Showing posts from February, 2013

IT Security As Theater

In a recent presentation at the RSA Conference (RSA is now the security division of EMC), presenter Tillmann Werner took down the Kelihos botnet during his talk. Gutsy move!

Tillmann Werner says that he consulted international agencies such as the FBI about his plans and that he also took legal advice. The researchers plan to provide the authorities and the Shadowserver Foundation with the IP addresses of the infected servers that connected to the sinkhole as soon as possible to ensure that victims' ISPs can be notified. How long this blow will keep the botmasters from pursuing their criminal activities is an entirely different question: when the previous version, Kelihos.b, was taken down, Werner said that it only took 20 minutes before the now disabled successor, Kelihos.c, had grown to 40,000 zombie PCs. The researcher plans to announce the size of Kelihos.c at the time it was taken down in a blog post over the next few days.

Carl Sagan's Pale Blue Dot

I confess to having a slight obsession (I know, that's an oxymoron) about the photo below. It was taken by the Voyager 1 spacecraft at a distance of about 4 billion miles from Earth, on it's way out of our solar system and into the void beyond.

The photo is remarkable enough, framing our world as a tiny speck against a vast backdrop of blackness. The thing that seems to keep it fresh in my mind are the sentiments of the late astronomer and physicist, Carl Sagan.

His words are a profound and sobering reflection upon mankind and our home, and our place in the Universe. This is from his book, "Pale Blue Dot". "That's here. That's home. That's us. On it everyone you love, everyone you know, everyone you ever heard of, every human being who ever was, lived out their lives. The aggregate of our joy and suffering, thousands of confident religions, ideologies, and economic doctrines, every hunter and forager, every hero and coward, every creator and dest…

You Want A Piece Of Me?

In this case, we want a piece of Mars - courtesy of the Curiosity Mars Rover and its little drill. For the first time, a remotely controlled craft has drilled into a rock on another planet. This was not a core sample type of drill, but it got some fine powder out of the rock from a depth of a couple of inches. The dust samples will be analyzed on board the rover. The sample comes from a fine-grained, veiny sedimentary rock called "John Klein," named in memory of a Mars Science Laboratory deputy project manager who died in 2011. The rock was selected for the first sample drilling because it may hold evidence of wet environmental conditions long ago. The rover's laboratory analysis of the powder may provide information about those conditions. NASA

Doodles In Space!

No, it's not a new science fiction cartoon for the kids, instead its a sort of 3D-printer-but-it's-also-a-pen. The devices effectively allows you to "draw" things in 3D space by extruding a quickly cooling plastic "thread" or "string" which hardens in place. A bit like a more precise version of a hot glue gun. Probably easier just to watch the video below...

Russian Dashcam Video Hijinks

As you may have seen from the remarkable meteorite videos last year, many (most?) Russian car owners have video cameras running in their cars all the time. This is mostly because it helps establish blame in traffic accidents (specifically regarding insurance claims), and for other reasons such as possible police problems during traffic stops, etc. In any case, the ubiquity of "always on" cameras provides us with a rather mesmerizing stream of videos showing people driving w-a-a-y too fast and/or not paying attention, wheels flying off trucks and tractors, horses using human traffic crossings, pirouetting trucks, moose on the loose, and just general mayhem. If you stop to think about it, dash cam videos in the US would likely be just as bad, but it's the Russian ones we have for now so take a look...

The New Star Wars Movies

My goodness, there has been a lot of speculation about the new Star Wars movies. If you are not aware, Disney purchased Lucasfilm last December from Star Wars Director and originator George Lucas, and intends to make at least three more Star Wars movies chronologically following the stories laid out in the original trilogy ("A New Hope", "The Empire Strikes Back" and "Return Of The Jedi"). So far, Mark Hamill and Carrie Fisher (Luke and Leia) are at least in talks to come back, presumably playing older versions of their characters, and just recently it also seems that Harrison Ford will return, likely playing everyone's favorite Nerf-herder, Han Solo.

