Monthly Archives: May 2017

Hacking and Linux

Ever since taking an interest Linux, with the specific aim of better understanding and enhancing my personal digital security, I have been fascinated by hacker conferences. As soon as I learned of their existence, I made a point of keeping tabs on the major conferences so I could browse through the latest videos in their archive once each one wraps up. I thought that was the closest I would get to such an event, but a couple of weeks ago, I had the chance to attend one for the first time: Chicago’s THOTCON. While I’m definitely still swimming in all the experiences I had, I wanted to share a few of my observations and insights. At this point I can practically hear you asking, “Wait, you said hacker conference? For security?” So, before I go on, I should explain a bit about the interrelationship between hacking and security.

The information security, or InfoSec, field is built on hacking. Without the latter, the former would be both impossible and pointless. This is because there are two sides to hacking. The more sensationalized of the two, often called “black hat” hacking, refers to malicious actors breaching a system without authorization either for personal gain or just to cause mayhem. The far more common variety of hacking is “white hat” hacking, often more formally known as “penetration testing,” in which experienced, professional hackers are hired by a company to hack it, without inflicting any permanent damage, in order to audit the company’s security.

Obviously, there would be no need for white hat hackers if there were no black hat hackers, but because the ranks of the white hats far outnumber the black hats, we are able to enjoy what computers and the Internet have to offer in relative security. The other reason these two approaches are related is because they depend on each other. In order for the white hats to fend off the black hats, they need to understand the tactics of the black hats. Correspondingly, the black hats can operate only where the white hats have yet to probe. It’s a perpetual cat-and-mouse game, but it’s one we have to play in order to make use of the modern Internet.

So what happens at a hacker conference? As I found out, quite a lot. Mainly, though, leading figures in the hacking/security community give presentations on their latest research so that attendees can hone their craft. Like at any professional gathering, there’s also a lot of networking. That might sound boring, but I can tell you from experience that it’s anything but! The professionals, both presenting and attending, are at the leading edge of a field which — as the recent global ransomware attack demonstrated affects all of us every day.

A Whole New World

As I said, there was a lot to take in, but here are some of the aspects of the hacker con experience that made an impression on me for one reason or another. The most immediate aspect that stood out to me was the sheer amount of stimulation to be found there. In addition to a choice of three simultaneously scheduled talks to attend at any given time, attendees had the option of touring an exhibition room full of vendors, participating in a lockpicking tutorial, socializing at a full bar, or last but not least taking part in a con-wide scavenger hunt that included debugging the conference badge and deciphering hidden messages scattered throughout the area. In short, there was so much to choose from that it was overstimulating, but in a good way. Everywhere I looked, there was something new to take in, and that’s exactly why we were all there. Another thing that impressed me was the considerable range in the topics of the talks themselves. In just the presentations I saw, I heard speakers delve into everything from current vulnerabilities in Internet of Things devices to the philosophy of red team testing; from evaluating your ideas and models by attacking them from the outside to how the military is training soldiers to conduct hacking operations in open, state-on-state warfare.

Snap Stock Snaps Back

Snap shares appear to have rebounded from the plunge they took earlier this month, after the newly public company released a massive US$2.2 billion loss in the first quarter, but investors still are scratching their heads over the company’s prospects. Trading just over $20 at mid-day Tuesday, Snap looks to some like it has regained its early bloom. Others suspect that darker days are yet to come, as signs of robust growth have been lacking. Snap’s revenue and subscriber growth figures missed consensus estimates in its first quarter, sending shares down to a low of $17.59.

Revenue rose sharply to $149.6 million in the quarter, compared with $38.8 million in the year-earlier period, but still fell short of consensus estimates of $158 million. Investors also were spooked by slow growth in daily active users, which totaled 166 million in the quarter, compared with 122 million in the year-ago quarter, a 36 percent gain. DAUs increased by a slim 5 percent from the 4th quarter of 2016. A “DAU” is defined as a registered Snapchat user who opens the app at least once during a defined 24-hour period. Average revenue per user rose 181 percent to 90 cents during the first quarter, compared with 32 cents a year earlier. ARPU was down 14 percent from fourth-quarter 2016 figures, when ARPU was $1.05.

During the conference call with analysts, CEO Evan Spiegel said the company was pleased with Snap highlighted its gains in engagement during the quarter. Users created 3 billion Snaps daily, noted CEO Evan Spiegel. The company made strong inroads with Android users, who comprised 30 percent of net additional users compared with 20 percent in the previous quarter. Users spent an average of 30 minutes a day on Snapchat, according to Chief Strategy Officer Imran Khan, who pointed to a Nielsen report indicating that 45 percent of 18-34-year-olds interacted with Snapchat on any given day. Although, most of Snap’s first-quarter losses were attributable to one-time stock compensation, analysts nevertheless remain concerned about the company’s user growth and engagement metrics.

