Skip to main content

Posts

Showing posts from January, 2015

My Indiana Jones Movie Scorecard

With the speculation that Chris Pratt(Parks and Recreation, Guardians of the Galaxy) may be taking on the role of Doctor Henry Jones, Jr. in a proposed reboot of the franchise, I am taking a look back at the previous four movies starring Harrison Ford as the titular character. No, I'm not a movie reviewer, but I have a blog and an opinion and that's about all you need these days, right? Right. Let's get to it.

I Wonder What The Hackers Are Doing Right Now?

The Denial Of Service attack is unfortunately becoming all to common as a method of screwing with some business, blogger or government entity. Technology company Norse owns thousands of data centres and key internet hardware around the world.  By monitoring the attacks that come into its own hardware, it can work out the location and severity of all the major DDoS attacks that are taking place at any time.  As a chart of numbers, such data isn't particularly interesting.  But turn it into animated coloured shooting arrows that fire across an on-screen map of the world, and you really get a feel for how much DDoS traffic is in circulation at any one time. It really is amazing to watch.  Check out http://map.ipviking.com/ to see it for yourself.TechSupportAlert

Marriott Releases It's Grip On The Airwaves

Marriott International is dropping it's attempt to keep a stranglehold on anyone using (gasp) their own WiFi while on Marriott property.
"Marriott International has decided to withdraw as a party to the petition seeking direction from the [Federal Communications Commission] on legal WiFi security measures," Bruce Hoffmeister, Global Chief Information Officer for Marriott said in a statement provided to eWEEK.

Marriott was fined for blocking WiFi hotspots at one of its properties in 2014. The blocking took place in conference areas and not in guest rooms. In January 2015, Marriott said that it would not block guest access to WiFi.

Hoffmeister reiterated that stance in the Jan. 30 statement provided to eWEEK. "As we have said, we will not block WiFi signals at any hotel we manage for any reason."

While the Marriott statement focuses on security, the company and the FCC were flooded with complaints that the real reason was so that Marriott could charge for WiFi use in…

Bow Chicka Bow - Woah! Flash Exploit Does A Porno

I think it's pretty well understood that "adult" websites have more than their fair share of malware lurking in the background. It's also pretty well understood that Adobe Flash's "security" is pretty horrible and frequently needs patching. Put those two together, and you have a match made in, well, not heaven.
Yesterday, [Adobe] issued a patch for bug CVE-2015-0311, one that exposes a user's browser to become vulnerable to code injection, and the now infamous Angler EK (Exploit Kit). To fall victim to this kind of attack, all someone needs to do is visit a website with compromised Flash files, at which point the attacker can inject code and utilize Angler EK, which has proven to be an extremely popular tool over the past year.
This particular version of Angler EK is different, however. For starters, it makes use of obfuscated JavaScript and attempts to detect virtual machines and anti-virus products. Its target audience is also rather speci…

Unreal Game Engine Demo Looks Well, Pretty Real Actually

Eurogamer.net - When Epic unveiled Unreal Engine 4 in early 2013 it wanted to show off all the tech's bells and whistles. Its "Infiltrator" demo had whirling ships, flying sparks, complex light sources and plenty of explosions. It looked cool, to be frank. But it also looked like a video game. Set in a grim world of warring space marines, it didn't exactly equate to the type of thing we'd ever see in our ordinary lives. Yet one man, level designer and 3D artist BenoƮt Dereau, who worked on Dishonored, has single-handedly created one of the most shockingly realistic pieces of scenery ever modeled in 3D.
Eurogamer

Upgrade To Windows 10 Using Windows Update

If I actually used Windows 7 or 8 on my laptop, this is just the kind of nutty thing I might try. Bear in mind that Windows 10 is still effectively a beta product, so this is not for the faint of heart - but it's interesting that this might be available when the production version of Windows 10 is available as a free upgrade for current Windows 7 and 8 users. Most "normal" Windows users would be more comfortable upgrading in this manner than burning ISOs to DVD and so on. The only options you had previously to upgrade from an older copy of Windows to a new one was to run the installer either while the installed operating system was running or by booting from an installation disc or Flash drive to initiate it.

