Things could not fit into my CV

There are many things I did not put into my CV. It is hard to explain, to present to others. Sometimes I can not find words. And also by night, I become a different person (Dr. Jekyll and Mr. Hyde). Not sure how to organize topics - by area or year. I think the year would be fine.

1998-2003

Most ISP (Bosnia and Herzegovina) have been hacked(from my side) and reported to them (it was a weird thing to explain ppl that they have a bug, issue, security issue, to update things, etc). From my bag of tools goes:

  • Mysql without a password but root/toor and qwerty or 123456789 for SSH/Admin page
  • RPC that has a format bug (RH 6.0)
  • default password, default users
  • not having blocked NetBIOS (but even if they put password there was a way to crack that because of a flaw)
  • Huh and others
  • RE my fav app: System Mechanic. I learned about approx 30 days how to crack this app. Later same skills I used to crack the app and find how they work. Connect with other security people.
  • cracked several encrypted texts (Ceasar, viegner) with statistics and logic
  • Build the first game in Visual Basic with minimum information(one book for VB) and reverse engineering (mind experiment, thinking)

2004

My first bank job. I got a position as an IT technician. I got hacked ATM - and reported it to the bank (the security officer was my good friend from high school). The same situation is still present in most Bosnia and Herz Banks. SMS banking - they start to apply new SMS banking and also pay through SMS. I demonstrate an issue with local telecoms - spoofing SMS and sending money to other people's accounts. They stop to plan SMS banking in this direction. First war game server. It was fun. I did play later more than 2 times: at BalCcon, and at Ericsson.

2006

The web application at government, police, and telecoms - I did send an email but they did not read or they promise me I to get jailed. SQL injection, non-authorization, bad permission for accounts, etc.
I did not care what they think - I told them they can do that - but at that time Bosnia and Herz did not have a law on that - so it was funny. They did not get the idea of how this information was good for them. They saw me as a danger and risk to them.

Made some videos for Youtube in 2006:

(irssi, Slackware, and 4 computers, direct connection to the net)

2007

A lot of hacking, and a lot of playing with networks, and systems. The found issue in PPPoE and how to crack any wifi at that time in Bosnia and Herzegovina. It was funny - I send a report to one big WIFI ISP. Found that people massive use admin/admin on some ISP - I automate the gathering of this info and send a report to ISP. Later I hack several times their servers and report them to them. Last my hack was SQL injection and report it to them. They respond with "does not matter, no one besides you would hack us" - this was a failure. Later in 2008, happen several hacks of this ISP and 10k users' DB was "shared" over the net. We found bad guys but the police did not have the law on this and how to handle the situation. So they left them out.

2008

Busted first spam king in Bosnia and Herzegovina. He was using several ISP and dumped my email from some DB to send me spam. He did it wrong. I found him - reported and give info to ISP. They did the next steps. Also, half of my friends and non-friends have free internet. I found a way to get a free net each time I hack some ISP to give me 1 year or more free net. So I share it with people. Main domain name register for domain .ba - SQL inje. Reported - they switch to using rewriting to URL. The code is still there with bugs.

2009

Start to examine a global threat - people, tools, operations. From organized crime groups, and state-level hackers to small-script kids. It was fun to watch criminals, police, and FBI agents how they play games. In the end, I gather a good base on how things go underground. From OSINT skills to satellite hacking. Develop the first symmetric algorithm that I would cryptoanalysis in 2012 and find an issue. Cracked Cyber Command hash as part of the challenge. I was the 9th person who did that.

