000webhost

Web hosting

Monday, December 24, 2012

Abseiling Down the Fiscal Cliff

When you look at the magnitude of the problem it seems insurmountable. Nonetheless, let's have a look and see whether we can break this down and make a difference...

- Pass the bill in chunks (3-4 $500 Billion USD chunks) if you can't do it at the moment. Situation is manageable but not dire. There is still time.
- Seems as though both sides are attempting to for a 1-1 dollar debt cut/revenue raise ratio. Use this as the basis for what essentially amounts to a trade of what can be done now if we need to pass an intermediate/stop gap package.
- Think about negotiatons in another way. Focus on the big things that affect the largest number of people first or have the largest impact first or do the exact converse.
- Another option is to simply find finding those who are willing to cross and convincing to see whether they will do so.
- Think we may be looking at this too simplistically. It's not just cutting costs and revenue raising. One of the things that has always surprised me with the United States is the total number of agencies and the size of the government/administration. Many different agencies with overlapping responsibilities. Believe that their may be signifiant savings to be made if there were simply greater co-operation and a streamlining of many activities. Best way to achieve this without cutting required/critical programs would simply be to ask the heads of the relevant agencies (consult individual states as well. Look at programs that aren't producing results, look for alternatives, you'd be surprised what you can provided you have the right in people in the right position in place). Look at the big picture but try to see the smaller details as well. It's clear that there are loopholes everywhere if you spend enough time and consult enough people. If you pass the bill in chunks then you can spend more time dealing with these issues as well.
- Clear that there are generally limited options when it comes to elected officials and members of the administration/executive. Need a clearer vision of where the country is headed. Once this is done, use this as the basis of cuts (if they are required). Have seen a number of times where programs have been stopped and then restarted. In the end of the cost of this administration actually outweighed the cost of having the program running for that entire period.
- Continue 'economic stimulus' and using this money to restructure/reinvest in infrastructure and other projects that are likely to result in strong returns. Use it wisely though. If not, it basically amounts to a risky bet and if the investment doesn't produce the expected return or does not keep pace with inflation then you may be worse off then when you began. Reminds me of dogs chasing rabbit at the race track. Theoretically, if the growth curve runs ahead of the debt curve you could do this forever. Not recommended though. Best used in combination with other reforms.
- Not sure we should be looking at only 1/2 tiers for tax increases. Perhaps 3/4 so that the impact  is not as strongly felt. Need to factor in implementation and overheard issues though. Moreover, clear that there each state has different costs of living. By having a larger number of tiers we can increase flexibility and 'spread the load' better so to speak without pushing family budgets over the edge.
http://www.usmayors.org/pressreleases/uploads/2012/1219-report-HH.pdf
http://www.washingtonpost.com/blogs/wonkblog/wp/2012/12/20/choose-your-own-fiscal-cliff-adventure/
https://docs.google.com/spreadsheet/ccc?key=0AkeTUNT8ZF3ldGNTU2g3Y2pTaFVabDNpaG5Ua2F6cEE#gid=3
http://viableopposition.blogspot.ca/2012/12/your-very-own-fiscal-cliff-tax.html
http://www.washingtonpost.com/blogs/wonkblog/wp/2012/12/20/there-is-no-fiscal-crisis-what-that-means-for-the-us/
- Changing measure of inflation (CPI-U Vs chained CPI) difficult and possibly dangerous route to take. At the end of the day, it is just another metric/variable. By not changing this and focusing in on other issues you may actually save on administrative costs associated with the switch. Moreover, in practive, over time it may just push too many people over the edge. Need to realise that the theory/principle behind this is much like broad based taxation anyhow. If that's what you want why not use it? Moreover, other styles of taxes have greater flexibility naturally built into them. For instance, GST/VAT can be applied to whatever goods/services are relevant and changed when required if they are written well.
http://www.huffingtonpost.com/rep-alan-grayson/the-chained-cpi-cut-if-yo_b_2340095.html?utm_hp_ref=politics
- Let the cliff occur. Then start working backwards. Horrible option but an option nonetheless. Won't give markets much confidence. Temporary pain obviously. Need to put this into perspective though. United States economy is huge and should be able to absorb it.
http://www.smh.com.au/business/world-business/so-what-now-seven-fiscal-cliff-scenarios-20121222-2bs8d.html
- Focus in on cause and effect issues. Look at the number of healthcare programs that are currently  being considered to be cut. If you increase the tax on products/services (and it successfully leads to a reduction for these particular products/services) that are likely to cause them health issues then you ultimately reduce the burden on the healthcare system and also gain extra revenue from the product/service themselves. Question is of course, just exactly what is the level of taxation required to achieve this?
http://en.wikipedia.org/wiki/Medicare_%28United_States%29
http://en.wikipedia.org/wiki/Medicaid
http://en.wikipedia.org/wiki/Tricare
- Large number of healthcare problems/costs. Consider bringing in overseas healthcare specialists/staff to help relieve possible costs. Really need to be careful with screening though. Local experience has taught us that this can lead to medium/long term pain if insufficient checks regarding qualifications are made.
http://www.careerbuilder.com/Article/CB-1806-Healthcare-Why-Healthcare-is-Experiencing-Work-Shortages
http://www.njhealthjobs.org/sites/default/files/health_care_workforce.pdf
http://app1.kuhf.org/articles/1337207668-Legislators-Grappling-with-State-Wide-Shortage-of-Healthcare-Workers.html
- Link the increase in age for Social Security to occupation (labourer, office workers, etc...). Dig enough into your data and you'll figure out what is a fair age for the relevant occupation so that ultimately everyone averages out
- Economy is too dependent on gas/carbon at this stage. Larger carbon producers and transportation for both people in general as well as for goods may be too strongly impacted (If public transportation were safe, could handle extra load, and was cheap enough it may be a viable option though but this doesn't seem to the case in many cases. Have noticed that price of gas in the United States is significantly lower than elsewhere in the world.). Australian implementation of carbon tax to top producers of carbon have had limited impact on end consumers but there has still be an increase in price. May consider this further along the line or stagger it as Green technology uptake becomes stronger (in first year and increasing in 1% increments until reaching a chosen target?)
http://www.bbc.co.uk/news/world-us-canada-13338754
http://chartsbin.com/view/1115
- VAT/GST with exemptions for staples/necessities. This would allow people to budget better while maintaining a revenue stream. Need to be careful with implementation though. Overheads of changing it once in place is not easy as indicated by local experience. While there are critics with regards to transparency experience indicates that if you remove other complex, competing, tax schemes at the same time a lot of overhead can be reduced for businesses in the long time making business easier.
- Despite the obvious problems, need to be wise about this. Policy that is created hastily without thought of the medium/longer term effects can be damaging not only for your economy, but for morale, healthcare, and a large number of other issues as well.

Friday, December 21, 2012

Politics, Weapons/Gun Control and the Fiscal Cliff

Let's face it, a number of countries around the world are currently in financial difficulty. I've written about this previously in the 'Convergence' document (some of the theories mentioned have actually been used). Whilst these policies have helped to stabilise a number countries, I haven't necessarily agreed with the way in which they've been been implemented. In the case of the European Union several of the countries involved have had policies imposed on them which weren't pertinent to their particular situation and may actually cause them some medium range harm at the cost of immediate relief (Admittedly, we have come a long way back from the precipice.)(I'll outline what I mean shortly.).

So I guess this is 'Take Two'. The reasons how the United States has achieved it's tenuous situation are well known but the means that it has sought to extricate herself from her present circumstace diverge (sometimes alarmingly so considering a compromise needs to be achieved very soon in the near future). I think one of the key questions that should be asked is how quickly does she wish to pay down her debts and what is the likely direction of successive administrations? Another that should be asked is just exactly how far are they willing to push their citizens.

In France, taxes on wealthy individuals have reached levels so high that many high profile/wealthy citizens have changed (or are considering) changing their place of residence. Clearly, there are two schools of thought. One is that we require high wealth individuals/organisations to create jobs for others. However, I recall a Wall Street Journal article that suggests that this is not always or entirely the case.

In Spain and Greece drastic cuts have had such significant negative impacts on the living conditions of the general population/middle class. Wide spread cuts to the middle class may possibly push those on the 'edge' over it which may lead to a cascade of other societal issues (increase of crime to support oneself, health insurance, poverty and so on).

I think two things that should be absolutely critical to these negotiations are a rough figure of what cost of living is (basics such as food and water to things like healthcare and utlity bills)(I recall strange welfare oddities which have meant that people were often better off staying at home rather than going to work. Further thought is required here!) and exactly how much are the wealthy willing to pay before they say enough is enough and begin undertaking non-trivial tax avoidance schemes.

From this point we can begin to work backwards. If we can figure out the spread of income/assets across the population we can begin to understand exactly how far we can push before the cuts begin to make too significant an impact on those affected. It's at this point I wish to digress to game theory. If you've ever played a game which has a production as well as a consumption aspect to it (such as Poker) then you'll realise that large bets (spending) are much more rare when you have little to spend. Extrapolate this across an entire population. If not enough people have enough to spend then economies which are dependent on consumption are suddenly in trouble. Balance is key but for this accurate numbers (monitoring on top of projections) are absolutely critical.

