I.T. Security and Linux Administration


April 30, 2014  8:26 PM

Hackers hack traffic lights

Eric Hansen Eric Hansen Profile: Eric Hansen

http://www.wired.com/2014/04/traffic-lights-hacking/

This one is interesting.  When I first saw the title it brought me back to the golden days when I would hack Coke and Pepsi machines (it was cool to get to the debug menu).  I then also read on how to hack those light signs that construction workers place, though I did nothing with the information.  Overall the idea of it this even being possible doesn’t shock me the slightest.

A lot of the content in this article though is theoretical.  It doesn’t discuss anything that actually happened, just that a contractor that works for a IT consulting firm tested these wireless sensors.  The end result was that even the most basic of security practices weren’t being followed (i.e.: no encryption with data), and these are placed in some major US cities like Washington D.C. and San Francisco.

March 31, 2014  7:39 AM

Dropbox & DMCA

Eric Hansen Eric Hansen Profile: Eric Hansen

An article was posted recently about Dropbox and its relation to DMCA.  In short, if you share a file publicly, and its been flagged as a violation to DMCA (either under your account or another’s), it will be blocked from the share.  So far this doesn’t mean its deleted from your account, just that you can’t share it publicly.

I like how Dropbox functions on this, but I can see one issue.  Dropbox does this by checking the hash of a file, and comparing it against a database of known infridged files, similar to how a lot of AV systems check for viruses.  I haven’t done a lot of research on the algorithm used, but lets say its SHA-2 to make it actually useful.

While the possibility of this happening is very small, what if a collision happened between a music video file of Metallica and a picture of my wife’s newest kittens?  Two completely different files, but they end up with the same hash.  Would you allow the music video to be shared too or block the kittens from harvesting me my sweet Reddit karma?

Now, Dropbox also uses the hashing system to save on bandwidth and disk space (if a file on the server already exists with the same hash, it just shares that exact file with both accounts instead of uploading the same file twice).  As you can possibly imagine, the same issue occurs and Dropship has tried to exploit this but Dropbox has worked to stop it from happening.


March 31, 2014  7:28 AM

Invader Microsoft

Eric Hansen Eric Hansen Profile: Eric Hansen

Earlier this month a big report broke out that Microsoft was spying on a former employee who was leaking IP (Windows 8 code) to a blogger.  Since, the leaker has been arrested but a lot of people are in an uproar about it because of privacy concerns.

When you’re using a third-party to deal with any type of service, especially if they are hosting the content for you, expect the provider to be able to read/peek/view anything of yours at any time any where they please.

You’re using their systems, their space, their bandwidth and their electricity.  Its like being invited over to a friend’s house and getting pissed when they take your glass away, dump whatever was in it, then give it back to you with a fresh drink.

At the same time I know its not a similar comparison, but the idea is there.  You put all your faith that a provider isn’t going to see what their space is being used for, you are pretty naive.  Everyone does it, from big to small companies.  Its just like working at a company who monitors your network habits.


January 31, 2014  11:48 PM

Don’t catch a virus…!

Eric Hansen Eric Hansen Profile: Eric Hansen

http://blogs.computerworld.com/cybercrime-and-hacking/23412/insecure-healthcaregov-allowed-hacker-access-70000-records-4-minutes

So, maybe “virus” a little farfetched, but really this bothers me.  The system itself is nice (I never ran into issues).  The gripes of it crashing is kind of warranted (there’s tools out there to benchmark/stress test set ups), but ideal data can only go so far.

Even then, while the hacker had 70k records, compared to how many there are on there, it just seems so…insignificant?  Hey, at least it wasn’t a DDoS attack finally.


January 31, 2014  11:44 PM

Still prefer Chrome?

Eric Hansen Eric Hansen Profile: Eric Hansen

http://talater.com/chrome-is-listening/

Fair argument?  Not sure.  But I do feel Chrome has really lost its luster period.  Yeah, its “faster” at times, but I seem to have more issues with it than anything else these days.  I mean, I’m restricted to one profile and even in incognito mode if I try to visit GMail in 2+ incognito windows the session persists.  Its…frustrating.  LuaKit is nice but I don’t always feel like using Vim.


January 31, 2014  11:41 PM

Can’t catch CAPTCHA

Eric Hansen Eric Hansen Profile: Eric Hansen

http://www.techienews.co.uk/975112/snapchat-account-registration-captcha-defeated/

CAPTCHA systems can be either very unique or very easy to break.  Oh, also very hard to use (looking at you Microsoft and those people who make it look like a rainbow threw up on alphabet soup).  Though, I’ve noticed a lot of people these days using ones that are strictly numerical.  It feels really like we’re regressing backwards in terms of CAPTCHA than anything else these days.


January 31, 2014  11:37 PM

A flaw of open source

Eric Hansen Eric Hansen Profile: Eric Hansen

http://slashdot.org/topic/datacenter/filezilla-evil-twin-steals-ftp-logins/

I’m a super strong supporter of open source and believe really in providing code for free and if monetization is key than charge for support.  It works for a lot of models (Red Hat is a big one, Snort is another).

I feel this just gives open-source junkies a bad name though for the argument of closed-vs-open source.


January 31, 2014  11:33 PM

The bird was made angry

Eric Hansen Eric Hansen Profile: Eric Hansen

https://medium.com/p/24eb09e026dd

Twitter, such a unique platform when you come to think about it.

Truthfully what there needs to be is a better password reset method.


January 31, 2014  11:30 PM

Don’t make the bird angry

Eric Hansen Eric Hansen Profile: Eric Hansen

http://slashdot.org/topic/bi/rovio-denies-collaborating-with-nsa-gchq/

I really am not a fan of Angry Bird, but at the same time it just feels like everyone is jumping on the bandwagon these days.  If you don’t know who developed an app, don’t trust the source, or don’t understand any of its permission requests, just don’t use it.


January 31, 2014  11:27 PM

GitHub the Bounty Hunter

Eric Hansen Eric Hansen Profile: Eric Hansen

http://thenextweb.com/insider/2014/01/30/github-launches-bug-bounty-program-offers-100-5000-security-vulnerabilities/

I know I don’t post about these much (maybe this is even the first time?), but that’s because bounty programs tend to be hit or miss.  By that I mean most companies will either honor the agreement of the program, or downright say “thanks for doing our work for us!”

I do support GitHub tremendously though, as I feel they have a solid and firm platform.  If you want some extra cash give this a go.


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: