Forgot your password?

+ - Book review: Introduction to Cyber-Warfare: A Multidisciplinary Approach

Submitted by benrothke
benrothke (2577567) writes "Introduction to Cyber-Warfare: A Multidisciplinary Approach

Author: Paulo Shakarian, Jana Shakarian and Andrew Ruef

Pages: 336

Publisher: Syngress

Rating: 9/10

Reviewer: Ben Rothke

ISBN: 978-0124078147

Summary: Outstanding overview and guide to cyberwarfare

Cyberwarfare is a controversial topic. At the 2014 Infosec World Conference, Marcus Ranum gave a talk on Cyberwar: Putting Civilian Infrastructure on the Front Lines, Again.

Whether it was the topic or just Marcus being Marcus, about a third of the participants left within the first 15 minutes. They should have stayed, as Ranum, agree with him or not, provided some riveting insights on the topic.

While a somewhat broad term, in Wikipedia, cyberwarfare (often called information warfare)is definedas politically motivated hacking to conduct sabotage and espionage. It is a form of information warfare sometimes seen as analogous to conventional warfare.

The authors define cyber war as an extension of policy by actions taken in cyber space by state or nonstate actors that either constitute a serious threat to a nation's security or are conducted in response to a perceived threat against a nation's security.

As to a book on the topic, for most readers, cyberwarfare is something that they may be victims of, but will rarely be an actively part of.

In Introduction to Cyber-Warfare: A Multidisciplinary Approach, authors Paulo Shakarian, Jana Shakarian and Andrew Ruef provide an excellent overview of the topic. The book takes a holistic, or as they call it multidisciplinary, approach to the topic. It looks at the information security aspect of cyberwarfare, as well the military, sociological and other aspects of the topic.

The book is divided into 3 parts and 13 densely packed and extremely well-researched and footnoted chapters, namely:

Part I: Cyber Attack

Chapter 2: Political Cyber Attack Comes of Age in 2007

Chapter 3: How Cyber Attacks Augmented Russian Military Operations

Chapter 4: When Who Tells the Best Story Wins: Cyber and Information Operations in the Middle East

Chapter 5: Limiting Free Speech on the Internet: Cyber Attack Against Internal Dissidents in Iran and Russia

Chapter 6: Cyber Attacks by Nonstate Hacking Groups: The Case of Anonymous and Its Affiliates

Part II: Cyber Espionage and Exploitation

Chapter 7: Enter the Dragon: Why Cyber Espionage Against Militaries, Dissidents, and Nondefense Corporations Is a Key

Component of Chinese Cyber Strategy

Chapter 8: Duqu, Flame, Gauss, the Next Generation of Cyber Exploitation

Chapter 9: Losing Trust in Your Friends: Social Network Exploitation

Chapter 10: How Iraqi Insurgents Watched U.S. Predator Video—Information Theft on the Tactical Battlefield

Part III: Cyber Operations for Infrastructure Attack

Chapter 11: Cyber Warfare Against Industry

Chapter 12: Can Cyber Warfare Leave a Nation in the Dark? Cyber Attacks Against Electrical Infrastructure

Chapter 13: Attacking Iranian Nuclear Facilities: Stuxnet

The book provides numerous case studies of the largest cyberwarfare events to date. Issues around China and their use of cyberwarfare constitute a part of the book. Chapter 7 details the Chinese cyber strategy and shows how the Chinese cyber doctrine and mindset is radically different from that of those in the west.

The book compares the board games of chess (a Western game) and Go (a Chinese game) and how the outcomes and strategies of the games are manifest in each doctrine.

The chapter also shows how the Chinese government outlawed hacking, while at the same time the military identified the best and most talented hackers in China, and integrated them into Chinese security firms, consulting organizations, academia and the military.

One of the more fascinating case studies details the cyber war against the corporate world from China. The book provides a number of examples and details the methodologies they used, in addition to providing evidence of how the Chinese were involved.

