Archive | News

Mr Robot. Trump / Russia. The murkiness of changing alliances

Elliot Alderson on Mr Robot has a certain slightly bug-eyed look when yet again something inexplicable and threatening happens. Often, what he thought was real wasn’t, or it was revealed there were levels and layers under the apparent reality. Probably lots of us are feeling that way too, as fresh Trump / Russia revelations hit mass media, then get transmitted, distorted, attacked, and defended in social media, amplifying the entire process. We’re all a bit shell-shocked.

And just who is on what side now? Neocons and lefties are teaming together on Twitter to topple Trump. Some of them have excellent sources and are breaking stories highly damaging to Trump days, sometimes weeks, before the MSM gets it. Trump’s overseas trip was such a disaster that Merkel says they can no longer rely on the US. Let that sink it. Some left-wing journalists resolutely refuse to put any credence in the Russia allegations while some right-wingers have relentlessly attacked Trump since Day One. So, choose your side, even as we all realize the sides and alliances are changing.

Where does all this go? I have bad news for those hoping it will all somehow go away quickly. It won’t. The leaks are going to escalate and damage Trump far more than he has been damaged so far. He will respond in his usual chaotic way, which will inevitably just dump more gasoline on the fire.

We are just now entering the pitched battle phase of Trump / Russia. Everything up until now has been the opening act. Prepare to be bug-eyed.


DNS tunneling. Alfa Bank and Trump

Some crazed conspiracy wackos wondered why there were so many DNS pings from a Russian bank to a Trump organization server during the campaign. There was much chortling at  the wackos by Very Serious People because surely there were many logical explanations for this. Surely it was not a sneaky way to pass data as the fevered wackos suggested. But then the FBI started investigating it. Hmm, imagine that. Maybe the wackos were on to something after all. However, what was happening? It was indeed baffling.

Legendary hacker Jester suggests these large numbers of DNS pings could be tunneling IPv4 data through DNS.

“Hey Bob, It’d be great if you could speak in English, not in incomprehensible geek-lingo” some of you are undoubtedly thinking as your eyes glaze over. Ok, I’ll try. Let’s say you want to pass data back and forth between servers and don’t want anyone to notice. A great idea would be to hide it in plain sight using DNS queries, something that routinely happens a bazillion times a day and no one pays much attention to it. (DNS pings are looking up an IP address based on a domain name at a Domain Name Server, or “DNS”. It’s routine.)

But let’s say instead of doing a regular DNS ping, you are actually passing encoded data back and forth. You are hiding data transfers in the DNS pings. This is “DNS tunneling”.

“So on a DNS tunnel, data are encapsulated within DNS queries and replies, using base32 and base64 encoding, and the DNS domain name lookup system is used to send data bi-directionally. Therefore, as long as you can do domain name lookups on a network, you can tunnel any kind of data you want to a remote system, including the Internet.

Open source Iodine can do this now. There is also malware called DNSMessenger that can do the same thing and which takes control of computers. Neither write anything to disk, making detection and understanding the attack much more difficult. Both are hidden in plain sight.

DNSMessenger malware:

Once this is completed, the STDOUT and STDERR output that was captured from the Windows Command Line processor earlier in Stage 4 is transmitted using a “MSG” message. This allows the attacker to send commands to be executed directly by the Command Processor and receive the output of those commands all using DNS TXT requests and responses.

I’m just delving into this. Any help, thoughts, feedback appreciated!

If it’s ok to punch a Nazi, is it also ok to bodyslam a reporter?

You’ve probably seen the horrific news that a deranged person ranting at Muslim women in Portland stabbed and killed two people who tried to intervene. You’ve also probably noticed our country is becoming unhinged. This process will accelerate as the Trump / Russia debacle goes nuclear. What’s that you say, you thought it already had gone nuclear? Not hardly. We’re barely into Act Two. The climax in Act Three awaits us.

I suggest everyone think seriously about ways to calm down and also how about to protect themselves. Follow security expert John Farnam’s advice, “Don’t go stupid places. Don’t hang out with stupid people. Don’t do stupid things.” This includes not getting into pointless arguments and confrontations in day-to-day life or on the internet. Everyone is on edge. Choose your fights. There’s no need to respond to trolls or to flip people off on the freeway if they cut you off.

