Tag Archives: hacking

Errata: Megacity Fighting, EU Citizenship, Georgia v. DHS, South Korea,

Military Contingencies in Megacities and Sub-Megacities – “After elucidating the nature of urbanization and developing a typology in terms of smart, fragile, and feral cities, we give consideration to the kinds of contingencies that the U.S. military, especially the Army, needs to think about and prepare for. Understanding the city as a complex system or organism is critical and provides the basis for changes in intelligence, recruitment, training, equipment, operations, and tactics.” – I’m reading this later today.

EU negotiators will offer Brits an individual opt-in to remain EU citizens, chief negotiator confirms – As @ManMadeMoon said, “Step 1 to a new, non-geographical nationhood! This is getting really interesting.”

Georgia Secretary of State aggressively confronting DHS over a “penetration of [Georgia’s] firewall.”

Finally seeing a bill to impeach the South Korean president (this whole saga is fascinating to me).

From the International Spectator, the world’s most frequent flight paths.

NASA finally has its own Giphy page.

Via Karen James: “Hey neuroscientists & neuroscience-inspired artists, check out this pattern around a rock in a pond in @AcadiaNPS as it begins to freeze.”

And finally, via ars technica: Millions exposed to malvertising that hid attack code in banner pixels – “The malicious script is concealed in the alpha channel that defines the transparency of pixels, making it extremely difficult for even sharp-eyed ad networks to detect. After verifying that the targeted browser isn’t running in a virtual machine or connected to other types of security software often used to detect attacks, the script redirects the browser to a site that hosts three exploits for now-patched Adobe Flash vulnerabilities.”

Errata: In-game Nuke Disarmament,VR, Toy Hack, Smart TV hack, Trump & Heller

Ars TechnicaThe worldwide effort to disarm Metal Gear Solid V’s nuclear weapons – ‘As Konami recently officially announced, a “secret nuclear disarmament event” will be triggered for all players only when “All nuclear weapons on the regional server corresponding to your console or platform must have been dismantled. In other words, the amount of nukes on your platform’s server must be equal to 0.”‘ – This is going to be fascinating to watch play out – principle-driven or benefit-driven disarmament leaving parties at a tactical disadvantage, and how that’ll affect gameplay. Factions already rising.

Motherboard One of the Largest Hacks Yet Exposes Data on Hundreds of Thousands of Kids – “The personal information of almost 5 million parents and more than 200,000 kids was exposed earlier this month after a hacker broke into the servers of a Chinese company that sells kids toys and gadgets…” – Why you should rethink buying your kid internet-connected toys (they almost invariably require giving up personal information). Info included headshots of kids as well as their chat logs. Good god.

Motherboard Real Drugs, Virtual Reality: Meet the Psychonauts Tripping in the Rift – ‘ “Soon after dosing I had forgotten that I had the Rift on. The simulation was a grasslike landscape but I was too tripped out to actually walk around using the controller. I was sitting in my desk chair which has rubbery armrests. At some point I started to think I was a rabbit bunny thing, and started biting the rubbery armrests of my chair like a maniac thinking it was a carrot.”’

MotherboardSex Ed in VR Can Prepare Young Women for Actual Sex – “Using Oculus technology, users would enter dozens of lifelike scenarios to role-play consent, proper contraception use and other components of safe sex from a first-person perspective.”

Universe TodayEarth May Be “Hairy” with Dark Matter – “Prézeau used computer simulations to discover that when dark matter stream passes through a planet — dark matter passes right through us unlike ordinary matter — it’s focused into an ultra-dense filament or hair. Not a solo strand but a luxuriant crop bushy as a brewer’s beard.” – I always knew the universe approved of my beard. Now I have proof.

Security LedgerRansomware Works on Smart TVs, Too!Spent a chunk of this weekend (in a Manhattan hotel) pondering Smart TVs as a platform to eavesdrop on people using insecure hotel wifi and pass on infections. More to come later – maybe in fiction, maybe just pondering.

