Tuesday, January 8, 2013

Wireless/Behavioural Security Analysis and Bugs

I previously theorised ('Cloud' document) about wide spectrum radio solutions to help deal with the problem of expensive/continuous hardware ugprades of telecommunications infrastructure. The CSIRO has since built something along these lines.
http://www.itwire.com/business-it-news/technology/53040-csiro-debuts-10gbps-microwave-backhaul-technology

What has interested me even more though is recent work in software based radio technology. A similar concept but what I'm particularly interested in is the flexibility it will provide with regards to offensive opeations (Electronic Warfare and Jamming).
http://www.h-online.com/open/features/One-software-radio-to-rule-them-all-1775971.html

As many people are probably aware GPS is being updated/upgraded to deal with various known threats such as susceptibility jamming, substandard performance in enclosed areas, and so on. One complementary solution/alternative being considered is Leica's 'Jigsaw'.
http://www.gizmodo.co.uk/2013/01/move-over-gps-a-new-positioning-system-has-you-in-its-sights/
http://www.newscientist.com/article/mg21728985.600-new-positioning-technology-could-compete-with-gps.html
http://mining.leica-geosystems.com/products/
http://mining.leica-geosystems.com/products/unified-hardware-platform-uhp/

Variation of 'Adaptive Networking' concept I was playing with in the original 'Cloud' document.
http://arstechnica.com/gadgets/2013/01/a-wireless-router-that-tracks-user-activity-but-for-a-good-reason/

I've spoken about interlaced attacks, and attacks which involve disrupting activity (they tend to fail open though there are a number of devices which allow you the option of having them fail closed at the expense of ) of security systems by overloading or confusing them in the 'Convergence' report before. The following of a study of how performance drops off in the real world using entry level enterprise firewalls from several well known vendors.
http://www.spirent.com/White-Papers/Broadband/PAB/Broadband-Testing_Entry-Level_Enterprise_Firewall_Test_Report

A variation of my 'Cognitive Fingerprinting' work as outlined in the 'Cloud' and 'Convergence' reports. Basically instead of using purely signatures we're going to look at behaviour as the main means of detecting whether a file is good or bad. Of course, this will be on top of existing security models/systems but something we need to think about is how even this can be bypassed. Some recent research I've come across seems to suggest that many sandbox type solutions that are used to detect presence of malware can be rather obvious. Countermeasures are being deployed which means that only 1/3 of all malware may be being picked up. More thought required...
http://www.newscientist.com/article/mg21728983.100-unmasking-the-cyber-saboteurs-whoever-they-are.html
http://www.newscientist.com/article/mg21728985.300-mapping-malwares-genome-to-fight-future-attacks.html

Neat way of increasing collaboration from the perspective of defense.
http://www.newscientist.com/article/mg21428684.600-why-we-may-never-know-who-created-flame-virus.html

Interesting graph of where your system is likely to get infected by a virus on the Internet. Not sure of it's overall validity...
http://www.newscientist.com/data/images/archive/2898/28985301.jpg

Details surrounding NSA 'Perfect Citizen' program to protect critical infrastructure becoming clearer.
http://phys.org/news/2012-12-privacy-group-nsa.html
http://epic.org/2012/12/epic-comments-on-federal-cyber.html
http://news.cnet.com/8301-1023_3-57560644-93/revealed-nsa-targeting-domestic-computer-systems-in-secret-test/
http://www.examiner.com/article/perfect-citizen-program-tests-security-of-u-s-utility-infrastructure
http://www.fiercesmartgrid.com/story/nsa-secret-cyber-security-testing-no-longer-secret/2012-12-26

Microsoft email Exchange/Outlook plugin to block reply all, forward option. Still doesn't deal with the 'analogue hole' problem though. Namely, taking a screenshot, a picture of your monitor itself, or even just (manually or automatically) copying and pasting the contents of the email in question itself and then relaying this on to the desired recipients.
http://research.microsoft.com/en-us/projects/researchdesktop/noreplyall.aspx

A more comprehensive Microsoft Data Loss Prevention (DLP) solution.
http://www.microsoft.com/exchange/en-us/information-protection-and-control.aspx

Vacuum your laptop/netbook ventilation ports regularly. Not doing so can result in higher dust build up, higher temperatures and fan speed, power consumption, etc... As stated previously, design of portable systems is always a compromise between performance, size, power consumption, and so on. If I had a way of being able to alter shell design without comprimising structural rigidity and resale value I would use it in a heartbeat.

The article that I was referring to in my previous post with regards to how the wealthy don't always produce more jobs.
http://www.bloomberg.com/news/2012-07-20/top-2-not-job-creators-or-millionaires-in-tax-debate.html
http://en.wikipedia.org/wiki/Tabula_rasa
http://forums.whirlpool.net.au/forum-replies.cfm?t=1310314
http://www.ynetnews.com/articles/0,7340,L-4300066,00.html

Bugs of the Week

Sega's/Sports Interactive's Football Manager Series (most of these apply to 2009 but some apply to only earlier versions)
- when operating in small window mode some fields/words will overlap making it sometimes impossible to navigate
- sometimes go on holiday mode doesn't stop before the play of a game on that particular day. Would like more 'predictable' behaviour

Microsoft's/Big Huge Game's Rise of Nations
Not really a bug. Sometimes I modify lines in rules.xml file so that I can tweak the game rules (population limits, resources, etc...) to make it easier/harder depending on my mood. I've discovered that depending on the total number of units and movement currently occuring underlying hardware performance becomes a major limiting factor. Just have to be careful.

KNetWalk
Opens to a rediculous default window size on a Netbook (not sure about other platforms as yet). Neat game though (fun for those who enjoy mazes) and each puzzle is reasonably short/easy (depending on level).

NeverPutt
Algorithm for finding direction to hole doesn't correctly identify best/easiest pathway to goal all the time which means some awkward/impossible starting directions are possible. Believe that it may be limited to holes where a certain terminal/short distance condition is triggered.

SuperTux
Basically a clone of SuperMario/Sonic the Hedgehog style games. Not really a bug but one thing I've always wanted to do in these games is to have more freedom with regards to going backwards and choosing another pathway through the game (understand the underlying hardware limitations of the consoles at the time though).

News Website (further details not disclosed for reasons of security and reputation)
Various uncaught exceptions after turning off JavaScript.

E-Commerce Website (further details not disclosed for reasons of security and reputation)
Website started sending refund messages to people who weren't involved in a recent mix up/pricing error.

HPM Powerboard
Purchased this a while back because it had a lot (12) of sockets and built-in RF/EM noise suppression. Lately been having problems with it though. It doesn't seem to smooth the power supply out. It seems to be cutting power in/out now. Believe it may simply be malfunctioning. Difficult to diagnose/fix personally though due to strange/unique screws being used in casing. Hoping still under warranty.

Life in Vietnam 2, Data Recovery Work, and More

This is a continuation of my other post: http://dtbnguyen.blogspot.com/2017/04/life-in-vietnam-prophetspre-cogs-12-and.html - more Yo...