Jan 5th 2018 by kailimanjaro • 11 Questions • 28 Points
I served as MPP’s Director of State Campaigns from 2015 - 2017, and helped lead successful ballot initiative campaigns in 2016 in Maine, Massachusetts, and Nevada. At the end of November 2017, I was named MPP’s Interim Executive Director.
Today, there are reports that Attorney General Jeff Sessions will rescind the Cole Memo, which provides protections for states with legal marijuana from the federal government. If the Cole memo is rescinded, that would enable federal law enforcement agents to raid licensed, regulated, and tax-paying businesses -- businesses that employ thousands of Americans and generate hundreds of millions of dollars in tax revenue for public services including substance abuse treatment programs and new school construction. Jeff Sessions is ignoring the will of the people and he must be stopped.
I am determined to fight this move, to legalize marijuana, and to remind Mr. Sessions that marijuana must be a states' rights issue. Ask me anything!
EDIT: Hey everyone, I'm signing off. Thank you so much for all the questions. Sorry I couldn't answer everything -- it's been a busy day as you can imagine. Please visit mpp.org to learn more about our organization's work -- we're fighting for medical marijuana and full legalization policies in states across the country, and we're fighting to fix marijuana policy at the federal level. If you can, please consider making a donation to mpp.org/donate Thank you -- Matt
Hello! Have you read/seen The Martian?
Do you believe that the soil on Mars (with additives) could possibly be used to garden plants?
is it possible to hypnotize ones self? I had an odd experience staring at the negative space of a tree swaying in the breeze; “zoned out” and lost about an hour of time.
In percentages, how much of your work is hacking in the old sense, like reverse engineering, digital tampering and usurping some kind of computer or other electronic gadget? How much is social engineering, role playing and in general would not need a keyboard?
Your mom was perfect as Bonnie. Did you have to coach her on how to deliver the lines or did she just intuitively understand the character?
First of all, thank you so much for doing this very timely AMA. I have a few questions:
*How do you anticipate this will all shake out in the end? It seems like the tide of public opinion has shifted (and is still shifting) in favor of legalized recreational marijuana. However, I've seen various arguments from both sides that make at least some degree of sense. One of the more solid arguments from the "anti-marijuana" camp is that "technically it was always federally illegal" because federal law never changed, just shifted to a more laissez faire policy.
*How will this affect medical marijuana? Moreso than recreational marijuana, MMJ seems to enjoy relatively broad support (even among conservatives). Do you think Sessions & Co. will try to avoid the potential PR nightmare of denying epileptic children, those in palliative care, and cancer patients their medications? Or do they simply not care at this point?
*What would the timeline be for a change like this? How long after the directive is given to crack down on marijuana would it actually take for the justice system to start shutting down dispensaries and making arrests? Is this likely (or even feasible) if the states (and their police forces) refuse to cooperate?
I think that's all for now. Thank you so much! <3
Working in a space plants lab we get a lot of comparisons to Mark Watney, the protagonist of The Martian. I even made a rap song (outreach piece) called Young Mark Watney for a conference. Yes, from what we understand soil on Mars is very very similar to volcanic nutrient rich soil from Mars, and is used as a substitute here on earth for research. This is an interview my supervisor did about The Martian if you are curious.
You can do self hypnosis. The usual procedure is to get hypnotized and then receive a trigger that you use to put yourself back into hypnosis. Practice it a bit and you can use it for all sorts of things like stress reduction, reinforcing goals etc.
Sounds like you may have put yourself into a trance although it also might be a variation on meditation. I don't know much about meditation.
Information gathering, pretexting and recon usually (there are exceptions) takes up 3/4 of the time spent on a job. Actual time on the customer network itself is usually only a few days compared to the many weeks of preparing phishing and social engineering scenarios because we will already know where the systems are we have to access and already have gathered so many credentials to be able to access them. Most time spend after that is actually finding the target data we are after versus what user accounts and roles give access to what. Good question.
