Archive for the ‘Technical’ Category

How to use electrical outlets and cheap lasers to steal data

Sunday, August 16th, 2009

If attackers intent on data theft can tap into an electrical socket near a computer or if they can draw a bead on the machine with a laser, they can steal whatever is being typed into it.

How to execute these attacks will be demonstrated at the Black Hat USA 2009 security conference in Las Vegas later this month by Andrea Barisani and Daniele Bianco, a pair of researchers for network security consultancy Inverse Path.

“The only thing you need for successful attacks are either the electrical grid or a distant line of sight, no expensive piece of equipment is required,” Barisani and Bianco say in a paper describing the hacks.

More…

Upgrading WordPress …

Tuesday, April 14th, 2009

OK.   Upgrade to WordPress 2.7.1 is done.  If you see any odd behaviors, please use the Contact Me form and drop me a note.

Thanks!

Microsoft Tag – Part II

Saturday, April 11th, 2009

Yesterday, I tried to make some Microsoft Tags at the Microsoft Tag website.   I was able to make tags for three of my four websites (www.parkterraceapartment.com, www.samadhicoda.com and www.samadhimuse.com).

But when I tried to make one for this website, www.samadhisoft.com, the tag making software told me that my website was “Blacklisted”.

I sent them the following message on their contact form this morning to see what this “Blacklisting” was about:

I tried to make a tag for several of my websites and one of them failed.   When I tried to make a tag for www.samadhisoft.com, the tag making application told me that my site was “blacklisted”.  What’s that about and how do I get un-blacklisted?   This is a private Blog and I’ve never, to my knowledge, been blacklisted by anyone before.

In the end, I got around their black listing block by creating a TinyURL in place of the full www.samadhisoft.com website address and their tag making software took that just fine and made me a tag.   But, I cannot imagine that this loop-hole will exist long.

TinyURL is a cool and little-known capability.   You’ll do yourself a favor to follow the link, above, and read about what TinyURL can do for you.  It’s cool.

So, I’ve been wondering why Microsoft might have me on a Blacklisted list?

The only possible reason I can think of is that I wrote a piece a while ago critical of the Gates Foundation and where they spend their money to make the world a better place.  Mmmmm.   ‘Critical’ is perhaps too strong a word.   In truth, I applaude their idealism.   I just question how and where they direct it.   It think there are more effective uses of their vast monies to make our world a better place.

But, I think it is much more likely that I’m probably on a blacklist because of some error rather than because the Gates folks think I’m a small and irritating thorn.  They are too big and I am too small for that to seem very plausible.

We’ll see what my contact form query accomplishes.  Stay tuned for Microsoft Tag – part III.

Cheers!

– Postscript – 24Apr 2009 – I received the following E-Mail from Microsoft today:

———————————————————

Greetings:

We wished to let you know our team has removed your website “http://www.samadhisoft.com” from our blacklist.  You should now be able to create tags that work with this website.  If you still experience problems with such, please do not hesitate to contact us so we may look further into the issue.

Thank you for your patience and interest in Microsoft Tag.

———————————————————

– Typical that there was no explanation as to why my site had been blacklisted.   But, better late than never and better something rather than nothing.

Microsoft Tag

Friday, April 10th, 2009

– I haven’t Blogged on technical stuff for quite awhile now.  After 25 years of IT, not much pleases or surprises me these days.   But this new Microsoft Tag idea is really cool and it’s amazing no one thought if it before.

= = = = = = =

Microsoft Tag creates unlimited possibilities for making interactive communications an instant, entertaining part of life. They transform physical media (print advertising, billboards, product packages, information signs, in-store merchandising, or even video images)—into live links for accessing information and entertainment online.

With the Microsoft Tag application, just aim your camera phone at a Tag and instantly access mobile content, videos, music, contact information, maps, social networks, promotions, and more. Nothing to type, no browsers to launch!

More…

– Research thanks to David D.