I'm sure we've all heard about recent gun tragedy in the United States... It really puts into perspective the cultural differences between the United States and many other countries but for the first time in a long time it's become clear that gun control reform is at the forefront of everyone's mind.

There is an avalanche of opinion but one thing remains clear the so called, "right to arms" plays a far greater role in the United States than in other nations. For instance, Australia is lucky in that it was populated in rather unusual circumstances and is essentially a isolated giant island which has meant that it has been relatively free from war. Other countries used conflict (and continue to use) as a means of forming national boundaries/borders and land locked countries are of course always at stronger risk of invasion owing to relatively greater ease of movement over ground rather than sea or air. Some things that are of interest include:

- storage (store only at clubs, police stations, etc... Many possible problems here including those that require guns as part of their livelihood such as those living in rural areas or on farms)
- culture (television, films)(freedom of expression problems here)
- size of catridges (large scale shooting more difficult with smaller catridges)
- stopping power (ammunition that causes less damage)(exemptions created where required)
- mental health (history indicates that some intigators often suffer from mental difficulties)
- stronger surveillance (law enforcement/intelligence difficult as is. How far do we go? Some automated detection systems won't work against alternative material weapons)
- buyback scheme (logistics/tracing the location of every weapon mightn't be realistic or possible though)
- whitelist as opposed to blacklist methodology (focus on what is needed/desired by people in the general public rather than on what should be banned. Allow these and then ban everything else with obvious exceptions for law enforcement/defense)
- increased law enforcement numbers/rounds around high population areas (these services likely streched as is)
- designated safe areas (in Israel many buildings have safe areas/bunkers where people can hide from rocket threats until they dissippate. What about those between safe areas though?)
- education (not sure about the impact of this?)
- make private sales illegal by only allowing sales through licensed brokers (hard to police/check) which helps to ensure proper/adequate checks are made (logistics?)
- background checks (problem is whether there are adequate resources in place or can be allocated. Enforcement is a major problem as indicated by FBI)
- trigger locks on guns (careful thought required here, if there are flaws in these mechanisms 'class breaks' are a distinct and dangerous possibility)
- provide people with alternatives to guns. Minimise gun distribution as much as possible.
- stronger gun controls/laws (need to be careful with the actual implementation as discussed further on)
- politics (we'll discuss further on)

If you've been reasonably observant of late then you'd realise that recently there has been an extremely close margins of victory in several democratic nations around the globe which has ultimately resulted in 'compromised' decision making. Based on what's been reported in the media it often feels as though we're not satisfied with the options that we currently have. A local journalist recently indicated that we may quite simply be creating undesirable environments for people who have the characteristics/skills to work in.

http://www.smh.com.au/executive-style/culture/blogs/all-men-are-liars/governed-by-inferiors-20121120-29ne5.html

From a personal perspective, I think that a lot of the 'romance' of politics has sort of disappeared. Political parties are increasingly funded by major private entities and if your particular 'cause' is not cogniscent with that of these entities then the likelihood of your campaign being funded and succeeding is miniscule. Moreover, campaigning is often no longer about results or superior policies. It's a combination of personal attacks, highly formulaic/scientific/mathematically based campaigning that often detracts from the actual job of running a state/nation.

Ultimately, this often attracts a strange group of folk who sometimes lack the competency or moral capacity (if you read the previous American attempt at gun law reform there were clearly significant flaws in their contruction which may lead a cynic to question whether or not they were left in deliberately, whether there were issues of competancy, or whether it was simply a half hearted effort) that I desire of someone who is running a state or nation (I don't expect them to know everything but I do expect them to have an internal moral compass that points in roughly the same direction that most normal people do.).

Some have argued that we should perhaps consider changing funding models to reduce the impact of third parties on politics. However, this will clearly require bipartisan support and risk the existing staus quo. Unlikely to happen.

Others have argued that we should simply increase the wages of politicians and other public servants in an attempt to compete directly against the private sector to attract the 'best and brightest'. That's fine.

One thing I'd like others to think about though is that if one can put up with all of the other 'external issues' pertaining to the job (media, personal attacks, and so on) I ask you what possible greater honour can there possibly be? You are an 'elected offical' of a community that more than likely has a population of several million at the worse. Moreover, you have an opportunity that few others have.

You have the change to do something that will have a long lasting and wide spread impact on an innumerable number of others around you. Unlike a scientist, you're not attempting to decipher problems of possibly infinite complexity. Unlike a doctor, you need not deal with one patient at a time. Unlike a lawyer, you need not defend people of questionable morals.

A politician simply is. A politician can change laws as needed/required, can redefine history simply by showing up at their work place, and is in a position of privilege that quite simply does not exist in the private sector. A politician is a representative of the people and a fundamental reflection of who we value, what we value, and how we act on it at that particular point in time.

For these reasons, I wish to convey (it's most eloquently stated in French) a simple message to those few politicians who can still be considered faithful to the people's cause. Bonne Chance.

http://www.washingtonpost.com/blogs/wonkblog/wp/2012/12/14/nine-facts-about-guns-and-mass-shootings-in-the-united-states/
http://www.nytimes.com/2012/12/16/us/politics/justice-dept-studied-and-shelved-ideas-to-bolster-gun-database.html?hp&_r=1&
http://www.huffingtonpost.com/2012/12/16/gun-background-check_n_2312582.html
http://www.washingtonpost.com/politics/congress/ap-sources-new-obama-offer-moves-toward-boehner-with-400000-tax-hike-threshold-more-cuts/2012/12/17/666f2e06-48ab-11e2-8af9-9b50cb4605a7_story.html
http://www.theglobeandmail.com/news/world/expats-debate-does-a-mental-health-strategy-need-to-be-part-of-obamas-guns-task-force/article6553135/
http://www.washingtonpost.com/politics/obama-asks-cabinet-members-for-proposals-to-curb-gun-violence/2012/12/17/ac4a8dae-4869-11e2-ad54-580638ede391_story.html?hpid=z1
http://www.washingtonpost.com/blogs/wonkblog/wp/2012/12/18/a-better-target-for-gun-control/
http://www.washingtonpost.com/blogs/thinktanked/wp/2012/12/19/battle-over-gun-control-fiscal-cliff-negotiations-and-boehners-shake-up/
http://www.washingtonpost.com/blogs/thinktanked/wp/2012/12/03/petraeus-fallout-shows-diminishing-separation-between-think-tanks-and-government/
http://www.washingtonpost.com/blogs/wonkblog/wp/2012/12/17/everything-you-need-to-know-about-banning-assault-weapons-in-one-post/
http://thomas.loc.gov/cgi-bin/query/z?c103:H.R.3355.ENR:

Thursday, December 20, 2012

Thinking, Copyright/Security, and Bug Analysis

Someone recently remarked that we should be teaching students/children to think rather than learn by rote. That's fine. However, there's one significant issue here. Without a base level of knowledge there's not much that they can do of any significance. Imagine two students. One is taught nothing other than cheese appreciation/making and 'The Art of Thinking'. Another has a more balanced education with a balanced education that emphasises both thinking but with a broader educational base. Which is going to more useful in the long term? Unless, the child loves cheese and the cheese makes the world go round the latter makes more sense right?

Bugs of the Week

Microsoft's Windows Media Player 12
Optical drives are enumerated on startup of program which means hot plugged optical drives aren't picked up while the program is loaded in memory. A restart of the program is required.

Trading Website (further details not disclosed for security reasons)
Some websites are becoming overly dependent on certain technologies for one reason or another without factoring those who may not be support it. This one is highly dependent on JavaScript. In fact, you can't even move to another page without getting authentication errors when JavaScript is turned off in your browser. Needs a secondary option...

Service Provider (further details not disclosed for security reasons)
I first discovered this flaw in another service provider during the dial up era and amazingly it still exists now. Using generic credentials some providers allow you a fairly large amount of free time/access to the Internet prior to requiring authentication. Back then things weren't that bad since downloads were often dictated by bandwidth but given the speed of todays connections it seems fairly clear that this needs to be better thought out. I did a rough calculation and determined that this particular provider would allow several hundred MB in downloads prior to requiring authentication. A captive portal type is an option.

http://en.wikipedia.org/wiki/Captive_portal

Music Producer (further details not disclosed for security reasons. The media/music in question was produced about a decade ago, unpopular, and is almost impossible to find in retail music stores (I got this in a used music store). Moreover, much music is purchased digitally now and it's likely they've moved on to other systems.)
I recently had a problem ripping some music (could only rip 2/3's of the disc) for use on my smartphone. I thought it may be related to a scratched disc but cleaning it and using another drive (some drives have superior error detection and correction capabilities) didn't achieve anything. At a certain point disc reads/ripping would time out (in the first 20% of a track about 2/3's of the way through the disc). I had an inkling that there may have been some copy protection involved. Attempting an ISO copy of the disc in ImgBurn resulted in the following.

