Why Android SSL was downgraded from AES256-SHA to RC4-MD5 in late 2010

An Android developer has uncovered convincing evidence that Google inexplicably and deliberately dumbed-down Android’s SSL security.

“The change from the strong OpenSSL cipher list to a hardcoded one starting with weak ciphers is either a sign of horrible ignorance, security incompetence or a clever disguise for an NSA-influenced manipulation – you decide!”

Android is using the combination of horribly broken RC4 and MD5 as the first default cipher on all SSL connections. This impacts all apps that did not care enough to change the list of enabled ciphers (i.e. almost all existing apps). This post investigates why RC4-MD5 is the default cipher, and why it replaced better ciphers which were in use prior to the Android 2.3 release in December 2010.

via Why Android SSL was downgraded from AES256-SHA to RC4-MD5 in late 2010.

NSA’s $2B Spy Center is Going Up in Flames

Whoopsie.

The National Security Agency’s $2 billion mega spy center is going up in flames.Technical glitches have sparked fiery explosions within the NSA’s newest and largest data storage facility in Utah, destroying hundreds of thousands of dollars worth of equipment, and delaying the facility’s opening by one year.And no one seems to know how to fix it.

Within the last 13 months, at least 10 electric surges have each cost about $100,000 in damages, according to documents obtained by the Wall Street Journal. Experts agree that the system, which requires about 64 megawatts of electricity—that’s about a $1 million a month energy bill–isn’t able to run all of its computers and servers while keeping them cool, which is likely triggering the meltdowns.

via $2 Billion NSA Spy Center is Going Up in Flames | The Fiscal Times.

Flares over Raleigh attract no 911 calls

After learning from the Raleigh Fire Department that the flares I saw on the night of September 28th didn’t belong to them, I thought I’d reach out to the Raleigh-Wake 911 center to see if any calls had come in about the flares.

I got a response today from deputy director Walt Fuller who checked the records for downtown calls and turned up nothing:

I went back and looked into CAD and I saw several calls in the downtown area but they mostly security checks, traffic stops and other normal incidents. I saw no calls of the nature you mentioned.

Continue reading →

Residents seeing red after Raleigh ‘Color Run’ | abc11.com

Ed Crump with WTVD just ran a story on Raleigh’s Color Run fiasco (and nice headline, Ed. Sounds kinda familiar …)

RALEIGH (WTVD) — Some residents of historic Oakwood in downtown Raleigh say they are annoyed by the noise and mess left from last weekend’s “Color Run.”

Runners and volunteers played loud music and threw colored powder as part of the 5K event at Halifax Mall on Sept. 28.

However, some residents said they were really upset when their cars were towed off the street with less than 24-hours notice.

via Residents seeing red after Raleigh 'Color Run' | abc11.com.

The Snowden files: why the British public should be worried about GCHQ | World news | The Guardian

Good stuff from the Guardian.

There is a revealing moment in the most recent piece written for the Guardian by Sir David Omand, former head of GCHQ. He said that “the real debate we should be having … is about what privacy in a cyber-connected world can realistically mean given the volumes of data we hand over to the private sector in return for our everyday convenience, and the continued need for warranted access for security and law enforcement.”

That’s a total non-sequitur: Omand seems to think that just because we hand data over to Google and Facebook the government automatically has the right to access it. It’s as if, thanks to a global shortage of sticky gum, envelopes can no longer be sealed, so as a result the government awards itself a new right to mass-intercept and read everybody’s letters.

via The Snowden files: why the British public should be worried about GCHQ | World news | The Guardian.

Color Run post attracts attention

I’m overwhelmed. Really. My post about the Color Run has gone viral with over 6,400 page views already, simply from posting a single link on my Facebook timeline. My webserver’s been buzzing ever since. Apparently I’ve struck a chord.

I understand the Color Run company is aware of it, too. Should they reach out to me I’ll be happy to share their perspective, too.

