It's almost August, which means Hacker Summer Camp — the confluence ofBSides Las Vegas,Black Hat USA, and DEF CON — is nearly upon us. If you're going to Las Vegas to take part in the annual celebration of probing every system for any possible weakness, we've got a wide selection of documentaries to get you in the investigative mood.
And even if you can't make it to the desert this year, you can console yourself by looking at theweather reports for Nevadaand streaming these examinations of cyberattacks and the people behind them. Most of these are available either free on YouTube or as a standard offering on a streaming service, but we note which ones require rental or purchase fees.
Full disclosure: I haven't seen any of these, but each of them looks far superior to the execrable Hackers. Unknown if they live up to Sneakers, but that was the best computer security film of all time.
Body Heat was a 1981 remake of the classic 1944 film Double Indemnity. Known mostly for the skin showed by Kathleen Turner, about the only thing really superior about the remake is John Barry's spectacular Film Noir score.
I took Wolfgang's toys to a dog shelter today. Well, not all of them - we kept his frisbee, his blue stuffed animal, and a couple of balls that his dog friends look for when they come over. But I took probably 30 dog toys to be shelter.
After all, Wolfgang always got Puppy Loot on Christmas. Now we hope that these dogs who have nothing will enjoy having a toy all their own. As The Queen Of The World has been saying, he was always so good about sharing his toys. She says that he'd like sharing his toys with other dogs. She's right, of course.
But this was a hard experience for me. It was part of letting go, which has to be done. But it was hard. Chris Stapleton wrote this song the night that his dog died. I expect that was hard, too.
Maggie's Song (Songwriter: Chris Stapleton)
Let me tell you a story About an old friend of mine Somebody left her in a shopping cart In a parking lot for us to find
Just a fuzzy black pup She was hungry and feeling alone We put her in the back seat Told her we were taking her home
Run, Maggie, run With the heart of a rebel child Oh, run, Maggie, run Be just as free as you are wild
A few kids later We moved out on the farm And she followed those kids around Yeah, she kept them safe from harm
And she loved to chase squirrels And playing out in the snow She'd take off like a bullet Man, you should have seen her go
Run, Maggie, run With the heart of a rebel child Oh, run, Maggie, run Be just as free as you are wild
It was raining on a Monday The day that Maggie died She woke up and couldn't use her legs So I laid down by her side
She put her head on my hand Like she'd done so many times I told her she was a good dog Then I told her goodbye
Run, Maggie, run With the heart of a rebel child Oh, run, Maggie, run Be just as free as you are wild
I had a revelation As the tractor dug a hole I can tell you right now That a dog has a soul
And I thought to myself As we buried her on the hill I never knew me a better dog And I guess I never will
Run, Maggie, run With the heart of a rebel child Oh, run, Maggie, run Be just as free as you are wild
Oh, run, Maggie, run With the heart of a rebel child Oh, run, Maggie, run Be just as free as you are wild
Wolfgang never had the heart of a rebel child. Instead, he shared his toys with his doggie friends. But I never knew me a better dog, and I guess I never will.
Most interestingly is the researchers’ findings of what they describe as the backdoor in TEA1. Ordinarily, radios using TEA1 used a key of 80-bits. But Wetzels said the team found a “secret reduction step” which dramatically lowers the amount of entropy the initial key offered. An attacker who followed this step would then be able to decrypt intercepted traffic with consumer-level hardware and a cheap software defined radio dongle.
Looks like the encryption algorithm was intentionally weakened by intelligence agencies to facilitate easy eavesdropping.
There's an old saying that while there may be friendly foreign governments, there are no friendly foreign Intelligence Agencies. Or domestic ones either, seemingly.
Even if you're a LEO. Note that this makes secure police communications problematic. Not cool.
Four suspects in theshocking theft of a Celtic gold coin hoardfrom the Celtic-Roman Museum in Manching, Bavaria,have been arrested. The bad news is one of the suspects was carrying 18 gold lumps in a plastic bag at the time of his arrest. Micro-X-ray fluorescence analysis of the composition of the nuggets found they match that of the Celtic coins. Each lump amounts to four of the coins. So yes, these rats stole a historically priceless hoard of 483 Celtic coins from 100 B.C. and melted at least 70 of them down.
It was interesting how well planned the heist was, and the various skill sets in the group. I hope they find the rest of the coins.
