Skip to content

Category: Hackerterrorcybercyber

Magic circles banning autonomous cars

Trapping Autonomous Cars

Somebody sent me a link to Vice withe the comment “A multiple hit in the Venn Diagram of your interests”.

It’s about an artist using technology disguised as ritual magic to trap self-driving cars (and similar shenanigans). The assessent was correct, this is beautiful.

The image from the article shown above shows a self-driving car inside fake street markings. The broken lines allow the cars logic to enter the circle, the unbroken linkes mark a demarcation that must not be crossed, hence the car can never leave.

It ties back to a story my driving instructor told me. He was making a point about “How things are being presented matters”, relating about a beginners driver who had been told to imagine unbroken lines as a “wall that cannot be crossed” and who because of that had problems – sometimes rules must be broken to preserve their meaning and spirit.

 

2 Comments

MySQL and encrypted connections

2006 slides by Rasmus Lerdorf

Since 5.0, MySQL does allow natively encrypted connections to the database, and supposedly also does support client certs for user authentication. Supposedly, because I never tried.

MySQL as a database performs well with transient connections as they are prevalent in two-tier deployments (mod_php, mod_perl, mod_python to database), in which a database connection is made upon web request, and the connection is torn down at the end of the request. This model does not scale so well with encryption in the mix, as on connection a full TLS/SSL exchange must be made.

2 Comments

Docker Image Vulnerability Research

federacy reports “24% of the latest Docker images have significant vulnerabilities“.

The Report underlines the importance of running your own image building service and your own local registry when deploying Docker and Kubernetes.

And that includes the base operating system images, because the test above focused on latest images of official docker images of base operating system images, and known vulnerabilities in it. It lists last years vulnerabilities still being present in current images.

Leave a Comment

Zero Days

RAND Corp study about Zero Day exploits is now available. About 200 Zero Days have been analyzed, and data has been collected on how many groups find them, or how long they stay undetected. Among the findings:

  • Zero-day exploits and their underlying vulnerabilities have a rather long average life expectancy (6.9 years). Only 25 percent of vulnerabilities do not survive to 1.51 years, and only 25 percent live more than 9.5 years.
    […]
  • For a given stockpile of zero-day vulnerabilities, after a year, approximately 5.7 percent have been publicly discovered and disclosed by another entity.

The reports highlights the importance of things like Google’s Project Zero: Systematically testing software products of all kinds for possible weaknesses and exploitable bugs, then getting them fixed.

 

Leave a Comment

The cost of winning…

Tech.co has an article titled Artificial Intelligence Startups Are Winning the Cybersecurity Race. The claim is basically first that old, pattern and signature based malware recognition is useless, and second, that new, behavior based malware recognition employing mystery AI technologies fixes things. The article closes with

In the near future, we predict that AI will be able to effectively fight against hackers by easily detecting repacked viruses. It’s just a matter of time. That’s why, more than resources or experience, companies who actively apply AI, especially cybersecurity companies, will ultimately be successful.

That will be interesting to see. Here is a data point:

3 Comments

Vault 7 and what it means

So, Wikileaks has been publishing a bunch of documents from the CIA, regarding hacking tools and working with tech and crypto under the headline of Vault 7.

In their words,

Today, Tuesday 7 March 2017, WikiLeaks begins its new series of leaks on the U.S. Central Intelligence Agency. Code-named “Vault 7” by WikiLeaks, it is the largest ever publication of confidential documents on the agency.

The first full part of the series, “Year Zero”, comprises 8,761 documents and files from an isolated, high-security network situated inside the CIA’s Center for Cyber Intelligence in Langley, Virgina.

Much has been made about the timing of this release, with regards to Trump’s Russian connection or other political context. That may or may not be true, but it’s actually relatively unimportant.

Leave a Comment