VnutZ's Articles, Page 2 of 70

← Previous    1 2 3 4 5 6 7 8 9 10     Next →
04 Nov 13
Question

Airborne Stories

I came across an article today of two small planes colliding with each other where everyone (except one pilot) bailed out and parachuted safely to the ground. In case you’re wondering, the one pilot was able to land his crippled plane and was fine.

This made me think of the Army and its Airborne program. On my first jump, we were 30 seconds from jumping with out static lines hooked up and the first jumper ready to go when the C-141 caught fire. Our whole cabin filled with smoke. Did we jump out? No, we sat back down, rode the smokey bird back to the ground, exited via the tail and the guys in silver suits got on board and put out the fire. Then we got back on to jump.

31 Oct 13
Newspaper

New Cannonball Run Record Set

The Cannonball Run challenge has been around for decades and there are frequent unsuccessful attempts at breaking the record, but mostly unsuccessful attempts at even completing the run. The recent record was set in 2007 by Alex Roy in a BMW M5 at 31 hours and 4 minutes. It was just shattered by Dave Black, Ed Bolian and Dan Huang in a Mercedes CL55 AMG covering nearly 3000 miles from New York to California in a mere 28 hours and 50 minutes!

26 Oct 13
Newspaper

Backdoor in D-Link Products

Security is often such an after thought for people in that they have an implicit trust in their purchased products. Security researcher Craig Heffner of Tactical Network Solutions recently uncovered a backdoor in D-Link router products. How easy is it to gain full access? Simply set the browser string in your HTTP User Agent to xmlset_roodkcableoj28840ybtide and you can bypass the authentication mechanism. This one wasn’t even well hidden, just read the string backwards and its obviously “editby04882joelbackdoor”. There’s a short article on how this sort of thing was discovered on devttys0.com. The gist of it involved decompressing the firmware image, extracting the embedded filesystem, looking at interesting strings (found “auth”), and then analyzed the disassembled code for the function. That revealed when a particular user agent was present, it automatically authenticated. Instant backdoor access to every device using that firmware.

26 Oct 13
Newspaper

New MegaMillions Configuration

The MegaMillions lottery just reconfigured their drawing scheme for the first time since 2005. While the game still follows the traditional five balls and bonus ball motif, the numbers have all changed around. The first five no longer span just 1-56 but now span 1-75 and the MegaBall switched to only span 1-15. Mathematically, this makes matching the MegaBall far easier creating a 1:15 chance to win at least a minimum prize. But the expanded pool of balls (increasing by almost 20) changed the jackpot odds from about 1:175 million to 1:259 million meaning the jackpots will rise to higher levels.

26 Oct 13
Newspaper

EU Upset Over Spying

In the past few weeks, various leaded documents have caused the European Union countries to call foul against the United States over allegations of American espionage activities. The French in particular called the American ambassador out on the carpet over the revelations, specifically about the interception of 70.3 million French phone calls in a month. Ironically, an investigative report by the European Union itself calls out their own spying activities (although the US and UK ranked highest) which included France as the fifth most capable espionage country in the world for collecting in cyberspace. Pot … meet kettle. Despite the “I’m Rubber You’re Glue” foreign policy exchanges between the United States and their European allies, President Obama has vowed to make changes. One US Homeland Security official commented about the recent complaints from Germany by referencing shared intelligence information back in 2007, “When she [Merkel] had a chance of take on some real communists for hacking into her computer, she swallowed her objections.”

19 Oct 13
Page_white_text

Linking IRCd-Hybrid and UnrealIRCd

An IRC server operator and I were beating our heads against the wall for awhile trying to figure out why our two daemons would not link. The comparison between the connect{} sections of our respective ircd.conf files were perfectly matched. Yet no matter what, the servers continued to report errors on authentication issues. Interestingly, while the question seemed to be asked quite a bit in IRC configuration forums, nobody ever really answered the question.

The answer is very simple – IT WILL NEVER WORK. EVER.

Not only did everyone in the forums continue to provide misleading and inaccurate information, but nobody even came close to explaining why.

17 Oct 13
Page_white_text

Configuring an SSL Protected IRCd-Hybrid Server

Just about anybody that used the Internet in the ’90s and early ’00s will remember IRC. Although not as mainstream a technology anymore, IRC still remains a popular communication mechanism within various Internet communities. There are a wide variety of servers available and sometimes getting them to interoperate can be a pain. In the article, How To Configure IRCd-Hybrid for SSL With STunnel, I outline the basic steps needed to install and configure IRCd-Hybrid, get it linked to other IRC servers and then protect its message traffic with an SSL wrapper.

15 Oct 13
Question

Value of Distance Learning

Does anybody actually learn using the distance-learning model?

