Archive

Author Archive

Interesting Links: Aug 3, 2015

August 3, 2015 2 comments

Here are links to a few interesting news articles I came across recently. They are about first hints of the totally foreseeable disasters resulting from a reckless and short-sighted drive by many corporations to connect everything to the internet aka the “Internet of Things”.

Why do drug infusion pumps, basic and important aspects of automobile control systems or electronic sniper sights require a connection to the internet?

Link 1: FDA tells hospitals to ditch IV pumps that can be hacked remotely

The Food and Drug Administration “strongly encourages” hospitals to stop using Hospira’s Symbiq Infusion System, because it’s vulnerable to cyberattacks that would allow a third-party to remotely control dosages delivered via the computerized pumps. Unauthorized users are able to access the Symbiq system through connected hospital networks, according to the FDA and the Department of Homeland Security’s Industrial Control Systems Cyber Emergency Response Team. ICS-CERT reported the vulnerability on July 21st and the FDA released its own safety alert on Friday, July 31st. Thankfully, there are no reported incidences of the Symbiq system being hacked. Hospira does not sell the Symbiq system anymore, but it’s still available for purchase from some third-party retailers and the FDA warns against buying it. The network vulnerability would “allow an unauthorized user to control the device and change the dosage the pump delivers, which could lead to over- or under-infusion of critical patient therapies,” the organization says.

Link 2: OnStar hack remotely starts cars, GM working on a fix

Hacker Samy Kamkar unveiled his latest triumph this morning: OwnStar, a tiny box that acts as a Wi-Fi hotspot and intercepts commands sent from a driver’s OnStar RemoteLink app, allowing an unauthorized user to locate, unlock or start the vehicle. Simply place the box somewhere in an OnStar-connected car and wait for the driver to start up the RemoteLink app within range of the vehicle. The driver’s smartphone should automatically connect to OwnStar’s network and, voila, the hacker now has all of the car owner’s information (email, home address, final four digits on a credit card plus expiration date), and control of the car. GM has already issued one patch this morning aimed at securing the RemoteLink app, but it was unsuccessful, according to Kamkar. Kamkar never intended to wreak havok with OwnStar, he said in an interview with Wired. He wanted to expose a vulnerability in the OnStar app and help GM fix it — and it seems as if that’s precisely what’s happening. GM is working to patch the RemoteLink bug now and Kamkar says he’s in contact with the company as they fix it. He plans to reveal more technical details about OwnStar at Defcon 2015, which runs from August 6th to the 9th in Las Vegas.

Link 3: Fiat Chrysler recalls 1.4 million vehicles after remote hack

Fiat Chrysler Automobiles (FCA) will patch 1.4 million US vehicles following the reveal of a hacking method by Wired. The “voluntary safety recall” — which it seems will come in the form of a USB dongle — applies to vehicles equipped with 8.4-inch touchscreen in-car-entertainment systems. Affected cars include Jeep Grand Cherokee and Cherokee SUVs, Dodge Ram pickups and many others. If you’re concerned your vehicle may be affected, you can see the full list here. FCA is obviously acting fast to patch the problem, and it’s clear why. As Wired details, the hack makes it possible to “kill” the engine, remotely activate or disable the brakes, and keep tabs on a vehicle’s location. Full steering control is currently being worked on. The party responsible for the hack revealed it would “publish a portion of their exploit” openly on the web, timed to coincide with the Black Hat security conference in August. Although the company clearly accepts that the issues are serious, it notes that it’s “unaware of any injuries related to software exploitation, nor is it aware of any related complaints, warranty claims or accidents – independent of the media demonstration.” It adds that it’s “conducting this campaign out of an abundance of caution.”

