SkiifGeek - Slashdot User

Comment Re:Working on it (Score 1) 148

by SkiifGeek on Tuesday September 24, 2013 @03:21AM (#44931825) Attached to: Air Force Wants Technology That Will Let Drones Sense and Avoid Other Aircraft

You claim it's not a transponder, but admit it's an active system, so that implies some sort of RF transmitter -- which opens up the question of spectrum access.

You claim that it operates below the RF floor. That implies it knows the signal it should be looking for, otherwise there's some fancy DSP footwork going on that smells like the wrong end of a cow in the size and weight you're talking about, particularly if you include the power and antenna setup for a transceiver, and still have the range you're talking about.

If you are making an SSR-type system, then that saves on power / weight, but you're in the class of TCAS, IFF, ADS-B, TACAN (Air-to-Air), and back into the world of transponders.

If there's two elements to the sense component, you've recreated the sense rails from an NDB / ADF, but that doesn't provide ranging, even with a known rate of crossing, and signal strength alone is never relied upon for ranging in the airborne environment.

If it's below the RF floor as you claim, then fit it to two mountain bikes and ride them at each other for the testing, as it's unlikely to have much of a RADHAZ distance. Or, fit it to your car. Or anything. You don't go and test things like this by bolting it to aircraft straight up. You'll also get more repeatable and falsifiable results.

I'm not saying it's impossible, or whether what you've come up with is close to anything else that already exists. I suspect it's the latter but, unless you've spent a lot of time around those sort of systems, you're not going to know what does and doesn't exist.

Submission + - Anonymous Targets Australian Government Censorship (beskerming.com) 1

Submitted by

SkiifGeek

on Tuesday September 08, 2009 @10:55PM

SkiifGeek writes: "The Australian Federal Government plan to introduce national-level Internet censorship may already be floundering in the parliament, but now Anonymous have set their sights on the government and will be taking currently-unpublicised actions today to try and get their demands met, namely the resignation of current Communications Minister, Stephen Conroy, and the abolition of the blacklist that forms the basis of the censorship plan. In a country famed for its laid back attitude towards life, are Anonymous' actions going to have a long term result?"

Submission + - Pace Shoots for Streisand on Disassembly Info (beskerming.com)

Submitted by

SkiifGeek

on Friday May 29, 2009 @05:20AM

SkiifGeek writes: "The owner of the Reverse Engineering Mac OS X site has been served DMCA action and forced to take down a series of posts that were investigating initial steps to reverse engineer / disassemble Interlok protected OS X applications.

Despite only a very limited amount of data being publicly available, fG! complied and removed the posts, citing "One thing is certain, you can't acomplish security by obscurity ! You can't simply stop knowledge because these days information flows at a bigger rate than ever. Disclosure is the only way to improve products!".

Even though the information is too specialised and focused in attention to have been widely reproduced, it was still online long enough for at least Google to cache the complete list of now-suppressed data and for a number of individuals to privately replicate the data. fG! follows up with the following caution for those trying to reproduce the cached but missing entries "About Pace? I'm in contact with their lawyer and I have been asked to remove all information about this. If you have mirrored the three Pace posts and code (I?m pretty sure I'm not the only one who mirrors important info right away) please do not make it publicly available. Pace will wave you with DMCA and it's not worth the trouble. Keep it for yourself, please".

Despite the other information available online for people looking to reverse engineer Pace Interlok products, it looks like a Streisand effect could be developing."

Submission + - Did McAfee Pull Content Critical of AV Industry? (beskerming.com) 1

Submitted by

SkiifGeek

on Friday May 29, 2009 @04:20AM

SkiifGeek writes: "Does anyone really care when a company deletes content from its website or blog without notice and without leaving evidence that it ever existed? What if that company was an Antivirus vendor and the blog is a valuable source of information on developments in the fight against malware, what then?

McAfee recently did just that, pulling an entry at their Avert Labs blog, but not before it appeared briefly in the site's RSS feed. Despite the very short period of time that the content was actually available, it was still captured by some sites. A Google search shows a number of sites that were able to scrape the content before it could be pulled completely, including, ironically, a McAfee site that republishes the Avert Labs blog as part of its content.

Why would McAfee pull the content — what could be controversial enough in it to lead to it being pulled?

Are claims that the reason why there is so much malware is that AV vendors and developers have been so successful at blocking attacks enough to warrant deletion? What about trying to convince developers of legitimate software that packers and protectors are not valid tools anymore (just because malware authors use them)? Or even that use of these tools is going to place legitimate software at greater risk of false positive detection or delay in releasing the software and that it will mean it is viewed with suspicion?

The full deleted posting and deconstruction of the conflicting arguments presented within it can be found here."