The Truth Hurts

It's a tough life sometimes, being a geek. Not necessarily tough in a "I need to wear a cup" way, but it can be a solitary existence, one that can bring it's own pressures and difficulties...

Windows Live Messenger Gets A Cutoff Date

Come April 8th - and it's not that far away - Microsoft will begin winding down Windows Live Messenger in earnest; Skype is the way of the future as far as Microsoft is concerned.
The upgrade from Messenger to Skype on Windows desktop will start on April 8*. The process will take a few weeks to complete. We’ll start the upgrades with our English language clients, and finish up with Brazilian Portuguese on April 30 or later.Skype Blog

Hey, Android! The 90's Are Calling!

Everything old is new again. In this case, "old" is from the 1990's; specifically the "Tamagotchi" craze from Bandai. A Tamagotchi App is available on the Google play store, and hearkens back to those golden days of yore when the little electronic pet/toy thingy was quite the accessory to have.

Rapsberry Pi Kills Robocalls Dead

Robocalls - those insanely annoying intrusions into our quiet time - wither before a hacktastic piece of Raspberry Pi-powered skulduggery. A bit clunky at the moment, but most prototypes are. Love it.
When the Federal Trade Commission told the public it would give $50,000 to anyone who could devise an effective and convenient way to stop telemarketing robocalls, proposals from more than 700 would-be inventors came in. Among those was Alex Ruiz, a 24-year-old Linux systems administrator from California. Ruiz saw a way to combine his programming and tinkering skills with a device we've written a lot about—the Raspberry Pi. During the past three months, Ruiz devised a system including a Raspberry Pi, an analog telephone adapter, and a network switch that uses whitelisting to pass legitimate calls through while blocking those annoying telemarketers.ArsTechnica

Microsoft Bashes Bamital Botnet!

Microsoft, with a little help from its friends Symantec and the FBI, have put a hurt on a web-search-hijacking trojan that has infected over 8 million Windows computers over the last couple of years. An infected computer would throw out bogus search results, leading the computer operator to sketchy sites riddled with more malware. The take-down consisted of physical raids on data centers hosting the botnet's controlling servers and some fancy legal work to tie things up in a bow. Prior to the takedown users of infected machines might have been unaware that anything was wrong, but they will now find that their search function is broken as their search queries will consistently fail. Owners of infected computers trying to complete a search query will now be redirected to an official Microsoft and Symantec webpage explaining the problem and provides information and resources to remove the Bamital infection and other malware from their computers. TheRegister

Another Sign Of The Apocalypse

Microsoft is releasing Office for...Linux.

Let me type that again.

Microsoft is considering releasing a version of Office 2014 for Linux users. That's a pretty big deal - although with several maturing "Office alternatives" available for the Linux OS, I wonder how much notice anyone will take at this late date. Probably a fair bit, particularly schools and colleges perhaps. ExtremeTech

Now There Is CCTV Hacking Too

In the UK, to say that CCTV (Closed Circuit TV) cameras are commonplace would be an understatement; it has become, for good or ill, one of the most "watched" countries in the world. So it's perhaps not surprising that hackers there have discovered ways to access the DVR units associated with the cameras. This opens up the possibility of not only deleting video data and so on, but also to use the DVR access as a jumping off point to access the rest of the network - as DVRs are often networked devices these days, and they are often UPnP capable - which may open them up to another recently discovered vulnerability.

Geek Out With Free Security Tools

The older I get, the more paranoid I become - or maybe "cagey" is a better term; I'm not actually searching the skies for black helicopters (yet). Using a computer every day, as many of us do, it's so easy to become complacent in terms of general security, and when Something Bad happens, it really rocks us on our heels. There are lots of little things you can (and should) do to try to keep your head above water; keep your computer updated, run an antivirus program, etc. Then there are additional layers you can add to allow your paranoid self to step back from the ledge, such as the items in this list from PCWorld. While none of them are particularly complex, some may be a bit less well known and possibly more useful, in a twisted logic sort of way. They are also all free, which is A Good Thing.