I don't think we ever gave my mom any direction, my sense of humor comes from her so we had an Elliot/ET thing going on all throughout GAYLE
1) Our hope and goal is for Congress to take legislative action this year that establishes marijuana as a states' rights issue.
2) As of right now, the Justice Department is still restricted from interfering in medical marijuana laws at the state level. That has not changed as a result of today's announcement. We need Congress to renew that policy, so please call your Congressmen and Senators and urge them to protect state-level medical marijuana laws from federal interference.
3) That remains to be seen. In theory, federal prosecutors and agents could take immediate action against state-legal marijuana businesses.
Have you ever gotten in trouble with the law? I mean as in, the police got involved before you could pull out whatever papers allowed you to break in etc?
Hi Chris, in love with your whole Gayle concept. It’s absolutely hilarious. My favorite one is “mall kids.” Will you be doing more Gayle in the future? Also, where did your inspiration for Gayle’s character come from?
How should I punish my family for disrespecting my beach towels?
Making them drive around with a ham flag on their Kia sends a loud and clear message
1) Call your Congressmen and Senators: tell them that you want Congress to pass legislation that establishes marijuana legalization as a states' rights issue.
2) Please call the White House at 202-456-1414 or reach out to President Trump on Twitter and tell the administration that you oppose any Justice Department crackdown on state-legal marijuana businesses.
3) Donate to MPP so we can increase pressure on Congress to end federal interference in state-level marijuana laws.
do you get to use electron microscopes in your research? If so, how closely does the beam damage mirror that caused by cosmic radiation? Or do you image with X-rays just to avoid the ionization?
"Are you going to make me bark like a dog/quack like a duck?"
Do you know where this comes from, or if there was a specific old time act? I have people ask/joke about this all the time.
What is some of the craziest shit you've done while breaking into buildings?
Your car rants are beyond amazing, but besides your masterful quick edits, do you write everything out beforehand, or is there an element of ad-lib?
Also, do you plan on working with more outside musicians after the success of showpig? (asking for a friend....me)
My question is, What the Fuck? But seriously, from your perspective, what is the government's motivation for this nonsense?
The two most clear factors that affect plants in space are indeed ionizing radiation and micro/hyper gravity. But on a molecular level, there are a number of genes that are seemingly affected. The ones that come to mind are usually involved in stress response. We are working to figure out why these genes are expressed (is it because of microgravity or radiation? most likely). The other thing is, we don't plants to experience the rapid acceleration of rocket launch, so there is a technique we use where we put seeds to sleep for launch using far-red light
Have you ever seen the show White Collar? If so, what are your thoughts on any of the cons on that show? Your story had me thinking of the ep where Neal/the FBI break into a bank to demonstrate weak points in its security.
"I'm Afraid to Talk to Men" led to one of the most sincerely revealing chats that I (a cis gal) have ever had with my (cis male & pretty masc) husband, wherein I learned that he is also, similarly, afraid to talk to men. As am I. My question: do you think that, deep down, everybody is afraid to talk to men?
Focus on states' rights, which most conservatives tend to support in principle.
So a white hat hacker? Also whats the easiest way you've broken In?
I grew up in Acton MA and LOVE the accuracy of your depiction of the neurotic suburban Massachusetts house mother.
I have been scrutinizing all your GAYLE videos to figure out which town you're from.. WHAT IS NORTHBREAD IN REAL LIFE?!
What was the size of your red team when you started. Do you have a team that competes in CTF events?
Chris, what's the point of slithering slow so you won't wake if you're just going to shout your sexual orientation later?
I think in hindsight it's poor planning by someone who's just barely holding on
That would be difficult. We really need Congress to take action so that Sessions no longer has the authority to decide whether or not the federal government should interfere in state level marijuana laws.
What does your hacking kit look like? Could you list some (or even your favorite) tools you're using in your daily job/life?
Yo Chris! Used to go to your highschool, although I'm a number of years below you. My friends and I were always obsessed with your old sketches like Tag, the weird bird one, Dayquil/Nyquil and my personal favorite, Old Man Stillborn. My question is: 1. How did you come up with the name "Old Man Stillborn" 2. Will we ever see this incredible yam man's return? Has he been in Shaws all these years?
