Articles, Page 18 of 208

← Previous    10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26     Next →
14 Dec 11
Newspaper

Carrier IQ Saga Continues

About a month ago, hacker Trevor Eckhart began exploring Android smartphone security and came across a piece of embedded software from CarrierIQ. He more or less reverse engineered components of it in conjunction with documents obtained from their website about its features and determined that for all intents and purposes, it was a rootkit.1 This created a huge buzz about the prevalence of the software as it is installed on virtually every smartphone from Android to iPhone with varying degrees of logging performed. Now, the point of the software was to permit telecommunications carriers to monitor performance of handsets on their networks to provide better service. The question really begged … how does logging my keystrokes, recording my text messages, provide remote access, etc help the network? At first, the company tried to censor the researcher for revealing the extent to which their software monitored phone owners. After the EFF stepped in to protect him, CarrierIQ instead came forward with a 19 page pdf response on their software even specifically addressing a recent FOIA request to the FBI for it’s use of CarrierIQ data. The FBI, rather than deny they utilized CarrierIQ’s information simply refuses to release records about it. Despite CarrierIQ’s continued denial the software does things like log keystrokes, Trevor Eckhart demonstrates that it does exactly that in his Carrier IQ Part #2 analysis (which is also presented on the YouTube video above for those not interested in reading).

13 Dec 11
Newspaper

Utility of Standardized Testing

Are standardized tests really providing value in quantifying a student’s academic ability or future potential? A Florida board of education member was curious about that very question so he arranged to take the FCAT himself to identify with the students on both its validity and problems.

I won’t beat around the bush. The math section had 60 questions. I knew the answers to none of them, but managed to guess ten out of the 60 correctly. On the reading test, I got 62% . In our system, that’s a ‘D,’ and would get me a mandatory assignment to a double block of reading instruction.

12 Dec 11
Newspaper

RQ-170 Downed in Iran

One of American’s not hostile drones has been captured by the Iranians after it crashed 140 miles into their country (off the Afghanistan border). It’s a model known as the RQ-170 and is now being associated to über-secret CIA efforts to monitor Iranian nuclear development. Since the crash, Iran has released a video showing Iranian officials examining the captured drone on display. As one might assume, the US government has neither confirmed nor denied the authenticity of the video given the seemingly intact nature of the drone despite crashing from over 50,000 feet. Higher resolution pictures from TheAviationist show little to no damage at all on the displayed drone with only minor abrasions to the lower wing and what appears to be putty work. Stories have varied as to the reasoning for the drone’s loss ranging from Iran claiming to have shot it down to have hacked it’s C2 causing the crash. Regardless of the reason, adversaries are chomping at the bit to reverse engineer the technologies on board.

09 Dec 11
Newspaper

Facebook Worm and User Relationships

In the 1960s, Stanley Milgram proposed the “small world” concept that everyone on the planet could be linked within six acquaintance hops. This is the basis for the Six Degrees of Kevin Bacon game showing his relationship to just about any actor/actress one can think of.1 The “small world” theory was attacked pretty hard in 2002 (pdf) when researchers looked at Milgram’s analysis and found it was based on relatively flaky empirical evidence. Needless to say, Facebook’s 800 million active users provide relatively solid empirical evidence for Internet connected users that global relationships can be achieved in not 6 hops, but a mere 4.7.

09 Dec 11
Newspaper

Virtual US Embassy to Iran

Having an embassy in Iran is risky business as the UK can attest to with its recent run in with Iranian protesters. The United States has not held a diplomatic presence in Iran since November of 1979 when protesters stormed the American embassy and took hostages. Recognizing the need to inform interested Iranians about the West without [local] state control spin, the United States has launched a virtual embassy to Iran through the Internet. According to the State Department, “This website is not a formal diplomatic mission, nor does it represent or describe a real US embassy accredited to the Iranian government. But, in the absence of direct contact, it can work as a bridge between the American and Iranian people.”

09 Dec 11
Newspaper

FTL Neutrino Experiment Replicated

Only last month, CERN researchers stirred up controversy when a neutrino experiment produced a result indicating faster-than-light (FTL) speeds. While the back and forth about the experiment being flawed continues, the researchers pushed ahead and repeated their experiment while addressing many of the most vocalized concerns. Their result? A statistically significant number of neutrinos are still showing FTL speeds in the experiment such that many of the original CERN researchers that were on the fence are now buying into the results.

05 Dec 11
Newspaper

Firmware Attacks on Printers

Back in the days of yore, hackers used to threaten users with physical damage like burning a hole into their CRT.1 It’s been a long time since true, physical damage threats have percolated but now security researchers are proposing they could set your printer on fire. The simplicity of network connected printers has also made a persistent presence on a target’s network much easier. Essentially, nobody ever checks whether the firmware loaded on a printer is the version provided by the OEM and their ubiquitous presence and 24/7 uptime make them prime targets. The hackers are completely replacing the embedded firmware in popular printer models with their own custom brew allowing them to steal printed documents remotely or finagle with the printer’s internal mechanism (like overheating a laser fuser). HP responded to the claims that it’s newer printers require digitally signed firmware and that the threat of fire is impossible due to thermal safeguards on the fuser element.