2010

Hacked 2 banks in Saudia Arabia as part of the pent-testing contract that I did have with one company. My NDA was finished so in short: bypass some security(not sure to say but it was Gmail security at one side that block PDF with exploit code and after execution, RAT is downloaded&executed PC ), plant RAT, gather info, print screen, write a document(they did have more SQL inje, non-auth URL access, and others) and get money from the client. I did get an offer later in 2013 but I refuse. Simple for me this was fun. For them, it was a job (and not fun at all) + with the money I got. The local CyberCrime unit refuses my CV. Later in front of them(this Cyber Crime unit), I would be offered a job by the FBI but I refuse. (later in 2012, I would give some tips on this)

2011

First, a remote job. Later I got one more. The second one was Ipercast - I found a lot of security issues (ex PHP shell execution and gathering info about clients, files, etc )

2012

I start to work for the best company in the world. Ipercast. They are the first CDN and from them was made Akamai. Bussines unit that was in Bosnia and Herz. was planned to be closed because of financial issues. With my own skills and directed by my CTO Alexander - we bring one solution that saves 25 jobs positions. The solution would be used by Vodaphone Germany, it would bring a lot of cash and a similar approach would be used for RAI Italia, Sony Germany, and others. Manipulating on the low level with streaming for different protocols (RTMP, HTP, RTPS, others). I started a project(for one NGO): Streaming. It included a special type of streaming and security. It was a combination of many things. My NDA was ended now. Later by this year, I was approached by people from the Cyber unit and FBI to work for them. I demonstrate skills that at that time were advanced for these units and organizations. I refuse because: I did not want to do what other people want me to do + I was working for the best company in the world with the best position in the world. My job offers me freedom, travel, and combines all my skills. I was paranoid and at some point, they start to follow me, read my email, read my chats - this was exposed when we met - I told to FBI that it was wrong to read my emails, and chats, send black van (I made a picture of a black van, you can ask Milos - BalCcon organization. He saw and he was laff at that time), agents, etc and local police follow my IMEI and position as a local secret agency follow my traffic (I found how things go from the law, technical specification, how they manage - complete picture). Also, I did show a picture of the FBI van to people who organize BalCcon (Balkan Security conference) 9 months before this happens(only proof for now). They laff. Everyone laff at that time. But not me. I am still paranoid. News and some insider got the wrong information. I spend the next 4 years removing this title and text through cyberspace. It was wrong and not ethical at all. Bosnia and Herz do not have any laws to prevent similar situations. https://web.archive.org/web/20170926234049/https://www.nezavisne.com/novosti/hronika/U-akciji-FBI-ja-uhapsen-haker-Vladimir-Cicovic/171278

2013

My company tries to get a server with a domain in China. I found the issue after my sysadmin team tries to resolve it with no success: It was a China firewall that works on the domain level. It was fun. I put all my effort to help a group of people to fight against the first information warfare - anti-vaxer propaganda. I gather information as part of a group, and find weaknesses inside false news distribution - but the government in Bosnia and Herz did not want to know this. As also the cyber unit as also the Ministry of Health and CERT RS. The first victim, a baby, who did not get the vaccine to stop some nasty thing was to die 2 years later because their parents got influenced by this false news. This continues in 2020 - and the government does not have a proper reaction - instead, it getting more worst especially because people are not able to take critically thinking on the topic.

2014

Flood. Bosnia and Herzegovina. I help the local Red Cross to use automatic sending text on all numbers for volunteers with one button. I found a way how to organize communication in parts there was no electricity. Also, use the normal distribution to find how many there are baby and diabetic patients in the flooded area. My CTO did have an issue with Gmail. I troubleshoot and found that Gmail has issued 4 days before they were put into the board as an official issue. I try to contact them. Also later I would find a security issue with their emails that still exist. If you see a green icon (for TLS secure email sending) it was me. Still - they can not handle how email arrives at them or goes to other SMTP - in other words, all emails you send are not secure they are open to reading whoever intercepts them.
One of the largest DDOS attacks on local TV stations and finding a person who did this also found a solution to stop the current one. In this case, local CERT RS also Cyber Unit - did not find a way to help local TV stations. I did ask them to involve me in this kind of case - they never did. Discovered that MTEL telecom ISO27001 - before they apply to the public. I was using a private URL when they accessed it. In other words, they can follow what and when someone visits through this ISP.

2015

Told the Bosnia and Herz. Ministry of Security for "top security software for encryption messages" - not to use because it has a flaw. They did not respond to this. They don't know what to do. Offered help to local Cyber Unit for solving the case of encrypted hard disk - simple, unofficial channels I send the query to allow me to crack password for encrypted hard disk. They refuse. Why? You need to ask them. For me, it brings fun and intellectual challenges.