– Here are four tags to various websites that I created on Microsoft’s Tag website just now:


Samadhisoft Website (as Tiny URL) Park Terrace Apartment

SamadhiCoda Website SamadhiMuse website

– My wife and I had a conversation about this article (above) a short while after I published it.   Her immediate comment was, “There will be a lot of scammers using these things.

– After I thought about it, I think she’s right.  Following the link within one of these is no different than following a link in an E-Mail you have received.   The link will only be as reliable as the person who sent you the E-Mail.  

– I’d never click on a link unless I was certain that I trusted the folks providing the link.   So, if you find one of these around and use it to go to a web site, how will you know where you’ll end up?  

– It’s a slick idea and, so long as cell phones are not being corrupted by viruses, following a link like this on a cell phone might not be dangerous.  But, I strongly suspect cell phones are vulnerable to viruses and other attacks. 

– I say this because I used to work at Motorola and helped to develop the software that went into their cell phones.   And what we put into those phones was, in every sense, a complex operating system.   Just the sort of thing viruses can get their teeth in.

Nuff said….

Nope, not enough said yet.   I wrote the following to a friend of mine this morning in an E-Mail.  He’s not a real technical guy so he was unsure what all of this was about.  If some of you are having the same problem, maybe the following will help:

R.,

Many cell phones these days have web browsers built in so you can surf the internet on your cell phone’s little screen from where ever you are.  The newer cell phones also have cameras on them so you can just point it like a camera and push a button and it records a picture digitally.

The Microsoft Tag idea combines these two capabilities.

Say you are out in public and you see a poster for a movie that’s being advertised.   On the poster is one of these ‘tag’ things.   You take your cell phone out and point it at the ‘tag’ on the movie poster and you take a picture of it with the built in camera on your cell phone.

If you have you cell phone setup to use Microsoft Tags, what will happen then is that the cell phone will take a look at the picture its just taken and translate it into an address out on the Internet and then the cell phone’s web browser will automatically go to that web site.    So, you take a picture of a Tag and then, boom, you are looking at the website represented by that Tag.

In this case, since the tag was on a movie poster, the website will probably be about the movie on the poster and you’ll be able to see, on that web site you’ve just gone to, where the movie is playing and when.

BUT, the concern is that these tags could be malicious and take the web browser on your cell phone anywhere.  To porn sites, to sites infested with worms and viruses or to anywhere.   Just by looking at the tag, you can’t tell where it is going to take you.   So, in that way, it is just like clicking on a link in an E-Mail you received from someone you don’t know.   It’s a very risky thing to do.

Dennis

Hacker intrusion on US power grid sparks security fears

Wednesday, April 8th, 2009

“The severity of what we’re seeing is off the charts,” said Tom Kellermann, vice president of security awareness for Core Security Technologies and a member of the Commission on Cyber Security that is advising President Barack Obama.

“Most of the critical infrastructure in the US has been penetrated to the root by state actors.”

SAN JOSE, California – Spies hacked into the US electric grid and left behind computer programmes that would let them disrupt service, exposing potentially catastrophic vulnerabilities in key pieces of national infrastructure, The Associated Press has learned.

The intrusions were discovered after electric companies gave the government permission to audit their systems, a former US government official told the AP. The ex-official was not authorised to discuss the matter and spoke on condition of anonymity.One possible future

The inspections of the electric grid were triggered by fears over a March 2007 video from the Idaho National Laboratory, which had staged a demonstration of what damage hackers could do if they seized control of a crucial part of the electric grid. The video showed a power turbine spinning out of control until it became a smoking hulk and shut down.

Although the resulting audits turned up evidence of spying, the former official told the AP that the extent of the problem is unknown, because the government does not have blanket authority to examine other electric systems.

“The vulnerability may be bigger than we think,” the official said, adding that the level of sophistication necessary to pull off such intrusions is so high that it is “almost without a doubt” done by state sponsors.

The Wall Street Journal, which reported the intrusions earlier, said officials believe the spies have not yet sought to damage the nation’s electric grid, but that they likely would try in a war or another crisis.