Finally, was reading the fantastic comic Transmetropolitan in some downtime and was reminded of just how much Ellis foresaw Trump and his fans through the guise of Bob Heller:

trumpcrowd

trump

Errata: iPhone hack bounty, Unclaimed Dead, Fire Ant Swarms, Nanoparticles, Cancer-killing Viruses, more

Million-dollar bounty paid out for iPhone hack.

Fascinating article from the Journal of Forensic Sciences: “Who are the Unclaimed Dead?

Fascinating Motherboard article on the liquid properties of fire ant swarms.

Emergent Futures relaying studies on the neurological aspects of mystical and mysterious experiences.

The runaway billion-dollar JLENS blimp was finally downed thanks to hundreds of shotgun blasts from Pennsylvania police.

Engadget: HTC has begun refusing to offer guidance on its corporate future. Also, Seattle cop who developed transparency-oriented software has left the force, apparently due to departmental politics.

Also Engadget: how medicine-covered nanoparticles could help stroke victims.

Ars Technica on cancer-killing viruses.

Errata from today

Great few days of random stuff on the internet. A gourmet sampling for you:

Great Salon piece by Mary Elizabeth Williams on the new Star Wars film showing an aged Carrie Fisher as an aged Princess Leia, and how much of a departure that is for Hollywood.

The most breathtaking moment in the new trailer for “Star Wars: The Force Awakens” trailer doesn’t involve explosions or lightsabers or ominous references to the Dark Side. It’s an eyeblink-long shot of Princess Leia herself, Carrie Fisher, in the embrace of Harrison Ford’s Han Solo. It’s a moment of a weary-looking woman with graying hair and lines on her face. Holy science fiction, Hollywood — somewhere, in a galaxy far, far away, a grown woman has been given permission to look like a grown woman. I want to go to that planet!

Lots more quotable passages in that piece, but go read it yourself.

That porn playing over the PA systems in Target? Was a result of both a technological and personnel weakness where pranksters called stores and requested a specific extension that gave them complete control over the PA remotely.

Insecure wifi-enabled tea kettles allow researchers to crack the password of the networks they’re connected to.

A hummus joint in Israel is offering a 50% discount to tables with Arabs and Jews sitting together.

Incredible TEDtalk by Martin Pistorius on his experience with locked-in syndrome. His early experiences are as close to hell as I can imagine. Tremendous respect for the person he is.

And via Jamie Ford’s facebook, “Ursula K. Le Guin’s reaction, when asked to blurb a short story collection with no female authors.”

12109023_10153700000023270_9108933038707478077_n

A Chrysler Rolling Botnet In Three Steps

Chrysler’s mailing out USB sticks to customers who want to fix a vulnerability in their car by themselves. It took about four seconds for me to realize how bad this idea is.

1. Scrape DMV info for owners of relevant Chrysler models – you can use public RMV portals and just automate the attack. Or if you want something a little less obvious you can fall further down the rabbit hole and hack a police department – most local PDs have terrible information security, and there exist a few specific, mandatory weaknesses that’d be easy to exploit by something as simple as dropping a malware-laden USB drive in the parking lot. Trust me, they’ll plug it in. From there you just use their dedicated connection to CJIS.

2. Find a Print-On-Demand merchandise company and order hundreds of official-looking Chrysler USB drives. Easy to portray yourself as a local Chrysler dealership to allay suspicions of the POD firm – pop-up domain, letterhead, IP voicemails, etc.

3. Drop malware onto your official-looking Chrysler USBs, mock up some letterhead and mail them out to the car owners.

Suddenly you’ve got a rolling botnet – dozens, hundreds, even thousands of cars not only vulnerable to attack but thanks to the fact that most cars are internet-connected and IP-enabled, cars that can take part in other attacks, such as a distributed denial of service attack.

The biggest question is whether Chrysler cryptographically signs the update and phones home to verify it before opening and installing – and my guess is no. In the unlikely event I’m wrong, pivot this attack from the cars to the computers of vehicle owners and you’ve got a convincing way into the computers of thousands of Chrysler customers.

Security & Tech Briefs: Chrome, Trump, Smartwatches, Mac Exploit

Detectify Labs shared a clever way to deactivate security (or any) chrome plugins with a simple ping.

Donald Trump’s website was hacked, likely due to a CMS that hadn’t been patched in five years.