Hunted Islamic State through the internet. Find them all that makes propaganda war against Bosnia and Herz government. Found names, locations, and profiles - and report them. After one month of spreading fear to citizens - I got a little bit angry about this. The only reason why this happens is they get me angry as also the government that spends millions of euros on software and weapons and has no chance to find people over the internet. Find IP (first email on the picture) and 1-2h later full name, location, and other information.
I got a response from the Ministry of Security (thanks, and in a live TV conference he mention "We got help from a hacker that hack banks" - like there are 1000 of them in Bosnia and Herz. It was scary at the moment. I was hoping this will stay in the shadows) Email that was sent at that time: enter image description here

2016

Moved to Amsterdam, and meet Dutch hackers. Learn new things.

2017

I got an interview with Facebook and Google(Ireland - not California). Reject interview for Google after failing the Facebook interview(Got 2 programming task, simplest one - fall both). In the end - I did not see myself inside that kind of company. I love algorithms, programming, math, and puzzles - but simple I don't see myself in that kind of company. Only I promise to myself - if any day in the future I want to go - it would be booking dot com. I forget to mention I fall an interview with booking dot com in 2015. Face-to-face interview. Simple I did not prepare myself and the persons who interview me - did not get my idea correctly. It happens (I did not present small detail and the complete troubleshooting question goes in the wrong direction)

2018

Someone send anonymous mail to one of the judges as a threat - I asked again some politicians to help this Cyber Unit to identify the person who did this. From my perspective - it was possible for even a person to use a proxy and hide very well (from information that I read from the news).

2019

Start working for ZenDev and Ericsson as a consultant.
(found bugs in ssh of Ericsson router - "it is not our job". Ok)

One person tries to blackmail the woman for her photos (she sends them to him, a romantic affair) to send to her husband. Options to inform the police or the real husband were not good at all. (kids, marriage, too much newspaper) I exploited that he (the person who blackmailed) did not know a real husband. So I called this person yelling, threatening to call the police, and told him that I forgive my "wife". He got a message and leave the poor woman alone. (this happen in Bosnia and Herzegovina FYI - and I was using Viber with a number from Bosnia and Herz - so he could not notice my location)

2020

0wned some tweeter bots from local Bosnia and Herz. CERT (they mess up with keys) - reported to them as part of ethical hacking.

Srdjan Rajcevic, at that time the main person in the Ministry of Scientific and Technological Development, Higher Education and Information Society - false some massive retweets - and he and his personal "bots" (people that support him and pay as well for that) put a false story that behind this "massive RT" was me. I was of course laff - it was not me and the tools they use is a marketing tool that promotes tweets (more RT, more rank on google). I did notice until 23h that evening - someone was systematically searching me through Google, going over my profiles (GitHub, Facebook, blog post, and this blog, etc). Then I get alarmed. Returned complete the day starting from 8 in the morning so I got this:

  • 8 am Srdjan google me with his iPhone, from home and his wife also (from an Android phone)

  • 9 am The chief of his cabinet or someone else - google me, view my personal blog

  • On 16 that day he state that he know who did this "attack" (it is not an attack and every person was laff in this from the IT sector in Bosnia and Herz) (https://www.klix.ba/vijesti/bih/iz-vlade-rs-a-se-pozalili-da-lazni-profili-napadaju-njihove-naloge-na-drustvenim-mrezama/200415125)

  • 16:30 Police from Bosnia google me (they lack "security of operations")

  • At 21:30 there was IP. .. from Stockholm. It was a domain of the Swedish police, "whois records". I check - it was really them.

Also notice that Srdjan R. has iPhone, iTablet, and Mac laptop. Later I will get information that one company doing this to all people in the government of R.Srpska. (name of the company, it is connected with the most winning solution for government proposals)

Crap. But then again - I did not do anything and thank the high power of the internet - complete my traffic is "captured" or "followed" here in Sweden - so even if they try to check they can see that it was not me. So I got relaxed. and laff on all this. Forgot to mention - I am using the internet to harvest information about who is harvesting information on me. I called contra-OSINT and I am doing this since 2008 when my paranoid nature starts.

