Archive for the ‘Technical’ Category

« Older Entries
Newer Entries »

The High Cost of Low Bandwidth

Tuesday, January 24th, 2012

As more and more information is finding its way onto the Web, great swaths of our physical infrastructure are becoming obsolete. 

When we attempt to understand the implications of the Internet Age, the first thing we need to do is recognize that office buildings, retail stores, air travel, lecture halls, and paper are just clunky, expensive, and low-bandwidth interconnections.

Allow me to explain. Many things that seem as solid as the Rock of Gibraltar are, in fact, information proxies in disguise. We can view these information proxies as two separate pieces: an information-sensitive piece, and a second piece with a valuable function that cannot be displaced by better virtual environments.The Internet peels away the information-carrying portions of these physical things and institutions. Frequently it leaves behind skeletons of little value. In the process, the Internet restructures and renders much of our physical infrastructure obsolete.

For example, there are lots of reasons to go to a retail store. The shopper may go to a clothing store because he enjoys the experience of looking at the merchandise. He might want to find out what is available and how much it will cost, or feel the material, or leave the store with a suit he can wear the next day. Many, but not all, of the reasons he went shopping were to gather important information, yet there’s a lot of infrastructure associated with delivering that data. There’s the store itself and the shelving and display cases piled high with merchandise; employees to answer questions and operate the cash register; logistics systems and delivery trucks that carry merchandise to the store. Then there are the costs of keeping the stores lit, cool in the summer, warm in the winter, and clean at all times. Of course, the customer could not avail himself of all these information services without getting in a car, driving to the store, parking it in a garage, and buying gas.

Most of that information can be obtained without the car, without the shelving, without the employees. One of the reasons online retailing has been so effective is that it reduces many of these infrastructure costs while delivering the information the customer needs about price, availability, and size. Retailers engaged in the sale of commodities like books, CDs, blue jeans, and running shoes will find it increasingly difficult in the face of Internet competition. Some will be spared — the stores where customers really do want to see and feel the goods, and leave with them right away. (Upscale boutiques, for example, where the shopping experience is paramount, will be affected less.)

It’s not just retailers who will be transformed by the unbundling of information dissemination from physical locations. The need and function of places that support/reinforce interconnectedness will similarly diminish and change. An office building is both an information warehouse and an information exchange. In the future, the most important function it will perform is to provide a comfortable and productive location for face-to-face interaction. With more of us carrying our file cabinets in our laptops, cramming our overloaded out baskets into our PC’s and doing jobs for ourselves that administrative assistants used to do, the office of the past will probably become a warren of comfortable meeting rooms surrounded by temporary desks for those who choose to come to work that day. Those laptops will become smaller and lighter as files and applications move into the cloud.

In the case of a university, it is relatively easy to see the large-lecture classes, a strictly information-carrying portion of the educational process, being displaced by virtual courses. The university of the future will probably focus much of its energy on mentoring, small seminars, and guiding student laboratory and research experiences. A university where the vast proportion of the educational process focuses strictly on transferring information could well melt into virtual space.

The future will look very different as we strip the information-carrying functions out of proxies and reduce them to their bare essentials. Entertainment centers will be redefined. Libraries will take on new charters. Educational institutions will be restructured. Cities will be transformed. This will happen because much of our physical infrastructure was just a low-bandwidth interconnection disguised as something real.

– To the original…

 

Posted in General, Technical | No Comments »

Cameras May Open Up the Board Room to Hackers

Monday, January 23rd, 2012

One afternoon this month, a hacker took a tour of a dozen conference rooms around the globe via equipment that most every company has in those rooms; videoconferencing equipment.

With the move of a mouse, he steered a camera around each room, occasionally zooming in with such precision that he could discern grooves in the wood and paint flecks on the wall. In one room, he zoomed out through a window, across a parking lot and into shrubbery some 50 yards away where a small animal could be seen burrowing underneath a bush. With such equipment, the hacker could have easily eavesdropped on privileged attorney-client conversations or read trade secrets on a report lying on the conference room table.

In this case, the hacker was HD Moore, a chief security officer at Rapid7, a Boston based company that looks for security holes in computer systems that are used in devices like toaster ovens and Mars landing equipment. His latest find: videoconferencing equipment is often left vulnerable to hackers.