Apple fixes security bugs that are being exploited in the wild. If you have any of the following, you will want to update ASAP:
Apple has released fixes for several security flaws that affect its iPhones, iPads, macOS computers, and Apple TV and watches, and warned that some of these bugs have already been exploited.
Here's a quick list of all of the security updates released late on Monday afternoon:
The goal of the new US Cyber Trust Mark, coming voluntarily to Internet of Things (IoT) devices by the end of 2024, is to keep people from having to do deep research before buying a thermostat, sprinkler controller, or baby monitor.
If you see a shield with a microchip in it that's a certain color, you'll know something by comparing it to other shields. What exactly that shield will mean is not yet decided. The related National Institute of Standards and Technology report suggests it will involve encrypted transmission and storage, software updates, and how much control a buyer has over passwords and data retention. But the only thing really new since the initiative's October 2022 announcement is the look of the label, a slightly more firm timeline, and more input and discussion meetings to follow.
We'll have to see how this plays out, but better consumer information on security is A Good Thing.
Back on myWandering Around Monday, I noted that solar cycle 25 had just posted the highest sunspot number since cycle 23 back in 2002; the highest sunspot number in 21 years.
And so to sun spots and climate. We have quite good records of sunspot activity going back to 1700 A.D. We have decent records of the price of wheat going back much further - pretty good ones to 1500 A.D., and sporadic recordsall the way back to 1250 A.D.(!). The reason is that bread is the staff of life - no bread, and people starved.
In short, grain prices are a pretty good proxy for climate, in the days before thermometers. Certainly better than, say,bristle cone pinetree rings. This is important for two reasons, and the combination is very bad news indeed for people who cling to the "Carbon Dioxide is killing Mother Gaia" theory.
First, the price of grain and the number of sunspots have been known to be very closely correlated for hundreds of years. William Herschel (who discovered the planet Uranus) first published this,back around 1800. When there are a lot of sun spots, he said, the price of grain is low - harvests are good. When there are few sun spots, harvests fail and the price of grain soars.
Remember, we have records on this that are so old that this has been known for literally hundreds of years. You might say that, err, the Science is Settled.
So yay for sun spots. To celebrate, here is some music from back when Disney made good films (the music here was the soundtrack to the 1959 Academy Award winning Disney short Grand Canyon.
Cybercriminals are leveraging generative AI technology to aid their activities and launchbusiness email compromise(BEC) attacks, including use of a tool known as WormGPT, a black-hat alternative to GPT models specifically designed for malicious activities.
According to a report from SlashNext, WormGPT was trained on various data sources, with a focus on malware-related data, generating human-like text based on the input it receives and is able to create highly convincing fake emails.
The only real defense you have against this new AI-generated email threat is to be very, very cautious (should I say "suspicious") of all emails that you get. As with firearms, the most important computer security safety tool is between your ears.
Wolfgang had a favorite tree that he loved to lie underneath. We would go out at the end of the day and sit (we even called it "Sit Time" and he knew those words and what they meant - he'd get all wiggly when he heard them).
The Queen Of The World ordered a special gift for me for Father's Day. I put it under Wolfgang's tree.
Here's a close up picture.
The text reads:
Wolfgang
2012-2023
If love could have saved you, you would have lived forever.
It's been around 100 days now and his absence still hangs heavy. We're both still sad. He's a dog that will take a lot of getting over.
Three Transportation Security Administration agents who work at Miami International Airport were arrested on fraud charges.
According to investigators, Elizabeth Fuster, Josue Gonzalez and Labarrius Williams worked together to steal cash from passengers’ purses and bags while they were being screened at the airport, June 29.
The agents were removed after a TSA employee followed up on a complaint, watched surveillance video and shared findings with the police, who took immediate action and placed them under arrest on Thursday.
But remember, only government agents can be trusted with firearms.
Security guru Bruce Schneier has been saying for years that TSA is a total waste of money (c.f. the 90+% failure to detect phony bombs during testing), and that if he were put in charge of it he would give all the budget back to the treasury.
Cybersecurity researchers have released a new tool called 'Snappy' that can help detect fake or rogue WiFi access points that attempts to steal data from unsuspecting people.
Attackers can create fake access points in supermarkets, coffee shops, and malls that impersonate real ones already established at the location. This is done to trick users into connecting to the rogue access points and relay sensitive data through the attackers' devices.
As the threat actors control the router, they can capture and analyze the transferred data by performing man-in-the-middle attacks.