Also: "DDOS attack" on journalist: https://www.infoveza.com/milan-curlic-curla-iz-banjaluke-prijetio-nasoj-redakciji/ - I found this person. He believes that anonymity exists :)

2021

One of my friend got death threat https://www.gerila.info/novosti/drustvo/banjalucki-komicar-mirko-komljenovic-prijavio-da-dobija-prijetnje/ It was the same person from the upper link "DDOS attack"

Later in 2021, there was a scandal of blackmailing a young politician with his private video. No one in the media published but the video was "viral". Actually, he has more than one video and this group of people (yes, they are identified and reported to the police - no one did take any steps to bring this person to justice. Why? Ask the police) Send a note to him that I want to help and RNR starts (all this was done by law and nothing was illegal in this process - that is more fun): - removed 5-6 domains and WordPress (wordpress.com tnx to these nice people) - block emails (tnx to Yahoo admins) - recover the true identity of these people - find start point where to go (the person who was blackmailing the victim used his real CC to pay domain) So in the short idea was to block all content (there were 2-3 new videos that did not get in public) and because I removed them several times - all news got removed as content and they start from the beginning. So people lost interest in this type of page and did not follow it (they changed all the time domains with new but they did not become viral as with the first video) and blackmailers get issues setting up new domains and blogs as emails also (they are not so technical skilled people)

Got "thank you" in a live tv show from the victim: https://www.youtube.com/watch?v=_CDgudFisCc

enter image description here enter image description here enter image description here

2022

Find some person who sends a death threat to some official https://srpskainfo.com/srpskainfo-donosi-detalje-hapsenja-mahmutovic-priznao-da-je-prijetio-kojicu-foto/

Made some inspiration for the new generation https://www.youtube.com/watch?v=sjimiYjYzGk (all mentioned things are old or legal - but also if you do not get caught then it is ok hahaha joke. no illegal things)

2023

I have all passwords: https://github.com/vladimircicovic/wifi_pass

Maybe is time to start a security carrier.

Analiza sajta lakodoposla dot kom

Ovo je kratki pregled sadržaja baze koju je nepoznata osoba skinula sa sajta lakodoposla dot com i ujedno savjet kako da osigurate tudje i svoje privatne informacije. Ovdje će izostati analiza šifri (karakteristike, frekvencija, duzina, ostalo) koja bi trebalo da bude u narednom periodu a i ujedno će sadržaj biti u Wifi pass fajlu

Baza se pojavila prvo na jednom od reddit subova, tj skrihshoot a poslije nekog vremena i link ka kompletnoj bazi.

Šta se nalazi u bazi?

Baza sadrži informacije o poslodavcima i radnicima koji traže posao. Jedan dio se odnos na komunikaciju izmedju administracije sajta i poslodavaca gdje se vrši plaćanje usluga. Svi skupa imaju sljedeće informacije: ime/prezime, email, šifre, adresa/ulica/grad, broj telefona, datum rodjenja.

Slika dumpa baze Slika zapisa baze

Baza sa korisnicima počinje nekad od 2008 godine a posljednji unos/izmjene su 28 Jula 2022 u 02:21

posljednji datum u bazi

Informacija o datumu kreiranja zadnjeg naloga je jako bitna kao i broj kreiranih naloga ukupno i vremenski period.

Baza sadrži oko 510.000 zapisa radnika. Od toga je u 2022 godini registrovano 10.000.

Kako su došli do baze?

Baza je vjerovatno skinuta sa nekim od alata (sqlmap, sqlninja i slično) a preko buga u sajtu (vjerovatno SQL injection). Napadac je vjerovatno onda prebacio u svoj phpmyadmin pa dumpo/izbacio bazu u sql fajl i okacio na jedan od foruma. Razlog je gledanje informacija iz baze (tražio je kartice, pristupne šifre, mailove i drugo) U ovom teksu se neću baviti propustima i ovo sve navedeno je nagadjanje u nedostatku informacija.