More…

UK police get power to hack into PCs

Tuesday, January 13th, 2009

LONDON – Police have been given the power to hack into personal computers without a court warrant.

The Home Office is facing anger and the threat of a legal challenge after granting permission. Ministers are also drawing up plans to allow police across the European Union to collect information from computers in Britain.

The moves will fuel claims that the Government is presiding over a steady extension of the “surveillance society” threatening personal privacy.

Hacking – known as “remote searching” – has been quietly adopted by police across Britain since the development of technology to access computers’ contents at a distance. Police say it is vital for tracking cyber-criminals and paedophiles and is used sparingly but civil liberties groups fear it is about to be vastly expanded.

More…

– Hat tip to Cryptogon

Network Neutrality Update

Friday, December 19th, 2008

– I’ve written on this before. The big corporate folks ‘own’ most of the media we have; TV, Radio, Newspapers, etc.

– The Internet is the one place left where all information comes to you equally unencumbered – at least so far.

– But, the Internet represents big profits to some. It represents ways to control the information we see to others. It is the most powerful form of media still existing not under the control of those with deep vested interests regarding what may appear on it.

= = = = = = = = = = = = =

NETWORK NEUTRALITY UPDATE….Slowly but surely, support for network neutrality on the internet is eroding:

Google Inc. has approached major cable and phone companies that carry Internet traffic with a proposal to create a fast lane for its own content, according to documents reviewed by The Wall Street Journal. Google has traditionally been one of the loudest advocates of equal network access for all content providers.

At risk is a principle known as network neutrality: Cable and phone companies that operate the data pipelines are supposed to treat all traffic the same — nobody is supposed to jump the line.

….Separately, Microsoft Corp. and Yahoo Inc. have withdrawn quietly from a coalition formed two years ago to protect network neutrality. Each company has forged partnerships with the phone and cable companies. In addition, prominent Internet scholars, some of whom have advised President-elect Barack Obama on technology issues, have softened their views on the subject.

….Lawrence Lessig, an Internet law professor at Stanford University and an influential proponent of network neutrality, recently shifted gears by saying at a conference that content providers should be able to pay for faster service.

It’s not too surprising that big content companies are quietly changing their tune on this: big companies are usually willing to pay for preferential treatment that helps them keep little guys little, and preferential access to the internet is no different from any other competitive advantage.

More…

Here are links to three earlier pieces I posted that touch on this important topic.

Trojan virus steals banking info

Thursday, November 6th, 2008

The details of about 500,000 online bank accounts and credit and debit cards have been stolen by a virus described as “one of the most advanced pieces of crimeware ever created”.

The Sinowal trojan has been tracked by RSA, which helps to secure networks in Fortune 500 companies.

RSA said the trojan virus has infected computers all over the planet.

“The effect has been really global with over 2000 domains compromised,” said Sean Brady of RSA’s security division.

He told the BBC: “This is a serious incident on a very noticeable scale and we have seen an increase in the number of trojans and their variants, particularly in the States and Canada.”

The RSA’s Fraud Action Research Lab said it first detected the Windows Sinowal trojan in Feb 2006.

Since then, Mr Brady said, more than 270,000 banking accounts and 240,000 credit and debit cards have been compromised from financial institutions in countries including the US, UK, Australia and Poland.

Security companies recommend that PC owners keep anti-virus programs up to date and regularly scan their machine for malicious software.

The lab said no Russian accounts were hit by Sinowal.

“Drive-by downloads”

RSA described Sinowal as “one of the most serious threats to anyone with an internet connection” because it works behind the scenes using a common infection method known as “drive-by downloads”.”

Users can get infected without knowing if they visit a website that has been booby-trapped with the Sinowal malicious code.

More…

Nastiness on the Internet?