Submission + - Apple and Microsoft Release Critical Patches (beskerming.com)

Submitted by

SkiifGeek

on Wednesday May 13, 2009 @05:14AM

SkiifGeek writes: "Both Microsoft and Apple have released major security updates in the last 24 hours.

Microsoft's single update (MS09-017) addresses fourteen distinct vulnerabilities across all supported versions of PowerPoint, but it isn't how many vulnerabilities that are patched that is causing trouble. Instead, the decision to release the patch for Windows versions while OS X and Works versions remain vulnerable to the same remote code execution risks (including one that is currently being exploited) hasn't gone down well with some people. Microsoft have given various reasons why this is the case, but this mega-update-in-a-patch is still interesting for other reasons.

Apple have updated OS X 10.5 to 10.5.7 as part of the 2009-002 Security Update (available right here), as well as a cumulative update for Safari 3 and the Public Beta for 4. As well as addressing numerous significant security risks, the 10.5.7 update provides a number of stability and capability enhancements and incorporates the Safari 3 update patch. Probably the most surprising element of the Apple update is the overall size of it, 442MB for the point update, and 729MB for the ComboUpdate."

Submission + - 3D Realms May Be All Out Of Gum (beskerming.com)

Submitted by

SkiifGeek

on Thursday May 07, 2009 @01:33AM

SkiifGeek writes: "It's only early, but a single, uncorroborated source has claimed that 3D Realms has been shut down. The problem with a single source report is that the other information at this time doesn't match up with what Shacknews is claiming. The forums where the claim is apparently corroborated are struggling under traffic at the moment and it leaves the possibility that the whole thing is a hoax, backed up by a possibly hacked forum account.

Other sources of information on the net that are also reporting on the claim all point back to Shacknews as the only source material, so we're all going to have to wait until 3D Realms, Take Two, or 2K Games make a formal announcement that one of the gamer's most favourite publishers of the 1990s is no more."

Submission + - Old Media is Failing. What Hope the New Media? (beskerming.com)

Submitted by

SkiifGeek

on Friday April 03, 2009 @09:55AM

SkiifGeek writes: "The publishers of the LA Times and the Chicago Tribune, and the Chicago Sun-Times have filed for bankruptcy protection within four months of each other. In addition to the big name newspapers, each also controlled a host of smaller television networks and regional newspapers that are facing an uncertain future. Also in that timeframe, the Rocky Mountain News has completely closed down, and the Seattle Post-Intelligencer has abandoned print editions completely.

With Microsoft's recent move to close down Encarta, and purely online media outlets cutting back on staff (freelancers and contractors being the first to get cut), what do we face in terms of information collation and dissemination in the future? Each of the listed cases happened for a different reason, but the economic crisis was the catalyst that pushed them all over the edge.

Are we headed for a dystopian future, or something better?"

Submission + - Microsoft Exposes Cloud Secrecy, For What Gain? (beskerming.com)

Submitted by

SkiifGeek

on Friday March 27, 2009 @07:05PM

SkiifGeek writes: "Cloud computing may just be another hyped technology, but recent private efforts to coordinate and establish a series of frameworks and methods that would allow for efficient migration of data and resources between clouds were exposed by Microsoft after participants refused to accept Microsoft 'enhancements' into their processes.

Strangely, Microsoft is pushing for a completely open process, using the language and promising the methodology often used in Open Source, but still trying to ensure that "a lot of innovation that we're [Microsoft] dreaming up today" will be included. OOXML vs ODF and a long history of crushing or neutralising non-Microsoft technologies should be sufficient for anyone to regard Microsoft's actions with a dose of suspicion.

It is hard to say just what Microsoft might stand to gain from publicly exposing the actions of a currently shadowy group, but there is enough current confusion that might allow Microsoft the room it needs to subvert the current efforts."

Submission + - OS X Receiving Increased InfoSec Attention (beskerming.com)

Submitted by

SkiifGeek

on Friday March 20, 2009 @06:01AM

SkiifGeek writes: "Though they may not have had the exposure that the Month of Apple Bugs received at the start of 2007, there have been some significant recent discoveries regarding OS X security. In February, Vincenzo Iozzo presented a new method for injecting malicious code directly into running applications, with no trace being left behind when the host application is terminated.

Dino Dai Zovi has been busy demonstrating heap overflows that can lead to full system compromise, while Charlie Miller again walked away with the MacBook at the CanSecWest conference, after using a pre-prepared Safari exploit to take over the target system in less than 10 seconds. Both Zovi and Miller have also been putting in a lot of work to get MetaSploit for OS X targets up to the same sort of capabilities and features as the versions available for Windows and Linux."

