Archive for the ‘Technical’ Category

US unable to win a cyber war

Monday, April 5th, 2010

24 Feb 2010

The inability to deflect even a simulated cyber attack or mitigate its effects shown in the exercise that took place some six days ago at Washington’s Mandarin Oriental Hotel doesn’t bode well for the US.

Mike McConnell, the former Director of National Intelligence, said to the US Senate Commerce, Science, and Transportation Committee yesterday that if the US got involved in a cyber war at this moment, they would surely lose. “We’re the most vulnerable. We’re the most connected. We have the most to lose,” he stated.

Three years ago, McConnell referred to cybersecurity as the ‘‘soft underbelly of this country’’ and it’s clear that he thinks things haven’t changed much since then.

And he isn’t that optimistic about what warnings about the possibility might achieve. According to InfoWorld, he thinks that only an attack with catastrophic consequences will spur the government into action. “We will not mitigate this risk,” he says. “We will talk about it, we will wave our hands, we’ll have a bill, but we will not mitigate this risk.”

James Lewis, director of the Technology and Public Policy Program at the Center for Strategic and International Studies, thinks that cyber security is not something that has to be left in the hands of private companies and that government intervention should be called for. “Government needs to give the market a kick,” says McConnell.

Not so long ago, the introduction of two Senate bills that would allow the US president to shut down the Internet in case of a cyber emergency made corporations all over the country sweat. But, it’s plain to see that government affiliated experts would welcome it with open arms and are longing to see the government taking a more active role when it comes to cybersecurity.

– To the original…

Chips in Official IDs Raise Privacy Fears

Sunday, August 16th, 2009

– Yeah, the U.S. government is pushing these new passports with embedded RFID chips and the hackers have already broken them. It seems like the bureaucrat’s desire to use new technologies has over-ridden anyone’s concerns for the saftey and privacy of those U.S. citizens who carry these little packets of ‘free’ information out into an increasingly hostile world.   I’m glad I’ve got an ‘old-style’ passport for now.

= = = = = = =   = = = = = = =   = = = = = = =

Climbing into his Volvo, outfitted with a Matrics antenna and a Motorola reader he’d bought on eBay for $190, Chris Paget cruised the streets of San Francisco with this objective: To read the identity cards of strangers, wirelessly, without ever leaving his car.

It took him 20 minutes to strike hacker’s gold.

Zipping past Fisherman’s Wharf, his scanner detected, then downloaded to his laptop, the unique serial numbers of two pedestrians’ electronic U.S. passport cards embedded with radio frequency identification, or RFID, tags. Within an hour, he’d “skimmed” the identifiers of four more of the new, microchipped PASS cards from a distance of 20 feet.

Embedding identity documents — passports, drivers licenses, and the like — with RFID chips is a no-brainer to government officials. Increasingly, they are promoting it as a 21st century application of technology that will help speed border crossings, safeguard credentials against counterfeiters, and keep terrorists from sneaking into the country.

But Paget’s February experiment demonstrated something privacy advocates had feared for years: That RFID, coupled with other technologies, could make people trackable without their knowledge or consent.

More…

How to use electrical outlets and cheap lasers to steal data

Sunday, August 16th, 2009

If attackers intent on data theft can tap into an electrical socket near a computer or if they can draw a bead on the machine with a laser, they can steal whatever is being typed into it.

How to execute these attacks will be demonstrated at the Black Hat USA 2009 security conference in Las Vegas later this month by Andrea Barisani and Daniele Bianco, a pair of researchers for network security consultancy Inverse Path.

“The only thing you need for successful attacks are either the electrical grid or a distant line of sight, no expensive piece of equipment is required,” Barisani and Bianco say in a paper describing the hacks.

More…

Upgrading WordPress …

Tuesday, April 14th, 2009

OK.   Upgrade to WordPress 2.7.1 is done.  If you see any odd behaviors, please use the Contact Me form and drop me a note.

Thanks!

Microsoft Tag – Part II

Saturday, April 11th, 2009

Yesterday, I tried to make some Microsoft Tags at the Microsoft Tag website.   I was able to make tags for three of my four websites (www.parkterraceapartment.com, www.samadhicoda.com and www.samadhimuse.com).

But when I tried to make one for this website, www.samadhisoft.com, the tag making software told me that my website was “Blacklisted”.

I sent them the following message on their contact form this morning to see what this “Blacklisting” was about:

I tried to make a tag for several of my websites and one of them failed.   When I tried to make a tag for www.samadhisoft.com, the tag making application told me that my site was “blacklisted”.  What’s that about and how do I get un-blacklisted?   This is a private Blog and I’ve never, to my knowledge, been blacklisted by anyone before.

In the end, I got around their black listing block by creating a TinyURL in place of the full www.samadhisoft.com website address and their tag making software took that just fine and made me a tag.   But, I cannot imagine that this loop-hole will exist long.

