Articles, Page 16 of 206
Back in the days of yore, hackers used to threaten users with physical damage like burning a hole into their CRT.1 It’s been a long time since true, physical damage threats have percolated but now security researchers are proposing they could set your printer on fire. The simplicity of network connected printers has also made a persistent presence on a target’s network much easier. Essentially, nobody ever checks whether the firmware loaded on a printer is the version provided by the OEM and their ubiquitous presence and 24/7 uptime make them prime targets. The hackers are completely replacing the embedded firmware in popular printer models with their own custom brew allowing them to steal printed documents remotely or finagle with the printer’s internal mechanism (like overheating a laser fuser). HP responded to the claims that it’s newer printers require digitally signed firmware and that the threat of fire is impossible due to thermal safeguards on the fuser element.
Years ago, Google was recruiting employees through the use of puzzles. GCHQ, Great Britain’s intelligence service, recently ran a similar campaign over the weekend entitle Can You Crack It featuring ciphertext in hexadecimal. It only took a weekend for the challenge to be broken with a complete write-up in video snippets on the technique available from Dr. Gareth Owen. Apparently, the job offer hidden within pays a mere £25,000 which many of the folks skilled enough to solve the puzzle are laughing at as absurdly small.
The United States has always stayed pretty mum about its offensive cyber-warfare intentions though the rhetoric has been shrouded in less and less secrecy and become more overt of late. Earlier in 2011, the White House released its International Strategy For Cyberspace (pdf) which first officially opened the can-of-worms regarding attack possibilities. USCYBERCOM, a sub-command to USSTRATCOM, finally has its operating guidance through the recent Department of Defense Cyberspace Policy Report (pdf) issued to Congress. Perhaps the most important bullet from that document explicitly states that both kinetic and non-kinetic cyber options are at the President’s disposal when dealing with attacks against the United States.
Many of the servers I’m operating exist in a VMware environment and were created on their Workstation platform before migrating to ESX. I had configured rolling, automatic snapshots under the Workstation environment where it was easily configurable and allowed me to, obviously, rollback any stupid changes I had made to my production images. However, after porting my images to ESX, the vSphere client did not allow me to edit this settings in any obvious fashion.
Laziness ensued and I went on my merry way only to discover these servers were consuming hundreds of gigabytes of provisioned space after several months had passed due to the fashion in which these snapshots were taken. I typically had to manually delete all the snapshots or consolidate them in order to recover diskspace. I passed this problem along to a VMware employee buddy of mine who advised:
Do you use all your vacation days? Or do you end up forfeiting them to your company’s policy at the end of the year. Apparently, most Americans simply give up an average of two vacation days a year, giving their employers free labor. To put those numbers into a little more perspective, estimates indicate that given present day labor figures, Americans give up 226 million vacation days valued at approximately $34.3 billion in man hours.
Matters continue to shake up in the Middle East following the recent IAEA report on the Iranian’s current nuclear program before the fallout was largely amongst political figureheads in discussing new or increased international sanctions against Iran, various countries proceeded with their own actions to include Britain cutting all financial ties with Iranian banks. A week later, Iranians stormed the British embassy after a rally escalated toward violence where the protesters replaced the flag, threw around office equipment and set parts of the embassy on fire. British Foreign Secretary William Hague admonished Iran in his statement, “the idea that the Iranian authorities could not have protected our embassy or that this assault could have taken place without some degree of regime consent is fanciful.” Following the actions, the UK has ordered all Iranian diplomats out of their country within 48 hours.
Simple question – how do you test your software?
There are, of course, many levels to a question like that. There are unit tests in order to flex individual functions within a program, test harnesses designed to feed situations to larger chunks of a program, manual debugging sessions and alpha releases with corresponding bug tracking measures. I’m really looking for that intermediate step between where test harnesses have confirmed that modules within a program are functional and an alpha release where the users tell you how broken it is. Maybe my Google-fu is just poor this week, but for example, I’d like to know how a team working on MySQL, LibreOffice or something of that significance can go from the step where they know “my-SQL-parser-works” or “my-atomic-transaction-logging-works” to knowing “I-just-compiled-MySQL-and-the-whole-shebang-works.”