Trustwave's security researcher and wireless/RF tech enthusiastTom Neaves explainsthat spoofing the MAC addresses and SSIDs of legitimate access points on open networks is trivial for determined attackers.
The devices of those who revisit the locations of open wireless networks they previously connected to will automatically attempt to reconnect to a saved access point, and their owners will be oblivious to the fact that they connecting to a malicious device.
Snappy is a free tool (available in about 100 lines of Python source code) that will tell you if the access point that you're connecting to is the same one that you connected to before. There are all sorts of parameters that an access point advertises, including name (this is what rogue access points advertise) but also things like vendor, supported data rates, channel, and max power (among other things).
Snappy compares all of these to what your legitimate access point advertises and warns you if there is a mismatch. Clever.
It's also clever to name your access point "Rouge". Well, it was in 1998.
Upcoming data privacy regulations are preventing Meta's new microblogging app "Threads" fromlaunching in European Union (EU) markets. Experts say this is only the beginning of the privacy battle facing the Twitter clone.
Meta's attempted coup d'etat against the Twitter kingdom launched on Wednesday in over 100 countries, earning tens of millions of users in only its first day live. That, despite being unavailable to major markets within the EU.
The holdup has to do with "complexities with complying with some of the laws coming into effect next year,"Instagram CEO Adam Mosseri hintedon July 5. Mosseri's statement may refer to the new antitrust-orientedDigital Markets Act, but experts also expect Threads to collide head-on with consumer privacy regulations, thanks to its wanton collection of just about every kind of personal data imaginable.
Well, Facebook has given regulators every erason to think they violate the privacy directives.
Via Midwest Chick a while ago, there's a new independent audit of the weather stations that feed daily data to the climate databases. This is a follow up to the 2009 Surface Stations Project. Results are, well, what you'd expect:
The 2009 report found 89 percent of stations were unacceptable by NOAA’s own standards. The 2022
report found an even greater percentage of stations—approximately 96 percent—are sited unacceptably.
The official U.S. temperature record, which was shown in 2009 to be heat-biased due to poor siting
issues, appears to be even more biased in 2022.
Of the 128 stations surveyed, only two were found to be a Class 1 (best-sited) station: the Dubois, Idaho
Agricultural Experiment Farm, and the St. Joseph, Louisiana Agricultural Experiment Farm.
Three stations were found to be Class 2 (acceptably sited).
The remaining 123 stations were found to be Class 3, 4, and 5, and therefore considered unacceptably
sited in accordance with Leroy’s classification system and NOAA publication 10-1302.
The 7 percent increase in unacceptably sited stations from 2009 to 2022 seems to be in line with the
Gallo and Xian study noting the increase in ISAs near USHCN stations.
Based on the sample, it appears that waste-water treatment plants (WWTP) comprise approximately
25-30 percent of the entire COOP network. It is difficult to get an accurate count because NOAA / NWS
does not discern between WWTPs and other stations in the HOMR database. WWTPs are a poor place
to measure data to detect climate change because they grow with population, and the industrial processes
they perform (sewage digestion) generate substantial amounts of heat, creating a heat sink effect.
In some interviews with observers, it became clear NOAA / NWS personnel are aware their station
siting does not adhere to NOAA standards, but they do not have the means or the time to take corrective
action. A prime example is a Class 5 USHCN station in a radio station parking lot in Grants Pass,
Oregon, where the radio station engineer recognized the problem, but the local NWSFO refused to
address it—even after multiple requests to relocate the MMTS sensor.
It's like they want lousy data, as long as it shows things hotter than they really are.
UPDATE 10 JULY 2023 14:04:Chris Lynch finds this, which is worth remembering. The Greenland Ice Core Project (GRIP) shows climate over the last 10,000 years or so:
I blame SUVs for all the warming during the Roman Climate Optimum ...
New Jersey cops must apply for a wiretap order — not just a warrant — for near-continual snooping on suspects' Facebook accounts, according to a unanimous ruling by that US state's Supreme Court.
Thursday's decision overturned alower court's rulingthat said a search warrant was sufficient to compel Meta's social network to turn over access to a user's future posts and messages every 15 minutes for a period of 30 days. That's effectively a real-time tapping system, it was argued.
"The state argues that because of the brief 15-minute delay involved, it is obtaining 'stored communications' rather than intercepting live ones, so fewer safeguards apply. We do not agree," the Garden State's Supremes said [PDF], noting that this would make New Jersey the only state in America to permit this practice.