####Start ImgBurn Quote####
As Yoda would say, "Hmm. Failed in your attempt to outsmart me, you have."
ISO is not an appropiate container format for the current disc.
Reason. The disc contains multiple tracks.
Regardless of what you select for the file extension, I will not create a true (MODE1/2048) ISO image!
The file will be created with a '.bin' extension instead.
####End ImgBurn Quote####

Letting ImgBurn run with a '.bin' copy resulted unsurprising in a freeze/timeout.

Using CDBurnerXP resulted in the following errors (whole disc copy using .MDS format).

####Start CDBurnerXP Quote####
Unreadable area detected on disc at position ??????

I/0 Error!
Device: ?
ScisciStaus: 0x02
Interpretation: Check Condition
CDB: ?
Interpretation: Read CD - Sector ?
Sense Area: ?
Interpretation: Timeout on Logical Unit
####End CDBurnerXP Quote####

There are obvious clues though. There were indications that the disc itself was partitioned into multiple tracks/sessions. This technique itself is ancient (think the early floppy disc era/decades ago) and is similar to another scheme that was recently used by another music producer that involved blanking out the first track of a music disc to make it readable to music players but not to computers (you could circumvent it by literally carefully running a texta over that first track). In this case, I got around it by loading it up, ripping the first 2/3's of the disc (partition is set at about 2/3's of the disc capacity), stopping the process, connecting an external optical drive and then ripping the final 1/3 from there (stopping/restarting doesn't seem to work. There seems to be measures to calculate a continuous read around the disc.)(I tried both lossy MP3 as well as a lossless WAV rips which were successful).

The purpose of this is not to prime you on how to break copy right protection systems! It gives you an idea that a lot of the work out there is often derivative and often not enough thought is put into the theory or implementation of such technology. Many of the implementations out there indicate an understanding of one side of the equation but not another which often leads to a gaping hole (read up on the history of breaking DVD, PDF, and PayTV encryption).

http://en.wikipedia.org/wiki/Analog_hole
http://en.wikipedia.org/wiki/Kerckhoffs%27s_principle
http://en.wikipedia.org/wiki/Portable_Document_Format
http://en.wikipedia.org/wiki/DVD
http://en.wikipedia.org/wiki/Content_Scramble_System
http://en.wikipedia.org/wiki/Smart_card

Tuesday, December 18, 2012

More Security Analysis and Bugs

Seems as though the vast majority of traffic on the Internet is actually automated. One of the greatest ironies of what I've discovered is that those who are launching attacks are also among the most likely to be attacked as well.

http://www.akamai.com/dl/whitepapers/akamai_soti_q212.pdf

There is a theory which says that due to the nature of Western society and its strong private/public split that this will compromise national security (mainly owing to the problem of oversight and resources). There may be a case for this argument but it's becoming clearer that there is a strong desire/push among Western nations for greater oversight of private enterprises (particularly, those who own or operate critical infrastructure). This may have resulted in former law enforcement/intelligence staff being increasingly involved in vendor development/manufacturing as well as recruitment (as part of their staff) as well.

An example of the apparent stronger co-operation in the attacking as opposed to the defensive side. It may actually be easier to simply go out and attempt to purchase/rent control over an existing 'botnet' then to get co-operation/help with regards to taking one down based on some of the examples that I've seen. Clearly, though you have to take the good with the bad though. I've seen cases of botnet's being sold several times over to a group of people. They offensive side seems to suffer from a stronger 'skills gaps' and though their knowledge/maturity does seem to be more 'gappy' than that of many people on the defensive side. For instance, naming conventions, mix of complex/simple, and occasional flaws in their software (I've come across some extremely primitive infections) suggests that many of them may not entirely understand what they are being involved in (offensive side has many at the lower rung, few at the middle rung, and a tiny minority at the top. This is reflected in both normal society as well as those who work in the security industry (depending on your locality).).

https://community.rapid7.com/community/infosec/blog/2012/12/06/skynet-a-tor-powered-botnet-straight-from-reddit

For those who are at the top of the offensive side, it's clear that they can often be extremely professional. They are extremely focused, efficient, takes steps to cover their tracks (diversion and anti-forensics becoming increasingly more common), have strong knowledge of the underlying platforms required/protocols and are often extremely thorough with regards to background knowledge of their target. A lot of it sometimes feels as though it may have come from insider knowledge.

http://www.mcafee.com/us/resources/reports/rp-operation-high-roller.pdf
http://www.mcafee.com/us/resources/white-papers/wp-analyzing-project-blitzkrieg.pdf
http://www.washingtonpost.com/national/national-security/cyber-intruder-sparks-response-debate/2011/12/06/gIQAxLuFgO_story.html
http://www.recurity-labs.com/content/pub/papers.shtml
http://www.sourcefire.com/resources/white-papers
http://www.militaryaerospace.com/articles/2012/11/darpa-plan-x.html
http://www.militaryaerospace.com/blogs/aerospace-defense-blog/2012/10/stealing-a-drone-by-spoofing-is-it-that-easy.html
http://www.coverity.com/library/pdf/coverity-managing-risk-wp.pdf

A while ago I completed/submitted/published my 'Convergence' report. Since then several other studies have been conducted/completed/published. One of them was the Australian Government's 'Asian Century' whitepaper, another was from the Asian Society while another was from the United States's National Intelligence Council.

http://asiancentury.dpmc.gov.au/
http://asiasociety.org/policy/united-states-and-south-asia-after-afghanistan
http://globaltrends2030.files.wordpress.com/2012/11/global-trends-2030-november2012.pdf
http://www.ianslive.in/index.php?param=news/South_Asia_faces_several_shocks_US_report-391175/INTERNATIONAL/13
http://globalpublicsquare.blogs.cnn.com/2012/12/10/what-a-u-s-asia-policy-should-look-like/
http://en.wikipedia.org/wiki/Asian_Century
http://en.wikipedia.org/wiki/Middle_Income_Trap

Another concept that I've been toying around with since the 'Cloud' document.

http://www.zdnet.com/linux-based-qubes-os-sandboxes-vms-for-added-security-7000003892/
http://qubes-os.org/trac
http://freebsdfoundation.org/documents/FBSDF_3-fold_2012102201.pdf

Namely, application sandboxing all the way throughout an Operating System. It will be interesting to see how it will actually play out in the real world and their implementation of the concept.

Bugs of the Week

Sega's/Sports Interactive's Football Manager Series (most of these apply to 2009 but some apply to only earlier versions)
- max age for a manager is 100 years
- taking over opposing clubs and deliberately spending complete transfer budget, increasing salary of mediocre players and selling best players to relegate/bankrupt them continues to work as a strategy against clubs you don't like
- some clubs hardcoded to be taken over to come back up? In earlier version a major club could get into trouble and then basically fall out of the game/system altogether. Some now come back up even though they seem to be in severe trouble through a buyout/takeover
- trophies, points freeze up with regards to Hall of Fame after a certain number. Number is accurately tracked in manager history though
- job offer for Assistant Manager still maintained in Transfer section even though job offer has been taken up by someone else
- had one instance of not well formed XML with regards to news creation. Have had a number of other occasions where I could not reload a saved file due to an unrelated system crash as well. More needs to be done with recovery/robustness.

Iceweasel Web Browser
Hit the pause button at the correct time/under certain circumstances during a download and you can achieve nonsensical values. For instance, I recently got 1.3 out of 1.2MB download. Investigate when I have more time.

Un-named Recruitment Website (company/more details undisclosed for security reasons)
If password mismatch error message showing up as unfilled section rather than password mismatch. CV upload race condition.

HTC Cha Cha Phone
Has a number of bugs/problems which relate to power consumption.
http://androidforums.com/htc-chacha/535164-fix-battery-drainage-issue-make-battery-last-longer.html
http://androidadvices.com/increase-htc-chacha-battery-life/

Generic Dynamo Powered Torch
Interesting that a rechargeable battery drained at a rate of about 0.01V/s once recharged (Opened the device and used a multimeter to track. Interesting how simple/complex some devices are once you see them disassembled.). Always knew that once Lithium based batteries hit a certain point they begin to lose storage capacity but this is the first time I've really understood just how drastic the change is.

Monday, December 10, 2012

More Security Analysis

Obviously still working on my 'Cloud and Internet Security' report (780+ pages/207K+ words now). Has been incredibly englightening and interesting.