Kako ne raditi sa privatnim informacijama

Ovo je najbitniji dio teksta i ovome sam želio pisati. Ovdje ću tek nekoliko osnovnih i bitnih stavki vezano za sigurnost napomenuti. Ima ih još pa čak u narednom periodu planiram preduzeti neke korake kako bi se generalno stanje na ovom polju u BH/SRB/CG/HR počelo mjenjati.

Trajanje zapisa privatnih informacija

Svako kreiranje naloga treba da ima kada je osoba zadnji put se logovala. Iz te informacije treba izvršiti da poslije 90 dana neaktivnosti šaljemo korisniku email upozorenja a zatim ako nema odgovora - brišemo iz baze. Sa ovim pristupom od 510.000 privatnih informacija, šteta bi se svela na svega 2000 do 4000 naloga.

Kvalitet šifre + 2FA ili čak OAuth2 identifikacija

Sve šifre se čuvaju u nekoliko formata: plain text, wordpress hash(wp hash) i bcrypt hash(bcrypt). Sajt lakodoposla nema minimum duzine (idealno 12 do 16), miks slova, brojeva i specijalnih znakova. Prilikom kreiranja naloga šifre kao "12345678" je moguće unijeti. Takve stvari su nedopustive.

Sajt takodje nema 2FA (izuzetno lako integrisati sa freeOTP) koji bi u slučaju pogadjanja šifre moguće je sačuvati pristup sajtu (pod uslovom da nema curenja baze i slično). Čak i ako se koristi ista šifra za različite sajtove 2FA pravi ogromnu razliku.

freeOTP freeOTP logo

Sljedeći iz ovog arsenala je OAuth2 protokol koji može da posluži za registraciju i pristup sajtu. Sa SSO (single sign-on) korisnik može autorizovati sajt da preuzme informacije i kasnije da pristupi istom tom sajtu. Ovdje se ne mora posjedovati šifra - sve se čuva u OAuth provajderu a minimum informacija koje sajt treba da ima su email, ime i prezime, ostalo.

OAuth2 OAuth2 - slika preuzeta sa InterSystems Learning Services youtube kanala

Minimiziranje dijeljenja privatnih informacija i skladištenja u bazi

Imamo nekoliko bitnih privatnih informacija koje moramo držati u bazi a sve se mogu redukovati i smanjiti negativni uticaj curenja informacija. Ovdje pričamo o ime/prezime, email, broj telefona, CV-iju, tekstualne poruke.

Ime i prezime: redukovati na samo ime sa početnim slovom prezimena. Apsolutno nebitno poslodavcu a u komunikaciji kasnije moguće je saznati.

Email: Ukratko moguće je u bazi drzati email koji je povezan sa korisnikom i loginom, a da pri tome ne držimo pravi email. Slanje na ovaj email bi mogao samo servis zbog informacija/resetovanja i slično. Samim tim bi npr imali 9dc3242cd523367c2296afbc65520f29@domena.com gdje bi na email serveru identifikacija za 9dc3242cd523367c2296afbc65520f29 bila prema ovojenekimail[at]gmail dot com. Naravno, ovdje se može smanjiti veličina hasha, uzeti neki drugi koji pruža bolju sigurnost (argon2id, scrypt, PBKDF2) i napraviti format koji je pogodan za email adresu.

Broj telefona: Ako postoji mogucnost izbaciti skroz. Ako bas se mora implementirati onda bi jedinstveni ID bio u bazi a pravi broj bi se čuvao na drugom mjestu i informacije slale kroz REST API.

CV: Izbaciti sve privatne detalje, imena firmi - kasnije je moguće poslati zainteresovanom poslodavcu puni CV sa detaljima. Ovdje bi trebalo da sama firma koja vodi sajt pregleda isti taj CV i ukloni isto sve privatne detalje radnika i firmi.

