About The Goat

As the name of the blog suggests Mike The Crypto Goat is a genetically engineered internet enabled animal of the genus Capri. Unfortunately due to the US crypto legislation and incorporating the patented RSAREF libraries MTCG was banned from leaving the country and was even classified as munitions right up to the end of the 1990s. Fortunately things are better for MTCG these days and he now resides at an animal rescue in Boise, Idaho. He hopes to one day have eight kids and to return to his native home of Kentucky and eat some lawn.

Okay, bullshit aside, I am an pseudonymous individual who has been heavily involved in open source software and Internet security for the past fifteen years. I have worked in various senior technical positions in two medium ISPs, systems administration and have done extensive work in securing private enterprise, taking a holistic approach to identify issues through diverse techniques and implementing institutional change to mitigate identified issues.

I have contributed patches to FOSS projects and volunteered to write documentation and man pages where none already existed or where existing documentation was insufficient. I was involved with the Linux Documentation Project in its early days and I also organized crypto education sessions with local user groups in the early 2000s.

You may even know me! I might live next door.

11 thoughts on “About The Goat

  1. Mike,

    Do not know if you’ve noticed but Bruce Scneier’s site is sort of MIA in that you cannot post to it currently, even though a new thread has been posted.

    Last known successfull post was by “Jeffer” that you can see on the 100 Last Comments page with a date stamp that’s well over a day old….

  2. Bruce did seem unnecessarily uncomfortable Thursday evening…Mind kind of scattered. Stay tuned in case of prolonged shutdown.

    Moderator was testing the comments page too for whatever reason…

    • Well, in my more stupid moments I considered registering a domain and hosting this on one of my own machines (add a bit of resiliency) and add alternate means of commenting and submission (via a pseudonymous remailer or through a tor hidden service – although you know my feelings on the (in)security of the latter) . I hope to have the time very soon now to start being a lot more active on here again. As always everyone is invited to comment here with no censorship or moderation.

  3. Don’t remember what you said about TOR; got so much porn and sketch stuff on it anyway, so yeah, not trustworthy. Don’t do anything that puts too much stress on you.

    • I wrote briefly about this on Schneier’s blog under the story about DPR and Silk Road ( https://www.schneier.com/blog/archives/2014/10/how_did_the_fed.html ) and briefly detailed what I know about the issue. I can’t name names obviously (a friend would lose their clearance and probably their liberty) nor go into too much detail but if you read in between the lines you should have a fair idea as to just how this is accomplished. The short is that tor may indeed be safe to use when properly configured for client purposes (note I am talking about the network itself and not the bundled Firefox based browser which is potential vulnerability city, so to speak) but forget about running a hidden service as the TLAs have the ability to decloak you faster than you’d imagine. I don’t want to say too much (as is my habit, and obviously I already have said far too much already, but hey this site has an agenda obviously against the unconstitutional activities of these agencies) but the key to their attack working (they have two techniques which are synergistic) is that the H/S has to be relatively high volume. The more traffic that goes into the H/S the more viable the attack. They in fact have a tool that essentially tries to generate traffic – something they call “stimulating” – by sending HTTP requests to the target tor HS node through a variety of peers, which speeds up the process considerably in the case of naturally quiet sites. It isn’t a complete HTTP request BTW, it is deliberately both malformed and incomplete so as to not flood the target’s access log. Of course a good IDS would detect this traffic.

      Will get back to posting back on s.com and also here very soon now. Have been snowed down with both family crises and a few projects, one of the more interesting ones I am working on is a system for a firearm training facility to authenticate users who go into their range which went from a simple “sign in desk” which would collect info primarily for marketing purposes (club shoot days etc) into a corral type controlled entrance which validates identity before allowing them on the range. Hell they even wanted millimeter wave body scanning technology until they found out the cost plus they want an ion scanning unit for explosives detection. They aren’t going ahead with this overboard stuff but it just shows you the mentality you are dealing with post 9/11

  4. Huh, interesting. Thanks for sharing but I already assume the worst and can’t get a valid internet connection going for awhile (during which the net will just get worse).
    Neat project, recent event I went to with IEEE, showed they keep pushing for millimeter wave scan tech with 675ghz like radar and can see under a shirt up to 25 ft away (behind a door so they can peak at your junk and get turrists)

    • The goat is still alive … have just been completely snowed under with work and family. I fully intend to get back in front of a computer, but probably won’t until next month when I have some leave :-). How have you been? Shoot me an email. -M

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s