VnutZ's Articles, Page 10 of 72
Everybody in the security world these days is talking about Flame, the monstrously fat piece of malware found all throughout the Middle East (centered around the remarkably uninfected Israel). For those unaware, Flame weighs in at over 20 megabytes and is composed of numerous functional modules giving it all sorts of capabilities like listening through microphones, activating video, bluesnarfing, etc. None of that was particularly impressive and its sheer size and presence of human readable strings screamed of amateurish development. What did pique researcher’s interest was a unique adaptation of cryptographic hash collisions in order to fool Windows operating systems into trusting a fraudulent windows update server. Researchers are claiming Flame was clearly associated with world class mathematicians in order to rapidly produce MD5 collisions for use. The malware itself is already beginning to shutdown across the world but the code is already under scrutiny. Too bad the White House leaked they were behind Stuxnet and Duqu because reverse engineers are already finding shared code from zero-day exploits within Flame found only in those tools.
Zombie attacks don’t really happen, right? Well, in Florida just the other day a policeman shot to death a naked man eating the face off his victim on an offramp. As if that weren’t odd enough, he actually had to shoot the naked man several times because he kept feeding despite the gunshot wounds.
It’s been a week since FaceBook’s IPO and nobody is happy. The first issue was obviously the NASDAQ failure to open on time and properly handle the trades. FaceBook itself is facing a class action lawsuit over alleged insider trading (really? already?) with high value customers having a priority on purchases. Lastly, the investors themselves are angered over the significant drop in price since the IPO as poor media coverage and public relations have soured everyone on FaceBook’s commitment to shareholders.
Google Drive went live less than a month ago after years of speculation. There are a bunch of nifty features, but they won’t seem very significant to Google Docs who have been using them for awhile. But in order to benefit from Google Drive, a user must install Google’s software to synchronize local files with their cloud storage.
That said, WTF does the client software need to eat up 52MB of RAM to just sit there? For that matter, DropBox uses a mere 22MB of RAM to perform the same task. That’s still pretty bloated for the job but is more than 50% smaller than Google’s software.
Congressional representative Michele Bachman was recently granted a Switzerland citizenship. She calls the matter a non-story … but is it? Is it not disturbing that political leaders of the United States could theoretically have legal duties or binding interests to foreign lands? It is especially disturbing considering that upon becoming a congressional representative that a full clearance is granted (to anything and all compartments). When a large matter of national security falls into the “NOFORN” category, what kind of precedent is she setting for maintaining classified information? (Not that congress isn’t the source of nearly all leaks …)
Until the early 20th century, human babies survived on breastmilk (it may have been from a wet nurse, but it was still breastmilk). With the invention of baby formula, mothers in America largely trended away from breastfeeding relying instead upon the derived product to handle their baby’s nutritional needs. Around the 70s, the trend slowly began to reverse itself back to actual breastfeeding. Oddly enough, the social norm had changed definitively such that a woman breastfeeding her baby became something she did entirely privately, as if Americans couldn’t handle the image. The trend seems to have shifted yet again, with helicopter parents growing truly extreme in recent years. The latest Time magazine feature story (subscription required) highlights that not only has breastfeeding made a return, but mothers are continuing the process as their children grow through the toddler years.
How much is FaceBook worth? Investors are about to find out when the social media company goes public on the 18th. Indications are the stock will be offered between $28-$35 a share up front and enough shares are on the table to put the FaceBook’s value at nearly $100 billion. It’s principle owners stand to make a killing by selling their own stock options as part of the initial offering with estimates that founder Mark Zuckerburg could be sitting on $1 billion in cash that day. A mere eight years ago, Google went public with pre-IPO estimates predicting $2.7 billion to be raised worth of stock sales. Is FaceBook overpriced or can investors bank on another meteoric chance to “get in early?”
It’s relatively old news that employers do their research on interviewed candidates. They’ve done Google searches on them and checked them out on social networking sites like FaceBook. Some people finally jumped on the privacy bandwagon and locked down their accounts after realizing their drunken, topless keg stands from college are not ideal for prospective employers (or maybe it is). That didn’t stop the companies from demanding candidates turnover login information to their accounts – it’s even happened to people that were already employed as a condition of continued employment. Needless to say, this hasn’t sat well with … anyone. FaceBook has finally risen to the occasion and at least threatened to begin suing companies demanding illegitimate access to user accounts. One bill was already squashed in congress to make this illegal, but it was a rider on another bill. As such, the Social Networking Online Protection Act is being pushed again as an independent act.