A few data mining projects (law enforcement/intelligence) have really getting in the way of themselves really. So much data is being classified that doesn't need to be that it's resulting in a huge number of false positives, redundant data, and just plain waste. It's clear that there are some programs to fix this problem and to clean up a lot inaccurately marked data. Ironically, some material that I came across during research for this document clearly had unfriendly embedded content (I often just switch formats to one that doesn't allow for 'embedded/rich' content to reduce the chances of having to deal a potential security risk. If you understand how most existing AV/IDS/IPS systems work then you'll realise how trivial it can be to bypass them.).

http://cryptome.org

Seems clear that we are trudging over the same material over and over again. Declassified Walsh report from about a decade ago seems to cover a lot of the same ground that we are now covering in regards to surveillance/intelligence collection by law enforcement/intelligence.

https://www.efa.org.au/Issues/Crypto/Walsh/walsh.htm

Nice resource on biometrics. Seems clear that a lot more work research needs to be done though.

http://www.cse.msu.edu/~cse891/Sect601/textbook/

Nice introduction to reverse engineering.

http://hackingthexbox.com/
http://archive.org/details/HackingTheXboxAnIntroductionToReverseEngineering

A lot of work is being done with regards to cyberwarfare rules of engagement/playbooks at the moment. The 'Tallinn Report' is one attempt by NATO at covering these issues.

http://www.ccdcoe.org/

Is it possible to convert an Arduino device into an automated password cracking device? Believe it may be possible since it all it need do is send a stream of characters right? Will leave this experiment for when I have more spare time.

Looking at issues related to export control and cybersecurity it seems clear that there is quite a bit of flawed logic/hypocrisy out there at times. Countries/people clearly want stronger security/the ability to withstand any attack and yet they still want to maintain the ability to be able to attack others. One example of this is that depending on the nations involved even export of defensive capabilities/services is tightly controlled/restricted to neutrals and sometimes even allies. The irony is that the Internet already provides people/states with enough knowledge already to be able to acquire the knowledge themselves from both the defensive and offensive perspective. Take a look at the current Syrian crisis as an example with regards to their makeshift weapons, rockets, and even a hybrid car/tank. Where there is a will there is often a way (though it may be more difficult). Another thing that needs to be thought of is that human thought is often iterative. Inductive leaps in theory and implementation are far more rare than one may think. Many things can be inferrered or reversed. Critical sectors such as law enforcement, intelligence, defence, and advanced research and development have all been caught out (undercover agents, sources, and scientists literally blown via Facebook, Google, and so on).

http://www.bbc.co.uk/news/world-middle-east-20522585
http://www.networkworld.com/community/blog/famous-patriot-hacktivist-jester-shares-battle-chest-osint-tools

Confirmation of some of my earlier work in the 'Convergence' report.

http://www.ukmediacentre.pwc.com/News-Releases/UK-companies-leaving-the-security-of-their-data-on-cloud-to-chance-shows-research-by-PwC-Infosecurity-Europe-122c.aspx

Changing signatures of your network/system architecture is something I've been playing around with as indicated in my 'Convergence' report.

http://www.militaryaerospace.com/articles/2012/07/raytheon-cyber-maneuver-technology-to-help-safeguard-army-networks-from-information-attacks.html

The more you dig the more you figure out that there is no single company that has a really 'pure history' when it comes to best security practice and even business process. The larger the firm is the more likely it will have a long history, have gone through a break up, merger, or acquisition which means that standards may often drop for a small period of time. Moreover, based on personal experience/observation vendor communication/co-operation can often be disengenuous. Patches are often delayed, a severe bug report can often be 'spun', or you can often be ignored completely... Communication is no guarantor and neither are legal frameworks as well depending on the people/states involved.

http://www.h-online.com/security/news/item/Huawei-sends-team-to-visit-critical-researcher-1741575.html
http://www.h-online.com/security/news/item/Huawei-s-routers-of-vulnerability-1657620.html

Interesting...

http://www.h-online.com/security/features/Detecting-CSRF-vulnerabilities-1743836.html

Soldering tips

http://www.fixup.net/tips/soldering/index.htm

On a finishing note, if you run out of (or prefer not to buy) disc scratch fixing fluid try toothpaste or bicarbonate soda. They are both light/mild abrasives and I've used them successfully.

Network Traffic Analysis, Laptop Power Charger Replacements, and More Bugs

If you've ever worked on a network of any reasonable size or have had to deal with network administration management in any form of capacity then you would have realised that two things that you'll need to deal with are bandwidth and quotas. Recently, I've been experimenting with various proxying technologies as a means of dealing with these particular problems. Some of the cloud based variants include Opera Turbo and FasTun (basically your browser is setup to reference these particular servers instead of going direct to the Internet). Accounts by others seem to indicate that performance improved for others but personally I haven't seen much of a benefit (I believe that this may be due to the nature of the content that I work with and the fact that I already optimise many network settings already. I experienced similar results when using a local proxy.).

http://fastun.com/
http://www.slideshare.net/sefc/using-opera-for-slow-connections
http://www.opera.com/browser/turbo/
http://www.ghacks.net/2012/03/02/4-options-to-save-bandwidth-speed-up-web-browsing/
http://superuser.com/questions/270455/any-add-onservice-for-firefox-to-compress-incoming-data-like-opera

What I have found to be of significant benefit has been proxying or completely blocking advertising, system updates (browser updates are a particular nuisance), multimedia, and various other unrequired services/network applications. Use an application like ntop, iptraf, wireshark and you'll be shocked to realise just how much traffic gets through. On one network I've managed to slash traffic to a third of its original usage.

Obvious options for blocking include doing it at the gateway/firewall/router level but personal experience has taught me that SME/SOHO based implementations are rather limited so multiple layers may be required to deal with the problem. If your gateway/fireall/router can only handle a certain amount of DNS/IP based bogon lists than you may require a secondary option such as another device, server, or even local browser based addons and host (/etc/hosts under Linux/UNIX) file based modifications.

http://pgl.yoyo.org/as/serverlist.php?showintro=0;hostformat=hosts
http://pgl.yoyo.org/adservers/formats.php

Examination of 'updated_ad_blocker_for_firefox_11-0.7.7-fx.xpi' (a Firefox addon) indicates that it works along similar lines as the bogon list option. Basically, regex/pattern matching and then send queries to these particular servers back to the local loopback interface or else drop traffic from these particular sources entirely.

user@system:~$ mv updated_ad_blocker_for_firefox_11-0.7.7-fx.xpi updated_ad_blocker_for_firefox_11-0.7.7-fx.zip
user@system:~$ unzip updated_ad_blocker_for_firefox_11-0.7.7-fx.zip
user@system:~$ vim content/defs.js
####Start Quote####
 var adsUrls=[
        /(http|https):\/\/(www|ssl)\.google-analytics\.com\/(urchin|ga)\.js/,
        /http:\/\/[a-zA-Z0-9]*\.googlesyndication\.com/,
        /http:\/\/[a-zA-Z0-9]*\.googleadservices\.com/,
        /http:\/\/ad\.yieldmanager\.com/,
        /http:\/\/ad\.zanox\.com/,
        /http:\/\/ads1\.msn\.com/,
        /http:\/\/ads\.hulu\.com/,
        /http:\/\/a\.huluad\.com/,
        /http:\/\/ad\.auditude\.com/,
####End Quote####

Reasons why you should try to get a proper laptop power charger replacement whenever/ever possible.

http://electronics.stackexchange.com/questions/11355/would-a-laptop-charger-at-incorrect-voltage-fail-to-supply-power
http://www.badcaps.net/forum/showthread.php?t=6986
http://www.badcaps.net/forum/showthread.php?t=21931
http://superuser.com/questions/79818/using-a-20v-power-block-on-a-19v-notebook
http://www.techsupportforum.com/forums/f16/seagate-drive-over-voltage-damage-427100.html
http://www.fatwallet.com/forums/technology/1139374/
http://www.tim.id.au/blog/tims-laptop-service-manuals/

Bugs of the Week

Sega's/Sports Interactive's Football Manager Series (most of these apply to 2009 but some apply to only earlier versions)
- bugs with regards to dealing with finances. Once you go past certain point your finances wrap around that particular variables storage limit. In old versions this would lead to negative finances. In newer versions can lead to a management takeover
- every once in a while a scout "finishes assignment" in the news
- being able to loan a player for a fee that is more than the size of the available funds for another team which leads to instant bankruptcy (earlier versions)
- good player's (presently) names are often combined or re-used. For instance, I recently came across a great defender called believe it of not, 'Fernando Tevez'. Often technical good, creative, Brazilian players are called '[prefix]inho'
- every once in a while a wage negotiation for player results in silliness. For instance, 90 Euro as opposed to 90,000 Euro. Often this will make it impossible to purchase the player or else renegotiate the contract. The only way to deal with it is to re-bid for the player or sell and attempt to re-purchase him
- during negotiations of contract for GK coach stats/details for manager are provided rather than for a GK coach. Suspect that this may be related to a manager who has been hired as a GK coach and is early in his career though
- if you give a guy a job with higher seniority than the one that he is seeking he will reduce his wage demands rather than increase or maintain them

w3af (Windows port, may be a slightly older version)
Drop down list for target when it has only been first initiliased results in entire list being populated by first target. Believe that this may be some lazy programming that may be fixed over time?

sarg
Strictly speaking not a bug but when run as non-root user, error message is following. Not too helpful.
user@system:~$ sarg
SARG: File not found: /var/log/squid/access.log

Leadtek's WinFast PVR2
- "Fails to load decoders" or "Fails to load graph" when means it can not detect USB TV dongle. Better message would be helpful
- sometimes if you change channels quickly enough and it will eventually lead to a crash
- while previewing a new program the channel doesn't change properly to reflect what is occurring
- if you get into trouble advice is don't downgrade. You may get all sorts of strange errors about not being able to load decoders. Use the version that you installed the program with or else uninstall the program first and then re-install the version that you require

Some fun...
http://despicableme.wikia.com/wiki/Special:Videos

Monday, November 5, 2012

More Security Analysis, Religion, and Sound Editing

One of the things that I find particuarly interesting when people discuss the concept of cyberwarfare/intelligence is that many people are often incredibly ignorant to some of the things which need to occur in order for our concept of peace to remain a reality. Moreover, they often question some of the ethical conundrums that are often raised as part of such operations. I think the biggest difference between physical and cyber/virtual operations is that cyberwarfare/intelligence tends to spill into the civilian world. It's rare in the physical world for you or your assets to be co-opted into a intelligence/defense role. This is not the case in the virtual world.

