Home Routers Pose Biggest Consumer Cyberthreat

Posted on by

Of the small-office, home-office routers evaluated, every one could be compromised with relative ease by hijacking DNS connections, exploiting HTTPS flaws, weaknesses in Universal Plug and Play services, cross-site-scripting attacks, file-traversal and source-code vulnerabilities, weaknesses in WiFi Protected Setup (WPS), buffer overflows or simply bypassing authentication requirements.

via Home Routers Pose Biggest Consumer Cyberthreat.

During late 2013 and early 2014, gangs of Polish hackers have robbed thousands of consumers by attacking home routers and changing DNS settings so they point at the attackers’ DNS servers rather than legitimate servers.

DNS is a big problem.  Usually devices behind a SOHO router will receive their DNS info from the router via DHCP.  The router has been configured by the owner using DNS settings from their ISP or they could use one of Google’s servers like 8.8.8.8.  A user of their home network should expect a higher level of security unlike the open wifi people use on the road.

The simplest remedy is never allow router management access from the Internet.  This is usually turned off by default.  Routers should be set and forget so using the maintenance interface should be a rare occurrence.  The TP-LINK outlined here requires a user to click a malicious link while in a management session according to this:

Attack Requirements

  • The victim must have an active management session with the WR1043N.
  • The victim must be fooled in to performing an action (e.g., by clicking an attacker provided link), browse to a malicious or compromised site, or be the victim of a man-in-the-middle attack.

Here again the user gets tricked into becoming compromised so this wouldn’t be a problem if the user simply entered the management interface of the router, made changes, and left. There’s no point lingering around in a management session.

A physical dedicated firewall sitting between the Internet and treating all routers as dumb access points makes for an added layer of security.  All SOHO routers are relatively cheap embedded devices.  It is impractical to even expect them to defend against all possible exploits.  By virtue of being on the Internet everyone gets constantly scanned by bots.  That only poses a problem if the bot sees a vulnerability and phones home listing your device as a possible target.

Math Explains Likely Long Shots, Miracles and Winning the Lottery

Posted on by

So let’s look at the probability that none of the 23 people in the room share the same birthday. For two people, the probability that the second person doesn’t have the same birthday as the first is 364/365. Then the probability that those two are different and that a third doesn’t share the same birthday as either of them is 364/365 × 363/365. Likewise, the probability that those three have different birthdays and that the fourth does not share the same birthday as any of those first three is 364/365 × 363/365 × 362/365. Continuing like this, the probability that none of the 23 people share the same birthday is 364/365 × 363/365 × 362/365 × 361/365 … × 343/365.

This equals 0.49

via Math Explains Likely Long Shots, Miracles and Winning the Lottery – Scientific American.

Calculating distance between longitude and latitude pairs

Posted on by

Problem: I need a simple way to calculate distance between two pairs of longitude and latitude coordinates.

Apparently there are several ways of making this calculation.  Since none of my calculations would exceed 15 miles I was able to use the flat earth calculation which is the simplest but inaccurate as distances increase between the two points according to this wikipedia article.  Here’s a blurb about the flat-earth formula:

Flat-surface formula

A planar approximation for the surface of the earth may be useful over small distances. The accuracy of distance calculations using this approximation become increasingly inaccurate as:

  • The separation between the points becomes greater;
  • A point becomes closer to a geographic pole.

There were a bunch of sites that came up with all the different formulae over this but I’m not launching a satellite or programming a guided missile. The following code came from perlmonks which is a very reputable reference for anything to do with programming in perl. Here is the subroutine I chose to use. Article was written in 2002.


use Math::Trig
sub FlatEarth {
my ($lat1, $long1, $lat2, $long2) = @_;
my $r=3956; my $a = (pi/2)- deg2rad($lat1);
my $b = (pi/2)- deg2rad($lat2)
my $c = sqrt($a**2 + $b**2 - 2 * $a *$b *cos(deg2rad($long2)-deg2rad($long1)));
my $dist = $c * $r; return $dist;
}

Via Finding the Distance between longitude and latitude pairs.