Link 4: Hackers Can Disable a Sniper Rifle—Or Change Its Target

At the Black Hat hacker conference in two weeks, security researchers Runa Sandvik and Michael Auger plan to present the results of a year of work hacking a pair of $13,000 TrackingPoint self-aiming rifles. The married hacker couple have developed a set of techniques that could allow an attacker to compromise the rifle via its Wi-Fi connection and exploit vulnerabilities in its software. Their tricks can change variables in the scope’s calculations that make the rifle inexplicably miss its target, permanently disable the scope’s computer, or even prevent the gun from firing. In a demonstration for WIRED (shown in the video above), the researchers were able to dial in their changes to the scope’s targeting system so precisely that they could cause a bullet to hit a bullseye of the hacker’s choosing rather than the one chosen by the shooter. “You can make it lie constantly to the user so they’ll always miss their shot,” says Sandvik, a former developer for the anonymity software Tor. Or the attacker can just as easily lock out the user or erase the gun’s entire file system. “If the scope is bricked, you have a six to seven thousand dollar computer you can’t use on top of a rifle that you still have to aim yourself.”

What do you think? Comments?

Interesting Links: Aug 2, 2015

August 2, 2015 4 comments

Here are links to a few interesting news articles I came across today. They are about the extremely intrusive and almost inevitably exploitable features built into Window 10.

Link 1: The real price of Windows 10 is your privacy

Windows 10 is more closely tied to a Microsoft account than any previous version of the OS. This allows Microsoft to assign an ID number to users that can then be used to track them across different devices, services, and apps. This in turn can be used to deliver closely targeted ads to people. Microsoft has been pushing the mobile first, cloud first philosophy for some time now, and it becomes clear with Windows 10 that the love of the cloud is as much to do with the ability it gives Microsoft to gather useful data as it is about convenience for users.

Without wanting to venture into FUD territory, if you want an idea of just how Windows 10 can be used to gather data about you, take a trip to Privacy in Settings. The number of settings listed here is really quite lengthy — and just about all of them are enabled by default. The data is almost certain to be anonymized, but the setting labelled “Send Microsoft info about how I write to help us improve typing and writing in the future” will be of particular concern to anyone using their computer to conduct sensitive work. Then there is location data, the ability of apps to use your camera and microphone, and Cortana’s access to your contacts, calendar, and anything else you might care to mention. If this concerns you, go to the Speech, inking, & typing section of Privacy and hit the Stop getting to know me button.

Link 2: Windows 10- Microsoft under attack over privacy

Many of the complaints relate to the new personalised adverts embedded in Windows 10. When the OS is installed, Microsoft assigns the user a unique advertising ID, which it ties to the email address registered with the company. That email address is also associated with a raft of other services, such as the company’s productivity and communication programs, as well as app downloads and cloud-storage uploads. Using that information, Microsoft is able to personalise ads to the user, during both web surfing and, for newer apps downloaded from the Windows Store, app usage. Microsoft itself is leading the way on that front, even turning the in-built version of Solitaire (the card game that has been a staple of Windows installations since 1990’s Windows 3.0) into a freemium game, complete with unskippable video adverts.

Elsewhere, Windows 10 also harvests user information in order to teach the built-in personal digital assistant Cortana, Microsoft’s answer to Siri. To enable Cortana, the company says, it “collects and uses various types of data, such as your device location, data from your calendar, the apps you use, data from your emails and text messages, who you call, your contacts and how often you interact with them on your device”. Users are given the option to opt out of most of the data collection, but critics say that isn’t enough. Alec Meer, of gaming website Rock Paper Shotgun, says: “Microsoft simply aren’t making it clear enough that they’re doing this, how it might affect you and how to opt out – despite chest-thumping, we’re-all-chums-here talk about how ‘real transparency starts with straightforward terms and policies that people can clearly understand’.

Link 3: Windows 10 is spying on almost everything you do – here’s how to opt out

Actually, here’s one excerpt from Microsoft’s privacy statement that everyone can understand: Finally, we will access, disclose and preserve personal data, including your content (such as the content of your emails, other private communications or files in private folders), when we have a good faith belief that doing so is necessary to: 1.comply with applicable law or respond to valid legal process, including from law enforcement or other government agencies; 2.protect our customers, for example to prevent spam or attempts to defraud users of the services, or to help prevent the loss of life or serious injury of anyone; 3.operate and maintain the security of our services, including to prevent or stop an attack on our computer systems or networks; or 4.protect the rights or property of Microsoft, including enforcing the terms governing the use of the services – however, if we receive information indicating that someone is using our services to traffic in stolen intellectual or physical property of Microsoft, we will not inspect a customer’s private content ourselves, but we may refer the matter to law enforcement.