Microsoft wants to make things more comfortable and has added an option to upgrade to Windows 10 using Windows Update.

Windows Update is the operating system's updating service which is best known for delivering security patches once a month to supported Windows d…

A Little Bit Of Malware Dissection

HowToGeek recently started posting a some items on malware removal, partly as a follow up to their revelation as to the dire state of trying to download Windows freeware these days without also finding yourself lumbered with a bunch of unwelcome crap at the same time. At work, I run into a lot of this stuff too (our users need pretty unrestricted web access as part of their job), and it's interesting that they use the same process I do; namely go to Programs and Features first and use any provided uninstaller, and then run Malwarebytes (or whatever) to clean up. They also go into the mechanism of ShopperPro adware at some length, and it's quite revealing. ...the fact is that to prevent going to jail, many of these malware companies actually do provide a (mostly) working uninstaller. As long as you run Malwarebytes after uninstalling, you are generally fine.And that’s the thing, what they are doing isn’t technically illegal (although it should be). They trick you into agreein…

All Your Base Are Belong To Us, Possibly Quite Literally

Most of the major US weapons programs are pretty sucky, security-wise - according to a senior Pentagon tester. Michael Gilmore, director of operational test and evaluation (DOT&E), said program managers had worked to resolve problems discovered in previous years and security was improving, but this year's testing had revealed new vulnerabilities.
"Cyber adversaries have become as serious a threat to U.S. military forces as the air, land, sea and undersea threats represented in operational testing for decades," Gilmore wrote in the 366-page report. 
"The continued development of advanced cyber intrusion techniques makes it likely that determined cyber adversaries can acquire a foothold in most (Department of Defense) networks, and could be in a position to degrade important DOD missions when and if they chose to," he wrote.
You'd think we would try to do a little better, considering the state of the World these days.

Reuters

Oh No, Flo! Hacking Progressive's Snapshot Dongle

A security researcher has been putting together a proof of concept hack for the Progressive Insurance Snapshot device (the plug-in dongle that tracks your driving activities in order to calculate your insurance rate based upon your actual behavior). Such a condition could allow a hacker to access the car's own systems, and that can't be good; modern cars are pretty much two-ton mobile computers, so... He [Corey Thuen] started by extracting the firmware from the dongle, reverse engineering it and determining how to exploit it. It emerged the Snapshot technology, manufactured by Xirgo Technologies, was completely lacking in the security department, Thuen said. “The firmware running on the dongle is minimal and insecure. It does no validation or signing of firmware updates, no secure boot, no cellular authentication, no secure communications or encryption, no data execution prevention or attack mitigation technologies… basically it uses no security technologies whatsoever…

Hacking And Hackers In The Movies

Hacking in the movies or TV is a difficult thing to show; fiddling around with the command line or tweaking lines of code is not exactly action packed viewing for most of the viewing public. Most times, the result is a stylized hack job (pun intended) done more for effect than accuracy - which in the confines of a piece of drama, you can understand that approach (even if geeky types will roll their eyes in the dark). That said, there have been some movies that show fairly realistic (or at least cool) hackers/hacking in action. Screenrant has a look at the top ten (click on "View Gallery" to see the examples). Personally, I disagree with "Swordfish" being in there, but hey... BLACKHAT opens in theaters today and looks to be one of the most realistic approaches to showing computer hacking on the silver screen. With technology shifting almost daily, hacking has always felt a step behind the times. Still, hacking is pretty damn cool when showcased online and thes…

Google Ending Sales Of Google Glass

Google Glass sales are ending; the Explorer program is being shelved and any future development will be handled by a different division within the company. The innovative product has had a pretty bumpy ride; from the initial "wow" factor to later indifference by the public and some outright hostility against Glass wearers over privacy and other social concerns (referring to them as "Glassholes" for instance). To make sense as a general purpose consumer device, a gadget needs to have a clear advantage over those that preceded it. Glass’ advantage compared to pulling out your phone was never clear, and Google never effectively articulated it. Instead, Google seemed to hope that by offering Glass to a select number of early adopters and techies through its Glass Explorer program, which is now ending, the device’s first users would do the work of figuring out what it was for.

