 2013 Edition: Online Cyber Security War Game”. In this session, I’ll walk the audience through a made-for-Sector-2013 mission pack. Admission and membership for TASK.TO are free. I encourage you to attend and to say hi if you meet me at this event.

Request for Additional Feedback:

I am grateful for your interest in Cryptogeddon and I welcome any feedback that you might be able to offer. There are 3 ways you can do that:

  1. Submit your feedback on the FAQ page.
  2. 2. Complete a feedback survey.
  3. 3. Email me directly at toddhdow@gmail.com.

Thanks again for your support of Cryptogeddon. Keep an eye out for Mission 3, coming soon!

Todd

Categories
news Press Release

Interview with Cryptogeddon creator Todd Dow

cryptogeddon-logo1I recently talked to Kevin Browne of Software Hamilton about Cryptogeddon. That discussion turned into this Q & A Interview on the Software Hamilton website. I’m reblogging the interview here as well. And, I’ll be speaking at Software Hamilton’s DemoCamp 13 at Mohawk College tomorrow night (Tues Sep 24 2013). You should come! There’ll be lots of great speakers. Come check it out.

And now, on to the interview:

Cryptogeddon (@Cryptogeddon) is one of the most original concepts for a game that I’ve heard of in recent memory. The first Cryptogeddon mission pack is now available for purchase for $0.99. Cryptogeddon creator Todd Dow (@toddhdow) works as Senior Digital Specialist at Postmedia here in Hamilton, and he will be showing off the game at DemoCampHamilton13 on September 24th. Check out the interview with Todd below:

Tell me about yourself.

todd-head-2012-largeI work full time at Postmedia as a Senior Digital Specialist. In my spare time, I like to write. And, I am an avid fundraiser for Cystic Fibrosis Canada. My 6 year old daughter has CF and our family is desperate to find a cure for this terrible, fatal disease. My wife, my kids, faith, baseball, infosec & devops are a few of my favourite things.

What drives your passion for infosec?

I enjoy the puzzle aspect of information security. Keeping and uncovering secrets results in a constant game of cat & mouse between those trying to protect information and those trying to uncover information. This results in constantly evolving and improving technology. I really enjoy the excitement and interesting developments that this entails.

And, infosec has a long and storied past – it is intimately entwined in many of modern history’s greatest conflicts: World War I & II codebreakers, cold war spies and current NSA revelations via wikileaks and Edward Snowden are just a few examples. These all make for great stories of how technology has helped shape history.

What is Cryptogeddon about?

Cryptogeddon combines two words: Crypto is short for cryptography, which is the practice and study of hiding information. Geddon is short for armageddon, which infers end times in some way. Cryptogeddon suggests the end of secrets and what that might entail.

Cryptogeddon provides various missions, each of which challenges the participant to apply infosec tools to solve technology puzzles – an online scavenger hunt, if you will. The missions span a variety of targets, tools, techniques and scenarios. At first glance, the missions may seem discrete and unconnected. But over time, I suspect that a common theme and storyline will emerge.

Ultimately, I am trying to create something that will highlight the boundaries of privacy and to reinforce the fact that very little can be kept secret anymore.

Who are your target users for Cryptogeddon?

People that are naturally drawn to puzzles will enjoy Cryptogeddon. Obviously, people that have an interest in infosec, cryptography and computers will be target users for Cryptogeddon. The challenges presented by each mission will keep these people engaged. People looking to learn more about these topics will also benefit, as each mission provides a complete solution including step by step instructions, screenshots, and links to additional resources.

What can we expect in the first Cryptogeddon mission packs?

toolsYou can expect a good overview of the infosec landscape. You’ll see a few common types of scenarios:

• Recovery of stolen data;
• Identification of system vulnerabilities;
• Identification of organized crime members and the location of stolen property;
• Assess the security of business systems;

You’ll get to analyze a few common platforms, including:

• Linux & Windows
• Apache, IIS
• Amazon Web Services
• Android & iOS
• WordPress
• Various social media platforms including Twitter, Google+ & Facebook

And you’ll learn how to apply various infosec tools, including:

• TrueCrypt
• md5
• SSH
• openssl
• Metasploit & Kali
• Nessus

How frequently do you plan on releasing mission packs?

I plan on releasing at least two mission packs each month.

 

What tools did you use to develop Cryptogeddon?

todddesktopI use a variety of tools to build each mission. The main deliverables consist of mission packs (ebook) and solution assets (virtual machines, photographs, text files, etc.).

