US Report Claims In-Flight Entertainment Leaves Planes Open to Cyberattacks; Others Disagree

Posted on April 17, 2015 by mea

A new report from the U.S. Government Accountability Office (GAO) warns that in-flight W-Fi, including wireless entertainment and internet-based cockpit communications, may allow hackers to gain remote access to avionics systems and compromise them. However, other experts disagree and call the report “deceiving.”

via US Report Claims In-Flight Entertainment Leaves Planes Open to Cyberattacks; Others Disagree.

From: Cyberhijacking Airplanes: Truth or Fiction? – DEFCON-22-Phil-Polstra-Cyber-hijacking-Airplanes-Truth-or-Fiction-Updated.pdf.

Closing Thoughts
● Nearly every protocol used in aviation is
unsecured
● There is certainly the potential to annoy
ATC and/or small aircraft
● Increasing automation while continuing
with unsecured protocols is problematic
● Airliners are relatively safe (for now)

The above pdf is a good read.

Statistics Will Crack Your Password

Posted on April 16, 2015 by mea

This means that the top 13 unique mask structures make up 50% of the passwords from the sample. Over 20 million passwords in the sample have a structure within the top 13 masks.

via Statistics Will Crack Your Password.

Based on analyzing the data, there are logical factors that help explain how this is possible. When users are asked to provide a password that contains an uppercase letter, over 90% of the time it is put as the first character. When asked to use a digit, most users will put two digits at the end of their password (graduation year perhaps)

Nokia Agrees to $16.6 Billion Takeover of Alcatel-Lucent

Posted on April 15, 2015 by mea

LONDON — The Finnish telecommunications company Nokia said on Wednesday that it had agreed to an all-stock deal to acquire Alcatel-Lucent that valued its French rival at about $16.6 billion.

The combined company is expected to become the world’s second-largest telecom equipment manufacturer, behind Ericsson of Sweden, with global revenues totaling $27 billion and operations spread across Asia, Europe and North America.

via Nokia Agrees to $16.6 Billion Takeover of Alcatel-Lucent – NYTimes.com.

Prosecutors suspect man hacked lottery computers to score winning ticket

Posted on April 14, 2015 by mea

In court documents filed last week, prosecutors said there is evidence to support the theory Tipton used his privileged position inside the lottery association to enter a locked room that housed the random number generating computers and infect them with software that allowed him to control the winning numbers. The room was enclosed in glass, could only be entered by two people at a time, and was monitored by a video camera. To prevent outside attacks, the computers aren’t connected to the Internet. Prosecutors said Tipton entered the so-called draw room on November 20, 2010, ostensibly to change the time on the computers. The cameras on that date recorded only one second per minute rather than running continuously like normal.

via Prosecutors suspect man hacked lottery computers to score winning ticket | Ars Technica.

New bill would invalidate FCC’s net neutrality rules

Posted on April 13, 2015 by mea

The legislation, introduced by Representative Doug Collins, a Georgia Republican, is called a resolution of disapproval, a move that allows Congress to review new federal regulations from government agencies, using an expedited legislative process.

via New bill would invalidate FCC’s net neutrality rules | PCWorld.

Cool, but obscure unix tools

Posted on April 12, 2015 by mea

Just a list of 20 (now 28) tools for the command line. Some are little-known, some are just too useful to miss, some are pure obscure — I hope you find something useful that you weren’t aware of yet! Use your operating system’s package manager to install most of them. (Thanks for the tips, everybody!)

via Cool, but obscure unix tools :: Software architect Kristof Kovacs.

Infamous “podcasting patent” knocked out

Posted on April 11, 2015 by mea

The ‘504 patent has a priority date of 1996, but as the EFF showed during its challenge to the patent office, that’s hardly the beginning of “episodic content” on the Internet. The EFF relied on two key examples of earlier technology to beat the patent: one was CNN’s “Internet Newsroom,” which patent office judges found fulfilled the key claims of having “(1) episodes; (2) an updated compilation file; and (3) a ‘predetermined URL’ for the compilation file.”

via Infamous “podcasting patent” knocked out | Ars Technica.

Don’t Be Fodder for China’s ‘Great Cannon’

Posted on April 10, 2015 by mea

“It only intercepts traffic to a certain set of Internet addresses, and then only looks for specific script requests. About 98 percent of the time it sends the Web request straight on to Baidu, but about two percent of the time it says, ‘Okay, I’m going to drop the request going to Baidu,’ and instead it directly provides the malicious reply, replying with a bit of Javascript which causes the user’s browser to participate in a DOS attack, Weaver said.

via Don’t Be Fodder for China’s ‘Great Cannon’ — Krebs on Security.

Interestingly, this type of attack is not unprecedented. According to documents leaked by National Security Agency whistleblower Edward Snowden, the NSA and British intelligence services used a system dubbed “QUANTUM” to inject content and modify Web results for individual targets that appeared to be coming from a pre-selected range of Internet addresses.

IoT Hubs Expose Connected Homes to Hackers

Posted on April 7, 2015 by mea

Many of the most serious flaws revealed a kind of sloppiness in the design and production of the devices, Brandon Creighton, Veracode’s research architect, told The Security Ledger. For example: both the Ubi and Wink Relay devices left debugging interfaces exposed and unsecured in their shipped product. That could provide an avenue for attackers who had access to the same network as the device to steal information or bypass other security controls.

Exposed debugging interfaces are useful during product testing, but have little or no utility to consumers. That suggests that the companies merely forgot to restrict access to them before shipping, Creighton said.

via Research: IoT Hubs Expose Connected Homes to Hackers | The Security Ledger.

10 Years of Git: An Interview with Git Creator Linus Torvalds

Posted on April 6, 2015 by mea

Ten years ago this week, the Linux kernel community faced a daunting challenge: They could no longer use their revision control system BitKeeper and no other Software Configuration Management (SCMs) met their needs for a distributed system. Linus Torvalds, the creator of Linux, took the challenge into his own hands and disappeared over the weekend to emerge the following week with Git. Today Git is used for thousands of projects and has ushered in a new level of social coding among programmers.

via 10 Years of Git: An Interview with Git Creator Linus Torvalds | Linux.com.

So git was basically designed and written for my requirements, and it shows.

Bucktown Bell

Cut to the chase.