You are coming to a sad realization. Cancel or allow? [entries|archive|friends|userinfo]
Obstructionist Husband

[ website | Spare Brains Games ]
[ userinfo | livejournal userinfo ]
[ archive | journal archive ]

The Sony Hack and North Korea [Dec. 20th, 2014|09:39 am]
[Tags|, ]

The FBI is saying that the Sony hack was definitely the work of North Korea, based on evidence of NK attacks on South Korea, such as samples of the code that was preserved, encryption techniques, etc. So I guess I have to revise my previous opinion.

Bruce Schneier has an interesting editorial that appeared in the Wall Street Journal. He said that attacks should be viewed along two axis: skill and focus. Spam attacks are low focus and low skill: they blast out millions of email knowing that someone, somewhere, will open the mail and click on a link to a poisoned web site. Malware writers are high skill, low focus. Script kiddies are low skill, but higher focus. The attackers of Target and Home Depot were high skill low focus: they didn't care who they hit, they just wanted a big enough retailer to result in a big credit card theft, which is why they don't target Bob's Pizzaria. The Sony hack? High skill, high focus. Schneier liked it unto the Anonymous attack on HBGary Federal, an internet security firm.

The FBI went on to say that 90% of corporations could not have withstood the attack. Which is not encouraging, and should greatly concern them.

The worst thing about this attack is that so much personal employee information was violated. In fact, there are two class-action law suits against Sony Pictures for not sufficiently safeguarding their information. The result of those will be quite interesting. But my take on this is DON'T SEND PERSONAL INFORMATION OR GOSSIP THROUGH WORK EMAIL SYSTEMS IF YOU DON'T HAVE TO! If you're going to gossip, do it face-to-face or over the phone. If you're going to send rude jokes, DON'T. Sony executives are looking like idiots for doing this, and deservedly so.

The full article: https://www.schneier.com/blog/archives/2014/12/lessons_from_th_4.html
linkpost comment

HeboCon: Robot Wars for Dummies [Dec. 14th, 2014|09:56 am]
[Tags|]

Got this from jimhines yesterday. Amazing stuff.

linkpost comment

I hope my true love is wealthy... [Dec. 13th, 2014|09:23 am]
[Tags|, ]

I wrote and posted this last December, and as I am easily amused at times, I'm repeating it.

On the twelfth day of Christmas, I will have accumulated:
12 Drummers Drumming
22 Pipers Piping
30 Lords a Leaping
36 Ladies Waiting
40 Maids a Milking
42 Swans a Swimming
42 Geese a Laying
40 Golden Rings
36 Calling Birds
30 French Hens
22 Turtle Doves
12 Partridges in Pear Trees

With 34 drummers and pipers, you have enough for a good band, presuming that they're pretty good, so they can probably earn their keep. Add some electric guitars and you have the Red Hot Chili Pipers (a real band). Housing would be an issue. The lords can probably be ransomed back to their families, likewise the ladies in waiting, though maybe they came from a not-so-wealthy underclass. The maids presumably come with the cows that they're milking, so the question is whether 40 cows would produce enough dairy products to pay for their needs or are they going to be a net loss, plus housing for the maids and barns for the cows, we'll ignore the distribution problems but maybe the drummers and pipers can handle that during the off-season, which would give plenty of time for the cheese to mature. I'm not sure if swans lay eggs, the geese are obviously doing so, so that's probably a net profit, but maybe not initially. The golden rings are easily sold or given away as gifts. With 100 calling birds, French hens, turtle doves, and partridges: I think you have a fairly well-stocked larder if they're butchered and preserved properly, and the twelve pear trees would be a nice starter orchard. Maybe start a bed & breakfast, which would put the maids to further utility. You might get desperate for new fowl and pear recipes after awhile, but if the B&B makes money, you're probably good.

So assuming royalties on performances and recordings from the band, at least from Scotland and the renaissance festival circuit, decent ransoms from the lords and ladies, I think this would be a profitable venture if you had enough acreage to house it all. In fact, if the lords are particularly acrobatic, you might be able to also package them for a ren fest act, assuming a few weren't wanted back by their families, which is likely. It would probably be best to keep the lords away as much as possible: 30 lords would lead to a lot of scheming and rebellion, it would just not be worth the trouble.
linkpost comment

From A Demon's Nest of Sentiments [Dec. 8th, 2014|08:18 pm]
[Tags|]

Faith: noun.

The knowable
promoted to the irrefutable.

Consensus
unblemished by debate.

