Dominant discourse.

Since the NSA revelations began coming a couple of times a week for the past month, an all too common set of dialogues has been cropping up again and again and again in practically every forum that one would care to visit. While the discussion itself isn't perfectly replicated the overall pattern is. It goes something like this:


  • Brief description of vulnerability. Mitigating tactic.
  • Mention of a vulnerability elsewhere in the user's system.
  • Description of a slightly more esoteric vulnerability.
  • Use another system.
  • Encrypt everything.
  • Quantum computer.
  • Use Tor.
  • Tor can't protect against country-level surveillance.
  • NSA backdoor.
  • The NSA has …

Read more...

Homeland Security discovers SCADA vulnerabilities.

SCADA (Supervisory Control and Data Acquisition) protocols are protocols that connect computers to various pieces of machinery, such as automatic valves in water treatment plants, lathes and drills in automated machine shops, and other semi-autonomous hardware in such a way that it acts the way big plants do in the movies. The idea is that you can remotely control various functions of the equipment so that you don't need an engineer on site all the time, they can run things remotely from a computer terminal. There's just one problem: Most SCADA protocols weren't meant to run across the public Net …

Read more...

Memorium, et al.

See you next time, Crusher.

Last night Lyssa, Orthaevelve, and I decided to go out to dinner to celebrate things looking up at work these days after work. It was something of a snap decision, you see - I got a call from my boss while I was at the Metro station headed for home, and immediately told Lyssa as soon as she arrived. After going to the doctor's office so that she could get her weekly allergy inoculation, we called up Orthaevelve and asked about the wherabouts of any good Chinese restaurants in the area. Much to our surprise, there …

Read more...

Belated LayerOne entry number two.

1048 PST8PDT - Burbank Airport.

What a dump. I finally got to see more of it because I'll be stuck here for a few hours. When I originally arrived we were ushered out of the terminal to the curbside baggage pickup without ceremony, only security guards, so I wasn't able to take the fifty cent tour of the terminal.

It's small. There's noplace to eat, save for a really, really crappy cafe' that serves hideously bad wraps and lousy smoothies. By 'noplace' I mean just that - there are no other places to go in terminal B for food unless you want …

Read more...

Targetted attacks.

It seems that The Bad Guys (for some value of Bad Guys) are now carefully choosing their targets, and are also carefully choosing personnel who work at those targets and are e-mailing trojan horses, in the form of MS Office documents to those people in the hope that they'll open the bad files and run the exploits. The nature of the payload isn't clear in the article - it sounds like the trojans open connections to systems that the attackers control, and the attackers tunnel back through into the target networks. The scary thing is that the targets include various federal …

Read more...

There once was a BBS tagline that read...

.."Old virus detected - contact your hacker for an update." It seems that malware authors have taken this joke seriously, and are offering subscriptions to website operators that make use of their software. Malware tends to evolve fairly rapidly to get around the cleaner software, which means that sites that deliberately infect web browsers have to keep up to date to keep as many systems as possible infected. Prices tend to start around $66us and climb from there, depending upon how many systems a particular website is able to infect.

It has become apparent that it is possible to not only …

Read more...