Those Darned Clever Crows

Crows using traffic to crack a walnut

(more…)

Our Microbiome

Phones carry bacterial ‘fingerprint’
(This is why I read the BBC)

You know, we hominids carry around 2-3 pounds of bacteria all the time!   1/3 of feces is bacteria and fungal flora.   In cows, bacteria and fungi consume the plant matter cows eat, and then the cows actually digest those bacteria and fungi for nourishment!

Furthermore, they’re beginning to find that a strong possible cause of Cron’s Disease, Inflammatory Bowel Syndrome, some obesities, constipations, et al, are likely caused by an imbalance of the good and bad flora in our digestive tracts.   This can easily be caused by a regimen of strong antibiotics, not enough water, and so on.

(more…)

Animals Only a Mother Could Love

Consider being born as a platypus. (actually, ‘hatched’ as a platypus)   And as you come to awareness, it’s oh no, I am a platypus…   There are lots of unfortunate animals that need love too, and here is a small collection for your consideration.

Say hello to the Aye-Aye,  a type of lemur, primates only found on the isle of Madagascar.   It taps on tree-trunks looking for hidden insect grubs.   When it finds one, it chews through the bark and uses its unusually long middle finger to pull out the bug.   Aye-ayes are endangered because of the current burning of their habitat for farmland.

Say hello to the Aye-Aye, a type of lemur, primates only found on the isle of Madagascar.   It taps on tree-trunks looking for hidden insect grubs.   When it finds one, it chews through the bark and uses its unusually long middle finger to pull out the bug.   Aye-ayes are an endangered because of the current burning of their habitat for farmland.

(more…)

About This Bash Bypass Bug

There’s been alot of news in the past couple of days about this Bash bug, some of it hysterically saying that 500 million sites could be impacted.   Well maybe that’s how many sites are running the Bash command-line utility susceptible to the bug, but only a small fraction of those are actually exploitable.   And exploitable is what matters.   This has been an issue with Bash for 20 years, since inception.

First of all, if you’re a Debian user you can relax.   Almost all scripts call /bin/sh, symlinked to /bin/dash, which does not have the vulns.

(more…)

DefCon corollary — Seeking Employment

Back in 1999, DefCon attendees were viewed with great suspicion by employers.   When a manager of the NSA or a big company became known at the conference, he was overrun by attendees trying to give him their resume, but were mostly denied.   Whenever I described any knowledge of hacking methods, the response was always fear.   So I stopped going into detail, even when the job is computer security.   These days though, people (without a record) who know how hacking is done and how to defend against it, are actively recruited.

(more…)

DefCon

DefCon: The good, the bad and ‘the Feds’

defconAh, DefCon, my favorite convention.   I should have gone this year.   It’s a celebration of determination, independence, intellectual accomplishment, and constant learning.

My brother and I went to DefCon in 1999.   I managed to talk my way into the Press Room and got full press credentials with access to special areas   —   I’d hacked the hacker’s conference.   I did have to wait 20 minutes for my brother to get through the regular line though.   I later sold my DefCon press credentials on eBay for $14.   Shoulda kept them.

(more…)

An Idea for Solving the Certificate Authority Vuln Problem

~~   Forward   ~~

A while back, Comodo and DigiNotar were compromised, opening any SSL using those certificates to attackers.   Maybe it’s time to acknowledge that the traditional SSL trust model is outmoded.   Every web browser trusts the word of scores of Certificate Authorities, and if any one of those CA’s is compromised by a cracker, government agency, or internal hire, then there is no way to know that your HTTPS connection isn’t being intercepted.   Further, if a CA (GeoTrust for example) has a large market share of SSL certs, browsers can’t then just “un-trust” them, as millions of non-tech users will start getting https errors and won’t know what it means nor what to do.   My ideas cover both the questions of forgery, and of CAs which are effectively too large to fail.

Rather than requiring that a root certificate be signed by a single trusted authority, require multiple and independent trusted signatories.

(more…)

What Is Going On With eBay?

I’ve been a member and seller on eBay with the same user ID since 1998, and regularly turn to the site when I want to buy or sell just about anything you can mail.   But recently there have been attacks by criminal gangs on user accounts which eBay seems to be unable or unwilling to inhibit.   These gangs take over an innocent user’s account, possibly by tricking them out of their username and password (or possibly through an internal eBay vuln, which I think is more likely), and then use that account to sell non-existent items (and collect the money) and to seek and find more victims.