I recently noticed a comment from an OmniNerd user that posting media into an article wan’t easy. This quick How-To will address that issue with a demonstration of embedding a picture and a video.
How To Post Pictures
The first thing you need to do, is create a new article using the typical routine. Click on
Submit New at the top and choose the
Article type. The site will prompt you for the usual preliminaries, a title and some tags, after which you must click
Save Draft and Begin Auto-Saving.
To put a picture into your article, start by clicking
Edit / Upload Images for this Article. You’ll be brought to a screen like the one below. From here, you simply pick a JPG, GIF or PNG file from your computer and click
BGP is the protocol that governs how routers between ASs (autonomous systems) share their routes with one another. It’s a peculiar protocol in that no network administrator necessarily trusts their counterpart, but is forced to accept what is advertised in order to see beyond their own network. That said, improper BGP messages can lead to all sorts of network mayhem – one of the most significant examples is laid out in great detail by OmniNerd’s own twabulldogg in Did China Hijack 15% of the Internet: Routers, BGP and Ignorance. Some network engineers have gotten together to come up with various solutions to solve the problem when BGP advertisements are irregular or false. One solution involves PKI certificates to vouch for authenticity but this technique involves an architectural change … and the Internet is nothing but slow to adopt change (cough IPv6 cough). The engineers are proposing an idea called ROVER (Route Origin Verification) which utilizes DNS and its myriad of available records to store route information and secure them with DNSSEC. An advantage of this approach is the architecture is already in place. A test program can be found at ROVER.
A new study released by the University of British Columbia’s psychology department is definitively showing a widening delta between intuitive and analytic thinkers when it comes to religious belief. Even more interesting, as highly devout subjects are pushed into analytic thinking modes, their level of belief begins to diminish noticeably. Will Gervais, the leading researcher states, “Our goal was to explore the fundamental question of why people believe in a God to different degrees.” They intend to follow-up the study with experiments to determine the lasting effects of the diminished belief or how long the mind remains in its analytic mode vice the intuitive mode. Associate Professor Ara Norenzayan adds, “Our findings suggest that activating the ‘analytic’ cognitive system in the brain can undermine the ‘intuitive’ support for religious belief, at least temporarily.” The full article was published in Science (requires subscription).
Supply chain security has been a hot topic of late, particularly with regards to America’s dependence on IT infrastructure manufactured overseas. Lately, reports haven’t pulled any punches in alluding to Chinese involvement in surreptitiously compromising equipment destined for the United States. Although the source has not been confirmed, Hewlett Packard ProCurve 5400 zl Switches have been identified as having shipped to customers with infected compact flash cards. Only particular batches of serial numbers after April 30, 2011 are amongst the infected lot. The malware does not have an impact on the switch itself but is believed to target PCs once a user removes the card from the switch and transfers it to a regular machine. The security announcement from Hewlett Packard can be viewed here.
Only a few short days ago, Iran announced its Ministry of Oil was subjected to a cyber attack and successfully repelled it. Reports vary with regard to the target, some indicate the attack seemed to center around the National Iranian Oil Company’s primary servers where it was detected and mitigated while others indicate it affected the control systems of Kharg Island where most of Iran’s oil exports are handled. Having established a Supreme Council of Cyberspace after the Stuxnet worm ravaged the Iranian nuclear program, their response team shut down external network access to the oil ministry and various refineries for a period of three days. Presently, the Iranians claim no damage was incurred and no data was exfiltrated, “This cyber attack has not damaged the main data of the oil ministry and the National Iranian Oil Company (NIOC) since the general servers are separate from the main servers, even their cables are not linked to each other and are not linked to internet service.” Another spokesman indicated that user data had been compromised but ultimately oil production was not affected. It’s no surprise the Iranians are in such a hurry to create a national Internet, severing themselves from the global Internet for both infrastructure security and population control.
So awhile back, I bought one of these LG BX580 BluRay players because I wanted to simplify my media experience with an all-in-one disc/network player. I really didn’t think anything of it since the player did exactly what it was supposed to do. But in light of recent articles bringing up the inherent security risks associated with appliances – Government Console Hacking, Firmware Attacks on Printers and Your TV Will Be Hacked – I decided to take a quick look at the device.