Cheese works pretty well for every dog I've had. Is there any way known to man to make a cat do something it doesn't want to do? :-)
Here is a selection that we usually bring on the job and after carefully planning our attack plan using at least two to three attack waves spread out over a couple of weeks or months:
- USB Armory, to have a self-contained system with everything you need
- Multi-band WiFi dongles with Atheros chipset suited for frame injection
- Proxmark EV2 or custom RFID/NFC copiers for access-card stealing or cloning
- Magspoof for access-card stealing or cloning
- Weaponized PocketCHIP / Raspberry Pi / Beaglebone with LCD display for WiFi hacking using a rogue access point. But also for running tools on the go such as network manipulation, credential extraction and man-in-the-middle tools
- Rubberducky or teensy for fast typing of payloads when required
- USB keyloggers and USB extension cords either stand-alone or WiFi enabled
- Ducttape and straps to install rogue network implants for later persistent network access
- Extension cords and network cables
- Bluetooth headset earpiece to stay in contact with my colleagues keeping watch
- Lockpick kits, bump keys, jiggler keys and other lockpicking tools
- Pliers, wrench, screw drivers for breaking down a lock or door
- Camera to photograph evidence and findings
- USB thumb drives tied to a lanyard and old keys to be "left" in bike sheds and parking lots containing interesting and enticing content for the lucky finder
- Fake paper access card and badge holder
- Banana, bunch of papers or other things to hold in your hand. People who have something in their hand walking around the building are usually not regarded as suspicious
- Disguise and clothes if you have to switch roles. You might have come into the building as the smoke detector check-up guy and might have to transition to a suit and tie to be able to get into the executive offices in another wing of the building
Oh hell ya!! Old Man Stillborn was based on a man I saw in a Greyhound station in Albany. I saw the oldest woman I've ever seen in my life, then I panned over a little and saw her dad... Old Man Stillborn will ride again
We focus on United States policy, but please feel free to use our website as a resource (mpp.org) and contact us with questions. President Duterte's drug policies are despicable and some of the most inhumane on the planet, so we very much hope that advocates in the Philippines are successful in bringing about more sensible marijuana laws.
If I put my dick into a venus fly trap what would happen?
Hello. I am curious if hypnosis is good for anxiety and stress or does it need to be more specific? Do you think that people whose thoughts are constantly racing may make the process more difficult?
How did you learn to do everything including experiences and education history?
Hi Chris! My boyfriend and I saw you in Columbus and he used a picture we got with you after your show (complete with your can of La Croix) as his “most fun memory” when we celebrated our one-year.
Are you still afraid to talk to men? And do you still hold a beer with two hands?
So Phillips Morris just said that they want out of the tabacco game. Do you think this is all just a ploy to hand legalization over to them ?
I'm not super familiar with venus fly traps but I don't think much would happen
Oh man that night I chugged so many La Croixs I became an influencer, I had to get my stomach pumped. My top button started buttoning itself. And yes, less so, every time I release one of those things I feel slightly better about the problem. Like now I have no qualms about people shrieking Baby Got Back and lighting fires doing so on dance floors
No, I don't. I think this decision is driven by outdated and misguided beliefs on marijuana.
But, seriously - how was the Yanni concert? Can you tell us more details about how it went?
Trust is so important. I think women hypnotists are usually better at achieving this.
If you think this is a dream job, we are hiring: https://www.f-secure.com/en/web/about_global/careers/job-openings
I got kicked out! It was soooo hard to get over the barrier that close to the stage. After I rushed the stage, the security guard said to me "Ok honey, you gotta go."
What is the weirdest thing or setup you encountered during paid or unpaid hacking?
I told my coworker Topher how you were my favorite comedian and explained the Gayle bit and tried to summarize your style. He recommended I check out Jim Gaffigan "if I'm into that sort of thing"
Finding video surveillance and access control management systems exposed to the internet without firewall. Finding "this is the backup of the entire website.zip" in the webroot of a production server for a bank. Being able to guess the password of the network connected guest badge allowing us to print our own guest badge every day and just walk in the building (the password was 12345). Production level financial information servers running under the desk of a sysadmin because of internal IT politics and tensions. A company with a garbage container outside containing hundreds of computers and hard drives in perfect working condition containing passwords, documents, financial records, etc.