I think one of strange things is is that people are thinking about cyberwarfare in a very physical fashion. That for every piece of equipment in the real world there should be something that is analogous in the cyberworld. I beg to differ, the cyberworld offers up far more opportunities than you would believe/conceive. If you don't have a piece of equipment in the real world you either go without it, find the resources to pay for it, steal it, or pehaps even borrow it from an ally. The cyberworld/battlefield can be shaped and molded as you see fit.

If you don't have a particular piece of equipment you examine existing cyberweapons (the source-code for malware as well as binary forms are often readily available if you know where to look (and can be reverse engineered if you have the requisite skill, time, and resources)) and modify them as you require. Provided you have the expertise to sanitise them before you use them there should be limited risk associated with re-using someone else's cyberweapons. Moreover, you can shape the landscape itself by taking control of key networking devices such as routers/gateways/servers, firewalls, modems, switches, and even end user computing devices themselves. Ultimately, all nations will/should have the ability to be able to develop/form strong cyberdefenses given enough support and training.

Just because someone says they're certified or they have a certain number of years experience doesn't mean anything. I know of people who have learnt about computer security through highly unusual circumstances, I know of people who taught themselves to pass the certification test/exam but haven't learnt the material thoroughly, I know of people whose skills have atrophied by taking on the wrong role... As has been stated previously, "you can't always judge a book by it's cover".

If you ever develop an interest in any form of security (computer or otherwise) one of the biggest problems you'll face is dealing with FUD. If you've read enough material you can often become anesthetised to it or just plain paranoid. To put this into perspective, let's take a look at our current perspective with regards to so called 'cyberwar'. Definitions vary but if you look hard enough almost anything can be classed as cyberwarfare with some of interpretations that are floating around. I believe that cyberwarfare is, "a substantial, systematic electronic attack on most or all critical infrastructure (transportation, utilities, telecommunications, finance, defense, intelligence, and so on) or supply lines designed to cripple a state or organisation's functioning (often in unison with conventional warfare though they can be discrete operations)". The vast majority of what we've seen thus far are just skirmishes and minor tussles, akin to plain thievery.

While learning the offensive position helps you to learn about how to defend from threats the opposite is also true. By learning to defend properly you can also discover the art of attack as well. For instance, I was recently working with WebKnight after finding details of it on the web regarding FOSS WAFs (Web Application Firewalls). It was clear that the method of defense that it was using was based on examination of string length as well as keywords. For instance, clearly it was just using regular expression/pattern/string matching to block injection and buffer based attacks. In theory it should work well but the way it implements it means that it is capable of blocking legitimate queries without 'tuning'. Also needs better ways of dealing with conflicting rules as well (problem I've seen on other UTM devices as well. Logging in at CLI level is just not possible on some devices). Need to remember that anything that is sent to the server can be used to attack it. Even innocuous things such as cookies, form entries, and parameters. Many websites across the web suffer from this particular problem as indicated by OWASP.

'Active Defense' is a concept I have been playing around with since the 'Cloud' document (p.117). Let's forget all the technical details involved, I'm extremely curious how existing legal frameworks will deal with this.

http://uk.reuters.com/article/2012/10/29/us-cybersecurity-offensive-idUKBRE89S17G20121029

During times of desperation and despair radicalism and extremism often prevail. Man can not pretend to be something superior to animal if it can not acknowledge that we are often the source of our own demise. As long as there are those who are marginalised within society radicalism and extremism will always find a means to exist and proliferate. While certain religions are currently considered 'dangerous/radical' if one looks deep enough almost every single religion has had a period of conflict or difficulty. Moreover, the basis of radicalism/extremism often have roots in re-interpretations that deviate significantly from the original work/s.

http://en.wikipedia.org/wiki/Judaism
http://en.wikipedia.org/wiki/Buddhism
http://en.wikipedia.org/wiki/Christianity
http://en.wikipedia.org/wiki/Islam
http://en.wikipedia.org/wiki/Muslim
http://en.wikipedia.org/wiki/Jihad
http://en.wikipedia.org/wiki/Crusades

Windows 8 doesn't look too bad in the overall scheme of things. It seems as though they've eschewed the desktop in favour of a more versatile operating system that is capable of competing across multiple platforms. General consensus seems to be that it is a 'solid' mobile platform but a quirky desktop platform. I suspect that if Service Pack 1 provides for stronger, further differentiation on the desktop (especially with regards to the UI) they will have a very strong product offering (possibly an entire ecosystem since programs seem to be reasonably portable) across the board in spite of teething problems.

Have been playing around with some basic sound editing/DJ software. Have tried working with more professional systems in the past such as Traktor and Ableton but honestly sometimes you just want to tweak a song here/there and they are quite simply overkill.

https://www.ableton.com/en/
http://www.native-instruments.com/

Notes in general. I'd like to see better discrete control over graphic equalisers. Synchronisation won't reset on loading of song (Mixx). It's preferable to have more than one sound card or output option when loading up new songs (to keep the mix/crossfade smooth). Surprising how small the difference needs to be for you to recognise the difference when switching tempo (it's also suprising how often songs from a particular artist have almost identical tempos). Speeding up works much better than slowing down tempo. It may be easier, to have a short, padded section when going from a higher tempo to a significantly slower one or else just use a break/intermission when making large changes in tempo.

Don't forget to alter pitch to match when changing tempo (Audacity has a filter to automatically do this). Live mixing is much harder than you think. Suggest that you premix and only make minor modifications at live stage unless you've been doing this for a while (or else use automix/crossfade option if it is available). You may lose quality when using lossy file encoding formats but in most cases there won't be a discernable difference (especially at higher volumes where most equipment will distort the sound anyhow). CPU cycles do matter in multimedia even on higher end hardware. I've been playing around with methods of controlling thermodynamic envionments but have to turn them off sometimes to maintain skip free work. Samples/other sounds can come from anywhere including the existing world and packs from others artists/producers/software. Ultimately, the final sound comes down to you. Depending on nature of music may be extremely difficult to extract particular sounds. May come down to pure experimentation sometimes though there is some software that will allow you to do this (mostly) automatically. Hardware only worth it if you do this on a regular basis.

http://www.mixxx.org/
http://audacity.sourceforge.net/
http://www.videolan.org/vlc/index.html
http://www.mediacoderhq.com/
http://ffmpeg.org/
http://bpmdj.yellowcouch.org/djskills.html
http://bpmdj.yellowcouch.org/aftersplash.html
http://xwax.org/
http://en.wikipedia.org/wiki/List_of_free_software_for_audio
http://mp3.about.com/od/essentialsoftware/tp/free-DJ-Software.htm
http://www.auroramixer.com/
http://www.sourcefabric.org/en/community/blog/630/Open-source-digital-DJ-Integrating-Airtime-and-Mixxx.htm
http://www.djtechtools.com/tag/open-source/
http://supercoldmilk.com/drumtrack/
http://www.hydrogen-music.org/hcms/
http://www.mediacoderhq.com/
http://zynaddsubfx.sourceforge.net/
http://meeblip.com/
http://www.ultramixer.com/

http://bandcamp.com/
http://www.last.fm/
http://soundcloud.com/
http://www.youtube.com/

Bugs of the week.

Meridian/Android
Filesystem copy bug with 'pcmanfm' and Android itself (I've detailed this previously on this blog) when dealing with FAT32 results in zero size files or segmented files. Results in stuttering of sound under Meridian and stop of playback in other media players (believe this is related to buffering algorithm in use under Meridian). Have to re-copy relevant files/re-sync to deal with the problem. Obvious what's happening below. In fact, it happens with me sometimes. Insertion or some other lower level electronic events are causing a signal that is similar to to signal that is created by headset remote control system resulting in random skips.

http://androidforums.com/evo-4g-support-troubleshooting/107129-music-starts-playing-randomly.html

Opera/Linux
On older version of Opera some problems dealing with foreign languages means that 'save' option results in blank filename in subsequent dialogue box.

usb_modeswitch
Needs better user context/permissions checking and possibly better error reporting. If not root will just spit out error stating that device could not be found. Noticed user space freezes with Huawei E160 under Knoppix during modem initialisation. Am using different modem for now. Dig further when have time.