05 Dec 11
Newspaper

GCHQ Cyber Challenge

Years ago, Google was recruiting employees through the use of puzzles. GCHQ, Great Britain’s intelligence service, recently ran a similar campaign over the weekend entitle Can You Crack It featuring ciphertext in hexadecimal. It only took a weekend for the challenge to be broken with a complete write-up in video snippets on the technique available from Dr. Gareth Owen. Apparently, the job offer hidden within pays a mere £25,000 which many of the folks skilled enough to solve the puzzle are laughing at as absurdly small.

05 Dec 11
Newspaper

Pentagon Releases National Cyber Strategy

The United States has always stayed pretty mum about its offensive cyber-warfare intentions though the rhetoric has been shrouded in less and less secrecy and become more overt of late. Earlier in 2011, the White House released its International Strategy For Cyberspace (pdf) which first officially opened the can-of-worms regarding attack possibilities. USCYBERCOM, a sub-command to USSTRATCOM, finally has its operating guidance through the recent Department of Defense Cyberspace Policy Report (pdf) issued to Congress. Perhaps the most important bullet from that document explicitly states that both kinetic and non-kinetic cyber options are at the President’s disposal when dealing with attacks against the United States.

02 Dec 11
Page_white_text

Disabling VMware Automatic Snapshots on ESX Server

Many of the servers I’m operating exist in a VMware environment and were created on their Workstation platform before migrating to ESX. I had configured rolling, automatic snapshots under the Workstation environment where it was easily configurable and allowed me to, obviously, rollback any stupid changes I had made to my production images. However, after porting my images to ESX, the vSphere client did not allow me to edit this settings in any obvious fashion.

Laziness ensued and I went on my merry way only to discover these servers were consuming hundreds of gigabytes of provisioned space after several months had passed due to the fashion in which these snapshots were taken. I typically had to manually delete all the snapshots or consolidate them in order to recover diskspace. I passed this problem along to a VMware employee buddy of mine who advised:

30 Nov 11
Newspaper

Forfeit Vacation Days

Do you use all your vacation days? Or do you end up forfeiting them to your company’s policy at the end of the year. Apparently, most Americans simply give up an average of two vacation days a year, giving their employers free labor. To put those numbers into a little more perspective, estimates indicate that given present day labor figures, Americans give up 226 million vacation days valued at approximately $34.3 billion in man hours.

30 Nov 11
Newspaper

Iranians Storm British Embassy

Matters continue to shake up in the Middle East following the recent IAEA report on the Iranian’s current nuclear program before the fallout was largely amongst political figureheads in discussing new or increased international sanctions against Iran, various countries proceeded with their own actions to include Britain cutting all financial ties with Iranian banks. A week later, Iranians stormed the British embassy after a rally escalated toward violence where the protesters replaced the flag, threw around office equipment and set parts of the embassy on fire. British Foreign Secretary William Hague admonished Iran in his statement, “the idea that the Iranian authorities could not have protected our embassy or that this assault could have taken place without some degree of regime consent is fanciful.” Following the actions, the UK has ordered all Iranian diplomats out of their country within 48 hours.

29 Nov 11
Question

How Do You Test Software

Simple question – how do you test your software?

There are, of course, many levels to a question like that. There are unit tests in order to flex individual functions within a program, test harnesses designed to feed situations to larger chunks of a program, manual debugging sessions and alpha releases with corresponding bug tracking measures. I’m really looking for that intermediate step between where test harnesses have confirmed that modules within a program are functional and an alpha release where the users tell you how broken it is. Maybe my Google-fu is just poor this week, but for example, I’d like to know how a team working on MySQL, LibreOffice or something of that significance can go from the step where they know “my-SQL-parser-works” or “my-atomic-transaction-logging-works” to knowing “I-just-compiled-MySQL-and-the-whole-shebang-works.”

21 Nov 11
Newspaper

Chinese Network Devices Called Out

Routers are the ubiquitous network devices operating quickly behind the scenes making Internet traffic possible. The recently published Foreign Economic Collection and Industrial Espionage report that called out Russia and China has caused lawmakers to begin an investigation into Chinese ZTE and Huawei network devices. According to the report, “Chinese actors are the world’s most active and persistent perpetrators of economic espionage. US private sector firms and cybersecurity specialists have reported an onslaught of computer network intrusions that have originated in China, but the intelligence community cannot confirm who was responsible.” The Chinese companies have responded, essentially calling the report baseless and irresponsible without investigation. Considering the level of overt intrusion attempts already documented from the Chinese (and that’s six years ago), the risk is whether or not the devices contain covert, embedded firmware backdoors allowing the Chinese government (and state-sponsored industry) limitless access to the networks where their equipment is installed or even the possibility of crippling targeted infrastructure on demand.

21 Nov 11
Question

Thanksgiving Food Excess

Everybody has a somewhat different “house-rules” twist on Thanksgiving. Whether it’s food gluttony, football or both … what interesting add-on traditions are worthy of an OmniNerd thanksgiving?

← Previous    10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26     Next →

What is OmniNerd?

Omninerd_icon Welcome! OmniNerd's content is generated by nerds like you. Learn more.

Voting Booth

The police in the United States?

7 votes, 2 comments