Sunday, November 2nd, 2008

Back on September 18th, 2008, I wrote a piece about a run-in I’d had with David Latimer of the Mesothelioma & Asbestos Awareness Center.   The piece is here: 

The piece itself, and the comments about it, makes for interesting reading so I won’t go into any of the specifics here.  But, I do encourage you to go and have a look.

After the initial burst of comments and E-mail about the original piece, I didn’t think much more about it.

But the other day, more than a month later, as I was looking through my Internet Logs to see where my traffic was coming from, I noticed a really odd pattern.   The second most visited page on my Blog was the piece on the Mesothelioma & Asbestos Awareness Center.

It made me curious why this piece should be so popular so I went digging and was surprised to find that all of the visits to this page on my Blog were coming from IP addresses in the range of 84.109.*.*    For example, one visit might come from 84.109.121.176 while the next might come from 84.109.104.179.   But all of them are coming from addresses that begin with 84.109.

Addresses on the Internet are often owned in ranges or blocks like this. I traced a dozen or more these addresses variations back to their source and they were ALL coming from a single Internet Service Provider (ISP) in Israel.   The ISP is www.bezeqint.net which is located at:

Bezeq International Ltd.
40 Hashacham street, Ramat-Siv
PO Box 7097
49170 Petach Tikva
Israel

When one of the ISP’s customers requests access to the Internet, the IPS issues them one of the IP addresses from the block the ISP owns.   This is why each time someone shows up on my Blog from Bezeq, they have a slightly different IP address.

So, what does it all mean?   Well, most probably Bezeq, the Israeli company, has a customer that has some sort of a deep and persistent interest in the Mesothelioma & Asbestos Awareness Center web page on my Samadhisoft Blog. 

The question. of course, is why is this person so interested?

If you look at the pattern of their visits, it is puzzling what they are doing.   Check this out.  These are all the visits today and yesterday.   All of these came from one of the Bezeq ISP company’s IP addresses:

081102 – 12:23:07 – 01m09s – 2 reloads
081102 – 10:13:52 – 00m50s – 2 reloads
081102 – 09:09:26 – 00m31s – 2 reloads
081102 – 08:50:40 – 00m42s – 2 reloads
081102 – 08:42:55 – 00m??s – 0 reloads (*)
081102 – 08:07:49 – 00m19s – 1 reload
081102 – 08:07:30 – 01m11s – 1 reload
081102 – 07:21:11 – 00m??s – 0 reloads
081101 – 15:59:50 – 00m??s – 0 reloads
081101 – 15:33:59 – 00m48s – 1 reload
081101 – 15:33:19 – 00m52s – 2 reloads
081101 – 15:32:51 – 00m27s – 1 reload
081101 – 15:31:44 – 00m??s – 0 reloads
081101 – 13:49:21 – 00m54s – 2 reloads
081101 – 13:28:56 – 00m26s – 1 reload
081101 – 12:10:32 – 00m51s – 2 reloads
081101 – 09:58:08 – 00m??s – 0 reloads
081101 – 09:14:21 – 00m57s – 2 reloads
081101 – 08:46:52 – 00m47s – 2 reloads
081101 – 08:33:04 – 00m42s – 2 reloads
081101 – 08:04:06 – 00m42s – 2 reloads
081101 – 08:02:37 – 00m35s – 2 reloads
081101 – 07:54:22 – 00m34s – 2 reloads
081101 – 07:03:39 – 00m??s – 0 reloads

– At least one of these visits (*) came through a proxy server based in Saudi Arabia. though its original IP address was still shown as 84.109.*.*.

The way to read the list above is like so:   If the line says

081101 – 08:02:37 – 00m35s – 2 reloads

It means that on 2008, November, 1st @ 8:02:37 I had a visit to my page that was 35 sec long and the Mesothelioma page was reloaded by the viewer twice.

It is an odd pattern, no doubt.   They come in directly to the Mesothelioma page again and again and stay anywhere from 30 seconds to a little over a minute and then depart.  They may or may not reload the page once or twice during their visit.  Yesterday, November 1st, they visited the Mesothelioma page like this 16 times.  Today, they had made eight visits by midday.