Once breaking into an ATM in a major retail chain we triggered the seismic alarm and it started to make a lot of noise. When looking around no one even looked at us. Until a child, trying to go through the revolving door to get into the mall, touched the glass wall of the revolving door triggering the alarm and stopping the door for a couple of seconds as part of the security measure. The glass revolving door alarm sounded exactly like the seismic alarm of the ATM and thus no one cared =]
If someone is planning to learn a computer programming language, which language would you recommend to that person, which would help the most in pen-testing?
Im a peace corps volunteer and Gayle literally is the highlight of my day. I feel like I'm with my mom. I literally fall on the floor laughing so thank you. So many questions: what was your exposure to B girls and do you drink coffee, if not, what do you drink the AM?
Everything is geared towards Python these days so having proficiency in Python and scripting languages such as Powershell/Bash/etc will give you a lot of options when having gained access to systems or when wanting to develop something. Check out the grayhat hacking and blackhat hacking book series.
I've never had coffee actually, so I usually drink apple cider...I live off a hummingbird diet because my taste buds never evolved
Sorry if this already got asked, but what’s your opinion on shows like Mr Robot? If you watch it, how possible is a scenario like that? Do you feel like the show addresses all parameters required to pull off a hack of that scale?
Chris, I’m in the middle of finals and I don’t want to type anything anymore. What do you do when you need a boost?
Mr Robot is being praised for its realistic portrayal of hacker tools and attacks and it is indeed a fun show in how they show how simple it can be to compromise something. They get the occasional thing wrong and I always find it refreshing to hear Sam Esmail and team talk about how they actually fix the things they got wrong afterwards. But it is and remains a show. I don't think we are going to see anyone trying to melt backup tapes anytime soon but I like the cyberpunk aspect to it ;)
VEGAN DONUTS 3 pm most days, I suddenly realize if I don't get donuts my whole being will unravel and I will be one of those worm succulents Ursula the Sea Witch keeps in her seaweed soul garden
how do you feel about contractors contracts significantly limiting your attack surface?
What's your favorite place to eat in the greater Boston area?
We usually get in pretending to be the contractors themselves
Veggie Galaxy, where everyone's poly!
Hey Chris! I was blessed enough to see your show last month, and it was amazing. My friends and I have watched you religiously for years now. My question for you is, when did you know you wanted to be a comedian?
Thank yoouuu when I saw the show Mork and Mindy when I was very very young! I started signing my papers in Kindergarten 'Chris the Comedian' even though I was too shy to speak to anybody let alone do prat falls
How do I protect myself as a normal user best from cyber attacks?
If you were to do a Gayle spinoff series, who would be the main character of said spinoff? Is it Bonnie, because she can now text? Would it be the SAT tutor? Dr. Bruce?
Rick Gausmann 100%
I read that you are from Belgium. As a Belgian Computer Science student who is also interested in (Software) Security, is there any University in Belgium that you recommend for getting my Masters?
Hi, Chris! I've been a big fan for a few years now and regularly binge your Gayle shows. I was wondering, what was your inspo behind Gigi the Christmas Snake? Also, what's your favorite candle scent and when do you think you'll come to Kansas City next?
I am no longer living in Belgium I'm afraid and my school days are long over. It all depends on your interests and what it is you want to with information security.
Last month Gigi started volunteering at an Enterprise Rent a Car but lost his position for screaming his exe’s name “REBECCA!!!” into all of the Kia’s. Now I heard he’s giving unsolicited, rogue tours of Madame Toussaud’s Orlando, getting kicked out daily because he’s not employed by Madame Toussaud’s.’ All the while he’s been working on a screenplay that bears an almost word for word resemblance to every episode in chronological order of Black Mirror and he claims that the Notorious B.I.G. wants to buy it.