The 3 Technologies We Need to Change the World

  • Technology 1: Organic Printing

We can use 3D printers for plastics, ceramics, metals and some blends, but our efforts even to print food have been more in line with automated icing machines for cakes than printing food. If we could print food affordably using nonperishable components, it would mean not only that we would be better able to address the massive amount of global hunger that exists, but also that we potentially could cut the cost of food manufacturing and eliminate most food-borne illnesses. There is an amazing amount of activity in this area, suggesting that by 2030 we actually might have something like the Star Trek replicator in our homes. Given that this same technology likely could manufacture drugs and better prosthetics, this single step could have a massive impact on how we live far beyond the way we eat.

  • Technology 2: Advanced Bio-engineering

A division of Google is releasing millions of bio-engineered mosquitoes to eliminate those that carry sicknesses. Granted, I do remember that many apocalyptic movies start this way. The ability to manufacture insects that can address certain problems could have a massive impact, good and bad, on our environment. The bad would come from a mistake, or if someone decided to create militarized mosquitoes. In the world of The Punch Escrow, there are mosquitoes that have been engineered to eat pollutants in the air and pee H20 and characters have to dodge constant pee drenchings from the mosquitoes. Still, bio-engineered life forms could offset much of the damage we’ve done to the world addressing global warming as well as land, sea and air pollution and go places that people currently are unable to go.

Technology 3: AI Salting

Artificial intelligence salting is another concept author Klein introduces as a major plot element in The Punch Escrow. AI salting isn’t meal preparation, for when we humans eat AIs (boy, talk about a concept that could start a Terminator event) it means a specialized technician teaches an AI to think more like a human. Basically, it is individual AI deep learning of human behaviors. The underlying concept, making computers think more like humans, is critical to make them more effective at interacting with humans and interfacing with us more effectively. If we really can’t tell the difference between an AI and a human, or if an AI handling a human-related task could be made to be empathetic, the improvement in the interaction and the effectiveness of the AI would be improved vastly. However, few are focused on the human part, and the challenge to train AIs to be more human-like could change forever the way we interact with and use them. At the very least, it would be a huge step in creating robots indistinguishable from humans and making the Westworld experience real.

Hackers Blast Emergency Sirens

Screaming sirens serenaded Dallas residents in the early morning hours Saturday after a cyberattack set off the city’s emergency warning system. All of the city’s 156 sirens were set off more than a dozen times, The Dallas Morning News reported. Officials have not yet identified the perpetrator of the attack, the city’s Office of Emergency Management Director Rocky Vaz told the newspaper, but he expressed confidence that it was someone outside the Dallas area. The city has figured out how the system was compromised and has begun working to keep it from happening again, he added. The sirens began sounding about 12:30 a.m. Saturday and weren’t silenced until 1:20 a.m., when the entire system was deactivated. Despite the city’s pleas not to make 911 calls about the sirens, emergency operators were swamped with 4,400 calls during the early morning hours Saturday.

Emergency warning systems in many cities are old, which makes them even more vulnerable to cyberattacks. Ironically, Dallas’ system is about to be overhauled the city council last fall approved $567,368 for the project. “Many of them were first installed in the ’40s and ’50s,” explained Mike Ahmadi, global director for critical systems security at Synopsys. “They’ve been upgraded over time and most recently connected to the Internet,” he told TechNewsWorld. “Actually, the older systems without any connectivity are pretty safe from a hacker-proof perspective,” Ahmadi added. “It’s modernizing them and giving them IoT connectivity that’s made them vulnerable.” Open information laws also can make these systems vulnerable, maintained Ed Cabrera, chief cybersecurity officer for Trend Micro. “These require detailed government information to be publicly disclosed,” he told TechNewsWorld. “That makes things such as manuals and configuration settings openly available to potential adversaries meaning to do harm.”

It has been recognized for some time that older, outdated emergency warning systems are susceptible to cyberattacks, noted Vijay Basani, CEO of EiQ Networks. “In spite of this known exploitable vulnerability, why have our state and local governments been so complicit in their failure to fix these vulnerabilities?” he asked. That is the important question, Basani told TechNewsWorld. “Besides just making emergency warning systems go off randomly, hackers could have shut them down completely, crippled them temporarily, or redirected emergency personnel to wrong locations,” he said. “Taxpayers should demand that their government fix these systems or upgrade them.” The failure of Dallas’ emergency warning system is endemic to the poor security across these systems, said Dragos’ Caltagirone. Securing systems comes down to identifying critical systems, detecting attacks and implementing real protection, he explained.