Each mission varies, but in general, I use the following tools and services to build and deliver the solution assets:

• Amazon Web Services: EC2 & S3 primarily
• TrueCrypt
• md5
• SSH
• openSSL
• Metasploit & Kali
• Nessus
• And a variety of editors depending on the task, including TextEdit, vi & Coda 2

Additional tools and services will be used in upcoming mission packs.

And I use the following tools to build the ebooks and deliver them to customers:

• Google Docs (for writing)
• Photoshop & Illustrator
• Shopify & Amazon Kindle Direct Publishing Service (for sales and fulfillment)

Do you have any beta testers?  Or would you be interested in any?

I do not currently have any beta testers, but I would love to have a sanity check before launching each mission out into the wild. If anyone’s interested, please send a tweet to @cryptogeddon with the subject line: “#BetaTester for Cryptogeddon.”

Why did you decide to make Cryptogeddon?

After attending Sector in 2012 (Sector is one of Canada’s largest annual IT Security Conferences), I commented to a friend of mine that I would love to see a presentation where the presenter walked the audience through a complete infosec scenario, starting with a plausible story, including characters, places and events. From there, the presenter would walk the audience through setting up the environment, selecting and installing basic tools, conducting initial scans, testing and identifying weaknesses, gathering evidence, etc.

I think this is a gap in the current infosec marketplace. You can read books that teach you how to use specific tools. You can read books that tell you stories about real or imagined infosec missions. But there are various few books that creatively mix a storyline with a technical challenge that the reader can directly interact with.

And similarly, there are a few capture the flag type events out there, but they happen infrequently and very seldom are there opportunities to have “on demand” scenarios that you can play anytime, anywhere.

Right after Sector in 2012, I said that we should try and build such a product to share at Sector 2013. My friend and I talked off and on about the idea for a few months, before I finally decided to give it some serious attention. My friend had other commitments, so unfortunately, he was unable to dedicate any time to this project. So, I decided to go it alone.

Did you run into any particular challenges making the first mission packs?

missioncoverThere are two particular challenges that come to mind:

First, building & sharing of server images: I was originally going to build the images using VirtualBox and then distribute the images using Dropbox, Amazon S3 or something similar. But, the VirtualBox images I was working with tended to be 1 GB or more in size, even for a small image file. I wanted to avoid the risk of high bandwidth charges and I didn’t like the idea of abusing Dropbox by opening multiple accounts to hold multiple images, so I decided to use Amazon EC2 instead. There is more effort required by participants to sign up for and learn how to use Amazon Web Services (AWS), but I think the extra effort is worth it in terms of educating Cryptogeddon participants on how to use the AWS platform.

Second, Deciding not to build a leaderboard: Early concepts of Cryptogeddon involved the concept of building a leaderboard to track progress and reward success. I think this is a great idea, but it would require a bunch of additional time and effort to incorporate a leaderboard into Cryptogeddon. I have been very focused on keeping the delivery of each mission as simple as possible. And, I wasn’t sure how much value a leaderboard would provide compared to the cost of building, implementing and maintaining it. So, for the time being, I’ve decided to skip the leaderboard.

What are you most proud of about Cryptogeddon?

cryptogeddon-square-smallBringing the product to market. Seriously. You always hear how tough it is to be an entrepreneur. Not only do you have to build the technical product, but there are a million other things to take care of as well: choosing a business name, logo, design, prototypes, testing, marketing, decide upon pricing, sales and fulfillment mechanisms, finance & accounting, and more. And all of those items need to be done APART from developing the actual product! Building the missions has been a great deal of fun. So has all of the other stuff. But I’d say that for every hour I spend building missions, I’ve spent 10 hours on the other stuff.

A quote from a recent article from Fast Company really resonated with me:

Successful entrepreneurs distinguish themselves from wannabe entrepreneurs simply by swallowing their fear and getting started. Jake Bronstein, founder of Flint and Tinder, purveyor of high-end made-in-America men’s underwear, says waiting too long ultimately results in paralysis.

“Start right now, and don’t talk to experts until you have started. If everyone knew all of the trouble, all of the problems, all of the pitfalls that lay ahead of you (as the experts in the field already do) nothing would get done, certainly nothing new,” he says. “You don’t need a business plan, you just need a plan.”

It reminded me to keep working through the numerous barriers and challenges and reach that end goal of delivering a fun, educational and rewarding experience to infosec practitioners.

So yeah… I’m most proud of having the perseverance to actually get to market.

How can the community help you make Cryptogeddon succeed?