Link 4: Windows 10’s default privacy settings and controls leave much to be desired

My problem with these elements of Windows 10 boils down to this: It feels, once again, as if Microsoft has taken the seed of a good idea, like providing users with security updates automatically, and shoved the throttle to maximum. This new information opacity is present at so many levels, it feels more like a deliberate design decision than an accidental omission. Want to know what specific KB updates do? You’ll have to look them up manually. Want some information on how Windows Defender works in Windows 10? You won’t find much on Microsoft’s official pages for the operating system. Taken as a whole, it’s harder to configure many of these settings in the way you might want them, information is harder to come by, and Microsoft is sucking down more user data than ever. Despite the tone of this article, there are plenty of things I like about Windows 10 and I’m going to talk about them in future stories. Metro/Universal apps now play much nicer with Desktop applications. The Windows Store has been overhauled and has a better layout. DirectX 12 is a huge step forward for gaming, and an undoubted high point of the launch. There are a lot of things to like about this operating system, and I want to talk about them in turn. But as far as user privacy, intrusive settings, and the need to crawl under the hood to optimize settings that Microsoft used to give you options for? This, in my opinion, is where Windows 10 stumbles, and stumbles badly.

What do you think? Comments?

NSFW Links: Jul 31, 2015

July 31, 2015 Leave a comment

These links are NSFW.

Artsy Cuties: Jul 31, 2015 – Nubile cuties in artsy poses.

Busty Cuties: Jul 31, 2015 – Nekkid cuties with big racks.

Enjoy! Comments?

Categories: Uncategorized

Interesting Links: July 30, 2015

July 30, 2015 2 comments

Here are links to a few interesting news articles I came across today. They all show that problems with the “law and order” system in the USA are too deep-rooted and systemic to fix via any sort of reform.

Link 1: The Drug War Is Creating Problems Too Big To Fix

David Colarusso, a public defender turned data scientist, has a fascinating post at Law Technology Today describing the many issues arising from the abusive activities of a single chemist at the Massachusetts state drug lab. The starting point of his post — and his problems — trace back a few years.In 2012, it was discovered that a chemist working at the Massachusetts state drug lab in Jamaica Plain had been falsifying drug tests (e.g., claiming that samples contained narcotics without testing them and even adding cocaine to samples to get a positive result when prior testing came back negative). She had worked at the lab for nearly a decade, and these revelations called into question the outcomes in tens of thousands of cases.

Obviously, this sort of tampering means there are convictions waiting to be overturned. But two years later, little progress has been made. It isn’t that the state is obstructing efforts to make the falsely-convicted whole again (there may be some of that, but Colarusso’s post doesn’t indicate there is), but that nearly a decade’s-worth of bogus lab work potentially infects thousands of convictions. Narrowing down this list to those directly affected is an enormous task, one that Colarusso was tasked with making more manageable. Narrowing down “The List” to a single link in the evidence chain — the drug receipt — still returned far too many potential matches to be of use. Additional restrictions trimmed the possible matches a bit more, but still left far too many potential victims of the chemist’s work.

Link 2: Number of people killed by police hits 664 in U.S. this year

The number of police-related fatalities in the U.S reached 664 in 2015, making the country’s police force one of the deadliest in the developed world, according to data from The Guardian, a British newspaper. In the first five months of this year, 19 unarmed black men were shot and killed by the police in the U.S. The Guardian compares that with Germany, where 15 citizens of any race were fatally shot in the two years from 2010 to 2011. California led the nation in the number of victims. So far this year, 107 people died in police-involved incidents in the state, significantly more than Texas, which came in second with 67 deaths. Florida was the third most deadly with 46. Per capita, Oklahoma tops the list with 29 deaths.

