debian drops sparc

2015.07.27

Man, kind of a bummer: https://lists.debian.org/debian-devel-announce/2015/07/msg00006.html

I spent a few weeks tweaking old sparc boxes to work with FreeBSD and getting to know the hardware and making it work with software that wasn’t originally meant for it was a great lesson.

Categories : News
Tags :       

Inconvenient Message Detection

2015.03.02

via http://topchicksdigengineeringguys.blogspot.com/2015/03/the-inconvenient-message-detection-imd.html

Steganography that requires computing effort. Steganography is the idea of hiding data in the unimportant bits of an image. This is an old idea. The new twist is that with ‘Inconvenient Message Detection’ (IMD) that data can only be found if the decoder does an amount of computational work that’s decided by the encoder.

Let’s look at how this solved our problem: If some people use IMD, it makes every image suspect. When a mass-observer wants to see what communication is going on, they must use compute power to check every image. Furthermore, because the compute effort needed to find an image is set by the encoder, it is uncertain to the mass-observer; they never knows for certain if they’ve worked hard enough. By contrast, the intended recipient of a message presumably got the single datum that a message exists in some public image and will put in as much compute effort as is needed to find the data in that single image. Having every image on the internet be a potential carrier of secrets makes the mass observation of communication meta-data expensive and uncertain.

Furthermore, even a individual under direct observation can increase their protection with IMD. An individual may own thousands of images of which only one contains an secret. Until the secret is found by an observer, the individual has plausible denyability of the secret’s existence. The observer may even give up before spending the necessary compute effort to find it. This increases their resistance to coercion.

furbo.org · Grass Mud Horse

2015.01.29

The Chinese government is not only being deceitful with IP addresses, they’ve also begun cracking down on a mechanism that lets its citizens avoid the bullshit: VPN. Grass Mud Horse!

This action, combined with the DDoS floods, is beneficial to a government that’s intent on isolating its citizens from the free and open Internet. They make it hard to get a packet out of China, but even if you succeed, it’s likely to be blocked by a server that’s been victim of their DDoS.

On the surface, this seems like a good strategy for creating your own private Internet: a network where no packets can enter the west or leave the east.

via furbo.org · Grass Mud Horse.

I’ve been seeing a lot of probes in my logs — mostly search engines, but a fair bit that wasn’t — from China. And here you go.

DDoS attacked using Chinese torrents

2015.01.23
Categories : News

Newly published NSA documents show agency could grab all Skype traffic | Ars Technica

2014.12.31

The full capture of voice traffic began in February of 2011 for “Skype in” and “Skype out” calls—calls between a Skype user and a land line or cellphone through a gateway to the public switched telephone network (PSTN), captured through warranted taps into Microsoft’s gateways. But in July of 2011, the NSA added the capability of capturing peer-to-peer Skype communications—meaning that the NSA gained the ability to capture peer-to-peer traffic and decrypt it using keys provided by Microsoft through the PRISM warrant request.

via Newly published NSA documents show agency could grab all Skype traffic | Ars Technica.

Two Dudes Prove How Easy It Is to Hack ATMs for Free Cash

2014.11.14

Around 2005, crooks discovered that the default factory-set master passcodes for the Tranax and Trident ATMs were printed right in the service manuals, which were readily available online. Triton’s master passcode was “123456.”

The manuals urged machine owners to immediately change the passcodes from the defaults, but many of the small business owners who favor the inexpensive, pedestal-sized machines never made the change. That led to an uncommon phenomenon in the world of cyber crime: hacking as a street crime.

via Two Dudes Prove How Easy It Is to Hack ATMs for Free Cash | WIRED.

 

  The tragedy is not that it happened, but that it keeps happening. But: people. Why not set them with a “must change password on first boot” bit? Because lazy people, that’s why.

Categories : News
Tags :       

Shon Harris – Logical Security, Contributor

2014.11.11

Shon Harris – Logical Security, Contributor, passed away last month, Oct 8, 2014.

Categories : News
Tags :       

An Unprecedented Look at Stuxnet, the World’s First Digital Weapon | WIRED

2014.11.03

Google Online Security Blog: This POODLE bites: exploiting the SSL 3.0 fallback

2014.10.14

With This Tiny Box, You Can Anonymize Everything You Do Online | WIRED

2014.10.13
Categories : News  News  Privacy  Security