What are the books that you would recommend to people who are already into hacking and who would like to acquire more knowledge on different hacking techniques as well as the way of thinking?
If you come to Toronto, I will personally deliver you a briefcase of maple syrup based products. Deal?
It kind of depends what domains you want to get better at. Most of the skills that are required are expert sysadmin skills, being able to program and script things together and having a solid understanding on how the technology works. But, also understanding what the caveats are of that technology being used in an organisation and how it can be used against that organisation. And for that you need to know what the daily tasks are of a sysadmin, network administrator, developer and deployment environments, how code gets distributed from the IDE to the production environment, how email environments work, etc. Basically how a company works and how it functions.
Rather than going the "hacking exposed" and other book series way which are more tool related and which will not help you in understanding; I am a big proponent of playing war games or hacker challenges. Learning by doing and getting your hands dirty on your own lab, writing your own tools and code is going to be the most productive for you to learn new things. But from a pure technical side I always recommend the following books as a bare minimum:
- The art of software security assessment
- Exploiting software and how to break code
- The tangled web
- O'Reilly's Network security assessment - latest edition
- The web application's hackers handbook
- The browser hackers handbook
- Mobile application hacker's handbook
- Grayhat Python
- <Any book on your favorite operating system>
- <Any book on your favorite programming language>
- <Any book on TCP/IP>
- <Any book on ITIL and IT processes and procedures>
- All the books I forgot for which you are all facepalming right now
Yes as long as the syrup is loose in the briefcase
What are your favourite ‘war games’ and ‘hacker challenges’ ? From a 2nd year comp sci student looking to go into security!
Also, my friend wants to know: Who is Phil and why is he so tough?
Try http://overthewire.org and http://cryptopals.com and get involved with their communities. Look for any kind of challenge be it system or network based. SANS.org usually has a recurring hacker challenge e.g. their holiday challenge, as do the major conferences which they archive for later download and replay. As far as originality I like http://www.pwnadventure.com a lot.
a guy I worked with at Cafe Ziba in 2005
Are there any programming languages that are better to learn specifically for ethical hacking?
what do you find to be the most difficult part about starting out/being succesful in comedy?
and bonus question: what do you use to coif your mane?
If I had to pick two, python and powershell will help you the most, in no particular order.
1)Having access to a good sea salt spray 2) Sea salt spray
Is protocol fuzzing something you leverage in your approach? How common is fuzzing in hacker community?
Red teaming seems to be a method of finding the weakest security links possible, but what about slighty more difficult vulnerabilities that you dont attempt to find bc they take too long to discover or you just miss them? Do you suggest more significant security program change within an organization after you exploit the low hanging fruit?
Hi Chris! Who are your biggest influences/inspirations? Who is your favorite comedian?
Fuzzing is more useful if you want to find vulnerabilities in a certain piece of technology. It is extremely rare we use fuzzing as part of a red team test but it has happened that we were able to fingerprint what software a company was using as part of their daily tasks, find vulnerabilities in it and then exploit those in a way that advances us towards our objective.
There will always be things that we do not find as part of a red team. We only need to find one way in. If a customer is interested in finding as many vulnerabilities as possible in a given solution, technology or process then we can offer that service to them as well but it kind of goes beyond what a red team is trying to achieve. Which is to test the resilience and monitoring capabilities of an organisation against a targeted attack where the attacker picks the attacks, not the defender. Once the detection mechanisms reach a certain maturity and most low hanging fruit is found, then and only then as part of an iterative process can more controls and processes be introduced.
Noel Fielding/Robin Williams/Maria Bamford I think? JB Smoove makes me laugh the hardest, I also reallly like Jen Kirkman.
What's an invaluable piece of equipment we wouldn't think of?
Do you enjoy your job? I work server administration and I find myself disliking it more and more everyday. I would rather be breaking in than patching holes constantly it seems. I would like to learn more hacking do you have any educational sources you recommend?
I do - because I get to use my own creativity in order to see how far I can push a scenario that might result in compromise and use/develop some custom tools and techniques along the way.