That didn’t happen, at least not in a way that made those advantages obvious to the general pub…

Android Jelly Bean Exploit: Google Whistles, Looks The Other Way

Well, this is pretty horrible. Google is refusing to fix a bug in Android older than version 4.3, shifting the responsibility back to the discoverer of the bug, or the manufacturer of the device (Samsung, Motorola, etc) - even if it appears to be a critical security vulnerability, as with the latest one in the WebView browser rendering engine. The flaws in this case affect Android 4.1 to 4.3, aka Jelly Bean, which began shipping in mid-2012 and was the primary version of Android through late 2013, or roughly 14 months ago. Up until quite recently, Google has aggressively patched problems in Android’s WebView rendering engine. Before KitKat (Android 4.4), all versions of Android used the version of WebView found within the Android Browser for rendering HTML webpages. With KitKat and Lollipop, Google updated the operating system to use a WebView plugin derived from its Chromium project

The average phone or tablet buyer has no way to upgrade their operating system unless the carrier provi…

New Supergirl TV Show - A Super-Powered Veronica Mars? *updated*

The new CBS Supergirl show will be a bit different from what we might have expected - and that could be good. Superman's cousin, Kar Zor-El, aka Kara Danvers will be solving crimes and dealing with family and career issues too. We have got to the point where we can technically convincingly portray super-powered heroes on TV, so it makes some kind of sense that they would push for a different approach to keep the interest and make it that bit different. I wonder if she will have the big "S" though?

*Update* The new Supergirl is...Melissa Benoist (a Glee alum)
CBS Entertainment Chairman Nina Tassler: There will be [crime] cases, but what [executive producers] Ali Adler and Greg Berlanti pitched was a real series arc for her… The beauty of it is now with shows like Good Wife and Madam Secretary, you can have serialized story elements woven into a case of the week. She’s a crime solver, so she’s going to have to solve a crime. She’s going to get a bad guy.It’s a female empow…

SpaceX Falcon 9 Not Quite Making History Yet

Remember the old fifties sci-fi movies and book jackets, where the rocket would land on the Moon (or Mars or Venus) on it's tail, balancing nicely on it's "fins"? No? Well, the photo below should refresh your memory.
Anyway, SpaceX is trying to do the same kind of thing with it's reusable Falcon 9 booster rocket, as part of their contract with NASA to resupply the International Space Station. After powering it's payload into orbit, the Falcon 9 is supposed to return to a floating landing pad and touch down on it's rump. Except it didn't. It's a tough thing to do but if they can perfect it, it will be pretty darned cool.
Before Saturday's launch, SpaceX had put the odds of a successful landing at 50 percent "at best" and likened hitting the bull's eye to "trying to balance a rubber broomstick on your hand in the middle of a wind storm." CNET


The New Lightweight Mythbusters

I just watched the first episode of the new season of the geekfest that is Mythbusters -  season 15, I believe. The new shows are minus Tori, Kari and Grant, for whatever reason (money, I'm guessing) and have a bit of a different look. There was a different title sequence, obviously to avoid anything involving the missing trio and there were two myths. The look and feel seemed different to me also, a lot of quick editing and more onscreen graphics than I remember, and I have been a pretty regular viewer. It was not bad, just different, although the first two myths they picked seemed a bit lame to me, but that may just be me being grouchy over the absence of the others, who I generally enjoyed.
Coincidentally, earlier today I had heard Tori Belleci on a podcast with Alton Brown (the Food Network guy) and Tori had recounted how he, Kari and a couple of others were hired on as builders and fabricators for the show, and how after only a few weeks, they were pulled in to do some on ca…

Comet Lovejoy On Deck

All you backyard astronomers (like Aussie Terry Lovejoy, who actually first discovered the comet bearing his name) should have a better view of this heavenly body during the next few weeks. It's orbit now brings it to a better position and it should be easier to find in the night sky. Using data from NASA, it was reported on Friday that the comet had a visual magnitude of 4.32, meaning it should be visible from places with limited light pollution like rural areas and outer suburbs. But even if you're in a more populated spot, there's a good chance you can spot it with a pair of binoculars.

