Two More Self-Signed Certs, Private Keys Found on Dell Machines

Posted on November 24, 2015 by mea

Dell Foundation Services installs the cert and its purpose is to quicken online support engagements with Dell staff. The certificate, Dell said, allows online support to identify the PC model, drivers, OS, hard drive and more.”

Source: Two More Self-Signed Certs, Private Keys Found on Dell Machines | Threatpost | The first stop for security news

So far, eDellroot has been found on Dell XPS 15 laptops, M4800 workstations, and Inspiron desktops and laptops.

“It means attackers are de facto certificate authorities, free to generate man-in-the-middle certs, or just direct phishing sites that won’t get flagged as illegitimate,”

The History of SQL Injection, the Hack That Will Never Go Away

Posted on November 22, 2015 by mea

“When you go to a webpage, and you make a request, that parses part of the data in the request back to a server,” Hunt said. “For example, you read a news article, and the news article, in the address bar it has, “id=1”, and that gives you news article number 1, and then you get another one with ID 2.”

But, “with a SQLi attack, an attacker changes that ID in the address bar to something that forces the database to do something it’s not meant to do,” Hunt said, such as returning a piece of private data.

Source: The History of SQL Injection, the Hack That Will Never Go Away | Motherboard

Another commonly used piece of software is sqlmap. “It crawls the pages on the website, similar to how a search engine crawler might, looks for input forms on the website, and submits the forms with inputs that might cause a MySQL syntax error,” Al-Bassam added.

Exploring the Wall Street Journal’s Pulitzer-Winning Medicare Investigation with SQL

Posted on November 21, 2015 by mea

This is a SQL-based introduction to the data and analysis behind the Wall Street Journal’s Pulitzer-winning “Medicare Unmasked” investigative project. It also doubles as a helpful guide if you’re attempting the midterm based on the WSJ Medicare’s investigation.

Source: Exploring the Wall Street Journal’s Pulitzer-Winning Medicare Investigation with SQL | Public Affairs Data Journalism at Stanford University

To follow along in this walkthrough, you can download my SQLite database here:

medicare_providers_2012.sqlite.zip Be warned: it is nearly 700MB zipped and expands to more than 2 gigabytes.

Encrypted Messaging Apps Face New Scrutiny Over Possible Role in Paris Attacks

Posted on November 17, 2015 by mea

Security experts counter that such arguments ignore the fact that even end-to-end encrypted technology leaves a trail of metadata behind that can be used to parse who is talking to whom, when and where. “Encryption is really good at making it difficult to hide the content of communications, but not good at hiding the presence of communications,” said Matt Blaze, a computer security expert at the University of Pennsylvania.

Source: Encrypted Messaging Apps Face New Scrutiny Over Possible Role in Paris Attacks

Getting Started with GNU Radio

Posted on November 12, 2015 by mea

There are several key building blocks that combine to make SDR possible. The first is some input device (a source) that is sampled at some sampling rate. For an audio device, the samples will be real numbers. However, radio devices will more likely provide complex numbers with an I and Q component.

Source: Getting Started with GNU Radio | Hackaday

AMD lawsuit over false Bulldozer chip marketing is bogus

Posted on November 8, 2015 by mea

AMD is facing a lawsuit over claims that it misrepresented the core counts of its eight-core Bulldozer products, but the lawsuit’s technical merit seems extremely weak.

Source: AMD lawsuit over false Bulldozer chip marketing is bogus | ExtremeTech

This lawsuit essentially asks a court to define what a core is and how companies should count them. As annoying as it is to see vendors occasionally abuse core counts in the name of dubious marketing strategies, asking a courtroom to make declarations about relative performance between companies is a cure far worse than the disease. From big iron enterprise markets to mobile devices, companies deploy vastly different architectures to solve different types of problems.

Shtetl-Optimized

Posted on November 6, 2015 by mea

According to the University of Chicago’s theory seminar calendar, on Tuesday of next week (November 10), the legendary Laszlo Babai will be giving a talk about a new algorithm that solves the graph isomorphism problem in quasipolynomial time.

Source: Shtetl-Optimized » Blog Archive » G. Phi. Fo. Fum.

MIT Drone Autonomously Avoids Obstacles at 30 MPH

Posted on November 3, 2015 by mea

CSAIL says Barry’s software runs 20 times faster than existing obstacle detection software. Operating at 120 frames per second, the open-source software allows the drone to detect objects and map its environment in real time, extracting depth information at 8.3 milliseconds per frame.

Source: Watch: MIT Drone Autonomously Avoids Obstacles at 30 MPH – Robotics Trends

Barry wrote about the system in his paper “Pushbroom Stereo for High-Speed Navigation in Cluttered Environments” (PDF) and says he needs to improve the software so it can work at more than one depth and dense environments.

Why I Hate Frameworks

Posted on November 2, 2015 by mea

“Well, the problem with hammers is that there are so many different kinds. Sledge hammers, claw hammers, ball-peen hammers. What if you bought one kind of hammer and then realized that you needed a different kind of hammer later? You’d have to buy a separate hammer for your next task. As it turns out, most people really want a single hammer that can handle all of the different kinds of hammering tasks you might encounter in your life.”

Source: The Joel on Software Discussion Group (CLOSED) – Why I Hate Frameworks

Bucktown Bell

Cut to the chase.