Tekstualne poruke: Godina je 2022 i vi dalje vjerujete da vam niko neće sem vas samih čitati poruke? Public key, moguće je šifrovati poruke i držati ih kao takve u bazi i za svaku sesiju / tekst imati ključ koji se opet čuva sa master ključem / privatnim ključem (ovdje treba PKI al ideja je da se poruke ne ostavljaju u otvorenom tekstu). Uglavnom: ne ostavljajte poruke u bazi u "otvorenom tekstu"

Zaključak

Ovaj incident je samo "demo" sajtova u SRB/HR/BH/CG/MK gdje se ne vodi računa o privatnosti korisnika. Samo da je ispoštovano pravilo 90 dana il manje - uticaj ovoga bi bio redukovan sa 510.000 zapisa na 2000 do 4000. Pričamo o brojevima telefona, email adresama, datumima rodjenja, punim imenima i prezimenima oko pola miliona ljudi. Ovakve informacije se mogu koristiti za dalji napad, uznemiravanje ljudi, preprodati ili zloupotrebiti na druge načine. Sajt se nalazi na Linodu u USA - isto nedopustivo kada znamo da informacije gradjana Srbije treba da budu u Srbiji. Nisam spominjao standarde, penetration testing, hardening sajta i drugo - koji bi definitivno smanjili šansu da se dese ovakvi ishodi.

Zahvalnica

Gospodinu @milos_rs_ koji je pokazao skrinshoot i naveo početni dio (phpmyadmin). Svima koji stvaraju i kreiraju sadržaj a vezano za računarsku sigurnost.

How to run and setup twint

Twint is an OSINT tool for Twitter intelligence gathering and it is used by many people in the security industry (as others also). In this short article, I am going to give you a list of commands to run with no problem.

Twint is currently archived and the normal setup produces an issue. So, in this article, you will see how to run it with no issue.

Source of twint: https://github.com/twintproject/twint I would guess you are running Linux and have docker installed. There is 2 possible way. One is using docker - and the other we skip docker install and run other commands (if our Linux is Ubuntu/Debian and support python 3.6 or 3.9)

As the first step, you need to download the docker image.


docker run -ti --rm kalilinux/kali-rolling:latest bash

If all goes fine (pull, and running bash under docker) you will get into prompt of Kali Linux.

We go to the next step in this process install and run python3.9/virutalenv and activate envoriment


apt update && apt -y install git python3.9 python3-pip

pip3 install virtualenv

virtualenv --python=python3.9 py39

cd py39

source bin/activate

After this, you will get into a virtual env for development.

Setup and run of twint.


pip3 install --upgrade -e git+https://github.com/twintproject/twint.git@origin/master#egg=twint;

twint -u twitter --user-full

If all goes ok - it would show information on user @twitter

Kubernetes setup on Ubuntu 22.04 LTS (Jammy Jellyfish)

This is a quick and short text on how to install Kubernetes on Ubuntu 22.04. Spend the last 2 weeks solving issues with Containerd and Kubernetes.

After reviewing the GitHub issue for Kubernetes - found this to solve a problem that I have.

The problem manifests as up/down for Kubernetes health and running buggy. On Ubuntu 20.04 there was no problem. The issue is connected with Containerd Cgroups settings for version 1.5.9 (any above this version would work fine, read a link that I provided on information). So let us start with installation.

Kubernetes Kubernetes map - from cloudsigma.com

Kubernetes setup on Ubuntu 22.04

Let me guess you have 2 machines, with Ubuntu 22.04 installed. First, will be used for the k8s control pane. The second will be used as a worker/pod. Both machines have the same steps for k8s installation. Please notice that the IP addresses I am using are from my network - so add proper IP for cp1 and worker1
Here you go for the k8s control pane and worker:


apt update
apt upgrade

echo is this IP of your machine?

