VnutZ's Articles, Page 10 of 69
SELinux was released ages ago by the National Security Agency to tighten up security on the popular, open-source operating system. The work set up ACLs around nearly everything in the OS and much to the chagrin of regular users, had a configuration so undocumented and difficult that most people just tend to turn it off. Given the rampant external rooting of Android and malware plaguing app stores, it was only a matter of time before SELinux has been brought to the Android platform. Given the NSA’s mandate for securing strategic, national communications, it would seem Android is the government’s chosen platform for future federal and military use.
Thus far, the Republican party has put out an incredibly weak showing of candidates to pit against Obama for the next election. They’ve been so bad that when comedian Stephen Colbert announced his exploratory committee for election candidacy, it makes one pause and wonder – would he actually be competitive given name recognition and general political disgust? The theme may have been the subject of Robin Williams’ comedy Man Of The Year but given the present political scene and the absolute distaste Americans are holding for professional politicians, Colbert’s joke just may go further than he thinks.
p. The Doomsday Clock has been showing mankind’s precipitous proximity to self-imposed apocalypse since 1947. Although nuclear holocaust was the primary driver during the Cold War of it’s figurative midnight alarm, the clock itself is tied to many factors such as climate, economics and science. Mankind was closest to obliterating itself in between 1953 and 1960 when the clock showed two minutes to midnight and had backed all the way to seventeen minutes to midnight during the ‘90s. The clock has slowly been moving back towards midnight with a recent adjustment to advance within five minutes. For reasons including corporate carbon output, failure to ratify weapons treaties and other concerns, the Bulletin of Atomic Scientists commented on the clock’s advancement:
So I was e-mailed a crypto puzzle the other day with a challenge – decrypt this. It’s coming from a high school student looking to learn more about the subject of cryptology. I thought I’d post it here for two purposes:
- Nerds – try your hand at decrypting something.
- Nerds – help point him in the right direction to learn more.
Fortunately, he has provided the key as well but relies on keeping the algorithm itself a secret. Bash away, but please do so constructively.
Kfpmt Nczy, kfdn mdq fhksjktk wkav olbxaim. Qj zxb dgw onc pl poob ipd rjet sere rw pevjea. Fqst tgv pf rpt noc dcvx.
As 2012 begins, OmniNerd enters it’s eighth year of existence. Here’s a quick look back at the site’s changes and some of the top content from 2011 in various categories.
Visually, OmniNerd didn’t change too much but there were major changes to the site unseen to the naked eye. Mark converted the entire architecture to Rails 3.1 and migrated us to new hardware to keep up with the times. Matt added some moderator tools to deal with spammers along with the “Looking Glass” feature to revisit content from 1, 3 and 5 years past. Additionally, the promotion links were changed to better support FaceBook Sharing and Google “+1s”. Our nerds contributed 193 new articles, 38 links, 16 books and 41 polls all while debating each other with 1793 comments.
2011 is certainly not the first year that Time magazine elected to not highlight a particular individual but rather an entire class of individuals. For 2011, Time chose “the protester” as its Person of the Year. Given the events of 2011, that spans Arab Spring, Occupy Wall Street and other outbreaks across the globe. A worthy choice or editorial cop-out?
Uh huh … tell me again NATO wasn’t in Libya just for the oil. I believe I was told by the OmniNerd population (or maybe just one individual – you know who you are) that we were there to protect human rights and suppress violent outlashes from the governments. In the past two weeks alone, the violence and bloodshed that have increased in Egypt, Syria and Yemen seem to prove to me that you are absolutely wrong.