TinyURL is a cool and little-known capability.   You’ll do yourself a favor to follow the link, above, and read about what TinyURL can do for you.  It’s cool.

So, I’ve been wondering why Microsoft might have me on a Blacklisted list?

The only possible reason I can think of is that I wrote a piece a while ago critical of the Gates Foundation and where they spend their money to make the world a better place.  Mmmmm.   ‘Critical’ is perhaps too strong a word.   In truth, I applaude their idealism.   I just question how and where they direct it.   It think there are more effective uses of their vast monies to make our world a better place.

But, I think it is much more likely that I’m probably on a blacklist because of some error rather than because the Gates folks think I’m a small and irritating thorn.  They are too big and I am too small for that to seem very plausible.

We’ll see what my contact form query accomplishes.  Stay tuned for Microsoft Tag – part III.

Cheers!

– Postscript – 24Apr 2009 – I received the following E-Mail from Microsoft today:

———————————————————

Greetings:

We wished to let you know our team has removed your website “http://www.samadhisoft.com” from our blacklist.  You should now be able to create tags that work with this website.  If you still experience problems with such, please do not hesitate to contact us so we may look further into the issue.

Thank you for your patience and interest in Microsoft Tag.

———————————————————

– Typical that there was no explanation as to why my site had been blacklisted.   But, better late than never and better something rather than nothing.

Microsoft Tag

Friday, April 10th, 2009

– I haven’t Blogged on technical stuff for quite awhile now.  After 25 years of IT, not much pleases or surprises me these days.   But this new Microsoft Tag idea is really cool and it’s amazing no one thought if it before.

= = = = = = =

Microsoft Tag creates unlimited possibilities for making interactive communications an instant, entertaining part of life. They transform physical media (print advertising, billboards, product packages, information signs, in-store merchandising, or even video images)—into live links for accessing information and entertainment online.

With the Microsoft Tag application, just aim your camera phone at a Tag and instantly access mobile content, videos, music, contact information, maps, social networks, promotions, and more. Nothing to type, no browsers to launch!

More…

– Research thanks to David D.

– Here are four tags to various websites that I created on Microsoft’s Tag website just now:


Samadhisoft Website (as Tiny URL) Park Terrace Apartment

SamadhiCoda Website SamadhiMuse website

– My wife and I had a conversation about this article (above) a short while after I published it.   Her immediate comment was, “There will be a lot of scammers using these things.

– After I thought about it, I think she’s right.  Following the link within one of these is no different than following a link in an E-Mail you have received.   The link will only be as reliable as the person who sent you the E-Mail.  

– I’d never click on a link unless I was certain that I trusted the folks providing the link.   So, if you find one of these around and use it to go to a web site, how will you know where you’ll end up?  

– It’s a slick idea and, so long as cell phones are not being corrupted by viruses, following a link like this on a cell phone might not be dangerous.  But, I strongly suspect cell phones are vulnerable to viruses and other attacks. 

– I say this because I used to work at Motorola and helped to develop the software that went into their cell phones.   And what we put into those phones was, in every sense, a complex operating system.   Just the sort of thing viruses can get their teeth in.

Nuff said….

Nope, not enough said yet.   I wrote the following to a friend of mine this morning in an E-Mail.  He’s not a real technical guy so he was unsure what all of this was about.  If some of you are having the same problem, maybe the following will help:

R.,

Many cell phones these days have web browsers built in so you can surf the internet on your cell phone’s little screen from where ever you are.  The newer cell phones also have cameras on them so you can just point it like a camera and push a button and it records a picture digitally.

The Microsoft Tag idea combines these two capabilities.

Say you are out in public and you see a poster for a movie that’s being advertised.   On the poster is one of these ‘tag’ things.   You take your cell phone out and point it at the ‘tag’ on the movie poster and you take a picture of it with the built in camera on your cell phone.

If you have you cell phone setup to use Microsoft Tags, what will happen then is that the cell phone will take a look at the picture its just taken and translate it into an address out on the Internet and then the cell phone’s web browser will automatically go to that web site.    So, you take a picture of a Tag and then, boom, you are looking at the website represented by that Tag.

In this case, since the tag was on a movie poster, the website will probably be about the movie on the poster and you’ll be able to see, on that web site you’ve just gone to, where the movie is playing and when.

BUT, the concern is that these tags could be malicious and take the web browser on your cell phone anywhere.  To porn sites, to sites infested with worms and viruses or to anywhere.   Just by looking at the tag, you can’t tell where it is going to take you.   So, in that way, it is just like clicking on a link in an E-Mail you received from someone you don’t know.   It’s a very risky thing to do.

Dennis

Hacker intrusion on US power grid sparks security fears

Wednesday, April 8th, 2009

“The severity of what we’re seeing is off the charts,” said Tom Kellermann, vice president of security awareness for Core Security Technologies and a member of the Commission on Cyber Security that is advising President Barack Obama.