For an adversary, one of the means of getting information is via social networks. This is often used in parallel by those launching some sort of cyberwarfare attack. LinkedIn is one of the favorite tools for such an effort. The authors write of the dangers of transitive trust; where user A trusts user B, and user B trusts user C. Via a transitive trust, user A will then trust user C based simply on the fact that user B does. This was most manifest in the Robin Sageexercise.

This was where Thomas Ryan created a fictitious information security professional names Robin Sage. He used her fake identity and profile to make friends with others in the information security world, both commercial, federal and military and he was able to fool even seasoned security professionals. Joan Goodchild wrote a good overview of the experiment here.

In chapter 10, the book details how Iraqi insurgents viewed Predator drones video feeds. Woody Allen said that eighty percent of success is just showing up. In this case, all the insurgents had to do was download the feed, as it was being transmitted unencrypted. Very little cyberwarfare required.

When the drone was being designed, the designers used security by obscurity in their decision not to encrypt the video feed. They felt that since the Predator video feeds were being transmitted on frequencies that were not publically known, no access control, encryption or other security mechanisms would be needed.

The downside is that once the precise frequency was determined by the insurgency, in the case of the Predator drone, the Ku-band, the use of the SkyGrabber satellite internet downloader made it possible for them to effortless view the video feeds.

The only negative about the book is a minor one. It has over 100 pictures and illustrations. Each one states: for the color version of this figure, the reader is referred to the online version of the book. Having that after every picture is a bit annoying. Also, the book never says where you can find the online version of the book.

How good is this book? In his review of it, Krypt3ia said it best when he wrote: I would love to start a kickstarter and get this book into the hands of each and every moron in Congress and the House. The reality is that this book should indeed be read by everyone in Washington, as they are making decisions on the topic, without truly understanding it.

For most readers, this will be the book that tells them everyone they need to know that their congressman should know. Most people will never be involved with any sort of warfare, and most corporate information security professional will not get involved with cyberwarfare. Nonetheless, Introduction to Cyber-Warfare: A Multidisciplinary Approachis a fascinating read about a most important subject.

Reviewed by Ben Rothke"

+ - "Canvas Fingerprinting" Online Tracking Difficult To Block->

Submitted by globaljustin
globaljustin (574257) writes "First documented in a forthcoming paper by researchers at Princeton University and KU Leuven University in Belgium, this type of tracking, called canvas fingerprinting, works by instructing the visitor’s Web browser to draw a hidden image. Because each computer draws the image slightly differently, the images can be used to assign each user’s device a number that uniquely identifies it.

[The] fingerprints are unusually hard to block: They can’t be prevented by using standard Web browser privacy settings or using anti-tracking tools such as AdBlock Plus.

The researchers found canvas fingerprinting computer code, primarily written by a company called AddThis, on 5 percent of the top 100,000 websites."

Link to Original Source

+ - WebODF: An ODF text editor in pure client-side JavaScript->

Submitted by oever
oever (233119) writes "TheMukt chides Google for not supporting OpenDocument Format well and claims that the newly released WebODF 0.5.0 in combination with ownCloud is the answer to this deficiency.

A WebODF developer blog highlights all the goodies in the first WebODF release where the text editor is considered stable and made available as an easy to use component. These include extensive benchmarking, unit testing, and advanced HTML5 techniques to give the editor a native feel."