About a month ago, hacker Trevor Eckhart began exploring Android smartphone security and came across a piece of embedded software from CarrierIQ. He more or less reverse engineered components of it in conjunction with documents obtained from their website about its features and determined that for all intents and purposes, it was a rootkit.1 This created a huge buzz about the prevalence of the software as it is installed on virtually every smartphone from Android to iPhone with varying degrees of logging performed. Now, the point of the software was to permit telecommunications carriers to monitor performance of handsets on their networks to provide better service. The question really begged … how does logging my keystrokes, recording my text messages, provide remote access, etc help the network? At first, the company tried to censor the researcher for revealing the extent to which their software monitored phone owners. After the EFF stepped in to protect him, CarrierIQ instead came forward with a 19 page pdf response on their software even specifically addressing a recent FOIA request to the FBI for it’s use of CarrierIQ data. The FBI, rather than deny they utilized CarrierIQ’s information simply refuses to release records about it. Despite CarrierIQ’s continued denial the software does things like log keystrokes, Trevor Eckhart demonstrates that it does exactly that in his Carrier IQ Part #2 analysis (which is also presented on the YouTube video above for those not interested in reading).
Are standardized tests really providing value in quantifying a student’s academic ability or future potential? A Florida board of education member was curious about that very question so he arranged to take the FCAT himself to identify with the students on both its validity and problems.
I won’t beat around the bush. The math section had 60 questions. I knew the answers to none of them, but managed to guess ten out of the 60 correctly. On the reading test, I got 62% . In our system, that’s a ‘D,’ and would get me a mandatory assignment to a double block of reading instruction.
One of American’s not hostile drones has been captured by the Iranians after it crashed 140 miles into their country (off the Afghanistan border). It’s a model known as the RQ-170 and is now being associated to über-secret CIA efforts to monitor Iranian nuclear development. Since the crash, Iran has released a video showing Iranian officials examining the captured drone on display. As one might assume, the US government has neither confirmed nor denied the authenticity of the video given the seemingly intact nature of the drone despite crashing from over 50,000 feet. Higher resolution pictures from TheAviationist show little to no damage at all on the displayed drone with only minor abrasions to the lower wing and what appears to be putty work. Stories have varied as to the reasoning for the drone’s loss ranging from Iran claiming to have shot it down to have hacked it’s C2 causing the crash. Regardless of the reason, adversaries are chomping at the bit to reverse engineer the technologies on board.
In the 1960s, Stanley Milgram proposed the “small world” concept that everyone on the planet could be linked within six acquaintance hops. This is the basis for the Six Degrees of Kevin Bacon game showing his relationship to just about any actor/actress one can think of.1 The “small world” theory was attacked pretty hard in 2002 (pdf) when researchers looked at Milgram’s analysis and found it was based on relatively flaky empirical evidence. Needless to say, Facebook’s 800 million active users provide relatively solid empirical evidence for Internet connected users that global relationships can be achieved in not 6 hops, but a mere 4.7.
Having an embassy in Iran is risky business as the UK can attest to with its recent run in with Iranian protesters. The United States has not held a diplomatic presence in Iran since November of 1979 when protesters stormed the American embassy and took hostages. Recognizing the need to inform interested Iranians about the West without [local] state control spin, the United States has launched a virtual embassy to Iran through the Internet. According to the State Department, “This website is not a formal diplomatic mission, nor does it represent or describe a real US embassy accredited to the Iranian government. But, in the absence of direct contact, it can work as a bridge between the American and Iranian people.”
Only last month, CERN researchers stirred up controversy when a neutrino experiment produced a result indicating faster-than-light (FTL) speeds. While the back and forth about the experiment being flawed continues, the researchers pushed ahead and repeated their experiment while addressing many of the most vocalized concerns. Their result? A statistically significant number of neutrinos are still showing FTL speeds in the experiment such that many of the original CERN researchers that were on the fence are now buying into the results.
Back in the days of yore, hackers used to threaten users with physical damage like burning a hole into their CRT.1 It’s been a long time since true, physical damage threats have percolated but now security researchers are proposing they could set your printer on fire. The simplicity of network connected printers has also made a persistent presence on a target’s network much easier. Essentially, nobody ever checks whether the firmware loaded on a printer is the version provided by the OEM and their ubiquitous presence and 24/7 uptime make them prime targets. The hackers are completely replacing the embedded firmware in popular printer models with their own custom brew allowing them to steal printed documents remotely or finagle with the printer’s internal mechanism (like overheating a laser fuser). HP responded to the claims that it’s newer printers require digitally signed firmware and that the threat of fire is impossible due to thermal safeguards on the fuser element.