VnutZ's Articles, Page 8 of 69
BGP is the protocol that governs how routers between ASs (autonomous systems) share their routes with one another. It’s a peculiar protocol in that no network administrator necessarily trusts their counterpart, but is forced to accept what is advertised in order to see beyond their own network. That said, improper BGP messages can lead to all sorts of network mayhem – one of the most significant examples is laid out in great detail by OmniNerd’s own twabulldogg in Did China Hijack 15% of the Internet: Routers, BGP and Ignorance. Some network engineers have gotten together to come up with various solutions to solve the problem when BGP advertisements are irregular or false. One solution involves PKI certificates to vouch for authenticity but this technique involves an architectural change … and the Internet is nothing but slow to adopt change (cough IPv6 cough). The engineers are proposing an idea called ROVER (Route Origin Verification) which utilizes DNS and its myriad of available records to store route information and secure them with DNSSEC. An advantage of this approach is the architecture is already in place. A test program can be found at ROVER.
A new study released by the University of British Columbia’s psychology department is definitively showing a widening delta between intuitive and analytic thinkers when it comes to religious belief. Even more interesting, as highly devout subjects are pushed into analytic thinking modes, their level of belief begins to diminish noticeably. Will Gervais, the leading researcher states, “Our goal was to explore the fundamental question of why people believe in a God to different degrees.” They intend to follow-up the study with experiments to determine the lasting effects of the diminished belief or how long the mind remains in its analytic mode vice the intuitive mode. Associate Professor Ara Norenzayan adds, “Our findings suggest that activating the ‘analytic’ cognitive system in the brain can undermine the ‘intuitive’ support for religious belief, at least temporarily.” The full article was published in Science (requires subscription).
Supply chain security has been a hot topic of late, particularly with regards to America’s dependence on IT infrastructure manufactured overseas. Lately, reports haven’t pulled any punches in alluding to Chinese involvement in surreptitiously compromising equipment destined for the United States. Although the source has not been confirmed, Hewlett Packard ProCurve 5400 zl Switches have been identified as having shipped to customers with infected compact flash cards. Only particular batches of serial numbers after April 30, 2011 are amongst the infected lot. The malware does not have an impact on the switch itself but is believed to target PCs once a user removes the card from the switch and transfers it to a regular machine. The security announcement from Hewlett Packard can be viewed here.
Only a few short days ago, Iran announced its Ministry of Oil was subjected to a cyber attack and successfully repelled it. Reports vary with regard to the target, some indicate the attack seemed to center around the National Iranian Oil Company’s primary servers where it was detected and mitigated while others indicate it affected the control systems of Kharg Island where most of Iran’s oil exports are handled. Having established a Supreme Council of Cyberspace after the Stuxnet worm ravaged the Iranian nuclear program, their response team shut down external network access to the oil ministry and various refineries for a period of three days. Presently, the Iranians claim no damage was incurred and no data was exfiltrated, “This cyber attack has not damaged the main data of the oil ministry and the National Iranian Oil Company (NIOC) since the general servers are separate from the main servers, even their cables are not linked to each other and are not linked to internet service.” Another spokesman indicated that user data had been compromised but ultimately oil production was not affected. It’s no surprise the Iranians are in such a hurry to create a national Internet, severing themselves from the global Internet for both infrastructure security and population control.
So awhile back, I bought one of these LG BX580 BluRay players because I wanted to simplify my media experience with an all-in-one disc/network player. I really didn’t think anything of it since the player did exactly what it was supposed to do. But in light of recent articles bringing up the inherent security risks associated with appliances – Government Console Hacking, Firmware Attacks on Printers and Your TV Will Be Hacked – I decided to take a quick look at the device.
The service academies are in the news again, but this time it’s not for sports rivalry or academic value. Rape is the soup du jour, with allegations and lawsuits against both West Point and the Naval Academy. It’s obvious that such allegations are of a serious nature, but it is somewhat ridiculous for the plaintiffs to hold “personally responsible” (as per the article) the former Secretary of Defense Robert Gates, the former superintendents of the two academies and the current secretaries of the Army and Navy. The story indicates an overly pervasive culture of alcohol pressure and a hostile chain of command to which one could report sexual misconduct.