Arista ASB-102 UHF/VHF/FM Indoor Amplifier
Inadequate shielding (from my perspective) between transformer and PCB can result in intermittent problems/short circuits. Strongly suspect problems with internal transformer at higher thermal ranges (been in use for a while now admittedly). Will require more time to confirm.

http://en.wikipedia.org/wiki/Systems_engineering
http://www.microwaves101.com/encyclopedia/navy%20handbook/ew_radar_handbook.pdf
http://www.pedalion.com.au/files/sehandbookv3.pdf

Wednesday, October 31, 2012

More Automated Research/Analysis

I've been examining the 'Automated Research/Analysis' concept further (especially in the context of real time analysis) so that I can design/build a prototype. One of the problems that was faced is the actual filtering of the actual content an underlying file format itself. As I've seen myself on a number of occassions depending on the format recovering the original data can be difficult if not impossible depending on how the developers created it (possibly compressed, packed, encrypted, has a proprietary format, or something else strange was done with it...) Moreover, depending on the nature of the programs data corruption or just mis-alignment (better word may be inconsistency)(through inadequate collection of data, incompetence, inadequte survey design, etc...) of data is possible. In the context of both quantitative and qualititive analysis 'outliers' are always a possibility but as the field of statistics is reasonably well explored (and predictive analysis)(although I admit it's still very much evolving) so I don't see too much of a problem in most circumstances (Still fleshing this out... My thoughts may change after seeing more data.).

Data collection can be any means. I've been playing around with speech recognition technology for a long while and it has come a long way (look at what they've done with Echelon), video surveillance technology has made significant strides (there are a group of researchers in Adelaide who are working on technology that allows you to scan and track a target in real time across multiple cameras though there are still some criticisms of facial recognition technology), and oscillators and data acquisition cards can be had for less than four/three figures from any number of sources and electronic stores.

http://en.wikipedia.org/wiki/Echelon_(signals_intelligence)
http://en.wikipedia.org/wiki/Onyx_(interception_system)
http://en.wikipedia.org/wiki/Frenchelon
http://en.wikipedia.org/wiki/ADVISE
http://arstechnica.com/security/2007/09/the-demise-of-advise-dhs-data-mine-boarded-up/
http://www.fas.org/irp/world/russia/soud/index.html
http://www.cvni.net/radio/nsnl/nsnl021/nsnl21ewar.html
http://en.wikipedia.org/wiki/Facial_recognition_system#Criticisms

After that it's a question of extracting useable/maleable data from the digital representation of the physical phenomena. One part of this may involve an intermediate data format. For instance, in the context of search engines data is often converted to a text format or otherwise a performance optimised, resilient, binary format that allows you to determine whether language in two text strings have similar taxonomy/meaning/context (whether across languages or inside a single language). In the context of facial recognition and images, you may use particular landmarks, shapes, and ratios to determine whether you may have something of interest...

http://en.wikipedia.org/wiki/Data_mining
https://en.wikipedia.org/wiki/Stemming
http://en.wikipedia.org/wiki/Conflation
http://en.wikipedia.org/wiki/Facial_recognition_system#Traditional

From the quantitative (even the qualititive side as well if we factor in taxonomy and semantic variations) analysis side a lot of the concepts that we require are already here. Determing relationships between sets of data is something that is done manually at high school level via algebra with more complex analysis of curves via calculus done at later high school and University level (complex graphing calculators were often used which could automatically define limited relationships between sets of data).

http://en.wikipedia.org/wiki/Student%27s_t-test
http://vassarstats.net/textbook/ch11pt1.html
http://en.wikipedia.org/wiki/Analysis_of_variance
http://en.wikipedia.org/wiki/Linear_algebra
http://en.wikipedia.org/wiki/Quadratic_equation
http://en.wikipedia.org/wiki/Linear_least_squares_%28mathematics%29

http://en.wikipedia.org/wiki/Fourier_transform
http://en.wikipedia.org/wiki/Fast_Fourier_transform
http://en.wikipedia.org/wiki/Fourier_series

Even if it isn't possible to determine a theory which works for the entire range of data it may still be possible to put together theories in series which include boundaries on which the data doesn't 'quite correlate'. For example, in Physics there is something known as the, 'Grand Unified Theory' which is a theory which attempts to model supposedly independent interactions, symmetries, and coupling constants into a single theory.
http://en.wikipedia.org/wiki/Grand_Unified_Theory
http://certifiedwaif.livejournal.com/389422.html

From this base it should be clear that we can lift the base and use it to work on all sorts of automated forms of analysis and research.

If we look at law enforcement/surveillance we have a history of real time facial recognition systems (which have had their fair share of criticism). But if we think about this further we don't need necessarily require real time analysis nor perfect facial recognition (I'm thinking about automated crime reporting rather than tracking people). If we are able to capture particular movements (literally and figuratively) then we can have a general idea of where a suspect is and what crime they have committed. For instance, if we look at the human body and examine a punching movement we have an arm (which is generally about 1/2 to 1/3 the length of the body from the tip of the hand to the top of the shoulder, has a hand that will generally be flesh coloured) which is moving at certain critical velocities with reference to the body (a punching movement will generally go up or across. Clothes are generally of a single colour and of very similar shapes which allow you to distinguish the body while the head is generally uncovered which will allow you to correctly identify most people (unless they are nude though there are laws against that (or they are wearing flesh covered clothing)) and in reference to the target body. Then it's simply a matter of periodically watching for specific relationships to show up particular data sets. For instance, if the punching movement was determined the by equation y = jx^2 + b + a^5cbz^3 and we found this particular relationship showing up in multiple points in our data set then we can be fairly sure that this particular event occurred. Obviously, we can extend the concept further to allow for unique equations that can represent other actions as well. As Quantum and High Performance Computing technology progresses the possiblity of real time analysis and a machine which roughly replicates 'The Machine' from 'Person of Interest' quickly becomes a reality. All you have to do is integrate surveillance, GPS, and time based information and you would be away. Time to think some more and flesh out other details....

http://www.businessweek.com/articles/2012-09-13/watch-out-google-facebook-s-social-search-is-coming#r=shared

Saturday, October 27, 2012

More Security Analysis, Deception Training, and Bugs

One of the things that I've learnt over time is that no matter what the circumstance your first instinct should be that people will lie to you during an investigation. As has been discovered by various other people though there are a multitude of ways (many are arguably pure 'pseudoscience' while others may have some merit) in which to (hopefully) detect the veracity of someone's claims. More often than not though I've found that you need to use a variety of methods in order to determine what's actually going on. While some methods of lie detection are well known and have been extensively researched, it's also clear that people have been trained on how to 'beat the box' and depending on your industry you may have even be taught these techniques as part of your training.

However, as is the case with true 'Stealth Technology' (For true/actual (not 'low visibility' as is the case with current generation technology) stealth craft there is a 'hole' that is left in space in the space that it occupies) sometimes it's fairly obvious when someone has been 'trained' (It's worse and can be borderline comical when they they have only been recently, been poorly 'trained', or have been retrained halfway through an investigation/interrogation because their responses change drastically all of a sudden. Moreover, while some people may be trained in one particular method of lie detection evasion it is often clear that they haven't been trained in other ways. Another problem is when someone (or a group of people) is trained by one source only. In these cases, the way they attempt to deceive you is often very simliar with regards to patterns of behaviour and physiological response across that entire sample. Depending on the type of deception involved the actual true root cause/motivation may not be immediately obvious (I once recall two separate programs. One was a highly sophisticated program that relied on advanced technological analysis of physiological behaviour and another was based on holding an egg. Both measured stress levels and worked fairly well but both also suffered from the same problem. Namely, you couldn't determine the source of the anxiety. It could have been because they were lying or it could have simply been because of the local ambient environment.). You can use surveillance/bugging as another means of lie detection but that's fraught with it's own difficulties (legal as well as technical).