Perhaps, they are visiting the page to make it look popular?   Perhaps, but it makes no sense to me because the only folks who would care are the Mesothelioma lawyers and this page is very likely more of a liability that an asset to them.

The only other reason I can think why someone would be visiting it so much is if they are trying to work out how to attack the page and take it down because it is a problem for someone.

I don’t know – it is all a mystery.   But, something a bit stinky and mysterious is going on.   Stay tuned, I’ll post more if I learn anything more.

Public Floods FCC with Net Neutrality Support

Tuesday, July 17th, 2007

Over 95 Percent of Comments Filed at Agency Demand a Free and Open Internet

WASHINGTON – JULY 17 – Tens of thousands of public comments supporting Net Neutrality flooded the Federal Communications Commission before the close of the agency’s official inquiry yesterday. In a landslide, well over 95 percent of the comments called for rules that prohibit phone and cable companies from discriminating against Web sites or services.

People from different backgrounds, living in every corner of the country, demand this basic Internet freedom. Internet users from all 435 congressional districts used SavetheInternet.com’s online tools to send personal messages to the FCC.

“I am living the American dream because of Network Neutrality — my games have been used in thousands of schools all over the world,” says Karen Chun, a single mother and owner of a successful online educational games business. “Without Net Neutrality, my little Web site would have been consigned to oblivion because I wouldn’t have been able to pay the fees the ISPs want to charge.”

Net Neutrality supporters include a broad range of small business owners, students, churchgoers, bloggers, political candidates, educators and activists who say that protecting Net Neutrality is fundamental to their family life, work and interests.

“In rural America, the Internet is very important in staying informed,” wrote Charles and Carol Swigart of Huntingdon, Pa. “We read several national newspapers every day to get the news our local paper does not thoroughly cover. All persons who publish on the Internet should have an equal opportunity to have their voices heard.”

Kelly Jones of Portland, Ore., told the FCC that “corporations are not, and have never been, qualified as gatekeepers to American communication and growth. If the FCC believes in true democracy, it must ensure that broadband providers do not block, interfere with or discriminate against any lawful Internet traffic based on its ownership, source or destination.”

Sens. Byron Dorgan (D-N.D.) and Olympia Snowe (R-Maine) — co-sponsors of the bipartisan “Internet Freedom Preservation Act” — sent a letter to FCC Chairman Kevin Martin urging the FCC to reinstate Net Neutrality rules.

“We see that thousands of people have submitted comments describing how a free and open Internet benefits consumers and telling you the discriminatory practices planned by their Internet service providers would substantially harm their online experience,” Dorgan and Snowe wrote the chairman. “We hope you take note of these thousands of public comments\nurging you to protect Internet freedom.”

In 2005, the FCC removed the rules that had guaranteed Net Neutrality since the Internet’s inception. The heads of the biggest phone and cable companies have repeatedly stated plans to discriminate against Web sites that don’t pay extra fees to get higher quality service and faster speeds.

More than 1.6 million people and 850 groups from across the political spectrum have called for the FCC and Congress to reinstate Net Neutrality.

The Commission opened its Net Neutrality inquiry in March, asking for comment on why a neutral Internet is important; how phone and cable company efforts to discriminate against content online affect everyday lives; and whether the agency should enforce rules that would prohibit such discrimination.

“Once again, the public has sent a clear mandate to Washington: Protect Net Neutrality,” said Timothy Karr\, campaign director of Free Press, the group that coordinates the SavetheInternet.com Coalition. "Internet users want competitive and affordable services. They don’t want phone and cable companies to manipulate the free flow of information and distort the Web’s level playing field. Now, the FCC must heed demands from people of every walk of life and enforce full Net Neutrality.”

– To the original at CommonDreams.org:

– I wrote earlier on this subject here: &

– And Bill Moyers did a wonderful piece here on press freedom and net neutrality:

– Thx to Michael M. for directing me to this piece.