Businesses collectively spend billions of dollars each year beefing up security on their computer systems and employee laptops. They agonize over the confidential information that employees send to their Gmail and Dropbox accounts and store on their iPads and smartphones. But rarely do they give much thought to the ease with which anyone can penetrate a videoconference room where their most guarded trade secrets are openly discussed.

– More…

– Research thanks to Gerry B.

Posted in CrashBlogging, CyberChaos, Tech-Hardware, The Perfect Storm | No Comments »

Paybacks are hell: Parental spying prompts infiltration of German police system

Wednesday, January 11th, 2012

Der Spiegel published a story in yesterday’s edition of their magazine that the hack on the German police surveillance system “Patras” was prompted by a senior officer spying on his daughter’s internet activities.

The Patras system is used by the police to track suspects using so-called “silent” SMSs and GPS tracking devices planted on automobiles.

It appears that a senior policeman from Frankfurt am Main installed spyware onto his daughter’s computer to keep an eye on her online activities.

It is unclear whether this is legal under German law. It is also unknown whether he used the famous Bundestrojaner or some sort of commercial off-the-shelf spyware.

One of his daughters friends then discovered the spyware on her computer and decided that was justification enough to hack into her father’s computer.

Upon invading her dad’s system he found a selection of sensitive security related emails that enabled access to the Patras system. Two German hackers from a group called n0n4m3 cr3w (noname crew) were arrested after the system was breached in July of 2011.

According to Der Spiegel the policeman had redirected his work emails to his home computer. I expect that this is against the rules and is almost always a bad idea.

The worst part is that such a sensitive network used to covertly track people was accessible without any sort of two-factor authentication.

You would hope that intercepting a few sensitive emails would not provide enough information to allow a VPN connection or access critical infrastructure with such ease.

It is not clear whether this incident is the one that resulted in the successful attack against Patras last summer, or whether they were in fact breached twice.

It is one thing to accept the need of law enforcement to track suspects after receiving the approval of a judge, but it is becoming clear that access to these systems is too easy. It almost invites abuse and could result in criminal cases being compromised.

With great power comes great responsibility, and hopefully the German police have implemented more strict access controls and other authorities with similar power have heard this story and will look into their own security.

– To the original…

 

Posted in CrashBlogging, CyberChaos, Tech-Software, The Perfect Storm | No Comments »

Why is it not good to use proprietary Software or Formats?

Monday, October 31st, 2011

Proprietary Software can include back doors – see Skype and Microsoft.

Proprietary formats can include metadata. This is data, which you can’t see but it can lead to your identity. They caught a Greek anonymous activist, because he uploaded a word document with his real name in the metadata.

If you are no computer expert don’t upload anything else then plain TXT files to the Internet. You can use copy and past as well to post it in web services. Even graphic formats like JPEG or TIFF can include data like GPS coordinates, the used camera, user and software name.

It’s very difficult for beginners to find this metadata. So if you are a good designer like the poor Greek one, send your PDF files to a computer expert. He can clean the metadata before the upload.

These programms can show you the metadata:

PDF – BeCyPDFMetaEdit
Viewer for many formats: http://regex.info/exif.cgi

[UPDATE]
The metadata can be useful to locate the author of a document in real life, if you have questions for example. Open source programs like Libre Office uses metadata too. The trick is not to fill in your real name during installation and don’t use your real name for login.

You can use a Linux live system (like TAILS) to produce anonymous documents.

Comments:

The UK government has its problems with PDF formats too:

http://news.slashdot.org/story/11/04/17/0831204/MoDs-Error-Leaks-Secrets-of-UK-Nuclear-Submarine

“UK’s Ministry of Defence admitted that secret information about its nuclear powered submarines was leaked on the internet by mistake.

and

FOCA is a good program to show meta data for windows. You have to give an email adr. to dowload the program …

http://www.informatica64.com/DownloadFOCA/

– To the original…

 

Posted in CounterCurrents, CyberChaos, Tech-Software, The Perfect Storm | No Comments »

QR Tags Can Be Rigged to Attack Smartphones

Tuesday, September 13th, 2011

A blogger has demonstrated how these innocuous tags can be made into cybercrime weapons

The one to the side here says, “Samadhisoft Blog” and is harmless.