Many of the compromised accounts have 100% positive feedback, and had prior sold hundreds of items.   One victim who had his account hijacked says he was locked out of his account, and then later billed “around $50” by eBay for seller’s fees on items he had never heard of.   When customers click on a scammer’s listing, they are redirected to a professional, official-looking page which asks them to log in and ‘confirm’ their credit card and bank account details!   The items ostensibly for sale in these compromised listings range from smartphones and TVs to laptops and bicycles.

Users are taken to a fake page like this by XSS.   But notice the URL is not eBay and has the country-code of Ukraine, the worst for scams next to Nigeria!   Usually  though customers will only see the right-hand side of a long string of gibberish and won't notice.

Users are taken to a fake page like this by XSS.   But notice the URL is not eBay and has the country-code of Ukraine, the worst for scams next to Nigeria!   Usually though customers will only see the right-hand side of a long string of gibberish and won’t notice.

(more…)

Good News for Electric Vehicles

This has nothing to do with Prius, Leaf, or Tesla.   This is about on-the-ground EV enthusiasts’ work.

SEVA

Up until a few years ago, electric motors were lucky to get 40% efficiency.   That is, of 100% of the charge in the battery pack, the motor was only able to use 40% of that energy, the rest being lost to heat, mechanical friction, and the “cogging” effect of newer neodymium-magnet motors.   So for a given range, you needed to include 60% more batteries than you would if efficiency were 100%.

(more…)

Without Religion, Chaos?

A Point of View: Why not caring about anything is only for the young

The great believers in the wonder of the universe, as revealed to us by science, seem to have considerable difficulty in either galvanising us to social solidarity, or providing us with true solace.   I’ve yet to hear of anyone going gently into that dark night on the basis that she or he is happily anticipating their dissolution into cosmic dust, nor do I witness multitudes assemblinggodhead in order that they may sing the periodic table together, or recite prime numbers in plain chant.   By contrast, religious beliefs continue to offer many people genuine succour, and they do this, I think, as Dostoevsky realised, not because of the specific concepts they appear to enshrine   –such as an afterlife or eternal judgement–   but because they place the human individual in a universal context, and thereby give her life meaning.

But is social solidarity what science is about?   Maybe it’s about answering questions we don’t know the answer to.

(more…)

Argentina Debt Default – again

Some exciting events about to happen in a couple hours with Argentina’s debt (at least for finance and intelligence geeks) which may actually filter to the general news.

If you’ve read Confessions of an Economic Hit Man you’ll know some of the history.   In the 1950’s, Kermit Roosevelt (grandson of Teddy) overthrew the democratically-elected government of Iran, putting the Shah in place with only very little bloodshed and no military intervention, just by spending millions of dollars for a coup.   Powers That Be realized that this was a very good way to change a government to be friendly to G7 business interests, without the threat of war with Russia.

(more…)

DarkCoin in the altcoin Sphere

As y’all know, I’ve been out of the mining business since ASICs came into LiteCoin, as difficulty skyrocketed from ~2,800 to now 9,000.   The new ASICs are so fast that diff has had to adjust to keep the same pace of block discovery.   BUT to buy an ASIC for a $thousand or three to mine today will net about one LTC a day with current diff, so it’s absolutely not worth it except on gigantic scale.

(more…)

Right to be Forgotten

Google Agrees to Forget.
Applies to Europeans only, and only to their local country searches.   The last three paragraphs are worth reproducing:

“And, interestingly, one of the most powerful voices calling for a reassessment of the power of the internet giants over our personal data has been an American writer.   In his novel The Circle Dave Eggers paints a dystopian future where a brilliant technology firm -The Circle- persuades the world that the more information we all share, the better our lives will be.

(more…)

R.I.P. – Winter is Gone

Goodbye and Thank You, to the greatest Texas bluesman who ever picked up a guitar.

(more…)

*POOF*, BitCoins Gone

Silk Road 2.0 ‘Hack’ Blamed On Bitcoin Bug, All Funds Stolen

Oh.   dear.   I’ve been tracking this bug and should have known that if Mt Gox got hit, so would SR.   After this hit the news and I researched it, it looks like numerous SR users warned them beforehand too.   It may be that these warnings tipped off the perpetrator and gave him the idea.

This is why you keep coins in your own wallet and avoid leaving them lay on third-party accounts like SR.   Only transfer coins when you’re about to buy something.   (but not at SR)

(more…)