Charles Curley's Weblog

If you are going to run with the big dogs, you have to get off the porch.

— Old Southern Saying

If you are going to crack other people's systems, and then thumb your nose at them, you have better be sure your own security is good. Someone out there is waiting to prove it isn't. Oops!

Chocolate lovers may soon be able to print their own 3D creations thanks to work by UK scientists.

A 3D printer that uses chocolate has been developed by University of Exeter researchers - and it prints layers of chocolate instead of ink or plastic.

Although still a prototype, several retailers have already expressed interest in taking on the device.

I want one!

The U.S. Department of Homeland Security ran a test this year to see how hard it was for hackers to corrupt workers and gain access to computer systems. Not very, it turned out.

Staff secretly dropped computer discs and USB thumb drives in the parking lots of government buildings and private contractors. Of those who picked them up, 60 percent plugged the devices into office computers, curious to see what they contained. If the drive or CD case had an official logo, 90 percent were installed.

"There’s no device known to mankind that will prevent people from being idiots," said Mark Rasch, director of network security and privacy consulting for Falls Church, Virginia-based Computer Sciences Corp. (CSC)

— Human Errors Fuel Hacking as Test Shows Nothing Stops Idiocy

In short, the best defense against cyber attack includes user education.

These days, people tend to think of computer security in terms of network security. How strong are my firewall rules? Is the security good on my web application? Should I use this web site on an unsecured WiFi link? Etc. These are all valid concerns. As recent Anonymous and LulzSec efforts show, they are excellent concerns.

However, this does not mean one should ignore physical security concerns.

When hackers from penetration testing firm Netragard were hired to pierce the firewall of a customer, they knew they had their work cut out. The client specifically ruled out the use of social networks, telephones, and other social-engineering vectors, and gaining unauthorized physical access to computers was also off limits.

Deprived of the low-hanging fruit attackers typically rely on to get a toe-hold onto their target, Netragard CTO Adriel Desautels borrowed a technique straight out of a plot from Mission Impossible: He modified a popular, off-the-shelf computer mouse to include a flash drive and a powerful microcontroller that ran custom attack code that compromised whatever computer connected to it.

— Hackers pierce network with jerry-rigged mouse

It's amazing what you can fit into the empty volume in an off-the-shelf rodent.

One might wonder why the client disallowed the more obvious attacks such as social engineering. Maybe the client thought those guards were really good. But that misses the point. Precisely because they are obvious they are guarded. This attack bypassed all those guards, however good they were. Or weren't.

Having heard, so frequently, that the data underlying the current consensus was robustly supportive, I decided to take the time to find raw, unadjusted data and undertake some simple analyses. I was quite surprised by the results. I am posting those here for comments and suggestions, along with source code and links to the raw data.

The majority of climate researchers use the adjusted data in their work, because CRU, GISS, and NCDC make the adjusted data easily accessible and easy to use. Since evidence has surfaced which suggests those three entities are not independent, all three adjustment methods may be suspect. Let’s take a look.

The author, Eugene Zeien, lays it all out. What he did, where he got his raw data (and why he used that data instead of other data). He shows us the results. He tells us exactly what he did, starting with installing Sun's VirtualBox to create a virtual machine. And he gives us the source code, complete with wget command lines to acquire the data.

If you want to reproduce his efforts, you can. If you want to disagree with his analysis and the decisions he made along the way, you can. It's all laid out for you. He even tells you which flavor of Ubuntu he used.

Nor did he have to go spend a pile of money on expensive software. Thanks to the General Public License and other open source licenses and all that free software, you can duplicate his efforts at no charge other than the cost of your computer and your time.

Mind you, I have no idea if he is right or not. Is he wrong? Let us know if he is wrong, and where exactly he went wrong.

Science as it should be done.

When the Internet protocol was first specified, the designers at the Advanced Research Projects Agency contemplated nuclear war. They wanted a system that would route around obstacles such as broken links. They got one. Better than they knew.

For example:

Courtesy of Brad at Wendy McElroy dot com.

I've updated the gnome-gps article. The code is updated since February, including changes to keep up with libgpsd. Also, it is now in a tarball and includes a make file.