Military Contingencies in Megacities and Sub-Megacities – “After elucidating the nature of urbanization and developing a typology in terms of smart, fragile, and feral cities, we give consideration to the kinds of contingencies that the U.S. military, especially the Army, needs to think about and prepare for. Understanding the city as a complex system or organism is critical and provides the basis for changes in intelligence, recruitment, training, equipment, operations, and tactics.” – I’m reading this later today.
EU negotiators will offer Brits an individual opt-in to remain EU citizens, chief negotiator confirms – As @ManMadeMoon said, “Step 1 to a new, non-geographical nationhood! This is getting really interesting.”
Georgia Secretary of State aggressively confronting DHS over a “penetration of [Georgia’s] firewall.”
Finally seeing a bill to impeach the South Korean president (this whole saga is fascinating to me).
From the International Spectator, the world’s most frequent flight paths.
NASA finally has its own Giphy page.
Via Karen James: “Hey neuroscientists & neuroscience-inspired artists, check out this pattern around a rock in a pond in @AcadiaNPS as it begins to freeze.”
And finally, via ars technica: Millions exposed to malvertising that hid attack code in banner pixels – “The malicious script is concealed in the alpha channel that defines the transparency of pixels, making it extremely difficult for even sharp-eyed ad networks to detect. After verifying that the targeted browser isn’t running in a virtual machine or connected to other types of security software often used to detect attacks, the script redirects the browser to a site that hosts three exploits for now-patched Adobe Flash vulnerabilities.”
Raw Story – Mich. Repub ripped after suggesting that making black students white would ‘fix’ school issues – ‘Footage posted by the American Federation of Teachers (AFT) shows Knollenberg saying during a state Senate committee meeting on Thursday, “You mentioned these school districts failing, and you mention economically disadvantaged and non-white population are contributors to that. I know we can’t fix that. We can’t make an African-American white. That’s just, it is what it is.”’ – also – ‘He denied citing race as a specific factor and pointed out that he has a black employee at his insurance company.’ – Horrifying.
CNBC – Interest in active shooter insurance grows – “The insurance policy covers potential liability if an institution is deemed not to have taken the steps needed to prevent gun violence, according to Fortune.” – WELL now that insurers are set to make a profit off mass shootings I think it’s even safer to say legislators are going to do fuck all about the issue. The NRA profiting off putting the country at risk isn’t enough – now the financiers are in on it. I’m waiting for securitization of security-weakening legislation, a new derivatives market that lays bets on the specifics of the next shooting.
Reuters – Czech MEP accused of trying to snatch 350 million euros from Swiss bank – “They include Miloslav Ransdorf, 62, an expert on Karl Marx and a former philosophy teacher who speaks about dozen languages and who has served in the European Parliament since the Czech Republic’s entry to the European Union in 2004.” – Can’t wait for the movie version of this.
MSNBC – Ben Carson to veterans: ‘Deal with the transgender thing somewhere else’ – ‘“If you can’t lift, you know, a 175 pound person on your shoulder and hoist them out of there, I don’t want you as my backup,” he continued.’ – I love that a guy who had the courage to direct an armed robber at someone else and brag about it finds himself fit to judge combat readiness.
NBC – President Jimmy Carter Says Cancer in Brain Is Gone – The one good bit of news I’ve seen all December. So thankful for this.
It’s always interesting to me to watch the reaction to dark net drug markets fold and likely abscond with the bitcoin of everyone involved. Looks like Nucleus either exit-scammed or got hacked.
A good introduction to threat intelligence by Farsight Security. Also a good intro to reputation systems.
SwiftOnSecurity is one of the most delightful and knowledgeable accounts on twitter, and they’ve recently shared their OPML of security feeds. Go through and add relevant ones to your RSS reader.
New York Magazine was hit with a DDoS attack and taken offline after publishing a story involving 3/4 of the Cosby accusers.
Not new, but amusing: erroring trashcan.
And, apropos of nothing, a federal officer was injured in an explosion when the meth lab he was apparently building in an empty National Institute of Standards and Technology facility blew up (via Reddit).
NYSE being vague about yesterday’s major trading glitch. I’m not convinced, but I’ve got no evidence to the otherwise.
Two lawyers talking about how artificial intelligence may affect legal work.
The Daily Beast on how OPM’s IT security department had no one with IT security experience.
The parody DPRK News twitter account ended up as a Fox News reference.
Excellent TED talk highlighting American women on the front lines in Afghanistan.
Of special note:
Author and all-around awesome person Patrick Rothfuss has started a new podcast with Max Temkin of Cards Against Humanity fame (or infamy). Really loved their first conversation – check it out here.
Surprising news that Reddit nearly decentralized last year. Guessing after last week we’re about to see a reconcentration of authority.
Rob Graham on Google’s ‘Project Fi’ virtual mobile phone.
Motherboard on a fantastic long-range wifi proxy.
Milton Security: Harvard University breached.
Susan Landau at Lawfare with a great post on FBI Director Comey conflating the lone wolf threat and the encryption issue.
Brookings debate on whether to put boots on the ground to fight ISIS. Incredibly important conversation to engage in, and on an intelligent, mutually respecting basis. Need more conversations like these across our society.
Piketty on Germany and Greece. And an amazing project trying to crowdfund Greece’s 1.6B Euro payment.
