September 2013

There were 39 posts published in September 2013 (this is page 4 of 4).

Revisiting a 2003 attack on the Linux kernel

Back in 2003, someone tried and failed to plant a security exploit into the Linux kernel code in a sophisticated and well-though-out operation. In light of yesterday’s revelations of NSA teams actively working to weaken software security, this incident from a decade ago raises some questions.

It also highlights why having the source code to your software is the only way to be sure it’s secure.

An unknown intruder attempted to insert a Trojan horse program into the code of the next version of the Linux kernel, stored at a publicly accessible database.

Security features of the source-code repository, known as BitKeeper, detected the illicit change within 24 hours, and the public database was shut down, a key developer said Thursday.

An intruder apparently compromised one server earlier, and the attacker used his access to make a small change to one of the source code files, McVoy said. The change created a flaw that could have elevated a person’s privileges on any Linux machine that runs a kernel compiled with the modified source code. However, only developers who used that database were affected–and only during a 24-hour period, he added.

via Attempted attack on Linux kernel foiled – CNET News.

Car thieves rob vehicles using ‘mystery’ wireless devices

Update 11 Aug 2015: Mystery solved?

Thieves are using a mystery device to break into cars and the cops are stumped. I came across this story back in June but never posted it here:

Cops across the country are investigating a new wave of car thefts that appear to be happening with nothing more than a click of a button, the “Today” show reports.

From California to Chicago, car thieves have been caught on camera breaking into parked cars using small electronic devices that could be “cloned” car remotes.

The thieves then raid the vehicles for valuables before skulking away.

Long Beach, Calif., Deputy Police Chief David Hendricks told “Today” he’s “stumped: by the robberies.

“We are stumped and we don’t know what this technology is,” he said.

via Car thieves rob vehicles using ‘mystery’ wireless devices: report  – NY Daily News.

Continue reading

US and UK spy agencies defeat privacy and security on the internet

Shocking, or long suspected?

The files show that the National Security Agency and its UK counterpart GCHQ have broadly compromised the guarantees that internet companies have given consumers to reassure them that their communications, online banking and medical records would be indecipherable to criminals or governments.

The agencies, the documents reveal, have adopted a battery of methods in their systematic and ongoing assault on what they see as one of the biggest threats to their ability to access huge swathes of internet traffic – “the use of ubiquitous encryption across the internet”.

via US and UK spy agencies defeat privacy and security on the internet | World news | The Guardian.

Guns and butter

Two things seemingly unrelated captured my attention last week. One was the threat of war with Syria, the other was a parent encountering a child who had shown up to school with an empty stomach.

President Eisenhower once called military arms a theft from those who hunger and are not fed. Sixty years later we have yet to heed his words. When will our country stop feeding the war machine and start feeding the needy among us?

I hope those advocating for war in the name of Syria’s children will consider the needs of our children first.

Blackhole exploit detected

I was putting some dinner on the table for the kids this evening when I walked by my laptop. There were two new tabs open on my Ubuntu Firefox browser that I didn’t remember opening. Popping one of these mystery URLs into urlquery.net indicated that the URL in question has been associated with distributing browser malware, essentially letting Russian criminals access my web browser.

URL http://disruptingplayhouse.biz/closest/i9jfuhioejskveohnuojfir.php
IP 93.171.174.224
ASN AS29182 ISPsystem Autonomous System
Location [Russian Federation] Russian Federation
Report completed 2013-09-04 23:50:04 CET
Status Report complete.
urlQuery Alerts Detected BlackHole v2.0 exploit kit URL pattern
Detected live BlackHole v2.0 exploit kit

Now, the fact that I’m running Linux and I usually keep my laptop updated might help keep me from being infected by this exploit kit. I can’t tell for sure, though, so I’m running a good virus scan on my system first. It just goes to show that you can never let your cyber guard down.

I recall some mention this week about a potentially huge cyber attack taking place soon. Can’t find the link now but I’ll see if I can find it.

