Was Goldsboro’s Broken Arrow more broken than announced?

As I mentioned before, I have become captivated by the 1961 Goldsboro B-52 crash which resulted in two thermonuclear weapons being dropped in Faro, NC field. This Broken Arrow incident was in the news when a declassified document was released claiming one switch stopped an enormous nuclear detonation (is there any other kind?) from obliterating eastern North Carolina.

My concern when first learning about this incident was that just a flimsy switch protected the first bomb. After reading multiple interviews with Jack ReVelle, it seems the first bomb wasn’t the worry at all. The second bomb has been the one shrouded in mystery and ReVelle’s interviews seem to indicate that this bomb was always the concern.
Continue reading →

Latest Casualty Of NSA Spying Revelations: Web Advertising Based On Tracking Users

I’m so trendy.

As we’ve noted before, Edward Snowden’s revelations about the globe-spanning spying being conducted by the NSA are have all sorts of interesting knock-on consequences. Here’s another: people are starting to worry about being tracked by online advertisers, and taking action to avoid it,

via Latest Casualty Of NSA Spying Revelations: Web Advertising Based On Tracking Users | Techdirt.

I always feel like somebody’s watching me

At work the other day I was tracking down a network issue with my company’s webserver. During this process I briefly visited the website of our hosting provider, Media Temple.

At lunchtime that day I was scrolling through my Facebook feed when I found this suggested post (I mean, “ad”):

Continue reading →

Becoming a flasher

Now that our daughter’s in middle school and is involved with extra-curricular activities we needed to get her her own phone, so she inherited my smartphone as I upgraded mine. Having a new phone has provided me the opportunity to try out something I’d been meaning to do for a while: flash my phone with an open-source version of Android.

What’s the worst that can happen? Well, flashing a new ROM onto your phone can turn your sophisticated pocket computer into an expensive doorstop. Known as “bricking” your phone, a mistake in the process can make it inoperative. Fortunately, there are plenty of guides which walk you through the process as well as simple “one-click” programs which will do the dirty work for you. And even if you goof up, you can almost always fix things up again.
Continue reading →

Linux Weekly News discusses 2003 Linux kernel attempted hack

Here’s a technical explanation from a Linux Weekly News contributor on the 2003 Linux Kernel hack.

An attempt to backdoor the kernel
[Posted November 6, 2003 by corbet]

The mainline 2.4 and 2.6.0-test kernels are both currently maintained in BitKeeper repositories. As a service for those who, for whatever reason, are unable or unwilling to use BitKeeper, however, the folks at BitMover have set up a separate CVS repository. That repository contains the current code and the full revision history. It is not, however, the place where new changes are committed. So, when somebody managed to push some changes directly into CVS, Larry McVoy noticed quickly.

Over the years, people have had numerous things to say about BitKeeper and the people behind it. Nobody, however, has accused them of being insufficiently careful. Every change in the CVS repository includes backlink information tying it to the equivalent BitKeeper changesets. The changes in question lacked that information, and thus stood out immediately.
Continue reading →

Revisiting a 2003 attack on the Linux kernel

Back in 2003, someone tried and failed to plant a security exploit into the Linux kernel code in a sophisticated and well-though-out operation. In light of yesterday’s revelations of NSA teams actively working to weaken software security, this incident from a decade ago raises some questions.

It also highlights why having the source code to your software is the only way to be sure it’s secure.

An unknown intruder attempted to insert a Trojan horse program into the code of the next version of the Linux kernel, stored at a publicly accessible database.

Security features of the source-code repository, known as BitKeeper, detected the illicit change within 24 hours, and the public database was shut down, a key developer said Thursday.

An intruder apparently compromised one server earlier, and the attacker used his access to make a small change to one of the source code files, McVoy said. The change created a flaw that could have elevated a person’s privileges on any Linux machine that runs a kernel compiled with the modified source code. However, only developers who used that database were affected–and only during a 24-hour period, he added.

via Attempted attack on Linux kernel foiled – CNET News.