Slate on Greece’s rejection of austerity through its referendum.
On a similar point, here’s the Guardian on where Greek bailout money went.
And from the FT via Tyler Cowen,
The Shanghai Composite has now fallen 12.1 per cent since Monday, its third consecutive week of double-digit losses since hitting a seven-year high on June 12.
The Shanghai index is firmly in bear market territory, down 28.6 per cent since the June peak, while the tech-heavy Shenzhen Composite has fallen 33.2 per cent.
There were also signs on Friday that the stock market turmoil is beginning to reverberate beyond China. The Australian dollar, often traded as a proxy for China growth, is down 1.2 per cent to a six-year low of US$0.7539.
The 21st Century Business Herald, a Chinese daily newspaper, on Friday quoted multiple futures traders as saying they had received phone calls from the China Financial Futures Exchange instructing them not to short the market.
Brian Krebs on appearances of hacked routers in the delivery of malware as well as a roundup of recent cases involving cybercriminals.
Delightfully pun-filled piece on a new, smaller and non-contact way to use radio emissions from a CPU to capture and derive cryptographic keys. Amused at the “can fit in a pita bread” metric.
Motherboard on a researcher working to identify malicious exit nodes in the Tor network by determining which ones are harvesting and using juicy-looking login credentials.
Hacker News on an unknown vulnerability being used to steal credit card information from sites using the e-commerce solution Magento.
Expert Rob Graham on why the new “Government Cyber Underwriter Lab” is a bad idea. I pretty thoroughly disagree but that’s no reason to not ponder some of the truths Graham laid out.
Great news, everyone: the ridiculously expensive, over-budget, behind-schedule, plagued-with-problems F35 just got bested in a dogfight with an F16 designed over 40 years ago.
Busy morning of writing and reading.
Brian Krebs on an emergency software patch for Adobe Flash – this is a must read.
Neat, short video from SethBling explaining how he taught an AI, or rather it taught itself, how to play a video game. (YouTube)
IT World: The US Navy’s warfare systems command just paid millions to stay on Windows XP. Sigh. I feel like when AI turns sentient the thing it will judge us for first is staying on Win XP and Server 2k3.
EFF’s “Who Has Your Back” chart on how companies protect your data (or don’t).
RubyGems exploit looks like it makes vulnerable a million-plus Ruby installs.
NextGov reports that the OPM hack showed up at the National Archives.
*GREAT* Washington Post article on L0pht and the warnings they issued about the internet quite a while ago.
Good Reddit thread on a user’s concern about Bitcoin (I’ve got piece-in-production about bitcoin at the moment but needed to sit on it a few days thanks to events that happened yesterday).
TNW reporting that music app Tidal just fired their second CEO in two months. Not looking good for them.
Interesting if somewhat odd short documentary produced by Norton antivirus on Romania’s plethora of hackers. (YouTube)
The Wall Street Journal’s Paul Vigna and Michael Casey talking about bitcoin at Google. (YouTube)
Expert J.M. Berger’s definition of terrorism – worth reflecting on at the moment.
The Intercept on NSA and GCHQ targeting anti-virus products. While I don’t necessarily dig the Intercept’s politics all the time their technical analysis is often razor sharp, as it is here.
The Norse Security blog Dark Matters posted an interesting take on ‘hackback doctrine’ or the idea that if you’ve been hacked you should, as a private individual or corporation, have the right to hack back to stop the attack and retrieve your data.
Farsight Security’s Senior Program Manager Kelly Molloy provided a so-far three part series on creating “spamtrap” email addresses that has proved fascinating: Part 1: Demistifying Spamtraps, Part 2: Keeping It Confidential, Part 3: Creating and Seeding.
Ars Technica provided a great, damning article on the sad state of affairs at the Office of Personnel Management that led to it being hacked. Twenty year old COBOL-coded apps running on Oracle frameworks and IT outsourcing to a systems administrator in China who was given root access. Unreal.
9-to-5 Mac among others published about a major security flaw in iOS and OS X which Apple sat on for six months that exposed two different password applications (Apple’s Keychain and 1Password) to exploits. Here’s Brian Krebs on the iOS/OS X vulnerability as well as one affecting Samsung devices.
Lots of talk on an FBI investigation into the St. Louis Cardinals “hacking” the Houston Astros; it appears they just used a password list from a previous employee at this point, leading Motherboard to criticize the terminology employed by the NYT and others.
The Sunday Times put out an article this weekend suggesting that Russia had decrypted all of the Snowden documents and Britain subsequently had to burn quite a bit of its foreign intelligence structure. The story seemed pretty weak at the outset and was made all the weaker by this interview with the author on CNN who seems to literally know nothing about his own story.
The Hill reports that the head of the US Marshals is resigning rather than dealing with increased scrutiny about their surveillance techniques, which is a bit of a tell.
Norse had several posts of note this week; the US Navy’s bold announcement (now retracted) seeking zero-day exploit contractors, an uptick in Cryptowall infections and some numbers showing a 1400% return on investment in malware.
Panel from last year with writer Warren Ellis, technologist Ben Hammersley and journalist and political analyst Edie Lush talking about whether IT has changed how we think at the Institute of Art and Ideas. (YouTube)