Link to Original Source

+ - KDE's Krita gets 100% funding through Kickstarter->

Submitted by sfcrazy
sfcrazy (1542989) writes "It's an interesting day for the KDE community. At one hand they announced the death of two projects — Vivaldi tablet and Improv board, on the other hand Krita (a KDE software) has reached its goal of raising Euro 15,00 on Kickstrater, which means they can now hire the developer, designer they needed to further improve the image editing software. The campaign is not over yet and there are eight more days left so the project will continue to get more money."
Link to Original Source

+ - Experimenting With Motivational Passwords

Submitted by jones_supa
jones_supa (887896) writes "At Mauricio Estrella's workplace, the Microsoft Exchange server is configured to ask thousands of employees around the planet to change their passwords every 30 days. Mauricio often approached the situation with an angry grandpa voice in his head: "The damn password has expired." This input field with a pulsating cursor, waiting for him to type a password that he will have to re-enter for the next 30 days. Many times during the day. Then a lightbulb went on inside his head: "I'm gonna use a password to change my life." His passwords became little motivational snippets, every one being a condensed phrase for a goal or dream. He set his first motivational password to be Save4trip@thailand. Guess where he went 3 months later. Mauricio kept doing this and found the method to work surprisingly consistently for various goals, which he lists in his blog post. To summarize, this might be one way to make your passwords a bit more fun and to remind about good habits. Just for added security he recommends scrambling the passwords a bit more than in his examples."

+ - The Next Big Thing in FOSS, according to the author of Linux Cookbook->

Submitted by trogdoro
trogdoro (3716731) writes "Command-line lovers, allow me to introduce you to Xiki, the incredibly interactive, flexible, and revolutionary command shell. I do not use the word "revolutionary" lightly. The command shell has not advanced all that much since the ancient days of Unix. Xiki is a giant leap forward. If you're looking for the Next Big Thing in FOSS, Xiki is it."
Link to Original Source

+ - Exploiting Wildcards On Linux

Submitted by Anonymous Coward
An anonymous reader writes "DefenseCode researcher Leon Juranic found security issues related to using wildcards in Unix commands. The topic has been talked about in the past on the Full Disclosure mailing list, where some people saw this more as a feature than as a bug. There are clearly a number of potential security issues surrounding this, so Mr. Juranic provided five actual exploitation examples that stress out the risks accompanying practice of using the * wildcard with Linux/Unix commands. The issue can be manifested by using specific options in chown, tar, rsync etc. By using specially crafted filenames, an attacker can inject arbitrary arguments to shell commands run by other users — root as well."

+ - Visualizing Algorithms->

Submitted by Anonymous Coward
An anonymous reader writes "Many people reading this site probably have a functional understanding of how algorithms work. But whether you know algorithms down to highly mathematical abstractions or simple as a fuzzy series of steps that transform input into output, it can be helpful to visualize what's going on under the hood. That's what Mike Bostock has done in a new article. He walks through algorithms for sampling, shuffling, and maze generation, using beautiful and fascinating visualizations to show how each algorithm works and how it differs from other options. He says, "I find watching algorithms endlessly fascinating, even mesmerizing. Particularly so when randomness is involved. ... Being able to see what your code is doing can boost productivity. Visualization does not supplant the need for tests, but tests are useful primarily for detecting failure and not explaining it. Visualization can also discover unexpected behavior in your implementation, even when the output looks correct. ...Even if you just want to learn for yourself, visualization can be a great way to gain deep understanding. Teaching is one of the most effective ways of learning, and implementing a visualization is like teaching yourself."
Link to Original Source

+ - Grace Hopper, UNIVAC, and the First Programming Language

Submitted by M-Saunders
M-Saunders (706738) writes "It weighed 13 tons, had 5,200 vacuum tubes, and took up a whole garage, but the UNIVAC I was an incredible machine for its time. Memory was provided by tanks of liquid mercury, while the clock speed was a whopping 2.25 MHz. The UNIVAC I was one of the first commercial general-purpose computers produced, with 46 shipped, and Linux Voice has taken an in-depth look at it. Learn its fascinating instruction set, and also check out FLOW-MATIC, the first English-language data processing language created by American computing pioneer Grace Hopper."