The above code seems to work.  Most of the calculations I needed to do were under a mile.

Responding to Potential Asteroid Redirect Mission Targets

Posted on by

NASA is developing an Asteroid Redirect Mission (ARM) — a first-ever mission to identify, capture and redirect an asteroid to a safe orbit of Earth’s moon for future exploration by astronauts in the 2020s.

ARM will use capabilities in development, including the new Orion spacecraft and Space Launch System (SLS) rocket, and high-power Solar Electric Propulsion. All are critical components of deep-space exploration and essential to meet NASA’s goal of sending humans to Mars in the 2030s. The mission represents an unprecedented technological feat, raising the bar for human exploration and discovery, while helping protect our home planet and bringing us closer to a human mission to one of these intriguing objects.

via Responding to Potential Asteroid Redirect Mission Targets | NASA.

Here is an article from 12/24/2012 about this.

Comcast’s Time Warner Deal Is Bad for America

Posted on by

The reason this deal is scary is that for the vast majority of businesses in 19 of the 20 largest metropolitan areas in the country, their only choice for a high-capacity wired connection will be Comcast. Comcast, in turn, has its own built-in conflicts of interest: It will be serving the interests of its shareholders by keeping investments in its network as low as possible — in particular, making no move to provide the world-class fiber-optic connections that are now standard and cheap in other countries — and extracting as much rent as it can, in all kinds of ways. Comcast, for purposes of today’s public , is calling itself a “cable company.” It no longer is. Comcast sells infrastructure subject to neither competition nor a cop on the beat.

via Comcast’s Time Warner Deal Is Bad for America – Bloomberg.

Carrier WiFi’s Not Winning in Sports Arenas

Posted on by

Sports venues used to be a prime market for carrier WiFi deployments, until the business case started to get murky. Whereas carriers used to write off stadium deployments as the cost of doing business, now they are losing interest. And, if they are involved, most are opting for tried-and-true distributed antenna systems (DAS), rather than WiFi or small cell deployments.

via Carrier WiFi’s Not Winning in Sports Arenas | Light Reading.

Blogs from the Outercurve Foundation

Posted on by

Patent lawyers may be surprised to know that while today, most companies today use open source software, most of them struggle greatly with implementing the internal controls to coordinate their use of open source software with their patent portfolio management. This means it is quite possible that a company is seeking patent protection, or seeking to enforce patents, that read on open source software the company is using or developing — a combination of activities that would often not be considered economically rational.

via Blogs from the Outercurve Foundation – Open Source — The Last Patent Defense?.

The drafters of open source licenses intended to use the terms of those licenses to win a war against software patents, and whether they can do that remains to be seen, but in the meantime, don’t pass up the opportunity to use the principles of open source licensing to win your battles as well.

Patent assertion entities (patent trolls) typically do not make any kind of product for the above advise to be of any use.

World’s largest DDoS strikes US, Europe

Posted on by

The Network Time Protocol (NTP) Reflection attack exploits a timing mechanism that underpins a way the internet works to greatly amplify the power of what would otherwise be a small and ineffective assault.

via World’s largest DDoS strikes US, Europe – Security – Technology – News – iTnews.com.au.

The OpenNTPProject can help administrators determine if their servers are vulnerable.

Adjusting GPAs: A Statistician’s Effort to Tackle Grade Inflation

Posted on by

A recent analysis of 200 colleges and universities published in the Teachers College Record found that 43 percent of all letter grades awarded in 2008 were A’s, compared to 16 percent in 1960. And Harvard’s student paper recently reported that the median grade awarded to undergraduates at the elite school is now an A-.

Via Adjusting GPAs: A Statistician’s Effort to Tackle Grade Inflation

“That allowed me to look directly at the influence of course grades on student evaluations,” Johnson said. “As you might expect, the effect of either expected course grade or received course grade is very powerful in student evaluations of teaching. If a student was getting a C in a course, he or she was very unlikely to rate the instructor highly. If they were getting an A in the course, they’re more likely to rate the instructor highly. I think this provides quantitative evidence for something most instructors know: If they grade easier, they will tend to get better course evaluations.”