Notes on the Celebrity Data Theft

Posted on by

After this story broke I spent some time immersed in the crazy, obsessive subculture of celebrity nudes and revenge porn trying to work out what they were doing, how they were doing it and what could be learned from it.

1. What we see in the public with these hacking incidents seems to only be scratching the surface. There are entire communities and trading networks where the data that is stolen remains private and is rarely shared with the public. The networks are broken down horizontally with specific people carrying out specific roles, loosely organized across a large number of sites (both clearnet and darknet) with most organization and communication taking place in private (email, IM).

via New Web Order > Nik Cubrilovic – – » Notes on the Celebrity Data Theft.

Offline attack shows Wi-Fi routers still vulnerable

Posted on by

The research, originally demonstrated at the PasswordsCon Las Vegas 2014 conference in early August, builds on previous work published by Stefan Viehböck in late 2011. Viehböck found a number of design flaws in Wi-Fi Protected Setup, but most significantly, he found that the PIN needed to complete the setup of a wireless router could be broken into smaller parts and each part attacked separately. By breaking down the key, the number of attempts an attacker would have to try before finding the key shrunk from an untenable 100 million down to a paltry 11,000—a significant flaw for any access-control technology.

via Offline attack shows Wi-Fi routers still vulnerable | Ars Technica.

IEEE Guides Software Architects ToSecure Software Design

Posted on by

The document spells out the 10 common design flaws in a straightforward manner, each with a lengthy explainer of inherent weaknesses in each area and how software designers and architects should take these potential pitfalls into consideration. The 10, in no particular order, are:

  • Earn or give, but never assume, trust
  • Use an authentication mechanism that cannot be bypassed or tampered with
  • Authorize after you authenticate
  • Strictly separate data and control instructions, and never process control instructions received from untrusted sources
  • Define an approach that ensures all data are explicitly validated
  • Use cryptography correctly
  • Identify sensitive data and how they should be handled
  • Always consider the users
  • Understand how integrating external components changes your attack surface
  • Be flexible when considering future changes to objects and actors

via IEEE Guides Software Architects ToSecure Software Design | Threatpost | The first stop for security news.

Three-year, 27,000 drive study reveals the most reliable hard drive makers

Posted on by

For this report, Backblaze took a look at 15 different HDD models from the three aforementioned major brands. Earning impressive marks for reliability was the Hitachi 3TB Deskstar 7K3000 (HDS723030ALA640) with a 0.9 percent failure rate and an average lifetime of about 2.1 years.

via Three-year, 27,000 drive study reveals the most reliable hard drive makers | PCWorld.

The worst of the bunch, meanwhile was the 1.5 TB Seagate Barracuda Green (ST1500DL003), with an average lifespan of 0.8 years. Ouch!

Let the ice bucket trademark challenges begin! @alsassociation files to register ICE BUCKET CHALLENGE with USPTO

Posted on by

But who owns the name “ICE BUCKET CHALLENGE”? It is a viral movement. Its origin is disputed, and likely was used for other charitable causes first.

Yet by filing with the USPTO, the ALS Association now alleges that it owns rights to the phrase “Ice Bucket Challenge” in connection with charitable fundraising.

via Let the ice bucket trademark challenges begin! @alsassociation files to register ICE BUCKET CHALLENGE with USPTO – Erik M Pelton & Associates, PLLC.

ALS Association captured a viral wave this summer. And it raised lots of money and attention for the ALS disease and the struggle to find a cure and to assist those diagnosed with it. An effort to register the ICE BUCKET CHALLENGE strikes me as a bit akin to those who sought register BOSTON STRONG after the marathon bombings in 2013

Tenets of the UNIX Philosophy

Posted on by

The main tenets of the Unix Philosophy are as follows::

  1. Small is beautiful.
  2. Make each program do one thing well.
  3. Build a prototype as soon as possible.
  4. Choose portability over efficiency.
  5. Store data in flat text files.
  6. Use software leverage to your advantage.
  7. Use shell scripts to increase leverage and portability.
  8. Avoid captive user interfaces.
  9. Make every program a filter.

via  Tenets of the UNIX Philosophy

Why Facebook is stockpiling Blu-ray discs

Posted on by

Facebook is now experimenting with a storage prototype that uses racks of Blu-ray discs instead of hard drives. The discs are held in groups of 12 in locked cartridges and are extracted by a robotic arm whenever they’re needed.

One rack contains 10,000 discs, and is capable of storing a petabyte of data, or one million gigabytes.

via Why Facebook is stockpiling Blu-ray discs – Aug. 21, 2014.

Cost of Defending Against A Troll Is More Than Just A Bridge Toll

Posted on by

In plain English: Take photos of a race, tag and sort by bib number and date, and search for photos based on that tag via the Internet. That’s it.

We’re having a hard time seeing how this patent “promotes the progress of the sciences and the useful arts” given that it seems to be a patent on numerical sorting and searching. Indeed, the Supreme Court recently ruled that claims that simply add “do it on a computer” to an abstract idea are not even eligible for patent protection. We think the patent clearly fails this test. (It’s also likely not infringed). But because it can take months (and even years) for the court to even consider those issues, they will likely never be decided. Patent litigation is expensive, so many small businesses can’t afford to fight back no matter how weak the patent. That’s part of the problem. Companies can get 20 year “monopolies” after an average of 19 hours of review by the Patent Office. And because the cost to get a patent can be orders of magnitude less than the cost to defend against it, there is an incentive for people to get patents in order to later force defendants into settlement.

via Cost of Defending Against A Troll Is More Than Just A Bridge Toll | Electronic Frontier Foundation.

Hacking Gmail with 92 Percent Success

Posted on by

The researchers monitor changes in shared memory and are able to correlate changes to what they call an “activity transition event,” which includes such things as a user logging into Gmail or H&R Block or a user taking a picture of a check so it can be deposited online, without going to a physical CHASE Bank. Augmented with a few other side channels, the authors show that it is possible to fairly accurately track in real time which activity a victim app is in.

There are two keys to the attack. One, the attack needs to take place at the exact moment the user is logging into the app or taking the picture. Two, the attack needs to be done in an inconspicuous way. The researchers did this by carefully calculating the attack timing.

via UCR Today: Hacking Gmail with 92 Percent Success.

The researchers created three short videos that show how the attacks work. They can be viewed here: http://bit.ly/1ByiCd3.

How to Save the Net: Don’t Give In to Big ISPs

Posted on by

Consider this: A single fiber-optic strand the diameter of a human hair can carry 101.7 terabits of data per second, enough to support nearly every Netflix subscriber watching content in HD at the same time. And while technology has improved and capacity has increased, costs have continued to decline. A few more shelves of equipment might be needed in the buildings that house interconnection points, but broadband itself is as limitless as its uses.

We’ll never realize broadband’s potential if large ISPs erect a pay-to-play system that charges both the sender and receiver for the same content. That’s why we at Netflix are so vocal about the need for strong net neutrality, which for us means ISPs should enable equal access to content without favoring, impeding, or charging particular content providers. Those practices would stunt innovation and competition and hold back the broader development of the Internet and the economic benefits it brings.

via How to Save the Net: Don’t Give In to Big ISPs | Magazine | WIRED.

This is the reason we have opposed Comcast’s proposed acquisition of Time Warner Cable. Comcast has already shown the ability to use its market position to require access fees, as evidenced by the Netflix congestion that cleared up as soon as we reached an agreement with them. A combined company that controls over half of US residential Internet connections would have even greater incentive to wield this power.