Blackhole exploit detected

I was putting some dinner on the table for the kids this evening when I walked by my laptop. There were two new tabs open on my Ubuntu Firefox browser that I didn’t remember opening. Popping one of these mystery URLs into urlquery.net indicated that the URL in question has been associated with distributing browser malware, essentially letting Russian criminals access my web browser.

URL http://disruptingplayhouse.biz/closest/i9jfuhioejskveohnuojfir.php
IP 93.171.174.224
ASN AS29182 ISPsystem Autonomous System
Location [Russian Federation] Russian Federation
Report completed 2013-09-04 23:50:04 CET
Status Report complete.
urlQuery Alerts Detected BlackHole v2.0 exploit kit URL pattern
Detected live BlackHole v2.0 exploit kit

Now, the fact that I’m running Linux and I usually keep my laptop updated might help keep me from being infected by this exploit kit. I can’t tell for sure, though, so I’m running a good virus scan on my system first. It just goes to show that you can never let your cyber guard down.

I recall some mention this week about a potentially huge cyber attack taking place soon. Can’t find the link now but I’ll see if I can find it.

Human Evolutionary Change 100 Times Higher in Past 5,000 Years

Fascinating.

“We are more different genetically from people living 5,000 years ago than they were different from Neanderthals,” according to John Hawks -University of Wisconsin anthropologist. “Five thousand years is such a small sliver of time – it’s 100 to 200 generations ago. That’s how long it’s been since some of these genes originated, and today they are in 30 or 40 percent of people because they’ve had such an advantage. It’s like ‘invasion of the body snatchers.’What’s really amazing about humans,” Hawks continued, “that is not true with most other species, is that for a long time we were just a little ape species in one corner of Africa, and weren’t genetically sampling anything like the potential we have now.”

via Human Evolutionary Change 100 Times Higher in Past 5,000 Years Today's Most Popular.

Secrets and who can keep them

I was mining my blog for some unrelated information (isn’t that always how it starts, eh?) when I came upon this post I wrote last December after the job networking site LinkedIn had its entire password database stolen. I made the point that 99% of passwords being used out there are trivially cracked by modern computers.

The post made me recall how time and again how the federal government has sounded the alarm over how vulnerable American business is to cyberattack. In light of the revelations of massive, illegal NSA spying on Americans, these warnings seem patently ludicrous. You see, the whole time the federal government has played the cybersecurity good guy in public, in reality the last thing it wants is for American business to secure its data. Make it secure, they tell us. Just don’t make it too secure.

Yeah, right.

Six things you might not know about solar panels

Solar PV deck

Recently a neighbor asked about our home’s solar photovoltaic (PV) system. Since he’s not the first I thought I might write about our system, specifically a few things people might not know about PV systems. This reflects my experience and may differ from others. As always, your mileage may vary.

Solar PV is not rocket science. Solar PV literally once was rocket science, as one of its first practical applications was to power orbiting satellites. Apollo astronauts even left solar panels on the moon. Fortunately, a PV system no longer requires a NASA-sized budget nor an engineering degree. While the jargon may be confusing at first, you’ll quickly learn what’s what and things will start to make sense.
Continue reading →

Email service used by Snowden shuts itself down, warns against using US-based companies | Glenn Greenwald

I didn’t know about Lavabit until they pulled their own plug yesterday, but I deeply respect its owners’ refusal to play along to the NSA’s excessive and unconstitutional spying.

A Texas-based encrypted email service recently revealed to be used by Edward Snowden – Lavabit – announced yesterday it was shutting itself down in order to avoid complying with what it perceives as unjust secret US court orders to provide government access to its users’ content. “After significant soul searching, I have decided to suspend operations,” the company’s founder, Ladar Levinson, wrote in a statement to users posted on the front page of its website. He said the US directive forced on his company “a difficult decision: to become complicit in crimes against the American people or walk away from nearly ten years of hard work by shutting down Lavabit.” He chose the latter.

via Email service used by Snowden shuts itself down, warns against using US-based companies | Glenn Greenwald | Comment is free | theguardian.com.

