Change a headline, go to prison

A former journalist whose track record includes being fired from the Tribune Co. and from Reuters is facing two decades in prison for giving the hacking group Anonymous credentials to log into a Tribune web site and change stuff.

Anonymous changed one headline, and it took about 40 minutes for someone at Tribune Co. to notice and change it back.

It reminds me of something that happened at the newspaper where I used to work.

Read more

Why security pros still fly

Security researcher Chris Roberts has posted some inflammatory things about Boeing airplanes earlier this year, going as far as claiming to have once used the in-flight entertainment system, with a special cable, to send commands to one of the engines and affect the plane’s flight.

When I first heard Roberts’ assertions, my initial reaction was to ask why any security professional would continue to board a plane. Then last week Patrick Gray had the brilliant idea to talk to an Airbus pilot. After listening to the interview, I felt better.

Read more

Identify bad guys through writing style

This month’s Social Engineer podcast discussed a tactic to identify bad guys through writing style, something the hosts expressed surprise was possible.

This won’t be news to anyone who minored in English or Communications or Journalism. A lot of factors go into style—where we grew up, where our parents are from, what we read growing up, our life experience, and it really is like a fingerprint. Fitzgerald’s Gatsby called everyone “Old Sport,” and we all have something like that, it’s just usually more subtle. I’ll say, “taste this,” when my wife or mother in law will say “taste of this.” That’s a regional thing. I pick up on that because I’m interested in language. A really good linguist can pick up on a lot more than that, and machine learning can potentially pick up on still more.

If you recall, it was the Unabomber’s long manifesto that brought down Ted Kaczynski.  Other forensics proved it, but the investigation began with his brother’s observation that the manifesto “sounded like Ted.”

Read more

The Sony breach and why every company should be worried

To me, the Sony breach is noteworthy not just because of its magnitude, but because it doesn’t appear to be driven by profit, unlike the other big breaches in recent memory. Instead, it’s a return of vigilante hacktivism, and entertainment companies are particularly vulnerable because, the Washington Post argues, all movies have an element of politics in them.

That’s a problem for U.S. companies in an interconnected world, because much of the world doesn’t value free speech as the United States does. The plot of the movie “Red Dawn” was changed–China, not North Korea, was the original aggressor–to avoid offending the Chinese government, for example. Search Google for “movies that offended foreign governments” sometime. It’s amazing how many you’ll find.

Read more

Smartphones and tablets… What’s the point?

A longtime reader who asked to be anonymous got his first tablet and smartphone a few weeks ago and was underwhelmed, to say the least. “What’s the point?” he asked me privately.

To be honest, I understand. I got my first tablet a couple of years ago–a Nook Color that I loaded Cyanogenmod on. And, to be honest, once the thrill of hacking an e-reader into a full-blown tablet with no restrictions on it wore off, I didn’t do a lot with it. When I thought of it, I would check the weather on it when I was getting ready in the morning, and maybe glance at my e-mail with it, but mostly it sat on my end table. I probably used it 15 minutes a week.

Read more

The explanation about Windows vs. Linux kernel performance makes sense

An anonymous Microsoft developer spilled some juicy opinions about why Windows kernel performance isn’t all it could be and answered some longstanding questions about Windows vs. Linux kernel performance in the process. Although he has recanted much of what he said, some of his insights make a ton of sense.

Read more

Things I wish everyone knew about home computer security

I’m a security professional by trade, with two certifications. I’m not responsible for defending your computer networks, but I want your networks to be secure. There’s a really simple reason for that. If your computer and your network is secure, then it isn’t attacking mine. Or anyone else’s.

Several fellow subscribers to a train-related interest group that I like got hacked recently, and have been sending out spam messages. They’ve received a lot of advice in the hours since. Some of it has been good, and some not as good. So I tried to think of some things that people could do in about 30 minutes to keep the crooks at bay.

Incidentally, the computer crooks won’t be going away. Computer crime happens because the criminals can make more money doing that than doing something legal. The only way to make it stop is to make it too hard, so that getting a real job becomes more profitable. You won’t solve that problem in 30 minutes, but if we all take that single step down that road, we’ll make the world that much safer. So, with that, let’s roll up our sleeves. Read more

WordPress Appliance - Powered by TurnKey Linux