Submission + - JBIG2Decode PDF Vulnerability Auto-Exploited (beskerming.com)

Submitted by

SkiifGeek

on Wednesday March 11, 2009 @05:36AM

SkiifGeek writes: "With Adobe's patch for the JBIG2Decode vulnerability due in a few days time, new methods to target the vulnerability have been discovered that make it far riskier than previously thought. Didier Stevens recently showed the world how it is possible to exploit the vulnerability without the user actually opening an affected file, now he has discovered a way that allows for completely automated exploitation that results in anything up to a Local System account without any user interaction at all and only relies upon basic Windows components and Acrobat Reader elements.

There are some mitigating factors that limit the overall risk of this new discovery, but it does also highlight that merely uninstalling the Reader will not protect you from exploitation and does raise the possibility that other tools will access the vulnerable components and thus be vectors for attack."

Submission + - PDF Vulnerability Now Exploitable With no Clicking (beskerming.com)

Submitted by

SkiifGeek

on Thursday March 05, 2009 @08:34AM

SkiifGeek writes: "With Adobe's patch for the current PDF vulnerability still some time away, news has emerged of more techniques that are available to exploit the vulnerability, this time without needing the victim to actually open a malicious file. Instead, the methods make use of a Windows Explorer Shell Extension that is installed alongside Adobe Reader, and which will trigger the exploitable code when the file is interacted with in Windows Explorer. Methods have been demonstrated of successful exploitation with a single click, with thumbnail view, and with merely hovering the mouse cursor over the affected file.

There are many ways that exploits targeting the JBIG2 vulnerability could be hidden inside a PDF file, and it seems that the reliability of detection for these varying methods is spotty, at best."

Submission + - Spit Leads to Dummy Spit for TechCrunch Founder (beskerming.com)

Submitted by

SkiifGeek

on Thursday January 29, 2009 @03:46AM

SkiifGeek writes: "After being spat on at the DLD Conference in Germany, TechCrunch founder, Michael Arrington has announced that he is going to take the next month off, after first covering the World Economic Forum in Davos.

Arrington, it seems, has a knack for polarising people and so with an enemies list as long as his, we may never know who delivered the saliva that has done more to make him sit back and reassess the what and why of how he does things than the death threat that he had last year and all the electrons of vitriol posted across the Internet over the years.

Being spat in the face may be a form of insult that hasn't really been popular for many years, especially for web pundits, but he's lucky that this guy hasn't finished his invention yet."

Submission + - Baidu's CFO Drowns While on Holiday (beskerming.com)

Submitted by

SkiifGeek

on Wednesday January 02, 2008 @09:01AM

SkiifGeek writes: "Baidu's CFO, Shawn Wang, died while swimming while on Christmas holiday with his family on Hainan Island. Although only one trading day was available following news of his death (27th of December), it has seen more than 2% of Baidu's NASDAQ value wiped out.

While Wang's sudden death is not likely to impact the daily operations of the Chinese search engine giant, it is likely to impact the plans to list on the Hong Kong exchange, and China's 'A-Share' market, given Wang's role in getting Baidu listed on NASDAQ.

The loss of any key employee can have a major effect on a company, even if the employee is not an executive. The tragedy being faced by Baidu and the Wang family should serve as a reminder that succession planning and effective disaster management can be tested in many ways and it is important to ensure that there is always a way to continue normal operations in case of such tragedies."

Submission + - SquirrelMail Repository Poisoned (beskerming.com)

Submitted by

SkiifGeek

on Tuesday December 18, 2007 @11:05AM

SkiifGeek writes: "Late last week the SquirrelMail team posted information on their site about a compromise to the main download repository for SquirrelMail that resulted in a critical flaw being introduced into two versions of the webmail application (1.4.11 and 1.4.12).

After gaining access to the repository through a release maintainer's compromised account (it is believed), the attackers made a slight modification to the release packages, modifying how a PHP global variable was handled. As a result, it introduced a remote file inclusion bug — leading to an arbitrary code execution risk on systems running the vulnerable versions of SquirrelMail.

The poisoning was identified after it was reported to the SquirrelMail team that there was a difference in MD5 signatures for version 1.4.12.

Version 1.4.13 is now available."

Submission + - Major QuickTime Vulnerability in Latest Version (beskerming.com)

Submitted by

SkiifGeek

on Sunday November 25, 2007 @08:09AM

SkiifGeek writes: "Less than a month after news of active OS X fake codec malware, a major vulnerability in the latest version of QuickTime (7.3, only released two weeks ago) has been discovered and has already gone from proof-of-concept exploit code to two readily available exploit samples.

With the ease by which this exploit can be integrated with media streams, it marks a greater threat for end users than a fake codec. At this stage, about the best mitigation recommended is to disable support for RTSP via the File Type / Advanced -> MIME Settings option in QuickTime's Control Panel / PreferencePane. Even though the exploit is only for Windows systems (including Vista — QuickTime apparently doesn't utilise ASLR), OS X users could be at threat from related problems, given historical RTSP vulnerabilities."

Slashdot Top Deals