“Most of the critical infrastructure in the US has been penetrated to the root by state actors.”

SAN JOSE, California – Spies hacked into the US electric grid and left behind computer programmes that would let them disrupt service, exposing potentially catastrophic vulnerabilities in key pieces of national infrastructure, The Associated Press has learned.

The intrusions were discovered after electric companies gave the government permission to audit their systems, a former US government official told the AP. The ex-official was not authorised to discuss the matter and spoke on condition of anonymity.One possible future

The inspections of the electric grid were triggered by fears over a March 2007 video from the Idaho National Laboratory, which had staged a demonstration of what damage hackers could do if they seized control of a crucial part of the electric grid. The video showed a power turbine spinning out of control until it became a smoking hulk and shut down.

Although the resulting audits turned up evidence of spying, the former official told the AP that the extent of the problem is unknown, because the government does not have blanket authority to examine other electric systems.

“The vulnerability may be bigger than we think,” the official said, adding that the level of sophistication necessary to pull off such intrusions is so high that it is “almost without a doubt” done by state sponsors.

The Wall Street Journal, which reported the intrusions earlier, said officials believe the spies have not yet sought to damage the nation’s electric grid, but that they likely would try in a war or another crisis.

More…

UK police get power to hack into PCs

Tuesday, January 13th, 2009

LONDON – Police have been given the power to hack into personal computers without a court warrant.

The Home Office is facing anger and the threat of a legal challenge after granting permission. Ministers are also drawing up plans to allow police across the European Union to collect information from computers in Britain.

The moves will fuel claims that the Government is presiding over a steady extension of the “surveillance society” threatening personal privacy.

Hacking – known as “remote searching” – has been quietly adopted by police across Britain since the development of technology to access computers’ contents at a distance. Police say it is vital for tracking cyber-criminals and paedophiles and is used sparingly but civil liberties groups fear it is about to be vastly expanded.

More…

– Hat tip to Cryptogon

Network Neutrality Update

Friday, December 19th, 2008

– I’ve written on this before. The big corporate folks ‘own’ most of the media we have; TV, Radio, Newspapers, etc.

– The Internet is the one place left where all information comes to you equally unencumbered – at least so far.

– But, the Internet represents big profits to some. It represents ways to control the information we see to others. It is the most powerful form of media still existing not under the control of those with deep vested interests regarding what may appear on it.

= = = = = = = = = = = = =

NETWORK NEUTRALITY UPDATE….Slowly but surely, support for network neutrality on the internet is eroding:

Google Inc. has approached major cable and phone companies that carry Internet traffic with a proposal to create a fast lane for its own content, according to documents reviewed by The Wall Street Journal. Google has traditionally been one of the loudest advocates of equal network access for all content providers.

At risk is a principle known as network neutrality: Cable and phone companies that operate the data pipelines are supposed to treat all traffic the same — nobody is supposed to jump the line.

….Separately, Microsoft Corp. and Yahoo Inc. have withdrawn quietly from a coalition formed two years ago to protect network neutrality. Each company has forged partnerships with the phone and cable companies. In addition, prominent Internet scholars, some of whom have advised President-elect Barack Obama on technology issues, have softened their views on the subject.

….Lawrence Lessig, an Internet law professor at Stanford University and an influential proponent of network neutrality, recently shifted gears by saying at a conference that content providers should be able to pay for faster service.

It’s not too surprising that big content companies are quietly changing their tune on this: big companies are usually willing to pay for preferential treatment that helps them keep little guys little, and preferential access to the internet is no different from any other competitive advantage.

More…

Here are links to three earlier pieces I posted that touch on this important topic.

Trojan virus steals banking info

Thursday, November 6th, 2008

The details of about 500,000 online bank accounts and credit and debit cards have been stolen by a virus described as “one of the most advanced pieces of crimeware ever created”.

The Sinowal trojan has been tracked by RSA, which helps to secure networks in Fortune 500 companies.

RSA said the trojan virus has infected computers all over the planet.

“The effect has been really global with over 2000 domains compromised,” said Sean Brady of RSA’s security division.

He told the BBC: “This is a serious incident on a very noticeable scale and we have seen an increase in the number of trojans and their variants, particularly in the States and Canada.”

The RSA’s Fraud Action Research Lab said it first detected the Windows Sinowal trojan in Feb 2006.

Since then, Mr Brady said, more than 270,000 banking accounts and 240,000 credit and debit cards have been compromised from financial institutions in countries including the US, UK, Australia and Poland.

Security companies recommend that PC owners keep anti-virus programs up to date and regularly scan their machine for malicious software.

The lab said no Russian accounts were hit by Sinowal.

“Drive-by downloads”

RSA described Sinowal as “one of the most serious threats to anyone with an internet connection” because it works behind the scenes using a common infection method known as “drive-by downloads”.”

Users can get infected without knowing if they visit a website that has been booby-trapped with the Sinowal malicious code.

More…