To find Lovejoy, simply head outside on a clear night, ideally in the early evening hours just after dark, and look for the constellation Orion. The three bright stars that make up Orion's belt, and the hunter's arrow itself, will roughly be pointing toward the comet over the next week or so. There's a more-detailed illustration here (PDF)
. CNET 


Think You Are Seeing More Malware? You're Right

Windows PC users may think they are seeing more malware beating upon their computers - and they would be right. According to a new report from Av-test.org, there was more malware found over the last 2 years than the last 10 combined. It's not a pretty picture for Mr and Mrs computer user. Other malware watchers, such as security-software makers Malwarebytes and Kaspersky, have noticed similar trends.

Kaspersky saw four times more mobile malware attacks in 2014 than the year before, said Patrick Nielsen, a researcher with the company.

For years, antivirus software blocked malware based on the malicious software's code. But would-be hackers found a way around that: They can buy or freely download malware code; then change just a few pieces of it. Suddenly, the code is invisible to the antivirus programs, and free to wreak havoc.
CNET

A New Type Of Coffee Shop Hacker

Most of us are aware that using a public wireless network such as those found in coffee shops and other establishments can be a pretty chancy undertaking; it's just too easy for skulduggery to take place. You should be fine if you are just working offline though, right? Right? Hmmm, maybe not. If you're sitting in a coffee shop, tapping away on your laptop, feeling safe from hackers because you didn't connect to the shop's wifi, think again. The bad guys may be able to see what you're doing just by analyzing the low-power electronic signals your laptop emits even when it's not connected to the Internet.

Researchers at the Georgia Institute of Technology are investigating where these information "leaks" originate so they can help hardware and software designers develop strategies to plug them. By studying emissions from multiple computers, the researchers have developed a metric for measuring the strength of the leaks -- known technically as "side-…

GoGo Inflight Internet More Of A No-Go

Flying the not-so-friendly skies

Some decidedly slippery shenanigans in play, according to this article in Neowin.
SSL/TLS is a protocol that exists to ensure that there is an avenue for secure communication over the Internet. Through the use of cryptography and certificate validation, SSL certificates make man-in-the-middle attacks (where a third party would be able monitor your internet traffic) difficult, so the transmission of things like credit card numbers and user account passwords becomes significantly safer. In this case, performing a man-in-the-middle attack would require the attacker to attack the SSL certificate first before being able to snoop on someone's traffic.

For whatever reason, however, Gogo Inflight Internet seems to believe that they are justified in performing a man-in-the-middle attack on their users. Adrienne Porter Felt, an engineer that is a part of the Google Chrome security team, discovered while on a flight that she was being served SSL certificates fr…

Smithsonian Puts 40,000 Pieces Of Art On The Web

The Smithsonian has put a huge collection of artworks online for 2015 - and for free. Seems like the future may have a lot of libraries and museums reaching out beyond their physical buildings. The Smithsonian's Freer Gallery of Art and Arthur M. Sackler Gallery have an amazing gift for the world in 2015: a newly available collection of 40,000 digitized Asian and American artworks. The Smithsonian says its vast collection has mostly never been seen by the public, and the institution is making the collection available for free public use. The art dates from the Neolithic period to present day; the Smithsonian says the collection includes "1,806 American art objects, 1,176 ancient Egyptian objects, 2,076 ancient Near Eastern objects, 10,424 Chinese objects, 2,683 Islamic objects, 1,213 South and Southeast Asian objects, and smaller groupings of Korean, Armenian, Byzantine, Greek and Roman works." The release is part of an extensive effort by the Smithsonian to ma…