You’ve probably seen QR tags thousands of times, from advertisements in the subway to coupon flyer in the mail to products in the supermarket. They look like stamp-size bar codes, a grid of small black-and-white rectangles and squares, usually with bigger black squares in the corners.

A marketer’s dream-come-true, these tiny images are capable of storing and transmitting loads of data directly to the smartphones of interested customers. When a person scans a QR tag with a smartphone, the tag can do any number of things, including taking the user right to the product’s website.

But like any technology, they can also be manipulated to bite the hands — or phones — that feed them. On the mobile security blog Kaotico Neutral, researcher Augusto Pereyra demonstrated how these innocuous QR tags can be made into cybercrime weapons.

In his proof-of-concept hack, Pereyra took a QR tag he created from a free online tag creator and embedded in it the URL for an attack server called evilsite.dyndns.org. When the target smartphone scanned the tag, the browser was directed to the spoofed site and fed malware.

QR tags are touted for their convenience, but it’s that same convenience — coupled with their increasing prevalence — that Pereyra believes could allow them to becomedangerous attack vectors. Popular QR tag-scanning software, such as ScanLife, automatically takes mobile browsers to the site embedded within the tag, and while it makes the process quick, it does nothing for its safety.

“This is a serious problem since this is the equivalent of clicking a link with your eyes closed,” Pereyra wrote.

– More…

Posted in CrashBlogging, CyberChaos, Tech-Software, The Perfect Storm | No Comments »

Telex to help defeat web censors

Wednesday, August 3rd, 2011

Developed by US computer scientists the software, called Telex, hides data from banned websites inside traffic from sites deemed safe.

The software draws on well-known encryption techniques to conceal data making it hard to decipher.

So far, Telex is only a prototype but in tests it has been able to defeat Chinese web filters.

Outside in

Telex was developed to get around the problem that stops other anti-censorship technologies being more effective, said Dr Alex Halderman, one of the four-strong team that has worked on Telex since early 2010.

Many existing anti-censorship systems involve connecting to a server or network outside the country in which a user lives.

This approach relies on spreading information about these servers and networks widely enough that citizens hear about them but not so much that censors can find out and block them.

Telex turns this approach on its head, said Dr Halderman.

“Instead of having some server outside the network that’s participating we are doing it in the core of the network,” he said.

Telex exploits the fact that few net-censoring nations block all access and most are happy to let citizens visit a select number of sites regarded as safe.

When a user wants to visit a banned site they initially point their web browser at a safe site. As they connect, Telex software installed on their PC puts a tag or marker on the datastream being sent to that safe destination.

Net routers outside the country recognise that the datastream has been marked and re-direct a request to a banned site. Data from censored webpages is piped back to the user in a datastream disguised to resemble that from safe sites.

– More…

Posted in And Now for Something Completely Different, CounterCurrents, Politics - The Right Way, Tech-General | No Comments »

Anonymous speaks: the inside story of the HBGary hack

Sunday, February 20th, 2011

– Smashing stuff.   Absolutely top notch.  Anonymous has truly taken the stuffed shirt out of these folks.   And good on them for doing it. – dennis

– Check out the two posts previous to this one:   and as well.

– – – – – – – – – – – – – – – – – – – –

It has been an embarrassing week for security firm HBGary and its HBGary Federal offshoot. HBGary Federal CEO Aaron Barr thought he had unmasked the hacker hordes of Anonymous and was preparing to name and shame those responsible for co-ordinating the group’s actions, including the denial-of-service attacks that hit MasterCard, Visa, and other perceived enemies of WikiLeaks late last year.

When Barr told one of those he believed to be an Anonymous ringleader about his forthcoming exposé, the Anonymous response was swift and humiliating. HBGary’s servers were broken into, its e-mails pillaged and published to the world, its data destroyed, and its website defaced. As an added bonus, a second site owned and operated by Greg Hoglund, owner of HBGary, was taken offline and the user registration database published.

Over the last week, I’ve talked to some of those who participated in the HBGary hack to learn in detail how they penetrated HBGary’s defenses and gave the company such a stunning black eye—and what the HBGary example means for the rest of us mere mortals who use the Internet.

– Please, read more…

-Research thanks to Alan T.

Posted in And Now for Something Completely Different, CyberChaos, Politics, Technical | 1 Comment »

Anonymous victim HBGary goes to ground

Friday, February 18th, 2011

– Great follow up story to my previous one.  Got to love the Anonymous folks – speaking truth to power.  – dennis

– – – – – – – – – – – – – –

The computer security company hacked by members of activist group Anonymous has gone to ground as further revelations about its activites leak online.

HBGary has cancelled its appearances at public events, saying that members of staff had been threatened.

It follows the release of internal documents which appear to show the firm offered to smear Wikileaks’ supporters.

HBGary officials said the online messages could have been altered prior to publication.

The company’s founder, Greg Hoglund had been scheduled to give a talk at the RSA Security conference in San Francisco this week, but pulled out at the last minute.

The company also withdrew from an associated exhibition.

“In an effort to protect our employees, customers and the RSA Conference community, HBGary has decided to remove our booth and cancel all talks,” it said in a statement posted on its website.

According to e-mails that Anonymous claims to have taken from HBGary’s servers, the company had proposed a plan to undermine Wikileaks.

At the time, the whistleblowing website was planning to release documents relating to Bank of America.

The leaked emails also suggest that HBGary had discovered evidence that US officials were attempting to monitor visitors to websites affiliated to al Qaeda.

These messages have been posted online via the Anonymous-supported site Anonleaks.ru.

– More…

Posted in And Now for Something Completely Different, CyberChaos, Politics, Technical | 1 Comment »

Hackers find plan to attack WikiLeaks

Tuesday, February 15th, 2011

– Least anyone wonder, I fully support what Assange’s done.   Governments, and I mean the U.S. especially here, keep far too much secret.   Democracy should be as transparent as it can be consistant with security but most governments err far over that mark.

– So, I applaude Anonymous and their efforts to make the control and suppresdsion of information painful for those who participate in it. – dennis

= = = = = = = = = = = = = = = = = = = = = = = = = = = = =

LONDON – The computer hackers’ collective Anonymous has uncovered a proposal by a consortium of private contractors to attack and discredit WikiLeaks.

Last week Anonymous volunteers broke into the servers of HB Gary Federal, a security company that sells investigative services to companies, and posted thousands of the firm’s emails on to the internet.

The attack was in revenge for claims by the company’s chief executive Aaron Barr that he had successfully infiltrated the shadowy cyber protest network and discovered details of its leadership and structure.

Hacktivists, journalists and bloggers have since pored over the emails and discovered what appears to be a proposal that was intended to be pitched to the Bank of America to sabotage WikiLeaks and discredit journalists who are sympathetic to the whistle-blowing website.

The PowerPoint presentation claims a trio of internet security companies – HB Gary Federal, Palantir Technologies and Berico Technologies – are already prepared to attack WikiLeaks which is rumoured to be getting ready to release a cache of potentially embarrassing information on the Bank of America.

– more…

Posted in And Now for Something Completely Different, CyberChaos, Politics, Technical | No Comments »

Privacy – not!

Thursday, February 3rd, 2011

– Ever worry about your personal privacy?   Like to keep your address secret?   Love how cute your kids are but would, perhaps, not care to let the entire world know where such cute kids live?   Ever posted pics of your jewelery?    Yes?   Well, I hope you don’t shoot your pics with an iPhone because if you do, you’ve just gotten a whole bunch more to worry about in your life.

– Check out this video:  

– Wonder if such an amazing thing could be true?    It is.   I checked it out with my iPhone and every photo I’ve ever shot has the GPS coordinates of where I shot it embedded in the information that travels with the photo.   Damn!   You’d think on  feature like that, Apple would have set it to ‘off’ unless someone understood the risks and made a conscious decision to turn it “on”.

– dennis

– research thanks to Carol S.

Posted in And Now for Something Completely Different, Mental Irrationality, Technical | No Comments »

« Older Entries
Newer Entries »