If you noticed the Nasdaq today Tuesday April 23rd, 2013. It made a very sharp and sudden drop.
The flash crash in 2010 was far worse, it was about 1,000 points or 9% of the DOW. The swing today was a fraction of that value at 0.93%, but that drop was equivalent to a $136.5 billion loss. The trades that created the loss were committed by “proprietary algorithmic trading programs“. That is a very expensive tweet, I highly doubt the intent of the tweet was to cause a crash. But it does open an interesting avenue of attack, if a single tweet can wipe out $130 billion dollars. What could a coordinated effort realize, what if instead of minutes it could be kept up for an hour?
The amount of damage that could cause along with other cyber based attacks could be staggering. I wonder how much it would take to be unrecoverable?
Application level 11 is very much like 10.
Playing around with WindowJuggler should be sufficient to solve this in a couple minutes. I found it by luck again, but even with intent it would not take long.
I had time to try and do another hackthissite app challenge.
App10 is another graphical application, there is a basic text box and a command button.
I played around with this one from inside Olly for a quite a while and did not make much progress for what I was looking for. Then I remembered I had an Olly plugin called WindowJuggler. The plugin allows you to mess around with the application window. After a couple minutes of just goofing around I stumbled across the answer.
I left this one a little too long, I was thinking that it would be fairly difficult to solve compared to the others.
Debugging graphical applications is not really my thing, I rarely need to do so. Even in the last two years I have maybe looked at three to four of them. Even those were nothing to do with audio output.
When you load the application and click the play button it plays three tones. The objective is to match those tones with the buttons beside it. I found this very easy, with in five minutes I had located what was needed so I am going to try and not give up the solution on a silver platter. Just look for the buttons and related push commands. Olly should do the rest for you.
If there is a way to make money, someone will figure it out. I have always thought fraud like this was a lot of effort for little return, but 6.2 million does not seem to little.
The Chameleon Bot Net.
In January Aaron Swartz was found dead in his apartment. There has been lots of talk about him since and the reasons leading up to that event. Much of the discussions that I have been reading center around the Computer Fraud and Abuse Act, and if reform is needed.
This is the best one that I have seen so far and it is worth sharing. It is at Forbs by Eric Goldman.
Bruce has a piece on his opinion of security awareness training.
I cannot disagree with everything what he is saying, you cannot teach advanced knowledge or even basic security knowledge to all of your users. There is always going to be a few that don’t take it in for what ever reason or choose to ignore it. But what do you do? What can you do?
At minimum I would like to see users at point where they will stop and question something before leaping. Even if you can get %20 of users to not click on a link in their email, I still think that is a win. This is the only part I do not agree with. I think awareness training with users just to be an introduction and a brief and I mean a brief 10 – 15 minutes talk, just to explain the purpose of the complex passwords and who to call if something feels wrong.
I wonder what is going on at the ISC?
I think Chris’s assumption makes sense, I just have never seen this done before.
Checking out the news on the weekend I could not but help and notice something with the photo released along with the North Korean stories.
Check out the first photo in this series. Notice anything?
I did, there is a list in the background. Other people did as well, and they could read the list. I have seen some speculation on if this was intentional, for the list and not the invasion maps. Wikipedia has a full breakdown of the numbers.
It also has what I was getting too. If you read the whole section of capabilities check out the fuel and ammo reserves, 100 days of full-scale war. NK does not have the ability to go toe to toe for 100 days, they have a large army but it is mostly out-dated. So if you can’t win, don’t play. I think if there is any conflict it will start with a large scale cyber operation by NK. Along with other technologies this will help them level the field. The long term NK war plan may yet just to be to bleed their opposition in attrition warfare.
He who knows when he can fight and when he cannot, will be victorious.
There is no instance of a nation benefitting from prolonged warfare.
Kim and his legal team are investigating a conspiracy between the FBI and his immigration to NZ. I am not sure how to take this. Is it possible? Sure it is, I am just not certain that is probable. It seems like an awful amount effort to go through for the FBI and an a huge amount of bureaucracy.
The whole chain of events that need to take place is boggling. Just going between the FBI, State Department and the NZ government. The amount of hands that would need to be involved to make this happen, it would be very difficult to get all of the needed members to play ball.