If you choose to intervene in a confrontation, assume the attacker is armed. Here in Nevada where open and concealed carry is legal, I assume people will be carrying guns. That’s just the reality of the situation.

And if you get all caught up in self-righteous indignation and outrage and think someone’s needs to be punched, be aware some on the other side probably think the same about you.

Be safe out there. It’s going to get crazy. Act Three will probably be thunderous and may rip the country even further apart.

Two men were stabbed to death Friday on a light-rail train in Portland, Ore., after they tried to intervene when another passenger began “ranting and raving” and shouting anti-Muslim hate speech at two young women, police said.

Help, my car has been attacked by ransomware

The smart key lock on the front door wants money too. The thermostat is stuck at 90, cranking out heat. Burglars learn to hack into surveillance video cameras to determine when occupants aren’t home, then rob the houses.

Gosh, isn’t the Internet of Things wonderful? I’ll rephrase that. Yes the IoT will be wonderful and useful once it has iron security baked into it. Right now, it’s not even close. There are no standards for IoT security. Many IoT devices now cannot be patched or updated when vulnerabilities are found. Some, insanely, have default passwords that cannot be changed. Plz hack me, they scream.

If your computer has a modern OS and is patched on a regular basis, you are well protected from ransomware attacks. This is not at all true for IoT devices, which of course are connected to a home network. Malware on IoT devices can travel throughout the network.

Security has to be baked into the entire system. One reason Win 10 is so secure is because it was designed with security as a primary concern. Your handy-dandy internet-enabled thermostat probably has little or no security.

But it is a system that’s going to fail in the “Internet of things”: everyday devices like smart speakers, household appliances, toys, lighting systems, even cars, that are connected to the web. Many of the embedded networked systems in these devices that will pervade our lives don’t have engineering teams on hand to write patches and may well last far longer than the companies that are supposed to keep the software safe from criminals. Some of them don’t even have the ability to be patched.

Fast forward five to 10 years, and the world is going to be filled with literally tens of billions of devices that hackers can attack. We’re going to see ransomware against our cars. Our digital video recorders and web cameras will be taken over by botnets. The data that these devices collect about us will be stolen and used to commit fraud. And we’re not going to be able to secure these devices.

Like every other instance of product safety, this problem will never be solved without considerable government involvement.

No amount of regulation can force companies to maintain old products, and it certainly can’t prevent companies from going out of business. The future will contain billions of orphaned devices connected to the web that simply have no engineers able to patch them.

The True Believer syndrome, mental illness, murder

An 18-year-old man in Florida, Devon Patrick,  went from being a Neo-Nazi to strict Muslim, murdered his neo-Nazi roommates just because, then took hostages at a smoke shop. He probably had never been to a mosque and was barely acquainted with Islam because he made references to “Allah Mohammed” not realizing one was God, the other his messenger. This is akin to referring to “Jesus Jacob”, I suppose, and shows a seriously muddled brain.

True believers are scary because they are convinced of their inerrancy. Their mania can be political as well as religious. They have the inner truth, all others are wrong, and in extreme cases like this one, must die because of their apostasy or refusal to accept the Obvious Truth. In this particular case, the conversion from Neo-Nazi to supposed Muslim apparently happened very quickly. True Believers rarely stay in the middle. They careen from edge to edge, looking for something to stop the voices in their head.

Yes, much of this is almost certainly mental illness. Political and religious cults actively recruit people like this because they are obedient drones, who never ask why. If we want to stop terrorist recruitment, we need to better understand the true believer process and how extremists exploit it and manipulate people to join.

Chillingly, the one roommate who Patrick did not murder (because he was on National Guard duties) was arrested on explosives charges.

From the article:

An 18-year-old man in Tampa who held neo-Nazi beliefs before converting to Islam told police he shot and killed his roommates for being neo-Nazis and disrespecting his Muslim faith. Feel free to take a moment. We realize that’s a lot to unpack there.