The insurance industry is concerned about smartwatches, the Internet of Things, big data and information security.

Ars Technica on a major 0day Mac exploit that’s already being seen in the wild.

Countdown to Zero Day: Read it.

Spent a chunk of this week reading Kim Zetter’s Countdown to Zero Day: Stuxnet and the Launch of the World’s First Digital Weapon and found it to be a good, timely book. Zetter, a senior staff writer for Wired, spins a well-focused narrative relevant not only to Stuxnet but to one of the more active issues in US politics right now: the Iranian nuclear program. Zetter goes into deep but comprehensible detail about nuclear weapons production and Iran’s specific methods and capabilities.

Another place the book shines is the way it leads the reader through malware detection and reverse-engineering processes. Zetter maintains an active and involved storyline that feels not at all like a technical report about either a virus or uranium enrichment. Add that there was no discernible political agenda and you’ve got a pretty damn good read on the details and wider contexts of Stuxnet.

Highly recommended.

Security and Technology Briefs: Nucleus Explosion, Threat Intelligence, Security Feeds, More

It’s always interesting to me to watch the reaction to dark net drug markets fold and likely abscond with the bitcoin of everyone involved. Looks like Nucleus either exit-scammed or got hacked.

A good introduction to threat intelligence by Farsight Security. Also a good intro to reputation systems.

SwiftOnSecurity is one of the most delightful and knowledgeable accounts on twitter, and they’ve recently shared their OPML of security feeds. Go through and add relevant ones to your RSS reader.

New York Magazine was hit with a DDoS attack and taken offline after publishing a story involving 3/4 of the Cosby accusers.

Not new, but amusing: erroring trashcan.

And, apropos of nothing, a federal officer was injured in an explosion when the meth lab he was apparently building in an empty National Institute of Standards and Technology facility blew up (via Reddit).

Briefs: Women in Combat, NYSE, AI and Legal Work, OPM, Rothfuss

NYSE being vague about yesterday’s major trading glitch. I’m not convinced, but I’ve got no evidence to the otherwise.

Two lawyers talking about how artificial intelligence may affect legal work.

The Daily Beast on how OPM’s IT security department had no one with IT security experience.

The parody DPRK News twitter account ended up as a Fox News reference.

Excellent TED talk highlighting American women on the front lines in Afghanistan.

Of special note:

Author and all-around awesome person Patrick Rothfuss has started a new podcast with Max Temkin of Cards Against Humanity fame (or infamy). Really loved their first conversation – check it out here.

News Briefs: Reddit, Wifi, Comey’s Conflating, Combat troops vs. ISIS, more

Surprising news that Reddit nearly decentralized last year. Guessing after last week we’re about to see a reconcentration of authority.

Rob Graham on Google’s ‘Project Fi’ virtual mobile phone.

Motherboard on a fantastic long-range wifi proxy.

Milton Security: Harvard University breached.

Susan Landau at Lawfare with a great post on FBI Director Comey conflating the lone wolf threat and the encryption issue.

Brookings debate on whether to put boots on the ground to fight ISIS. Incredibly important conversation to engage in, and on an intelligent, mutually respecting basis. Need more conversations like these across our society.

Piketty on Germany and Greece. And an amazing project trying to crowdfund Greece’s 1.6B Euro payment.

Slate on Greece’s rejection of austerity through its referendum.

On a similar point, here’s the Guardian on where Greek bailout money went.

And from the FT via Tyler Cowen,

The Shanghai Composite has now fallen 12.1 per cent since Monday, its third consecutive week of double-digit losses since hitting a seven-year high on June 12.

The Shanghai index is firmly in bear market territory, down 28.6 per cent since the June peak, while the tech-heavy Shenzhen Composite has fallen 33.2 per cent.

There were also signs on Friday that the stock market turmoil is beginning to reverberate beyond China. The Australian dollar, often traded as a proxy for China growth, is down 1.2 per cent to a six-year low of US$0.7539.

The 21st Century Business Herald, a Chinese daily newspaper, on Friday quoted multiple futures traders as saying they had received phone calls from the China Financial Futures Exchange instructing them not to short the market.