Don’t pay her! If only it were that funny. In advance of the President’s intended trip to Columbia for the Summit of the Americas, Secret Service agents were conducting routine security surveys. This time around, that routine included soliciting a number of Columbian prostitutes (legal there) and then deciding not to pay them. The party included a slew of agents ranging from junior to senior ranks and allegedly military members as well. They likely would have been able to party hard without notice until one prostitute refused to leave the hotel claiming she was owed money causing the hotel manager to contact the police.
Only a few short days ago, Microsoft received some heat over hacker claims that user credit card information could be gleaned from old XBox systems. The concern is that hard drive based consoles are not designed with security in mind and have numerous files and locations where cached data may still contain personal, private and financial information. It has recently come to light the US Navy has contracted out a requirement to obtain similar information from used consoles (foreign of course) in order to collect potential intelligence from targets playing video games. After all, the gaming systems provide an excellent platform for communicating with cohorts across vast distances and logs may contain those details. The actual SOW can be viewed if desired.
Gawker Media founder Nick Denton recently made a statement about on-line comment sections, “The idea of capturing the intelligence of the readership — that’s a joke.” In his speech at SXSW, Denton discussed the failures of the Internet to achieve the Utopia of collective, constructive commenting to the point that most people simply ignore them altogether. While smaller sites are able to thematically maintain a semblance of comment quality, observation on blogs hosted by Gawker provided evidence that with growth comes riff-raff that requires attentive moderation to control. In the case of mainstream media, spam reduction and anti-trolling are too time consuming to be worth the effort considering the limited value add from the accepted comments.
Doesn’t everybody want a flying car? A prototype from Terrafugia is getting closer than ever to releasing a model to the public. The vehicle runs on regular gas, gets 35mpg on the ground and burns 5 gallons per hour in the air at a speed of 115 mph. It’s going to run buyers more than a quarter million to own one if released next year as planned. Currently, the vehicle is undergoing safety tests for it’s road worthiness. Considering how poorly people drive already, should we really allow regular folks the ability to fly?
Augmented Reality is a popular buzzword technology for many smartphone applications to incorporate as a novelty. To achieve this, you point the camera at something and internal GPS and orientation sensors “know” what you’re looking at and overlay information about the subject onto the live picture. Many people play with those features, comment how neat it is and then never use it again. That may change if Google’s recently announced augmented reality research project launches. Unlike the smartphone approach, Google wants you to wear their glasses which render floating tips, maps and other information into a small window before your eye based on whatever you’re looking at. Watch the included video from Google+ for a demonstration:
It’s been a half century since humans have been to the deepest part of the planet, the Pacific Ocean’s Marianas Trench at a depth of 35,797 feet. It’s only two visitors included Jacques Piccard and Navy Lieutenant Don Walsh in the Trieste Bathyscaphe. That lonely company has increased by one with the addition of James Cameron, famous and rich for his movies such as Terminator 2, Titanic and Avatar, as part of the Deep Sea Challenge. After a 2.5 hour descent, Cameron spent a few hours in the deep exploring before ascending. The extreme pressures at the depth reach 16,000 psi and actually shrunk the diving craft by nearly three inches. Prior to his descent, Cameron commented, “Yeah, of course I’m worried. Worry is a good thing when you’re an explorer. I think when you’re cavalier, when you take risk for granted—that’s when you’re going to get bitten.” Before making the dive, he put the craft through its paces with a test at 26,000 feet (about 10,000 shallower) with former Trieste driver Walsh advising him.
In a slight deviation from the normal topics of discussion, how about a segue into sports? It’s hard to not hear about the New Orleans Saints and the bounty hunting scandal currently rocking the NFL. If you’ve been under a rock, players were essentially offered monetary bonuses for physically taking out other players. The scandal has reached such epic proportions as to have a Senate Judiciary Committee hearing called over the matter. While the ethical and sportsmanship issues are undeniable, the revelation makes one ponder what this says about America as a whole.
Sometimes, I’m really impressed by how marketing gurus can completely exploit the common man’s stupidity. Have you ever seen the Hershey’s Air Delight commercials on TV? They’re the ones that show you their typical chocolate products infused with air (they call them chocolate bubbles) to make a lighter, lower calorie snack. Depending on the sales location, an aerated bar can cost 15 cents more than its non-aerated predecessor. Even cost-per-ounce comparisons show consumers spend more on the overall chocolate in aerated versions. You … Are … Paying … For … AIR!!
I see an arbitrage opportunity in buying up “stock” Hershey bars, melting them down and blasting the gooey mess with an air compressor before selling it back to gluttonous Americans everywhere.