Link 3: Officers at Sam DuBose scene involved in death of another unarmed black man

Two police officers who corroborated a seemingly false account of the fatal shooting of Samuel DuBose in Cincinnati were previously implicated in the death of an unarmed, hospitalised and mentally ill black man who died after he was “rushed” by a group of seven University of Cincinnati police officers. Kelly Brinson, a 45-year-old mental health patient at Cincinnati’s University hospital, suffered a psychotic episode on 20 January 2010 and was placed inside a seclusion room at the hospital by UC officers. He was then shocked with a Taser three times by an officer and placed in restraints. The father of one – son Kelly Jr – then suffered a respiratory cardiac arrest and died three days later. In court documents obtained by the Guardian and filed by Brinson’s family in a civil suit against UC police and the hospital, all seven officers are accused of using excessive force and “acted with deliberate indifference to the serious medical and security needs of Mr Brinson”.

The officers involved in his brother’s death were “supposed to be fired”, Brinson said. “But what happened was because we had an out-of-court settlement, they had immunity and they couldn’t be prosecuted. “Everybody … associated with this case was supposed to be terminated,” he said. “And they didn’t – they didn’t terminate them.” Brinson’s family settled a federal civil court case with the hospital and the police department for $638,000. All University of Cincinnati campus police officers were also removed from patrolling the psychiatric wards at the hospital after Brinson’s death.

What do you think? Comments?

On the Futility of Attempts at Gun Control in the USA: July 26, 2015

July 26, 2015 3 comments

The act of publicly bemoaning a lack of “effective” gun control laws upon hearing news of yet another mass shooting is one of the most popular LIEbral ritual in USA. For reasons that I will get into a bit later in this post, most LIEbrals believe (or at least want to believe) that severe restrictions or outright bans on private ownership of guns will somehow magically translate into an almost total elimination of mass shootings and other incidents of firearm related “violence”. They will also tell you that the much lower rates of suicide (or homicide) by firearms in other developed countries with draconian regulation of private gun ownership support their beliefs. But is that really so?

Well.. the short answer is “no”. But the longer answer is far more interesting and provides some intriguing insight into their mindset and worldview.

FYI, this is not my first blog post expressing strong skepticism about the effectiveness of passing more gun control laws in the USA. I have previously pointed out that most mass or spree shootings in the USA are the end result of somewhat unique and systemic social problems. Also, people who commit such acts frequently have no suspicion-invoking history of violent behavior. Furthermore, trying to suppress one manifestation of a much deeper set of problems almost guarantees that they will manifest themselves in another, and even more problematic, manner. It is also no secret that those clamoring the loudest for more gun control are doing so to maintain their power and social status.

There is however something else that I have alluded to, but not discussed at length, in my previous posts on this topic. I am now going to talk about one of the core issues that underlies discussion on gun control laws but is seldom mentioned- especially in public forums.

Some of my previous posts on other topics talk about factors that influence (positively or negatively) the perceived legitimacy of any given system of government. Now, many of you might think that opinions of citizens about the degree of legitimacy of the government system they live under are largely a non-issue in “developed” countries with democratically elected governments. As I will show you in the next paragraph- perceptions and opinions about the legitimacy of government systems are far more important for policies on gun control than most LIEbrals want to believe. It really comes down to two inter-linked issues..

Firstly- even a brief reading of the previous 150 years of global history show a rather disconcerting, yet seldom talked about, pattern for violent deaths. Governments of countries (as opposed to individuals) have been responsible for the vast majority of violent deaths in populations governed by them. If you don’t believe me just add the body count of all major inter- and intra-state wars, genocides and consequences of war (such as the influenza pandemic of 1918) which have occurred in the last century and half. My point is that the vast majority (way over 99%) of violent deaths (around 150-200 million) in that time span were state sanctioned and therefore technically “legal”. Furthermore, the number of violent deaths caused by recent or ongoing conflicts such as those caused by american meddling in Syria, Iraq and Afghanistan within the last decade are still many tens of times higher than a sum of the body count caused by individual mass or spree shooters in the same time span. Even the police in USA kill many times more unarmed people than mass shooters in the same calendar year. To put it another way, governments of nation states (and their subsidiaries) are by far the biggest cause of violent deaths- including those by guns. I fail to see how passing more gun control laws would have change that fact.

And this brings us to the second issue- namely, that a significant minority of people do not perceive the current government system as being legitimate. But why does that matter? Don’t people in other developed countries have similar views about their governments? Well.. it does matter, because people in other developed countries do perceive their governments to be significantly more legitimate than people in the USA see their own. But why? What makes people in Japan, Germany or even the U.K feel that their government is legitimate? The simple answer is that the perceived legitimacy of a government is directly proportional to the consistency and effectiveness of its efforts to maintain the quality of life for the median citizen.

