Erroneous Knowledge

(Port Import/ Export Reporting Service database) Panjiva, Zepol, and ImportGenius Zepol was acquired in 2015 by Datamyne and is integrated with ImportGenius which provides data on ports, cargo and international trade. A bit of a hefty price at $199 for US data. Panjiva is obviously an India based data provider. It deals with global market intelligence with convenient lookup features for companies. There is a partnership between Panjiva and S&P Global to provide comprehensive supply chain intelligence. You can look up details on the Tata Group conglomerate which is a sprawling organization. The price for access to Panjiva is steep at $10,000 per year. It is tailored for larger enterprises with deeper pockets I guess. There is a basic plan for smaller businesses but I could not readily find the listing price. Panjiva has a competitor called tendata that seems more comprehensive from what little I could gather. Panjiva is focused more on the USA, Indian, and Brazilian markets. Tendat...

A wonderful story about Glaucus research group is at https://www.latrobe.edu.au/news/articles/2018/opinion/truth,-weaponised-short-sellers. It is a bit old and I believe Glacus Research group is defunct by now. Activist shortsellers that use rhetorical trickery to lower stock prices is a new one for me. Soren Aandahl left Glaucus in 2018 to found another company called Blue Orca Capital. I should do research on Blue Orca Capital to see if they are above board. My skills are weak but I can take a cursory glance. It has piqued my interest just slightly. I did a whois lookup of the Blue Orca Capital website and the domain name was registered in 2018 at right about the time Soren Aandahl left Glaucus Research Group which is not surprising because he was the founder of Blue Orca Capital. Nothing interesting showed up in the whois lookup because of the privacy redaction.

Yelp uses there own flavor of GraphQL with a UI site generator called CHAOS. GraphQL has Denial Of Service attacks with long queries but Yelp does not reward DOS attacks and requests that bug bounty hunters do not flood the API with them. They use batch queries to the API with cryptic looking large cookies that detail user location by coordinates. The cookies are large with a key-value format. They use data dome against bots so the web application firewall picks up whether there is a proxy being used denying access to the website depending on whether you use the Burp Suite chromium browser. I have only come across loading issues when proxying through fire fox and haven not been denied. Yelp uses cookielaw CDN and also has its own yelp CDN which means there could be vulnerabilities with caching and web cache deception or web cache poisoning the kind of attacks that are hard to produce but I should research further. Because they have their own CDN means it might still be in scope of ...

Deconstructing www.yelp.com is harrowing. They use Pyramid which is a python framework. They have their own internal CDN (yelpcdn) as well as using an external CDN with fastly. They have their own flavor of GraphQL that uses their homemade Server Driven UI called CHAOS that integrates with their flavor of GraphQL throughout their mobile app and maintains backwards compatibility with other services. It is a microservices house. Burp Proxy says they also use cookielaw.cdn and they batch their GraphQL api calls all in one go initially on loading the webpage. I learned a bit about GraphQL but they are an extremely hardened target with a company that has been around since 2004. I figured I try my luck with some basic cross side scripting on a vendor login form field but no luck. I got any api endpoint that I tried fuzzing with ffuf but no luck I got a bunch of 403's. I don't know what else to do but keep exploring the site and learning about GraphQL. There is a whole host of GraphQL...

Citadelo Blog on leaking IP's This is a website with a great write up about finding web server's actual IP's behind reverse proxies like cloudflare. Extremely informative and devious because it explains all the attack vectors well. I got to get better at XML External Entity vulnerabilities so I can leak IP's on applications that use XML through the Document Type Definition (DTD). Festina Lente.

Studying Perl5 was a solitary pursuit. The language has nearly died after its prominence in the early 20's and late 90's. Though it is still maintained it seems like a dead language compared to other languages with more activity. I liked its arcane abstruse syntax and the hundreds of switches or flags that were possible. You could write really obfsucated stuff but it never amounted to much for myself. I never wrote anything impactful in Perl5 just more searching for programming trivia off of the websites like www.perlmonks.com. Maybe if I had gotten into bioinformatics then Perl5 skills could really shine. I never used Perl5 in Linux Administration which is the last vestigial trace you can find Perl5 scripts still in use. I took a gander of Perl6 which is called Raku now and that was a truly modern programming language with language constructs ahead of its time. With the passing of Larry Wall I imagine the vision of Raku still lives in some form. What do I know? I was no code n...

Discovered a subsidiary of Geo Group called B.I. Incorporated which is involved in personal surveillance technology known as electronic ankle collars. They provide a service that allows people to live in the community while being monitored during immigration proceedings and allows for the individual to work and move around freely relative to being housed in a detention facility. Geo Group was featured in a NY Time's article recently about said surveillance business but I do not remember B.I. Incorporated being definitively named as the subsidiary responsible. B.I. Incorporated portrays a very happy experience with joyful pictures on their website of people living life and going about day to day. The website does not go into detail of the ankle monitor technology or the cost to service one to the person being monitored. Another article by the NY Time's discussed the hardship that these ankle monitor surveillance companies can inflict on the people being monitored. The cost of be...

Immigration and Customs Enforcement runs and owns less than 4% of detention center facilities. This means the private prison industry runs and owns 96% of the detention facilities that are operating in America. Geo Group has received an award amount with ICE of $122.5 Million. Unfortunately given the severity of the crack down there will not be enough capacity to allow for humane treatment of detainees. There likely will be severe overcrowding given that few detention centers, according to Geo Group’s SEC 10Q filing, have a capacity of 1000 beds. The current administration wants to remigrate millions of people though there is no means due to the current detention center capacity. It is likely that Geo Group will expand its operations and bigger contracts will be made to provide Geo Group an ability to build out a larger detention center network nationwide. Some estimates of the time it takes to build a new detention facility is less than a year. Perhaps capacity will increase in a year...