US and UK spy agencies defeat privacy and security on the internet

Shocking, or long suspected?

The files show that the National Security Agency and its UK counterpart GCHQ have broadly compromised the guarantees that internet companies have given consumers to reassure them that their communications, online banking and medical records would be indecipherable to criminals or governments.

The agencies, the documents reveal, have adopted a battery of methods in their systematic and ongoing assault on what they see as one of the biggest threats to their ability to access huge swathes of internet traffic – “the use of ubiquitous encryption across the internet”.

via US and UK spy agencies defeat privacy and security on the internet | World news | The Guardian.

Blackhole exploit detected

I was putting some dinner on the table for the kids this evening when I walked by my laptop. There were two new tabs open on my Ubuntu Firefox browser that I didn’t remember opening. Popping one of these mystery URLs into urlquery.net indicated that the URL in question has been associated with distributing browser malware, essentially letting Russian criminals access my web browser.

URL http://disruptingplayhouse.biz/closest/i9jfuhioejskveohnuojfir.php
IP 93.171.174.224
ASN AS29182 ISPsystem Autonomous System
Location [Russian Federation] Russian Federation
Report completed 2013-09-04 23:50:04 CET
Status Report complete.
urlQuery Alerts Detected BlackHole v2.0 exploit kit URL pattern
Detected live BlackHole v2.0 exploit kit

Now, the fact that I’m running Linux and I usually keep my laptop updated might help keep me from being infected by this exploit kit. I can’t tell for sure, though, so I’m running a good virus scan on my system first. It just goes to show that you can never let your cyber guard down.

I recall some mention this week about a potentially huge cyber attack taking place soon. Can’t find the link now but I’ll see if I can find it.

Ex-spooks debate Snowden’s actions

I’m a member of a Facebook group called United States Navy Cryptologic Technicians. Last week a member authored a post which questioned why NSA leaker Edward Snowden wasn’t being hunted down with all available resources. It spawned a very lively debate amongst ex-spooks about Snowden’s motives and those of the NSA, a debate which continues as I post this. There are many former spooks like myself who find the NSA’s new reach to be quite alarming, while others seem to be comfortable with Americans’ almost complete lack of online privacy. Several point out that Snowden took an oath to protect this information and broke his oath.

I took a similar oath when gained my security clearance. Like every other servicemember, however, the first oath I took was support and defend the Constitution of the United States “against all enemies, foreign and domestic.” To the extent that the latter conflicts with the former, the former (being the law of the land) always takes precedence. In addition, it was drilled into us as sailors that it was our duty to disobey an unlawful order. In hindsight this is far easier to say than do, as in practice disobeying a lawful order would most likely put you in a world of hurt. At least the government would come out looking good during your court-martial.
Continue reading →

NSA spying on Americans proves not too effective

I was reading this Wired article from last year, well before Edward Snowden’s leak that revealed to the world the massive overreach of the NSA. Kevin Paulson pointed out these terrorist incidents the NSA failed to uncover:

And while there is little indication that [NSA’s] actual effectiveness has improved—after all, despite numerous pieces of evidence and intelligence-gathering opportunities, it missed the near-disastrous attempted attacks by the underwear bomber on a flight to Detroit in 2009 and by the car bomber in Times Square in 2010.

You can also add the Boston Marathon bombing and the Fort Hood mass shooting to this list, too. News came out earlier this week that the FBI monitored Fort Hood shooter Nidal Hasan’s communications a full year in advance. The mass murderer even sent emails discussing jihad to a cleric in Yemen, which would be a kosher intercept in anyone’s book (even mine). Yet, he still committed his crime.
Continue reading →

S	M	T	W	T	F	S
	1	2	3	4	5	6
7	8	9	10	11	12	13
14	15	16	17	18	19	20
21	22	23	24	25	26	27
28	29	30