Activate Good responds

Activate Good

The director of Activate Good, Amber Smith, reached out to me almost immediately after my Color Run post, having been alerted by a mutual friend. We chatted some this afternoon about the run and the aftermath.

It seems Activate Good was given the same deal that most other charities get from Color Run. That is, they got a donation based on the number of volunteers they provided. Activate Good contributed over 180 volunteers and performed a lot of the heavy lifting for the run, including the “color toss.” Amber says their volunteers were not involved in the clean up as that was done by others.
Continue reading →

Flare flare are you tonight

Ok, so the title is a reference to a staple of the old Hee Haw show.

After speculating that the flares I saw Saturday night might have been launched by the Raleigh Fire Department to gauge the wind currents before the Wide Open Bluegrass fireworks that night, I reached out to department officials this morning to learn if the FD did this sort of thing.

I got a call back this afternoon from the official who approved the city’s fireworks permit and we had a good chat. He told me they don’t normally launch anything to gauge the wind but rely on observed conditions and the weather forecast. He said that the location I guessed the flares were coming from would’ve been too far away from the fireworks site to be useful, anyway.

The bottom line is that the mystery flares are not the work of the fire department, after all. Now I’m really going to have to work to track this thing further.

Color Run sees green, leaves Raleigh seeing red

Color Run in Seattle By Scooter Lowrimore (from Flickr)

A number of residents of Raleigh’s Historic Oakwood neighborhood were not happy to find their cars were missing from the street Saturday morning. The Color Run, a for-profit road run featuring dyed corn starch packets, had set up for its run through the neighborhood. Unlike most road races, organizers insisted that all the cars be removed from the street, most likely because of the colossal mess the corn starch packets make.

Raleigh Police posted “no parking” notices with as little as 13 hours notice, leaving many residents unprepared. Tow trucks hauled off their cars and stuck them with bills upwards of $150 to get them back. This in addition to the godawfully sticky corn starch that trashed their streets and homes.

Needless to say, residents were livid at their cars being taken and their neighborhood trashed. Council members were summoned and the city has agreed to reimburse residents for their towing charges.

I watched after the run as contractors worked to clear the starchy muck off of Wilmington Street near Polk Street. The contractor used a bleach mixture for this work, pouring this chemical-laden broth into our storm drains for eventual draining into the Neuse River. Nice move. I made a call to the city’s stormwater department when I saw this and begged someone to check it out. The city responded that this was just one of many issues they are collecting about the run.

Several runners question the motives of a for-profit company closing down city streets and using city resources. I watched at the end as a decal-laden Color Run car was loaded onto a tractor trailer that already held about 8 other shiny company vehicles. Apparently business is good!
Continue reading →

Flares over Raleigh

Saturday night at 9:45 PM, Kelly and I were up on the grassy lawn at Red Hat Amphitheater watching Steve Martin and the Steep Canyon Rangers play. Kelly pointed over to the northwest sky, above Dawson Street. Floating through the sky were a half-dozen flickering little balls of amber light. I blinked a few times before deciding they were flares. As the concert went on, the flares continued to march slowly south across the sky. There were well over a dozen of them. I’m sure the 911 center got more than one report of UFOs.

After the concert ended, Raleigh started up its fireworks show from the parking deck behind us. I wondered if the flares had been launched to gauge the air currents, as the flares seemed to have been launched from the direction of Fire Station #1 at Martin and Dawson Streets. I’m not sure why they would need to launch over a dozen of them to do this, though. Why wouldn’t one or two be sufficient? And why launch them well over an hour before the fireworks began?

I think I’ll reach out to my (few) contacts at the fire department to see how the whole process of setting up for fireworks, well … works.

Update 2 Oct 5:53 PM: Raleigh Fire Department says the flares aren’t theirs.

S	M	T	W	T	F	S
	1	2	3	4	5	6
7	8	9	10	11	12	13
14	15	16	17	18	19	20
21	22	23	24	25	26	27
28	29	30