echo "192.168.50.204  worker1.example.com worker1" >> /etc/hosts

echo "192.168.50.165 cp1.example.com cp1" >> /etc/hosts

hostnamectl set-hostname cp1
hostnamectl set-hostname worker1

modprobe br_netfilter
modprobe overlay

cat << EOF | tee /etc/modules-load.d/k8s-modules.conf
br_netfilter
overlay
EOF

cat << EOF |  tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
EOF

sysctl --system

apt-get update ; apt-get install -y containerd

mkdir -p /etc/containerd

containerd config default | tee /etc/containerd/config.toml

sed -i "s/SystemdCgroup = false/SystemdCgroup = true/g" /etc/containerd/config.toml

systemctl restart containerd

swapoff -a

apt-get install -y apt-transport-https curl

curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add

apt-add-repository "deb http://apt.kubernetes.io/ kubernetes-xenial main"

apt install -y kubeadm kubelet kubectl

After you finish these commands on both machines, you have an exclusive command for the k8s control pane and for the worker. For Control Pane:


kubeadm init --pod-network-cidr=192.168.0.0/16

mkdir -p $HOME/.kube

cp -i /etc/kubernetes/admin.conf $HOME/.kube/config

chown $(id -u):$(id -g) $HOME/.kube/config

kubectl apply -f https://docs.projectcalico.org/manifests/calico.yaml


After you finish this on the Control Pane machine, there will be a command printed similar to this and copy to CLI of worker1:



kubeadm join 192.168.50.165:6443 --token azlcfh.36lef5ty7890en1r6 --discovery-token-ca-cert-hash sha256:47a02b63e60278025d3423883a05a48e06f943195f06ebe414d929f60028e


Or you can execute on Control Pane and get printed:



kubeadm token create --print-join-command


and then execute on Worker1 command that is printed The output of this command is copied/past on the worker machine. You can add more worker machines with no problem.

If all goes ok you will be able to check with:



kubectl run curl --image=radial/busyboxplus:curl -i --tty 


this would run a container on pods and you can see if the network and other parts are running ok. Type exit to leave the container. to delete this pod:



kubectl delete pods curl


You can also see how this goes with my video: Youtube K8s setup

Thanks to this people

@Jocix84 and @Bojana_dev for support, direction, and inspiration!

Botovi vladajuće partije u RS/BH

Jedan od modernih načina manipulacije masama jeste kroz socijalne mreže. Glavnu ulogu pored dezinformacija imaju i mreže botova koje rade na širenju tih istih dezinformacija. Ideja je da se kreira javno mišljenje putem manipulacija sa osjećajima ljudi.

Bot je skraćenica od robot, gdje su u početku prije 25 god korišteni IRC botovi kako bi se lakše kontrolisao rad IRC kanala. Blokiranje spamovanja, uvreda i neželjenog sadržaja uopšte. Bot u modernom društvu je dobio skroz drugačiji oblik i naziv. Postoje tzv ljudske varijante botova i automatizovane skripte.

Izuzetan značaj botovanja je kroz plasiranje dezinformacija na socijalnim mrežama i onda objavom članaka postiže se od manipulacije masama do stvaranja pritiska i stresa onoga koga prozivaju/spominju. Jedna od inspiracija za ovaj rad je bila i Analiza neočekivanog Twitter statusa (v2) od gospodina Ivana Markovića kojem se želim zahvaliti na pomoći. Želim samo napomenuti da je ovo tek grebanje po površine o datoj temi a vezano za R.Srpsku i botovanje.

Vremenski period događaja Vremenski period događaja

"Ulaganje" vladajuće partije u online marketing (plaćanje botova)

Rat komentarima - Izvor: mojahercegovina.com Rat komentarima - Izvor: mojahercegovina.com

Početkom 2021 Milorad Dodik javno objavljuje da će doći do "pojačanog" online prisustva vladajuće partije. Izvor: https://mojahercegovina.com/rat-komentarima-armije-botova-okupirala-drustvene-mreze/ Novac koji je plaćen prema navodima (https://www.gerila.info/istrazivanja/zasto-je-irb-privatnoj-agenciji-platila-gotovo-800-000-maraka-za-promociju-i-marketing/) opozicije i portala (https://dobojski.info/ekonomija/finansije/item/32707-posao-za-botove-kako-ce-snsd-biti-promovisan-na-drustvenim-mrezama)

Tipovi botova vladajuće partije

Postoji nekoliko tipova online botova vladajuće partije u Republici Srpskoj. Prvi tip su botovi sa jasnim imenom i prezimenom (lažni ili pravi tj članovi stranke). Drugi tip su lažni profili. Treći tip su automatizovane skripte ili aplikacije.