It is therefore no surprise that gun control measures seem to work in countries where the government directly or indirectly intervenes in favor of the median citizen. I should also point out countries with such government systems always had very low rates of deaths by individual acts of violence- especially in the post-WW2 era. In contrast to that, countries in which governments routinely and overtly abuse the majority to benefit the rich minority always had rather high rates of non-state sanctioned homicides. That is why certain countries such as Mexico, Brazil and South Africa have rather high rates of non-state sanctioned homicides despite highly restrictive gun ownership laws. My point is that the USA has always been more like Mexico, Brazil and South Africa than Japan, Germany or the U.K.

LIEbrals push for more gun control laws because they do not want to acknowledge that the USA has always been an affluent third-world country and that they have tremendously benefited from this apparent contradiction.

What do you think? Comments?

Interesting Links: July 19, 2015

July 19, 2015 Leave a comment

Here are a few interesting links that I came across in the last few days. They are new stories about the contents of the hacked internal emails and documentation of a corporation that supplies spyware and malware to law enforcement known as the “Hacking Team”.

Link 1: Hacking Team and Boeing Subsidiary Envisioned Drones Deploying Spyware

There are lots of ways that government spies can attack your computer, but a U.S. drone company is scheming to offer them one more. Boeing subsidiary Insitu would like to be able to deliver spyware via drone. The plan is described in internal emails from the Italian company Hacking Team, which makes off-the-shelf software that can remotely infect a suspect’s computer or smartphone, accessing files and recording calls, chats, emails and more. A hacker attacked the Milan-based firm earlier this month and released hundreds of gigabytes of company information online. Among the emails is a recap of a meeting in June of this year, which gives a “roadmap” of projects that Hacking Team’s engineers have underway.

On the list: Develop a way to infect computers via drone. One engineer is assigned the task of developing a “mini” infection device, which could be “ruggedized” and “transportable by drone (!)” the write-up notes enthusiastically in Italian. The request appears to have originated with a query from the Washington-based Insitu, which makes a range of unmanned systems, including the small ScanEagle surveillance drone, which has long been used by the militaries of the U.S. and other countries. Insitu also markets its drones for law enforcement.

Link 2: How Hacking Team Created Spyware that Allowed the FBI to Monitor TOR Browser

In July of 2012, FBI contractor Pradeep Lal contacted the customer support department of the Italian company Hacking Team, a maker of spyware for law enforcement and intelligence agencies worldwide. Lal needed help; he had used Hacking Team software to break into and monitor an investigative target’s computer, but the monitoring wasn’t working as well as Lal expected. It reported what addresses his target visited in normal web browsers, but not when his target used Tor Browser, software designed to mask sensitive web surfing. Lal described his problem succinctly, complaining on Hacking Team’s customer website that the company’s “URL collector does not collect web traffic on TOR browser,” according to a large trove of emails and other documents recently obtained by one or more computer hackers.

When a user opens Tor Browser, their computer starts the Tor program in the background, and in the foreground it opens up a modified version of Firefox that’s configured to force all its traffic to go through the Tor program. The solution was to modify Tor Browser on a hacked computer to force all of its traffic to go through an outside server that the attacker controls, rather than the one provided by the Tor program. When the hacked user loads a website in Tor Browser, the malware is then able to spy on the traffic before it gets handed off to the Tor network to be anonymized. Last week the Tor Project published their own brief analysis of this capability. But Hacking Team had no capability against the Tor network itself; it could only spy on people if their computer was already infected by Hacking Team spyware.

What do you think? Comments?

An Example of Video Game Capability: The Last of Us Remastered

July 18, 2015 1 comment

I found this particular clip sometime ago when I was browsing YouTube for 2014 gameplay compilations. As you can see, the remastered version of “The Last of Us” looks pretty good and the game is reasonably interesting as well as gory.

What do you think? Comments?

Follow

Get every new post delivered to your Inbox.

Join 117 other followers