Articles, Page 7 of 209

← Previous    1 2 3 4 5 6 7 8 9 10 11 12 13 14 15     Next →
30 Oct 13
Newspaper

Army Struggles With Cyber

A recent article in FederalNewsRadio highlights the Army’s struggles with getting a grasp on performing cyber- effectively. It actually touched on a lot of the right issues for a change. One for instance was how to appropriately handle the National Guard and Reservists, a field where the appropriate soldier’s day jobs are typically in information technology, intelligence or even cyber itself. To date, these folks have largely been left out of the Army’s efforts despite usually being more qualified than the active duty component. The new ARCYBER commander, LTG Cardon commented on the notion of straight hiring these folks, perhaps in civilian capacity.

26 Oct 13
Newspaper

Backdoor in D-Link Products

Security is often such an after thought for people in that they have an implicit trust in their purchased products. Security researcher Craig Heffner of Tactical Network Solutions recently uncovered a backdoor in D-Link router products. How easy is it to gain full access? Simply set the browser string in your HTTP User Agent to xmlset_roodkcableoj28840ybtide and you can bypass the authentication mechanism. This one wasn’t even well hidden, just read the string backwards and its obviously “editby04882joelbackdoor”. There’s a short article on how this sort of thing was discovered on devttys0.com. The gist of it involved decompressing the firmware image, extracting the embedded filesystem, looking at interesting strings (found “auth”), and then analyzed the disassembled code for the function. That revealed when a particular user agent was present, it automatically authenticated. Instant backdoor access to every device using that firmware.

26 Oct 13
Newspaper

New MegaMillions Configuration

The MegaMillions lottery just reconfigured their drawing scheme for the first time since 2005. While the game still follows the traditional five balls and bonus ball motif, the numbers have all changed around. The first five no longer span just 1-56 but now span 1-75 and the MegaBall switched to only span 1-15. Mathematically, this makes matching the MegaBall far easier creating a 1:15 chance to win at least a minimum prize. But the expanded pool of balls (increasing by almost 20) changed the jackpot odds from about 1:175 million to 1:259 million meaning the jackpots will rise to higher levels.

26 Oct 13
Newspaper

EU Upset Over Spying

In the past few weeks, various leaded documents have caused the European Union countries to call foul against the United States over allegations of American espionage activities. The French in particular called the American ambassador out on the carpet over the revelations, specifically about the interception of 70.3 million French phone calls in a month. Ironically, an investigative report by the European Union itself calls out their own spying activities (although the US and UK ranked highest) which included France as the fifth most capable espionage country in the world for collecting in cyberspace. Pot … meet kettle. Despite the “I’m Rubber You’re Glue” foreign policy exchanges between the United States and their European allies, President Obama has vowed to make changes. One US Homeland Security official commented about the recent complaints from Germany by referencing shared intelligence information back in 2007, “When she [Merkel] had a chance of take on some real communists for hacking into her computer, she swallowed her objections.”

19 Oct 13
Cup

French wake up to Scientology Scam

At least the French are prepared to act against the menace of Scientology. A long running court case has ended with France’s top appeals court upholding a fraud conviction and fines totalling hundreds of thousands of euros against the Church of Scientology, for taking advantage of vulnerable followers.
I wish the USA could do likewise, and at the same time stop this sick American cult from harming people all over the world. It already has found 12 million victims around the world. The CoS objective is to take their money: simple as that. If the followers suffer mental health damage or have their families destroyed in the process, then too bad, other religions have done worse: right?

19 Oct 13
Page_white_text

Linking IRCd-Hybrid and UnrealIRCd

An IRC server operator and I were beating our heads against the wall for awhile trying to figure out why our two daemons would not link. The comparison between the connect{} sections of our respective ircd.conf files were perfectly matched. Yet no matter what, the servers continued to report errors on authentication issues. Interestingly, while the question seemed to be asked quite a bit in IRC configuration forums, nobody ever really answered the question.

The answer is very simple – IT WILL NEVER WORK. EVER.

Not only did everyone in the forums continue to provide misleading and inaccurate information, but nobody even came close to explaining why.

17 Oct 13
Page_white_text

Configuring an SSL Protected IRCd-Hybrid Server

Just about anybody that used the Internet in the ’90s and early ’00s will remember IRC. Although not as mainstream a technology anymore, IRC still remains a popular communication mechanism within various Internet communities. There are a wide variety of servers available and sometimes getting them to interoperate can be a pain. In the article, How To Configure IRCd-Hybrid for SSL With STunnel, I outline the basic steps needed to install and configure IRCd-Hybrid, get it linked to other IRC servers and then protect its message traffic with an SSL wrapper.

15 Oct 13
Question

Value of Distance Learning

Does anybody actually learn using the distance-learning model?