Prvi tip, javni profili, služe za pozitivnu kampanju i negativno komentarisanje (bez uvreda). Evo primjer:

https://twitter.com/derajic_dragana/status/1543850416001130497

https://twitter.com/kljajicluka1/status/1543857840611270657

https://twitter.com/BlagojaRistic/status/1543854041310052354 prvi tip botova

Takodje postoje botovi koji su lični i pripadaju nekome iz vladajuce strukture npr:

https://twitter.com/peulic_dragan

https://twitter.com/mirkozuga

Lični botovi

Koji se koriste za specifične napade. Prvi profil je zaposlena osoba u jednoj firmi i lični bot Ministra Srđana Rajicevića. Firma je privatna i osoba je dovedena da botuje izmedju ostalog za ministra. Ima toga jos, ovo samo izdvajam da bih pokazao dubinu rupe i mulja u kojem se socijalne mreže nalaze.

Drugi tip su anonimni profili koji služe za "prljave" napade. Samo cu ostaviti link https://twitter.com/GrubacicAnja/status/1550348296245448704 bez komentara.

Prljavi napadi na druge ljude Prljavi napadi na druge ljude


Treći tip, automatizovana skripta il aplikacija - koju sam otkrio sinoć (3 Avgust 2022). Jedan od razloga zašto pišem ovaj tekst jeste upravo da bih ukazao dokle je došla zloupotreba "botovanja" i politike u online raspravama uopšte. Treba napomenuti da je prije nekoliko dana (od pisanja teksta) ojbavljeno demantovanje od strane političara a vezano za profil koji je automatizovan. Mjesecima su ljudi pokušavali da argumentovano komuniciraju sa datim "botom". Meni lično nije padalo na pamet već sam slučajno ušao u jedan od tvitova i ostavio komentar. Nakon nekoliko tvitova shvatio sam da je u pitanju skripta il automatizovana aplikacija. Telefon sa twitter aplikacijom je spojen na računar i koristi se za plasiranje reklama i slično unutar marketinških krugova. Sa tim se zaobilazi twitter API limit koji postoji.

Kako sam shvatio da je u pitanju automatizovani profil, tako sam pronašao "okidač". Samim tim ovo objašnjava postojanje toliko praćenja ovog profila kao i da su drugi profili koji (još nisam istražio sve) lajkuju i RT su dio bot mreže SNSD plus obični ljudi. Profil je na početku sherovao smiješne stvari, zanimljivosti i slično kako bi privukao veći broj ljudi da ga zaprati. Onda je krenuo nakon nekog vremena u botovanje/napad na opoziciju u R.Srpskoj. To zapravo i nije napad više kao oduzimanje vremena na kvalitetnu raspravu i razmjenu argumenata. Automatizovani profil ima specifičnosti koje ga odaju. O tome ću kada budem pisao detalje za dati profil.

Za sada imam nekoliko kandidata za ovakav tip profila za koje vjerujem da su u fazi farminga (uzgajanja, rasta pratilaca i slično).

Ko bude u mogućnosti neka prijavi sljedeće tvitove kao spam kako bi uklonili ovakav tip podvalljivanja na društvenim mrežama:

https://twitter.com/Kandzija_/status/1554961860918759424

https://twitter.com/Kandzija_/status/1554961117855813634

https://twitter.com/Kandzija_/status/1554960596495486983

https://twitter.com/Kandzija_/status/1554954880413999104

https://twitter.com/Kandzija_/status/1554955169711931395

https://twitter.com/Kandzija_/status/1554956860486205444

https://twitter.com/Kandzija_/status/1554956988618096641

https://twitter.com/Kandzija_/status/1554957006070583296

https://twitter.com/Kandzija_/status/1554958404266885120

Kandžija automatizovani profil

Uticaj tvitera je minoran al odlično služi za dezinformacije, napade na opoziciju i to je jedan od razloga zašto je toliki broj botova.