One hundred sixty years ago George Picket led his division in an assault on fortified Federal lines. When the survivors straggled back, the band played "Nearer My God To Thee" - a hymn made famous from the sinking of Titanic even though Pickett lost more men that day.
I wrote this 13 years ago, but last night I was flipping though the channels and saw they were playing "Gettysburg". Highly, highly recommended although it is an epic (rather than personal story) film. But it made me recall an earlier post, re-posted here.
To the men who fought there so long ago, rest in peace. Freedom isn't free. If you haven't visited Gettysburg, you should. This is sacred ground.
======= Originally posted 3 July 2010 =========
Robert E. Lee is without doubt one of the greatest generals these shores have ever seen - arguably the greatest of all. And so I've always been mystified why he ordered General George Pickett to lead 12,500 of the South's finest troops across nearly a mile of open ground against fortified Union lines, that July 3 afternoon so long ago.
The lesson of Fredricksburg from the previous year should have told him what to expect. General Longstreet had learned that lesson, and tried unsuccessfully to persuade his commander to call off the assault. Overcome with emotion - a premonition of slaughter, really - he couldn't even speak the final order to advance, but merely nodded assent to Pickett's request to charge. When the stragglers returned to their lines, General Lee (worried that the Yankees might charge to follow up their success) asked Pickett to rally his Division. Pickett replied,General Lee,I have no Division.
The War Between The States ("Civil War" to Yankees) was a brutal affair, where the weaponry had advanced faster than the tactics. It remains to this day the bloodiest conflict in the nation's history, with more casualties than any other war we've fought. When you consider how much the population has grown since the mid-nineteenth century, it was even worse.
The psychological scars of that war were to linger for a generation or more. The sense of loss - needless loss - is perhaps summed up by Pickett's Charge. William Faulkner captured this sense inIntruder In The Dust:
For every Southern boy fourteen years old, not once but whenever he wants it, there is the instant when it's still not yet two o'clock on that July afternoon in 1863, the brigades are in position behind the rail fence, the guns are laid and ready in the woods and the furled flags are already loosened to break out and Pickett himself with his long oiled ringlets and his hat in one hand probably and his sword in the other looking up the hill waiting for Longstreet to give the word and it's all in the balance, it hasn't happened yet, it hasn't even begun yet, it not only hasn't begun yet but there is still time for it not to begin against that position and those circumstances ...
Pickett never forgave Lee. Asked many years later why the charge failed, he replied that he thought that the Yankees had something to do with the outcome. He might have said that Lee had, too.
======= End original post =========
This is what the soldiers coming back from that charge heard.
Alternate title: how The United States accidentally committed suicide.
Co-blogger and Brother-From-Another-Mother ASM826 and I have had a number of conversations lately about how when we both started blogging 15 years ago, we still had hope. Yes, I cribbed the alternate title from histories of Rome, but there's a fateful dynamic at play today that mirrors what played out back then.
In 400 AD, Rome stood tall. Sure, there were problems, but Rome was the only super power. 76 years later, it no longer existed.* It was simply unable to respond effectively to the barbarian invasions - the problem wasn't a military one, it was structural. The Legions were still strong, but the ruling elite could not use them effectively to keep the barbarians out. You see, they didn't want to keep them out.
Barbarian hordes were an opportunity to various members of the elite. The rewards of power and wealth to those at the top of the Roman Empire were so unbelievably vast that, well, a wandering barbarian horde might be able to be used to put somebody new on the throne. And so the elites played 27 Dimensional Chess against each other until the Empire was overwhelmed. What temporarily helped local Senators and Provincial Governors quite frankly led to the downfall of them all. I'm looking at you, Constantine III.
And so to today. The Ruling Class in this Republic is institutionally incapable of dealing with the problems facing the Republic because they don't want to. Indeed, there is a dynamic at work: never let a crisis go to waste. This has come about in a shockingly short time - twenty years or so.
But this happened to Rome as well. Between 410 and 430 AD, the Eternal City itself was sacked and Spain and Africa were lost to the Empire - and with them went the tax revenue that had supported the Legions. Today we have a President who is a feeble-minded puppet; the Emperor Honorious was (at the time) compared to a jellyfish.
The grandeur that was America was very great indeed, but so was Roman grandeur. Sic transit Gloria Mundi, and all that.
Entering this Independence Day weekend I wish I could be more optimistic. I leave you with a song from the dark days after 9/11, a reflection of a time when the grandeur of this Republic was great, even though the dynamic that has led us here was already formed.