It's ultimately a case of intuition, analysis, negotiation, and a general sense of thoroughness and awareness when it comes to techniques with regards to deception training. The more data points ('equipment' can come from a variety of sources but you should know that even COTS smartphones have the ability to run 'spectral analysers' now) you have to measure/examine though the more likely you will be successful. 

http://en.wikipedia.org/wiki/Microexpression
http://en.wikipedia.org/wiki/Wizards_Project
http://en.wikipedia.org/wiki/Polygraph
http://en.wikipedia.org/wiki/Frequency_spectrum#Spectrum_analysis
http://en.wikipedia.org/wiki/Spectrum_analyzer
http://en.wikipedia.org/wiki/Spectral_theory
http://en.wikipedia.org/wiki/Body_language

One thing that really needs to be thought about though is whether or not they know what they are saying is untrue or not though. There is a long history of legal precedent which states that eyewitness testimony can be problematic. This is due to many differing reasons including the impact caused by the stress of the incident, external (and vested) interests, and even just poor memory. Moreover, if you (or they) do consider using drugs or other additives the reliability of the testimony can be questionable and may not be possible to enter in a conventional setting.

http://en.wikipedia.org/wiki/Sodium_thiopental
http://en.wikipedia.org/wiki/Truth_drug
http://en.wikipedia.org/wiki/Witness#Reliability

Voice biometrics as a means of authentication is something that I (and others) have thought about previously. The obvious attacks are simple such as playing back a recording, or using continuous speech analysis to be able to develop a voice synthesiser so that you can create whatever pattern is required. Obviously, the only way to really know whether or not it is effective is to test it...

http://www.itwire.com/it-industry-news/development/56799-start-up-twins-voice-biometrics-with-recognition
http://www.viewzone.com/handwriting.html

A closer approximation/variation of what I was talking about with regards to behavioural/cognitive fingerprinting.

http://www.itwire.com/business-it-news/security/57142-mcafee-unveils-next-gen-endpoint-security
http://www.itwire.com/business-it-news/security/57156-westinghouse-picks-mcafee-to-protect-nuclear-control-systems
http://www.itwire.com/business-it-news/security/57157-mcafee-pushes-security-connected-vision

Interestingly, such technology/concepts are now being used to protect critical infrastructure as I originally intended. One thing that needs to be thought of though is that the higher the level of the abstraction the more easily it can be abused. For instance, it's easier to change the permissions of a particular file or folder than recreating a bit stream of data with a correct CRC that is clock synchronised to a particular frequency.

Have been thinking further about cyberwarfare/intelligence. There seems to be very little reason for there to be officially sanctioned missions (Traditional intelligence operations tend to have a fairly low percentage of covert operatives/NOC's (though much higher in particular cultures) but given the nature of the Internet and the underlying protocols (perhaps we should think about building non-repudiation mechanisms into/on top of existing protocols/networks?) and the fact that it is possible to mis-direct your investigator via 'Anti-Forensics' I see very little reason why you would opt for this norm. I suspect that the number of non-sanctioned operations will be inversely proportional percentage wise when compared to physical operations.).

http://en.wikipedia.org/wiki/Non-official_cover
http://www.slate.com/articles/news_and_politics/explainer/2003/09/how_deep_is_cia_cover.html
http://en.wikipedia.org/wiki/Clandestine_HUMINT_operational_techniques

After all, even if you are just conducting pure scouting missions what benefit would it be to make it known to your opponent that you are conducting such an operation? Perhaps the only real reason why you would have 'declared operations' may be to reduce the chances of a counter-attack (if they somehow believe that your activity may be grounds for retaliatory action). It may also help to develop training by having people work against real world systems (training missions help both attacker and defenders by establishing configurations/patterns of attack though I suspect that you may only have such missions between allies though. The biggest problem is if there is an actual breach or if a third party decides to interlace their attack between the actual operation itself though... (A proper logging procedure on critical systems it would be 'helpful' in distinguishing between a 'sanctioned' attack and one that isn't of course.)(I've been thinking of using MPLS VPN's and other forms/types of VPN's as a means of developing virtual online battlegrounds. I've also been playing around with the concept of using particular border gateways/trunks as a way of establishing virtual geographical boundaries.))

http://en.wikipedia.org/wiki/MPLS_VPN
http://news.cnet.com/8301-13578_3-57537559-38/u.n-calls-for-anti-terror-internet-surveillance/

If you've ever been involved with hacking (either as a 'actor' or as a 'watcher') then you'd realise that motivations can vary drastically. Another thing you'd realise is that in many firms and most jurisdictions laws/legal frameworks for dealing with incursions/breaches aren't particularly well developed. Factor in issues relating to health, regionality, and extradition and you have the potential for mayhem.

http://arstechnica.com/tech-policy/2012/10/uk-halts-extradition-of-accused-hacker-over-suicide-concerns/

There doesn't seem to be enough of a distinction between 'levels of hacking'. At the moment, those who break in 'for fun' are often stuck in the same situation with corporate spies (if/when they are caught). Admittedly, there are systems which should never be touched (health, defense, infrastructure, intelligence, and so on...) I suspect that there will be need to be several layers. 

I've been exploring the notion of 'damage' (CVSS may be one particular measure of this but we may need to develop other/more distinct metrics in light of some of the dangers we're facing especially with regards to critical infrastructure and the physical and very widespread impact that they may have.)

As I discovered during my experiment ('Convergence' document) reporting security holes doesn't necessarily result in a response or a guarantee of remedial action. For critical infrastructure (there already are fairly strict controls/requirements that need to be adhered to if you are a defense contractor though the White House has recently tried to pass updated cyber legislation) I suggest that we provide amnesty (maybe even a possible reward) to anyone (internal or external to the organisation) who is willing to point out existing holes if they, 'play by the rules' (no data breach and maintain confidentiality). If the company doesn't take action (or if the reporter prefers), a third party (an anonymous 'Wikileaks' or media release is one possibility though not the cleanest/ethical) that people can go to get the problem fixed.

http://www.austlii.edu.au/au/legis/vic/consol_act/wpa2001322/
http://www.whistleblowers.gov/
http://en.wikipedia.org/wiki/Self-defense

Don't know why some people are bothered with regards to UEFI, Windows, and the ability to be able to boot alternative operating systems (x86 isn't so much of a problem as is the ARM platform). As with the cash/currency industry it's a cyclical game of defense and offense. Moreover, there already appear to be cracks in the system already. If you are interested in learning more about this, I suggest you read up on computer forensics, reverse engineering, low level programming, and system architecture.

http://www.neowin.net/news/new-proof-of-concept-bootkit-targets-uefi-and-windows-8
http://www.itworld.com/security/225417/windows-8-secure-boot-already-cracked
http://web17.webbpro.de/index.php?page=the-magic-of-bootkits
http://www.wired.com/wiredenterprise/2012/06/microsoft-windows8-secure-boot/
http://www.tomshardware.com/news/Windows-8-OEM-OA-3.0-Piracy-Genuine-Microsoft,16636.html

The strongest anti-tampering solutions have tended to be those that tended to require some form of network connection and a form of repeated/secure authentication. Even then, they're generally considered 'fiddly' by many people and may even impact on sales. For instance, take Football Manager 2009. An extremely popular series but it was hobbled by a sub-standard backend infrastructure to backup their copyright protection mechanism. So much so, that subsequent patches have removed the need to activate altogether and have a copy of the original disc in the drive.

http://en.wikipedia.org/wiki/Football_Manager_2009

Have being examining Stellar Wind, Trailblazer, and Thin Thread operations at NSA further. Problems with these programs seem to be familiar based on what I've been reading. Even though their 'setting' may be unique they suffer from many of the same problems that more 'standard' organisations have. Reading between the lines, it seems as though there may have been staffing (too many specialists or generalists but not enough people to bind/bring the whole thing back together), project management, and perhaps even a lack of overall support/input...

http://dtbnguyen.blogspot.com.au/2012/10/more-security-analysis-and-machine_8510.html

Countries most at risk against cyberware/intelligence are those who are making the transition from developing to developed or who are already developed but have a 'trusting' culture. We won't discuss who these particular cultures are but some of them have recently acknowledged these problems need to be addressed.

Something to do for those with some spare time...

http://news.cnet.com/8301-1009_3-57535769-83/ftc-offers-$50000-to-robocall-killers/

If you are on a system but don't have administration rights but need to quickly wipe/sanitise unallocated space, just use 'dd' or 'fsutil' to create zero'd files of varying size and repeatedly copy them to wipe your space. Defense includes better use of quotas though this is rare in a SOHO setting.

Ironic that some of world's stealthiest/low visibility (in terms of both classification as well as RADAR cross section, etc...) projects give off enormous sonic booms...

http://www.chinadaily.com.cn/world/2012-10/25/content_15845384.htm
http://www.aviationweek.com/Blogs.aspx?plckBlogId=Blog:27ec4a53-dcc8-42d0-bd3a-01329aef79a7&plckPostId=Blog%3A27ec4a53-dcc8-42d0-bd3a-01329aef79a7Post%3A1f0f7d8b-e48c-4f7f-8f3c-5ac09177c61f

There are design alterations that can be made of course but like the F-117 Nighthawk this may result in severe degradation of aerodynamic performance.

http://www.gizmag.com/boomless-biplane/21871/
http://en.wikipedia.org/wiki/Lockheed_F-117_Nighthawk
http://en.wikipedia.org/wiki/Boeing_Phantom_Works
http://en.wikipedia.org/wiki/Skunk_Works

My bugs of the week.