Right now I’m literally just clicking next-next-next to blast through slides because I know I can use screen scrapes and CTRL-F to find the answers I need to pass the test. This works for just about every on-line course I’ve encountered (particularly for the military). I would assume we are NOT better off having saved the money on instructors, travel, etc. because a good portion of the certified people out there actually have never read their material or even the tests!

08 Oct 13
Newspaper

Marches on DC

The 2013 Government Shutdown is into its second week now with little sign of ending. It has certainly stirred up a lot of controversy both on the Hill and off. Truckers For The Constitution intend to jam up the beltway three lanes deep beginning on Friday, the 11th, to protest the government’s shutdown. The Million Vet March is attempting to flood the national monuments with veterans opposing the shutdown of their memorials.

Obviously signs of civil protest are a hallmark of America. Do they stand a chance of making a difference?

08 Oct 13
Newspaper

Cyborg Cockroaches

An interesting new toy was unveiled at TEDGlobal 2013, a robotic cockroach. The science kit allows users to implant an electronic backpack into the insect and sends electronic pulses into its antenna. Using a regular smartphone, a user can now drive the cockroach around. The inventor states, “This is the exact same technology that’s used to treat Parkinson’s disease and make cochlear implants for deaf people. If we can get these tools into hands of kids, we can start the neurological revolution.” A lofty goal and objective indeed but a practical one using inexpensive technology. However, the process is causing some ethical controversy (excellent video in the linked page). “They encourage amateurs to operate invasively on living organisms” and “encourage thinking of complex living organisms as mere machines or tools.”

01 Oct 13
Question

Government Shutdown

The beginning of the 2014 Fiscal Year begins with a stalemate between Democrats, Republicans and the President over the budget with its Obamacare amendments. The House requested a conference with the Senate to work out final differences though neither side seems willing to budge. “One faction of one party in one house of Congress in one branch of government doesn’t get to shut down the entire government,” said the President. “You don’t get to extract a ransom for doing your job.”

25 Sep 13
Newspaper

HFT Too Fast - Insider Trading?

The Federal Reserve recently announced there would be no tapering to its current bond buyback program. That kind of information can be hugely valuable for whoever can act on it first as bond prices would immediately be affected. It comes to no surprise that HFT systems tuned to media feeds would be able to react the quickest based on programmatic rules … but what if they were too fast?

Analysis has revealed an initial swath of high volume trades appeared at exchanges within 3 milliseconds of the 2p.m. announcement. What is troubling is that reporters with advance access to the news were maintained in tight conditions:

22 Sep 13
Newspaper

Breaking iPhone 5s Fingerprint Biometrics

Apple says of its iPhone 5, “All of it began with something perfectly simple: your finger. And now we’ve taken touch to the next logical place with Touch ID, the fingerprint identity sensor. Your fingerprint is the perfect password. You always have it with you. And no one can ever guess what it is.”

Well, nobody has to guess what it is. The Chaos Computer Club has demonstrated an ability to unlock iPhone 5s using a captured fingerprint. The break-in technique utilized high resolution images of the fingerprint on thin, moistened latex sheets. CCC’s spokesman says, “We hope that this finally puts to rest the illusions people have about fingerprint biometrics. It is plain stupid to use something that you can´t change and that you leave everywhere every day as a security token.” In images from Mudge’s Twitter feed, it would appear CCC isn’t alone in having fun with Apple’s fingerprint sensor. Of course, street thieves can do it easier by just cutting off your finger when they steal your phone.

22 Sep 13
Question

CSAW CTF 2013 - MISC 100 "Black & White"

Okay … other than my dabbling for a measly 550 points, there were no other “live” participants from the OmniNerd team this weekend. The image you can’t see to the right is a white, 1024×186, .png file named chal.png (actual link). The file itself is the only information provided by the contest which was solved by 818 of the teams. Can you figure out how to find the embedded flag?

21 Sep 13
Newspaper

CSAW CTF 2013

Bored this weekend? As an OmniNerd, try the various challenges on the 2013 CSAW CTF. (Leave a comment below and I’ll send you the OmniNerd login). There are puzzles of various difficulty for reverse engineering, exploitation, cryptography and many others. If nothing else, watch the scoreboard to see the cadets of West Point’s SIGSAC team destroy Naval and Air Force Academies.

CSAW CTF is a entry-level CTF, designed for undergraduate students who are trying to break into security.

← Previous    1 2 3 4 5 6 7 8 9 10 11 12 13 14 15     Next →

What is OmniNerd?

Omninerd_icon Welcome! OmniNerd's content is generated by nerds like you. Learn more.

Voting Booth

The police in the United States?

10 votes, 7 comments