Archive for the ‘Meddling’ Category

Heartbleed Bug

Wednesday, April 9th, 2014

While many news outlets were blathering on about the end of life for Windows XP, a huge hole in OpenSSL was discovered. OpenSSL secures a huge percentage of the Internet, meaning many of the sites you use have had their security compromised.

These revelations, while painful, are very much necessary to create a more secure Internet.

The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging IM and some virtual private networks VPNs.The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users.

via Heartbleed Bug.

Bonus link: Bruce Schneier on the Heartbleed bug.

Sticky switcheroo: FDA cracks down on honey labeling – Health – Boston.com

Tuesday, April 8th, 2014

The Food and Drug Administration is cracking down on the fake honey claims in some foods. Looks like I got my wish!

Have you been duped by a honey poser?

Companies have been selling sugary, sticky honey blends on grocery store shelves for years, adding syrups or sweeteners not made naturally by bees, but hiding their fraud on the packaging under the label “honey.” This food fraud also applies to foods that list “honey” as an ingredient. You might not be getting the real thing.

The Food and Drug Administration issued new guidelines Tuesday that will require companies to label any honey that is not pure, or even food containing this honey, with “blend of sugar and honey” or “blend of honey and corn syrup,” depending on the ingredients. This policy change is the result of organizations like the American Beekeeping Federation and other honey associations petitioning against the common food industry practice of misrepresenting “pure honey.”

via Sticky switcheroo: FDA cracks down on honey labeling – Health – Boston.com.

Are hackers killing Yahoo email?

Monday, March 31st, 2014

A number of my friends who use Yahoo.com email addresses have been frustrated by spam emails that appear to be sent through their accounts. A look at the actual email headers reveals the emails do not actually originate from Yahoo:

Return-Path: yahoouser@yahoo.com
X-Original-To: Mark Turner
Delivered-To: Mark Turner
Received: from smtprelay.b.hostedemail.com (smtprelay0206.b.hostedemail.com [64.98.42.206])
by maestro.markturner.net (Postfix) with ESMTP id 9E6FEC81102
for Mark Turner; Sat, 29 Mar 2014 05:13:05 -0400 (EDT)
Received: from filter.hostedemail.com (b-bigip1 [10.5.19.254])
by smtprelay01.b.hostedemail.com (Postfix) with ESMTP id 9EE0D2D2A15;
Sat, 29 Mar 2014 09:13:06 +0000 (UTC)
X-Session-Marker: 536861776F6F64406265782E6E6574
X-Spam-Summary: 10,1,0,,d41d8cd98f00b204,,:::::::::::::::::::::::::::::::::::::::,RULES_HIT:41:72:355:379:539:540:541:542:543:590:962:96
X-HE-Tag: pets27_36a824eacc042
X-Filterd-Recvd-Size: 2630
Received: from bex.net (unknown [122.166.148.93])
(Authenticated sender: Shawood@bex.net)
by omf06.b.hostedemail.com (Postfix) with ESMTPA;
Sat, 29 Mar 2014 09:12:55 +0000 (UTC)
Message-ID: 120dcf1f0409$188b32c6$8c62fe50$@yahoo.com
From: Yahoo User yahoouser@yahoo.com

… but the damage is done. (more…)

Nothing spotted by planes searching remote patch of Indian Ocean for missing Malaysian jet | CTV News

Friday, March 21st, 2014

The continuing search for signs of Malaysian flight MH370 remind us of two things: it’s a big ocean out there and there is plenty of debris in that ocean.

Search planes scoured a remote patch of the Indian Ocean but came back empty-handed Friday after a 10-hour mission looking for any sign of the missing Malaysia Airlines jet, another disappointing day in one of the world’s biggest aviation mysteries.

Australian officials pledged to continue the search for two large objects spotted by a satellite earlier this week, which had raised hopes that the two-week hunt for the Boeing 777 that disappeared March 8 with 239 people on board was nearing a breakthrough.

But Australia’s acting prime minister, Warren Truss, tamped down expectations.

“Something that was floating on the sea that long ago may no longer be floating — it may have slipped to the bottom,” he said. “It’s also certain that any debris or other material would have moved a significant distance over that time, potentially hundreds of kilometres.”

via Nothing spotted by planes searching remote patch of Indian Ocean for missing Malaysian jet | CTV News.

NSA targets system administrators

Friday, March 21st, 2014

The Intercept describes the NSA’s efforts to undermine networks by targeting the system administrators who job it is to keep them secure. If this doesn’t make system administrators angry there’s something seriously wrong.

Across the world, people who work as system administrators keep computer networks in order – and this has turned them into unwitting targets of the National Security Agency for simply doing their jobs. According to a secret document provided by NSA whistleblower Edward Snowden, the agency tracks down the private email and Facebook accounts of system administrators or sys admins, as they are often called, before hacking their computers to gain access to the networks they control.

The document consists of several posts – one of them is titled “I hunt sys admins” – that were published in 2012 on an internal discussion board hosted on the agency’s classified servers. They were written by an NSA official involved in the agency’s effort to break into foreign network routers, the devices that connect computer networks and transport data across the Internet. By infiltrating the computers of system administrators who work for foreign phone and Internet companies, the NSA can gain access to the calls and emails that flow over their networks.

The classified posts reveal how the NSA official aspired to create a database that would function as an international hit list of sys admins to potentially target. Yet the document makes clear that the admins are not suspected of any criminal activity – they are targeted only because they control access to networks the agency wants to infiltrate. “Who better to target than the person that already has the ‘keys to the kingdom’?” one of the posts says.

via Inside the NSA’s Secret Efforts to Hunt and Hack System Administrators – The Intercept.