Right now I’m literally just clicking next-next-next to blast through slides because I know I can use screen scrapes and CTRL-F to find the answers I need to pass the test. This works for just about every on-line course I’ve encountered (particularly for the military). I would assume we are NOT better off having saved the money on instructors, travel, etc. because a good portion of the certified people out there actually have never read their material or even the tests!

08 Oct 13
Newspaper

Marches on DC

The 2013 Government Shutdown is into its second week now with little sign of ending. It has certainly stirred up a lot of controversy both on the Hill and off. Truckers For The Constitution intend to jam up the beltway three lanes deep beginning on Friday, the 11th, to protest the government’s shutdown. The Million Vet March is attempting to flood the national monuments with veterans opposing the shutdown of their memorials.

Obviously signs of civil protest are a hallmark of America. Do they stand a chance of making a difference?

08 Oct 13
Newspaper

Cyborg Cockroaches

An interesting new toy was unveiled at TEDGlobal 2013, a robotic cockroach. The science kit allows users to implant an electronic backpack into the insect and sends electronic pulses into its antenna. Using a regular smartphone, a user can now drive the cockroach around. The inventor states, “This is the exact same technology that’s used to treat Parkinson’s disease and make cochlear implants for deaf people. If we can get these tools into hands of kids, we can start the neurological revolution.” A lofty goal and objective indeed but a practical one using inexpensive technology. However, the process is causing some ethical controversy (excellent video in the linked page). “They encourage amateurs to operate invasively on living organisms” and “encourage thinking of complex living organisms as mere machines or tools.”

01 Oct 13
Question

Government Shutdown

The beginning of the 2014 Fiscal Year begins with a stalemate between Democrats, Republicans and the President over the budget with its Obamacare amendments. The House requested a conference with the Senate to work out final differences though neither side seems willing to budge. “One faction of one party in one house of Congress in one branch of government doesn’t get to shut down the entire government,” said the President. “You don’t get to extract a ransom for doing your job.”

25 Sep 13
Newspaper

HFT Too Fast - Insider Trading?

The Federal Reserve recently announced there would be no tapering to its current bond buyback program. That kind of information can be hugely valuable for whoever can act on it first as bond prices would immediately be affected. It comes to no surprise that HFT systems tuned to media feeds would be able to react the quickest based on programmatic rules … but what if they were too fast?

Analysis has revealed an initial swath of high volume trades appeared at exchanges within 3 milliseconds of the 2p.m. announcement. What is troubling is that reporters with advance access to the news were maintained in tight conditions:

22 Sep 13
Newspaper

Breaking iPhone 5s Fingerprint Biometrics

Apple says of its iPhone 5, “All of it began with something perfectly simple: your finger. And now we’ve taken touch to the next logical place with Touch ID, the fingerprint identity sensor. Your fingerprint is the perfect password. You always have it with you. And no one can ever guess what it is.”

Well, nobody has to guess what it is. The Chaos Computer Club has demonstrated an ability to unlock iPhone 5s using a captured fingerprint. The break-in technique utilized high resolution images of the fingerprint on thin, moistened latex sheets. CCC’s spokesman says, “We hope that this finally puts to rest the illusions people have about fingerprint biometrics. It is plain stupid to use something that you can´t change and that you leave everywhere every day as a security token.” In images from Mudge’s Twitter feed, it would appear CCC isn’t alone in having fun with Apple’s fingerprint sensor. Of course, street thieves can do it easier by just cutting off your finger when they steal your phone.

22 Sep 13
Question

CSAW CTF 2013 - MISC 100 "Black & White"

Okay … other than my dabbling for a measly 550 points, there were no other “live” participants from the OmniNerd team this weekend. The image you can’t see to the right is a white, 1024×186, .png file named chal.png (actual link). The file itself is the only information provided by the contest which was solved by 818 of the teams. Can you figure out how to find the embedded flag?

21 Sep 13
Newspaper

CSAW CTF 2013

Bored this weekend? As an OmniNerd, try the various challenges on the 2013 CSAW CTF. (Leave a comment below and I’ll send you the OmniNerd login). There are puzzles of various difficulty for reverse engineering, exploitation, cryptography and many others. If nothing else, watch the scoreboard to see the cadets of West Point’s SIGSAC team destroy Naval and Air Force Academies.

CSAW CTF is a entry-level CTF, designed for undergraduate students who are trying to break into security.

← Previous    1 2 3 4 5 6 7 8 9 10     Next →

What is OmniNerd?

Omninerd_icon Welcome! OmniNerd's content is generated by nerds like you. Learn more.

Voting Booth

The most important factor in buying my next car is?

7 votes, 1 comment