VnutZ's Articles, Page 5 of 72
Apple says of its iPhone 5, “All of it began with something perfectly simple: your finger. And now we’ve taken touch to the next logical place with Touch ID, the fingerprint identity sensor. Your fingerprint is the perfect password. You always have it with you. And no one can ever guess what it is.”
Well, nobody has to guess what it is. The Chaos Computer Club has demonstrated an ability to unlock iPhone 5s using a captured fingerprint. The break-in technique utilized high resolution images of the fingerprint on thin, moistened latex sheets. CCC’s spokesman says, “We hope that this finally puts to rest the illusions people have about fingerprint biometrics. It is plain stupid to use something that you can´t change and that you leave everywhere every day as a security token.” In images from Mudge’s Twitter feed, it would appear CCC isn’t alone in having fun with Apple’s fingerprint sensor. Of course, street thieves can do it easier by just cutting off your finger when they steal your phone.
Okay … other than my dabbling for a measly 550 points, there were no other “live” participants from the OmniNerd team this weekend. The image you can’t see to the right is a white, 1024×186, .png file named chal.png (actual link). The file itself is the only information provided by the contest which was solved by 818 of the teams. Can you figure out how to find the embedded flag?
Bored this weekend? As an OmniNerd, try the various challenges on the 2013 CSAW CTF. (Leave a comment below and I’ll send you the OmniNerd login). There are puzzles of various difficulty for reverse engineering, exploitation, cryptography and many others. If nothing else, watch the scoreboard to see the cadets of West Point’s SIGSAC team destroy Naval and Air Force Academies.
CSAW CTF is a entry-level CTF, designed for undergraduate students who are trying to break into security.
Slate featured an op-ed a few weeks back from Allison Benedikt that apparently ruffled some feathers. The subject? Is sending your kids to private school a morally draining effort in that society is no longer collectively improving itself as a whole? Are your kids better off at the cost of everyone else? She writes:
You are a bad person if you send your children to private school. Not bad like murderer bad—but bad like ruining-one-of-our-nation’s-most-essential-institutions-in-order-to-get-what’s-best-for-your-kid bad. So, pretty bad.
Whatever you think your children need—deserve—from their school experience, assume that the parents at the nearby public housing complex want the same. No, don’t just assume it. Do something about it. Send your kids to school with their kids…. Don’t just acknowledge your liberal guilt—listen to it.
Annnnnnd it’s here. High Frequency Trading has continued to stay off the public’s radar largely because most people 1) just don’t care and 2) don’t understand it. They should start caring. The software has already proven to beat humans on a general basis and has been the primary factor in traffic volume for more than half a decade. The original models were largely looking for trends and arbitrage opportunities but the newest algorithms … are exploiting each other. Analaysts have examined mini “spikes” and “crashes” and determined they occurred too quickly and corrected too quickly to be the result of humans. But those anomalies are different than HFTs in the past which tended to bandwagon with each other for similarity in their algorithms. The new models appear to be predatory, essentially anticipating the behavior of another algorithm and quickly shaping a market condition to trigger the prey’s activity in order to create artificial arbitrage.
It will only be a matter of months before North Korea starts leveraging their reactor for favors again. Imagery indicates the Yongbyon nuclear facility has been reactivated. The plant has had a troubled history with the world from being the target of a ’90s era preemptive attack in OPLAN 5026 to being the subject of six-party talks in the early ’00s for deactivation. North Korea has quite a history of using the plant as a means of trading its deactivation for concessions from the west. It is suggested that Yongbyon, although a lightwater reactor, could easily be changed for plutonium enrichment.
Well … clearly the problem for the past sixty years of armistice (despite North Korea’s recent attempt to dissolve it) was a lack of Dennis Rodman. The former basketball player has recently completed his basketball diplomacy tour of North Korea, undoubtedly seeing the official script instead of reality. Clearly, the United States just needed to go there and see that everything was rainbows and butterflies all along. Now seemingly friends with the DPRK leadership, Rodman quips, “He has to do his job but he’s a very good guy …. If he wanted to bomb anybody in the world, he would have done it.” And then goes on to challenge President Obama, “Why Obama, are you afraid to talk to Dennis Rodman? You’re not afraid to talk to Beyonce and Jay-Z, why not me? Why not me? I’m pretty important now, right?”
It wasn’t the more than hundred thousand people that the Syrian regime killed that led the world to care. Rather, it was the chemical weapons the government used against its people that spurred the United States to threaten an attack. They’ve had the weapons for decades but the allegations of using them internally are relatively new with “wash-out bombings” taking place to burn away the evidence. The UN Security Council appears to have balked at getting involved leaving the United States to consider, once again, going at it alone. Presently, the Obama administration has only made mention of utilizing standoff capabilities against the regime without a ground element as a means of enforcing a global ban on chemical weapons.
SAC Capital is currently in a world of hurt. The major investment firm is being indicted for insider trading with the government originally seeking ALL of its billions as punishment despite having already settled some of the issues to the tune of a $600 million fine. At first, most of us will think, “Let ’em burn.” However, the amount of money borrowed, invested and leveraged by hedge funds as large as SAC have deeper implications (hedge funds control an estimated $2.25 trillion). Part of the reason the government was gunning for all of the firm’s assets is that profits obtained from “dirty money” are themselves dirty and therefore seizable. And that extends beyond SAC into the markets that have also invested in and profited from SAC (which is most of Wall Street). The rest of Wall Street’s traders are concerned, however, because as SAC’s traders are indicted, they may also subject to scrutiny for basically bandwagoning when the illegal behavior should have been obvious. The investigation isn’t scaring away all the investors, there are many that plan to continue riding the gravy train of SAC’s run of success.
Sooooo, the violence in Syria continues. The world has watched since March 2011 as rebels fought with the government. More than 100,000 people have died in that span according to the United Nations. Egypt saw the beginning of Arab Spring and had mass, violent protests, though things became relatively sedate, until recently. Everything has exploded in the country once again with what appears to be a coup over the elected government.
Elon Musk, the wealthy innovator behind PayPal, SpaceX and Telsa motors, recently blogged about his next idea Hyperloop (detailed pdf). This one, however, he proposed as a thinking man’s journey as opposed to putting up the funding and infrastructure himself. Musk asks that for California’s massive investment in transportation, it should provide a massive improvement in critical areas:
- Lower cost
- More convenient
- Immune to weather
- Sustainably self-powering
- Resistant to Earthquakes
- Not disruptive to those along the route
One of the interesting presentations at the 2013 Blackhat conference in Las Vegas demonstrated the fun hackers can have with a femtocell. For those not familiar with them, femtocells are essentially miniature base stations that allow a mobile phone to affiliate (via 3G, LTE, etc) whereupon the connection is patched to the carrier via the Internet. This sort of technology is useful in low signal areas such as your house in order to have a full signal experience.
Tom Ritter of iSEC presented, I Can Hear You Now: Traffic Interception and Remote Mobile Phone Cloning with a Compromised CDMA Femtocell which demonstrated all the options available with a Verizon femtocell. The hackers first gained shell and root access to the device whereupon they were able to perform traffic captures of all the data passing through. It took awhile for them to identify the codec used for voice, but once determined, they were able to capture a call’s voice packets for decoding and replaying voice conversations. Text messages were easy to intercept and display live to the audience as was capturing the data sessions. (NOTE: The same talk was also given at DEFCON where the audience was much more apt to text “Penis” and other phallic ASCII art to be displayed on the projectors.) For their demonstration, they intercepted an SSL connection from the affiliated phone to a bank and logged the username/password combinations. All of this was “simple stuff” when you have root access to the packet streams. So the team went further and used their captured information to essentially allow them to clone a mobile phone such that they could receive calls, listen in on existing calls and for all intents and purposes … be that phone and use it’s account for free. According to Ritter, “this is not about how the NSA would attack ordinary people. This is about how ordinary people would attack ordinary people.”
Food will be tight during the zombie apocalypse. A question arose at work today – would it be safe to eat Zombie meat if its cooked or irradiated?
So who believes there was an AQAP threat to the US embassies in Northern Africa and the Middle East?
Supposedly, the SIGINT system made famous by Edward Snowden is credited with capturing chatter between AQAP leadership. Particularly of interest, according to anonymous government sources, was a notification between Ayman al-Zawahiri and his subordinate leadership that everything was ready for an imminent attack. This prompted the US government to shut down nineteen embassies and issue a general travel advisory through the month of August. Meanwhile, despite the imminence of the attacks, nothing has happened except for some drone strikes against AQAP militants in Yemen.