Experts hint at meticulous planning behind disappearance of Flight MH370 – The Times of India

Monday, March 17th, 2014

Reuters asked airline pilots what it would take to pull off the hijacking of the MH370. The result is one of the best explanations I’ve seen of how complex this was to pull off.

tl;dr: Only an experienced pilot could make this happen.

KUALA LUMPUR: Whether by accident or design, whoever reached across the dimly lit cockpit of a Malaysia Airlines jet and clicked off a transponder to make Flight MH370 vanish from controllers’ radars flew into a navigational and technical black hole.

By choosing one place and time to vanish into radar darkness with 238 others on board, the person — presumed to be a pilot or a passenger with advanced knowledge — may have acted only after meticulous planning, according to aviation experts.

Understanding the sequence that led to the unprecedented plane hunt widening across two vast tracts of territory north and south of the Equator is key to grasping the motives of what Malaysian authorities suspect was hijacking or sabotage.

via Experts hint at meticulous planning behind disappearance of Flight MH370 – The Times of India.

Critical crypto bug leaves Linux, hundreds of apps open to eavesdropping

Tuesday, March 11th, 2014

Whoopsie! A big security hole has been discovered in a Linux package. It goes to show that Linux is not immune to flaws. The difference is that with Linux anyone can audit the code. This didn’t seem to happen with GnuTLS because apparently the code was really a mess.

Hundreds of open source packages, including the Red Hat, Ubuntu, and Debian distributions of Linux, are susceptible to attacks that circumvent the most widely used technology to prevent eavesdropping on the Internet, thanks to an extremely critical vulnerability in a widely used cryptographic code library.

The bug in the GnuTLS library makes it trivial for attackers to bypass secure sockets layer SSL and Transport Layer Security TLS protections available on websites that depend on the open source package. Initial estimates included in Internet discussions such as this one indicate that more than 200 different operating systems or applications rely on GnuTLS to implement crucial SSL and TLS operations, but it wouldn’t be surprising if the actual number is much higher. Web applications, e-mail programs, and other code that use the library are vulnerable to exploits that allow attackers monitoring connections to silently decode encrypted traffic passing between end users and servers.

via Critical crypto bug leaves Linux, hundreds of apps open to eavesdropping | Ars Technica.

How can jet disappear? In the ocean, it’s not hard

Monday, March 10th, 2014

How can a jet disappear? Good question. Aircraft flying at altitude just don’t vanish without a trace. If a plane breaks up at altitude it will leave a debris field miles long, easily visible to search and rescue teams. If the plane nosedives into the water then there might not be much visible evidence. However, the seas where MH370 supposedly went down are a shallow 200 feet. This is well within diver depths and wreckage should be easy to locate if not by visuals then certainly by sonar.

The article compares this crash to the Air France 447 crash of 2009 as a way of showing how long it might take to find a crashed plane. This is not an apt comparison as Air France 447 went down in the middle of the Atlantic Ocean in waters up to 15,000 feet deep and far away from shipping lanes (and even flight paths). The MH370 allegedly went down in shallow water near ome of the world’s busiest shipping lanes.

KUALA LUMPUR, Malaysia — In an age when people assume that any bit of information is just a click away, the thought that a jetliner could simply disappear over the ocean for more than two days is staggering. But Malaysia Airlines Flight MH370 is hardly the first reminder of how big the seas are, and of how agonizing it can be to try to find something lost in them.

It took two years to find the main wreckage of an Air France jet that plunged into the Atlantic Ocean in 2009. Closer to the area between Malaysia and Vietnam where Saturday’s flight vanished, it took a week for debris from an Indonesian jet to be spotted in 2007. Today, the mostly intact fuselage still sits on the bottom of the ocean.

"The world is a big place," said Michael Smart, professor of aerospace engineering at the University of Queensland in Australia. "If it happens to come down in the middle of the ocean and it’s not near a shipping lane or something, who knows how long it could take them to find?"

via How can jet disappear? In the ocean, it's not hard :: WRAL.com.

CIA Accused Of Spying On Senate Intelligence Committee Staffers | Techdirt

Wednesday, March 5th, 2014

Wow. Just wow. CIA spying on the Senate Intelligence Committee that provides oversight for it. Outrageous. I’m amazed that no one at CIA seemed to consider that at the very least this was a Phenomenally Bad Idea.

While at times, it’s appeared that the Senate Intelligence Committee, led by Dianne Feinstein, serves more to prop up the intelligence community than to handle oversight, it has actually clashed quite a bit with the CIA. We’ve discussed a few times how the Committee has been pushing to release a supposedly devastating 6,000 page report about the CIA’s torture program, which cost taxpayers an equally astounding $40 million to produce. However, the CIA has been fighting hard to block the release of the report, arguing that it misrepresents the CIA’s actions.

However, things are getting even more bizarre, as the NY Times is reporting that the CIA is now accused of spying on the Intelligence Committee and its staffers in its attempt to keep that report from being released.

via CIA Accused Of Spying On Senate Intelligence Committee Staffers | Techdirt.

Update: Here’s the McClatchy story.

Lightning strikes twice!

Tuesday, March 4th, 2014

Just when I thought my luck couldn’t get any better, the same widely respected fake criminal money mule staffing agency sent me ANOTHER dream job. This one is very similar to the last one, only it’s for a first-class specialty household goods company rather than a first-class specialty logistics company.

Oh, golly gee whiz, I can’t believe my good fortune!!!1!!11!

From: TRS Staffing Solutions SusanneBilsonit@aol.com
Subject: New Job – Up to $78,000 + 0251476655
To: Mark Turner

A first-class specialty household goods company that is well represented in more than 10 countries throughout Europe, is employing a full and part time employees to assist their growing well-capitalized team in the U.S..
(more…)