Leadtek WinFast PVR2
Sound not coming through on 9 GEM (AC3 sound). Need to install AC3Filter and re-install program to re-register/configure sound filters. Don't need to necessarily do a LiveUpdate. Possible to download the program and re-install to get things running properly again (discovered because I was having MTU issues with one of their regional servers and had to manually select a new server to download from). Validation of characters in filenames not handled properly. When filenames have a '/' character in recorded filenames recording not allowed. Tried a shell escape, didn't work, but perhaps they should have considered just substituting/removing these characters?

http://forums.whirlpool.net.au/archive/1744790
http://forum.videohelp.com/threads/309948-WinFast-PVR-captures-audio-in-PCM-only

Meridian/Android
Possible Bug. Can have multiple songs simultaneously. Namely, one that is controlled by the user interface and another that is running in the background . Have discovered that it can sometimes be down to another program on the system that is responding to signals from handsfree controller. Removing conflicting (or re-configuring) programs can help to fix the problem. When this isn't the problem restarting program is another workaround. Believe that it is only under very unique circumstances this happens though. Dig further when have time or when it crops up again.

NextPVR
Unhandled exception (seems to be problem across the board for this program actually though I don't have the absolute latest version admittedly) if no channels setup and you attempt to watch. Would be nice if it automatically prompted you setup channels when required to do so. 'C:\Temp' folder is not setup properly which is required for buffering of Live TV. Threading not handled well in some situations. Deletion of channels can result in stalls in user space even on high end hardware. Need to do some work on auto configuration. Video wasn't coming through initially required some 'tweaking'.

MediaCoder
Doesn't allow to remove files from list without stopping transcoding process. Move files through queue but current filename doesn't refresh accordingly and results in blank filename. Sometimes state/progress of transcoding process just doesn't update properly or program window just doesn't work at all when switching between windows. Hopefully, this doesn't have anything to do with my experiments with ThrottleStop and clock modulation to maintain a stable thermodynamic environment.

Tor Browser Pack
Thought portable Tor program was virtually industructable. Not so, recently had some trouble building a secure circuit. May have been due to file corruption (removing and re-extracting files seemed to fix the problem). Would be nice to see some file integrity checking on launch if this is the case (I tried on at least half a dozen occasions at different time intervals via different systems/connections)).

HP ProCurve Switches
Some dialogue boxes have sentences that don't wrap around properly. Looks awkward but is obviously non-critical problem.

http://www.itwire.com/it-industry-news/development/57064-ibm-beefs-up-security-portfolio

Monday, October 22, 2012

More Security and Surveillance Analysis

I should probably put some of what I've previously said (http://dtbnguyen.blogspot.com/2012/10/more-security-oscilloscope-and-wireless_6750.html)  into better context. I was examining Ethernet over Power solutions and it seems clear that a lot of them use the same chipsets and can often be configured by the same software to be interoperable. Hence, my interests in the total possible number of practical/theoretical 'class breaks' in existing security technology.

My interest in surveillance/counter-surveillance stems from recent discussion regarding a possible change in laws in several developed countries. The laws basically state that a chunk of metadata regarding communications should be held on file for a short while by service providers to aide law enforcement/intelligence operations. There are arguments from both sides.

Arguments against include civil liberties, that it doesn't really help (based on experience in Europe), cost (it's not cheap to store the amount of data we're talking about here. I know of medium sized cloud companies who chew through terabytes of data a month. Even if the amount of data is small securing it is not cheap. Moreover, based on personal experiments (using a web proxy Squid in combination with SARG to examine the total amount of traffic flowing through my personal network) even if you turn off all images and most scripts you're still only halving the amount of downstream traffic flowing through your network (if you're curious proxying has resulted in mostly single digit percentage cache hits on a daily basis. Disabling certain types of traffic have resulted in significant gains though.) Nonetheless, even if we only look at the remaining traffic that's still a lot content from a lot of different sources. Use TamperData/FireBug add-ons on Firefox and you'll see a lot of content/traffic that often makes little sense in the current context without further digging. Do some more research on EverCookies and other tracking mechanisms ('waterhole' strategies are becoming more popular amongst intelligence/criminals based on what I've being seeing rather direct 'spearphishing' attacks.)), and combine this with the fact that there are already many countermeasures out there already (anonymous tunneling of phone traffic via the Internet and increased use of solid encryption) and you'll begin to see how much more difficult the defensive position becomes.

Arguments for include that cybercrime/terrorism have made (and continue to make) substantial strides in tradecraft and technology has only aided that (as I've stated previously there seems to be strong and widespread knowledge of how to bypass existing computer security in highly policed states) and yet law enforcement/intelligence have not had an adequate increase in resources/powers along the way, crimes are becoming increasingly sophisticated and the only real way to keep track of everything is to basically log everything (real time analysis is difficult and requires a high level of resources to setup/maintain and many programs designed to achieve this have had problems that have limited their usefulness in the past (NSA). Even so automated programs have been able to achieve high levels of efficiency. Some forms of intelligence analysis were claimed to have gone from several days/hours down to minutes at the CIA) and hope that there is trail left over afterwards after a report is made (I'd love to see more research between the actual time of incursion and time of detection.). Access would only be granted to such information under exceptional circumstances (for more serious crimes) but it's clear that we've seen abuses both locally and elsewhere in the past. If this goes ahead there needs to be strong oversight/controls in place.

There is public debate at the moment regarding these issues but in a lot of cases I wonder whether or not enough of the right people are involved in the decision making process. It always seems as though the same people involved. Namely, the usual government agencies and lobbyists such as Electronic Frontiers Foundation (EFF), and GetUp. Moreover, the decision making process has not been entirely transparent. It's true that being more transparency may result in giving certain entities a 'heads up' with regards to what particular forms of communication to avoid but it's also clear that in a semi-democratic/democratic environment the dog should wag the tail, not he other way around. Making a decent decision (and with 90% of the picture rather than 60%) now rather than making a panicked legislation in the aftermath of an attack will help us to avoid us becoming a democratic society in name only.

With regards to actual surveillance/counter-surveillance it should be obvious that in this day and age there are enormous variations with regards to the options with regards to both. We'll cover them only briefly here. The are four main types are outlined here, http://www.tscm.com/typebug.html

Combined with computer hardware/software (keycatchers, keyloggers, trojans and other malware, cloners, jammers, scanners, noise/signal generators, frequency counters, and so on) you have serious problems from the defensive perspective.

Perhaps the worrying thing is that jamming/interception (technically illegal depending on the circumstance) equipment is available if you know of the correct channels and at the right price. Given the stringency of communications interception laws in many democratic nations it seems strange (to me) that many forms of surveillance and some forms of counter-surveillance equipment is openly/widely available without requiring a license. If you do purchase such equipment though a strong tip is to test it before purchasing/using it (quality varies drastically and so does cost depending on where you go to), if it requires assembly be prepared to have some or develop some technical knowledge, and it is best to have separate/specialised detection devices for each type of bug that you encounter (a hybrid camera/RF bug detector is often inferior to separate camera and RF bug detectors and so on).

Just as with computer security, most of the time a knowledgeable and creative attacker should technically/strategically always be in the stronger position. In fact, even professionals have troubles when doing a proper sweep (time consuming even when you have the right equipment if the person doing the bugging is sufficiently skilled/creative) sometimes (Hence, my interest into multiplexing, encoding, encryption, stenography, power, and so on... as a means of defense).

To put this into perspective, I recall a story about an embassy being bugged. Clearly, they knew that there bugs in that particular room. In fact, they ran a sweep and while most of the bugs were found they didn't find them all (they were located in a metal window sill in one room). Since they knew that their integrity had been compromised but couldn't find the bugs they built a SCIF (it's far easier to keep a SCIF clean than it is to maintain the integrity of an entire building. In fact, some countries have been using portable SCIFs and SCIFs within existing rooms for decades.) and then basically did nothing of any worth in the room where the bug was supposed to be (The bugs were actually placed in the building during the process of constructing the building. Hence, a proper sweep that could have found these devices would have had them tearing the place apart. However, that was out of the question for various cultural, technical, and other reasons. Hence, they left things as were.).

With regards to Business Continuity Planning (BCP) and Disaster Recovery (DR) I think it's becoming clearer that in secure environments you should be planning backwards rather than forwards. Start from the weakest point (your last backup) and then secure it from there. As I discovered during my experiment ('Convergence' document) a lot of the time people just forget/neglect non-primary systems. The worrying thing is that others are more likely to discover these particular flaws than the actual person running these systems themselves (particularly in under-resourced, under-manned, or under-motivated environments (Something which I recently thought about is that in some environments balancing the security and accessibility of end users is borderline impossible. Some environments quite simply can not be secured simply because that is the nature of the business. The only way to achieve it would be to have (physical or virtual) separate networks and a lot of the time depending on the environment this may be impossible due to resource restrictions.)).

Online Android and iOS App Development, Random Stuff, and More

- if you're like me you've probably fiddled around with mobile application development before. One of the obvious frustrations is t...