+ - Supermassive Black Hole At The Centre Of Galaxy May Be Wormhole In Disguise->

Submitted by KentuckyFC
KentuckyFC (1144503) writes "There is growing evidence that the centre of the Milky Way contains a mysterious object some 4 million times more massive than the Sun. Many astronomers believe that this object, called Sagittarius A*, is a supermassive black hole that was crucial in the galaxy's birth and formation. The thinking is that about 100 million years after the Big Bang, this supermassive object attracted the gas and dust that eventually became the Milky Way. But there is a problem with this theory--100 million years is not long enough for a black hole to grow so big. The alternative explanation is that Sagittarius A* is a wormhole that connects the Milky Way to another region of the universe or even a another multiverse. Cosmologists have long known that wormholes could have formed in the instants after the Big Bang and that these objects would have been preserved during inflation to appear today as supermassive objects hidden behind an event horizon, like black holes. It's easy to imagine that it would be impossible to tell these objects apart. But astronomers have now worked out that wormholes are smaller than black holes and so bend light from an object orbiting close to them, such as a plasma cloud, in a unique way that reveals their presence. They've even simulated what such a wormhole will look like. No telescope is yet capable of resolving images like these but that is set to change too. An infrared instrument called GRAVITY is currently being prepared for the Very Large Telescope Interferometer in Chile and should be in a position to spot the signature of a wormhole, if it is there, in the next few years."
Link to Original Source

+ - Why Does Fusion Energy Research need a Bake Sale?-> 1

Submitted by Greykin
Greykin (1857916) writes "Lawrenceville Plasma Physics (LPP) started a crowd source funding campaign at IndieGoGo. LPP researches electrical power generation from fusion energy without steam or neutrons. Anyone who believes that fusion energy can phase out carbon fuels should support this campaign. Developing fusion technology is a legacy for future generations. We must phase out the Carbon Fuel Colossus that powers our civilization and poisons our planet. It is top dog in our modern times and its fall will be tragic for some, joyous for others. Let’s hope it doesn’t take down our civilization with it."
Link to Original Source

+ - Horrid Ruling in Oracle v. Google: APIs Are Copyrightable->

Submitted by linuxrocks123
linuxrocks123 (905424) writes "This is an absolutely horrible ruling. If APIs are copyrightable, every Windows program could be held to infringe Microsoft's copyright. Every program written in Java needs permission from Oracle to be distributed. Video game console emulators are right out. And you can kiss things like third-party printer cartridges goodbye.

The only way it could be worse would be if they ruled that what Google did isn't fair use as a matter of law. If you read the decision, they almost did that, but didn't. I hope this is reheard en-banc or the Supreme Court takes the case. This is a nightmare.

I have very little respect for the Federal Circuit. They seem to cause many more problems than they solve. And, here, they took Ninth Circuit precedent and twisted it to say the opposite of what it meant. The Ninth Circuit gives interoperability concerns serious consideration; this decision gives them much less consideration than they deserve.

For Google's particular case, there looks to me to be an easy way out. All Google has to do is distribute its work under the GPL, since Java, including the APIs in question, is under the GPL anyway. The "Classpath exception" was Sun's explicit consent to use the APIs in Java without needing the work to be GPL as well. So, as long as Google distributes its work as a "modified version of OpenJDK", they should be good. I'm not sure why they haven't done this already, or didn't do it to begin with, actually. Perhaps I'm missing something, but I can't see what.

But this goes way beyond Android and Java. This ruling, if it's not overturned, could chill software development, promote extreme forms of vendor lock-in, and otherwise cause mayhem and misery."

Link to Original Source

Comment: So many possible answers (Score 2) 90

by xonen (#46909607) Attached to: Can the Lix 3D Printing Pen Actually Work?

* It preheats some element or reservoir for a limited time duty cycle
* It just draws more power from USB ; powerbanks happily support 2A and the '900mA specced USB port' on their macbook might also capable of delivering much more.
* The pen includes a rechargable battery capable of delivering more peak current. The pen could easily hold a 1Ah 3.7V lithion cell.
* They provide an adapter to plug it in 2 USB ports
* *

The way to make a small fortune in the commodities market is to start with a large fortune.