Magic parent moment

Yesterday afternoon I was doing my best to finish up some work while at home. My son Travis needed attention, though, as he had a math assignment he needed to finish. To his credit, he went right to work at it once he got home but soon became stumped and frustrated.

He asked me to read his assignment to him and I did, though it drew more responses from him saying it was okay if he didn’t understand it. Knowing Travis, though, I knew he would get this assignment as it involved managing money. He is very money-aware and the problem’s scenario involved keeping a balance sheet for family savings.

As I explained the problem to him and pointed out how to fill out the balance sheet, he hopped into my lap. Soon I was gently stepping him through the problem, marveling at the light bulb coming on in his head as he figured out what was being asked. Suddenly, the once insurmountable math homework was easily conquered and Travis was happily flying the flight simulator that once had to wait. We spent the rest of the evening happily crashing Cessna Citation-X’s into the ground.

I’m no dummy, I’m getting old and my kids are growing up fast. The opportunities to have my kids hop into my lap while we work on homework are becoming fewer and farther between. It was a real treat to help Travis over his frustration and get to play parental hero one more time.

Ex-spooks debate Snowden’s actions

I’m a member of a Facebook group called United States Navy Cryptologic Technicians. Last week a member authored a post which questioned why NSA leaker Edward Snowden wasn’t being hunted down with all available resources. It spawned a very lively debate amongst ex-spooks about Snowden’s motives and those of the NSA, a debate which continues as I post this. There are many former spooks like myself who find the NSA’s new reach to be quite alarming, while others seem to be comfortable with Americans’ almost complete lack of online privacy. Several point out that Snowden took an oath to protect this information and broke his oath.

I took a similar oath when gained my security clearance. Like every other servicemember, however, the first oath I took was support and defend the Constitution of the United States “against all enemies, foreign and domestic.” To the extent that the latter conflicts with the former, the former (being the law of the land) always takes precedence. In addition, it was drilled into us as sailors that it was our duty to disobey an unlawful order. In hindsight this is far easier to say than do, as in practice disobeying a lawful order would most likely put you in a world of hurt. At least the government would come out looking good during your court-martial.
Continue reading

Fixing the home

Friday I was chatting with a neighborhood parent when she told me of a disturbing incident she witnessed as she drove through my neighborhood earlier this summer.

As she was passing one house, she saw a woman getting into a car at the curb as a young boy, probably 7 or 8, came running up to her. Anticipating a loving scene where the boy gets a big hug from his mom, my friend was instead shocked to see the woman turn and strike the boy with the back of her hand, knocking him to the ground!

The kid picked himself up off the ground and calmly walked back into the house. It was as if this wasn’t the first time that this kid had been hit.

I was aghast. Hearing this broke my heart. This kid lives in my neighborhood. I’ve waved to him many times as he’s quietly ridden his bike around his front yard, always by himself. He seems like a good kid but that’s beside the point. What the hell was this woman thinking to hit a child like that? How screwed up is she to think this is okay?
Continue reading

Labor Day lake visit

Yesterday the family packed up some snacks, supplies, and the dog and drove up to Lake Gaston to visit our family friends, the Naylors, at their lakehouse for the day. We had a nice ride around the lake on their pontoon boat, stopping in a cove to go for a quick swim before returning to their house. Storm clouds were approaching by that time so we stayed inside and caught up. It was a wonderful visit with wonderful friends.

On the way back those storm clouds continued darkening and 45 minutes into the drive home the bottom absolutely fell out. I spent a good 15 minutes driving through very heavy rain! It reached its fiercest when we neared Franklinton but never completely ended. By the time we got into Raleigh we were hitting large puddles all along Atlantic Avenue and Kelly saw Crabtree Creek nearing the top of the bridge at Hodges St. Fortunately for us it stopped raining almost exactly as long as it took us to unload the major things from the car.

At some point yesterday afternoon I developed a raging headache which continued through dinner and never let up. Driving in a heavy rain did little to relieve it, too. I got home and decided the only thing that could make me feel better was a shower and bed. I was asleep by 10 after 9. I feel better now, though.