Two things: feedback and help spread the word. I’d love to hear what people like and dislike about Cryptogeddon. Both positive and negative feedback are helpful and will help to improve the missions over time. And spread the word – tell your friends about and share Cryptogeddon (@cryptogeddon & cryptogeddon.com) on Facebook, Twitter, Google+, etc. The more people talk about and share Cryptogeddon, the better.

Categories
news

Cryptogeddon Newsletter – September 20, 2013

Welcome to the first official Cryptogeddon Newsletter!

Here’s what I’ll be covering in this newsletter:

  • Soft Launch Summary
  • Mission 1 Feedback
  • Request for Additional Feedback
  • Status of Mission Pack 2
  • In the News
  • Upcoming appearances

Soft Launch Summary:

First of all, thanks to everyone that has purchased Mission Pack 1. Your interest in Cryptogeddon is appreciated. I am thankful to you for your interest. I hope you are enjoying Mission Pack 1 and I hope you’ll come back for additional Mission Packs in the future.

It’s been an exciting couple of weeks since I first launched Cryptogeddon. The site officially went live on Wednesday September 11. I turned it on and shared the link with my Twitter and Facebook feeds. Within a few hours, I started to get some traffic and my first official sale occurred on launch day at 3:10pm! I’ve read before that the first sale is the best one, and that is absolutely true!

I didn’t know what to expect when I launched the site, but to have my first sale on day 1 was quite exciting. I’ve had consistent sales and traffic every day since then. This is great news, as it reinforces my motivation to build additional missions as quickly as possible and to make them as good as possible.

My first few sales were from European customers, primarily in Germany. I was initially puzzled by this as I suspected a common link amongst these customers, but I didn’t know what that common link would be. After a bit of research, I discovered that a German blog called heise Security (http://www.heise.de/) made mention of my site in a weekly update (http://www.heise.de/security/meldung/lost-found-Was-von-der-Woche-uebrig-blieb-1955505.html) to their readers. Google Translate was fantastic in helping me understand what the blog post said: “Some solve in their free time crossword, the other hacking challenges. In the latter distribution has Cryptogeddon specialized. So far, one finds there though only a mission pack, but the offer is to be gradually expanded.” Thanks to heise Security for the mention! I really appreciate it!

Mission 1 Feedback:

Thank you to everyone that has submitted feedback pertaining to Mission 1. Based on the feedback, it would appear that the mission was solid. A couple of minor issues were uncovered, which I have now corrected in an updated Mission 1 package. Anyone that purchased Mission 1 should have received an email letting them know where to download the updated Mission Pack.

There were 3 key pieces of feedback that I have incorporated:

  1. Put the “STOP READING – SPOILER ALERT!” on a separate page so that the reader doesn’t accidentally skim the page and spoil any surprises.
  2. Mission 1 told participants to post their questions on the “Mission Pack 1” page. The Mission Pack 1 page doesn’t allow comments, so I have moved this to the FAQ page instead.
  3. The links in the table of contents didn’t work. For now, I’ve removed the hyperlinks. I’ll re-add them in future if I can find a suitable method.

Request for Additional Feedback:

I am grateful for your interest in Cryptogeddon and I welcome any feedback that you might be able to offer. There are 3 ways you can do that:

  1. Submit your feedback on the FAQ page: http://cryptogeddon.com/blogs/news/9120555-faq
  2. Complete a feedback survey: http://www.surveymonkey.com/s/V8NHVYX
  3. Email me directly at toddhdow [at] gmail [dot] com;

If you don’t mind, I would appreciate some feedback via the feedback survey: http://www.surveymonkey.com/s/V8NHVYX

Status of Mission Pack 2:

I am just putting the finishing touches on Mission Pack 2. The official title is “Cryptogeddon Mission Pack 2: Protect SCADA Secrets”. Some of the key tools and concepts in this mission will be the use of Amazon Web Services (ec2), WordPress, steganography and geo-location. Mission Pack 2 will be available on Cryptogeddon.com by Tuesday September 24 at the latest. I expect it’ll be ready for purchase sometime this weekend. Keep checking back!

In the News:

Software Hamilton posted a recent interview that I did with Kevin Browne. In the interview, I talk about infosec, I introduce Cryptogeddon and I talk about some of the challenges that came with building this project.

German blog heise Security mentioned Cryptogeddon in their weekly summary for September 13.

Upcoming Appearances:

I’ll be speaking at a couple of events in the near future:

Both DemoCamp and Sector will be great events. I encourage you to attend and to say hi to me at the events.

Thanks again for your support of Cryptogeddon. Keep an eye out for Mission 2, coming soon!

Todd