Doubt in exile.

The child's comfort.

The Terrorist's trigger.



http://www.gocomics.com/pibgorn/2014/12/07
linkpost comment

Google's latest innovation in fighting bots: a checkbox [Dec. 7th, 2014|11:03 am]
[Tags|, ]

It's interesting. We're used to being presented with a Captcha box with squiggly letters that supposedly only humans can decifer (which software could in some circumstances), now Google will be presenting us with a checkbox that says 'I am not a robot.'

The little square that the text and box are in is monitored, and Google says that the characteristic of a person checking that box is unique and identifiable. I just wonder how long it will take spammers to figure out how to make the mouse pointer jiggle a little bit before checking the box. I also wonder how this will work with assistive devices for people who don't use conventional pointing devices.

http://www.wired.com/2014/12/google-one-click-recaptcha/
linkpost comment

"I don't know what it is, but I know it when I see it!" [Dec. 6th, 2014|11:44 am]
"I don't want to hear about this hands-up crap. That's not what happened. I don't know exactly what did happen, but I know that's not what happened."
—Mike Ditka on Ferguson protest gesture

There's nothing like demonstrating your own irrelevance.
link1 comment|post comment

Latest credit breach: Bebe Women's Clothing [Dec. 6th, 2014|10:40 am]
[Tags|]

For $10-$27 a card, you can get a new (stolen) credit card for a loved one!

The breech seems to have been between November 18 and 28, but it is unclear if it might have started earlier or possibly still be on-going. Bebe decided they didn't want to talk to Krebs, so apparently they're still in denial. Evidence suggests that this was another card reader compromise and that their online store was not breeched.

One thing that I don't know since I don't know anyone who shops there is how valuable the cards are. If Bebe is a high-end store, the cards could be worth a lot. Also, the cards are up for sale in a hitherto not known carder forum, so the stolen card retailers have another store that you can buy from.

http://krebsonsecurity.com/2014/12/banks-credit-card-breach-at-bebe-stores/


UPDATE: Bebe confirmed the breech.

"Bebe stores said its investigation indicates that the breach impacted payment cards swiped in its U.S., Puerto Rico and U.S. Virgin Islands stores between Nov. 8, 2014 and Nov. 26, 2014. The data may have included cardholder name, account number, expiration date, and verification code." They claim the breech has been stopped.

So at least they caught it before Black Friday, that greatly reduces the number of compromised cards.

http://krebsonsecurity.com/2014/12/bebe-stores-confirms-credit-card-breach/
linkpost comment

Sony hacked (again), North Korea to blame? [Dec. 4th, 2014|06:13 am]
[Tags|, ]

Well, probably not North Korea per se, I doubt they have the expertise but they could have hired a hacker army.

Here's the premise. Little Kim's mad at a movie coming out on 12/25 called The Interview, a Seth Rogen movie, where two guys run a popular TV talk show and score an interview with the leader of North Korea. And are then recruited by the CIA to assassinate said leader.

For some reason this made some people unhappy.

Regardless of who did it, the attackers got deep in to Sony Pictures corporate network, pulling out all sorts of employee information, including health care info, salary info, etc. and posted it all online. Researchers have confirmed that the data looks real by referencing people in the files with Linkedin job descriptions. More than enough to do some pretty serious identity theft. And they dumped it all online. Apparently the hack was so bad that Sony IT advised everyone to turn off WiFi on all devices and don't use any corporate computers.

At least this time it wasn't Sony Online.

http://krebsonsecurity.com/2014/12/sony-breach-may-have-exposed-employee-healthcare-salary-data/
linkpost comment

We'll always have Lindsey [Nov. 27th, 2014|10:26 am]
"Full of crap."
—Sen. Lindsey Graham on House Republican report on Benghazi

You're saying that an inquestinvestigation by a panel headed and controlled by Republicans, your own party, is not reasonably accurate, even when the report does criticize actions taken by the State Department and the President's people?

I guess nothing short of a witch burning would satisfy him.
link6 comments|post comment

NPR story about retailer security versus credit card thieves [Nov. 25th, 2014|06:01 am]
[Tags|]

Sadly, it looks like Security By Obscurity is still the mode they want to play, so expect more compromised retailers this season.

http://www.npr.org/blogs/alltechconsidered/2014/11/24/366367832/as-hackers-hit-customers-retailers-keep-quiet-about-security
link3 comments|post comment

navigation
[ viewing | most recent entries ]
[ go | earlier ]