Routers are the ubiquitous network devices operating quickly behind the scenes making Internet traffic possible. The recently published Foreign Economic Collection and Industrial Espionage report that called out Russia and China has caused lawmakers to begin an investigation into Chinese ZTE and Huawei network devices. According to the report, “Chinese actors are the world’s most active and persistent perpetrators of economic espionage. US private sector firms and cybersecurity specialists have reported an onslaught of computer network intrusions that have originated in China, but the intelligence community cannot confirm who was responsible.” The Chinese companies have responded, essentially calling the report baseless and irresponsible without investigation. Considering the level of overt intrusion attempts already documented from the Chinese (and that’s six years ago), the risk is whether or not the devices contain covert, embedded firmware backdoors allowing the Chinese government (and state-sponsored industry) limitless access to the networks where their equipment is installed or even the possibility of crippling targeted infrastructure on demand.
Everybody has a somewhat different “house-rules” twist on Thanksgiving. Whether it’s food gluttony, football or both … what interesting add-on traditions are worthy of an OmniNerd thanksgiving?
Siri has been the talk of the iPhone 4s with it’s fancy responses to amusing questions. But, the app is entirely restricted to 4s owners which naturally irritates all the have-nots. Some French reverse engineers at Applidium has succeeded at figuring out how to talk to Apple’s Siri servers … without Siri. Their procedure was a matter of setting up a proxy to decrypt the SSL data sent between the phone and the server. Then they replayed the data to Apple while capturing the traffic in the middle whereupon they discovered the extensions to the HTTP header, the Speex codec for compressing the voice and the compressed plist data returned by the server to the device. Technically, with their discoveries, nothing is really preventing independent users from becoming Siri enabled other than a little programming know how.
Earlier this year, it was discovered the fear mongering over vaccines as the cause for autism was a complete sham. Fraud or not, the increasing autism rate is still a reality requiring attention. Psychologist Simon Baron-Cohen has a new proposal for the table that essentially the increasing acceptance of geek chic enables a broader scope of scientists and engineers to breed with one another without shame which is more likely to produce a child with autism. His words were not quite as tongue-in-cheek as mine, but the essence was that increasingly intelligent people with hints of autistic traits are pooling their genes resulting in a statistical increase in the likelihood of those genes coming to fruition as genuine autism. There are, of course, challenges to his theory, but other clinical psychologists dealing with child autism do support the notion, “I see deep geeks of all sorts. They don’t make great eye contact, all their clothing is from the Intel shop, they don’t have a lot of social understanding. I do think that when these geeks marry each other, that’s bad news for the offspring.”
Becoming an astronaut has always been a difficult process. (Having an affiliation to OmniNerd can certainly help as our alumni have been at the helm of the official NASA Space Shuttle simulator). With the space shuttle’s retirement, however, NASA is ushering in an entirely new era of requirements for it’s space program and hence it’s astronauts. According to a recent NASA press release, the next generation of astronauts can apply into the program through the standard government job-hunting site USAjobs.gov <— actual application link.
Awhile back, the Obama administration began a program called We The People where the American public could petition the government for information electronically given enough signatures. Well, the UFO fans out there petitioned_ to find out if there were in fact known aliens or a historical cover-up. The petition gained the requisite number of signatures and received an official response:
The U.S. government has no evidence that any life exists outside our planet, or that an extraterrestrial presence has contacted or engaged any member of the human race. In addition, there is no credible information to suggest that any evidence is being hidden from the public’s eye. However, that doesn’t mean the subject of life outside our planet isn’t being discussed or explored.
Imagine a coating that makes surfaces so slippery that nothing can stick to it, not even water or oily film. Inspired by the Nepenthes carnivorous plant whose slippery surfaces cause insects to slip into its planty belly, scientists have mimicked the properties to create the Slippery Liquid Infused Porous Surface Of course, they tout all sorts of useful functions like surfaces that never need to be cleaned again or ketchup bottles that can expel all of the condiment. But we all know where this substance is really going to end up … pranksters will coat hallways with it and the sex industry will market all kinds of new products. Thanks science!