WordPress brute force hack attacks

Since this spring, the world’s WordPress sites have seen a surge of brute-force hacking attempts, where scripts running from “botnets” have been steadily trying one dictionary word after another in an attempt to take over their victim sites.

I was alarmed to discover this traffic hitting my website earlier this week and was stymied as to how to prevent it. Normally when one gets a hacking attempt, it’s a simple thing to block that site’s IP address using firewall rules. In this case, however, the attackers are using a massive array of hacked computers scattered around the world. Each hack attempt comes from a different IP address, making it impractical to block them all.

Wondering if my site would soon fall to these script kiddies, I took some time to configure some analysis tools to get a better idea of what I was facing.

I needn’t have worried. This is what these genius password attempts look like:
Continue reading →

Poor password management by banks

I recently signed up to the site of one of my (many) 401K administrators. When it came time to pick a password for my account, I was disappointed to see the kind of restrictions the bank put on my choice of password:

Password requirements:

Must contain 8 – 20 characters
Must contain at least one letter and one number
Is case sensitive (e.g. “MyPassword” with an uppercase “M” and “P” is different from “mypassword” with a lowercase “m” and “p”)
Cannot contain any spaces
Cannot contain special characters (e.g. !#$%^&@,;*( )+~?<>‘\”)
Cannot contain more than 2 of the same consecutive letters or numbers (e.g. aaa or 222)
Cannot be the same as your previous 6 passwords
Cannot be the same as your Username

I understand some of these, but not allowing spaces or special characters? That significantly reduces the complexity of available passwords, making the password easier to crack. Now perhaps they get around this by giving the user x number of tried before locking her out, but why not just allow special characters?
Continue reading →

Science museum scavenger hunt champions!

Scavenger hunt champions!

Thursday evening the family and I signed up for the first ever scavenger hunt in the North Carolina Museum of Natural Sciences. The Natural Science museum has been our favorite family museum ever since we had kids. We know it very, very well, so when the opportunity came up to participate in a scavenger hunt we were ready!

A couple dozen families showed up for the hunt, each one given a small booklet with the clues in it. The teams had one hour to complete the hunt, with the organizer saying he would be surprised if anyone did complete the hunt.

But the Turners, competing as the “Absolute Zeros,” did complete the hunt, getting most (if not all) of the answers correct (we were not allowed to keep our booklet so that the answers might be used again in a future hunt). At the end, we were awarded a prize for one of the most creative team names (we wanted the coolest name we could think of) and the grand prize for being scavenger hunt champions! That included museum water bottles, free tickets to the Dinosaurs in Motion exhibit, tote bags, and a sweet backpack donated by Great Outdoor Provision Company (which retails for $100).

Regardless of whether we won or lost, though, we had a blast exploring our favorite museum in Raleigh. We hope to participate again in the future!

Hackers Are Now Leery About Inviting the NSA to Their Conventions

Ruh-roh.

The announcement appeared at the conference website yesterday, in a post titled, “Feds, We Need Some Time Apart.”

For over two decades DEF CON has been an open nexus of hacker culture, a place where seasoned pros, hackers, academics, and feds can meet, share ideas and party on neutral territory. Our community operates in the spirit of openness, verified trust, and mutual respect.

When it comes to sharing and socializing with feds, recent revelations have made many in the community uncomfortable about this relationship.

via Hackers Are Now Leery About Inviting the NSA to Their Conventions – Yahoo! News.

Why Are Dead People Liking Stuff On Facebook? – ReadWrite

Here’s a follow-up to the Mitt Romney Facebook hacking story. Apparently, the bogus “likes” continue long after the election was over.

Last month, while wasting a few moments on Facebook, my pal Brendan O’Malley was surprised to see that his old friend Alex Gomez had “liked” Discover. This was surprising not only because Alex hated mega-corporations but even more so because Alex had passed away six months earlier.The Facebook “like” is dated Nov. 1, which is strange since Alex “passed [away] around March 26 or March 27,” O’Malley told me. Worse, O’Malley says the like was “quite offensive” since his friend “hated corporate bullshit.”

via Why Are Dead People Liking Stuff On Facebook? – ReadWrite.