Skip to content

The Isoblog. Posts

US travel ban total desaster, sad

The Washington Post reports on the amount of damage the travel bans in the US are doing to travel as a whole, not just the six/seven countries primarily targeted:

The result was a wave of withdrawals. “Getting those cancellations all at once, that was startling,” said Russ Hedge, chief executive of HIU, which oversees 52 hostels across the country. “We’ve never seen something like that.”

and

Fifteen miles from the White House, the Sheraton Tysons Hotel is now offering a free Apple Watch to anybody who books a meeting. “We’re doing everything we can to get through this storm,” said Chris Zindash, the hotel’s director of sales and marketing.

 

1 Comment

Seven years Eyjafjallajökull eruption

In 2010, between April, 15 and April, 23, Air Travel was disrupted because of the ash cloud generated by the icelandic Eyjafjallajökull eruption.

Air travel disruption after the 2010 Eyjafjallajökull eruption

That meant a lot of travellers could not reach the beds they had booked, while approximately the same number of people could not leave their beds to return home. On the first day, the volume of calls making it into the call center (not counting dropped calls) was nine times the normal volume. We added a lot of personal (three times the normal staff, IIRC) to call centers, upgraded servers to handle the increased churn on the databases, and added licenses to the phone system to cope – all in all an extremely busy time.

Also, many hoteliers realized that it is actually ok for customers to cancel, as long as the beds are warm (and paid for). Travelling became a lot more flexible in the aftermath of this incident.

Leave a Comment

Passenger dragged onto Ryanair flight

»Outcry as shocking scenes emerge of passenger being dragged onto Ryanair flight« titles the satiric magazine Dafty News, spot on, to continue:

Michael O’Leary, the outspoken CEO of Ryanair appeared unconcerned last night as he told reporters: “I don’t know what all the fuss is about, to be honest. The flight was underbooked and this individual was spotted wandering aimlessly around Costa Coffee in the airport lounge, so after making sure he had a credit card, we took him took the necessary steps to get him on board.

Remember: It’s only funny, because it’s almost true.

1 Comment

Network Devops Engineer at Booking.com

You know Python and Networking? We do have a platform based on Django that automates network and data center management, and we need to invest in this.

We are going to do a lot more with this, and with many other interesting toys.

Want to play? Check this out.

“Empowering people to experience the world…”

“… and working with people from literally all over the world.”

Leave a Comment

Shadowbrokers released NSA exploits, most not 0days any more

The Shadowbrokers released a number of Windows exploits that have been leaked from the NSAs exploit cache.

A lot of blogs and tech opinion pieces appeared, most of them being up in arms about the NSA not only sitting on these exploits, but also not being in communication with microsoft about them since the last 90+ in which these exploits have been known to be compromised.

Turns out, all of these exploits are actually fixed already (or appear not to be working on current platforms in the first place), and though both MS and the NSA do not comment, both parties apparently have been in communication about this.

So the situation is not nearly as dire as those opinion pieces make it look.

So the main question is: have you been patching all your systems up to MS17-010 (March, 14th of 2017), already? And what about your Windows XP habit?

Right. Thought as much.

Leave a Comment

Tumblr of the Day: Roots of Design

I have just finished reading the Project Zero Blog entries about the Broadcom Wifi SoC used in Cellphones, and how to utilise that SoC to take over the main CPU of a phone.

While this is awesome reading, it reminded me about my interest in taking up a career in landscape gardening.

So here is my Tumblr of the Day recommendation for today: Roots of Design, a podcast about… Landscape Gardening.

It’s awesome, exploit free and about design, so it’s everything that IT isn’t.

It’s also defunct, the last episode is from almost 2 years ago, so it has at least something in common with the patch level of your phone.

4 Comments

Signed pointers

So those real hackers keep telling me that back then in the times of the LISP machine they had tagged pointers and stuff.

Those pesky mobile Whizkids at Qualcomm could not let that stand, so they created signed pointers for ARM 8.3. Two families of new instructions have been made, one for signing pointers, the other for checking the signature. How does that work? The PDF at Qualcomm describes the details.

Basically, when pushing a return address onto the stack on subroutine call, that pointer is authenticated with a PAC* instruction, on return that pointer is checked with an AUT* instruction. The actual RET will fail with an address violation if the pointer has been messed with. PAC* and AUT* are out of NOP space, so they can be executed as NOPs on older CPUs.

PAC* signs the return address, AUT* checks it. On pre-8.3 CPUs, they decode as NOP instructions. RETing to an address that does not AUT is an illegal address exception.

A 64 bit pointer in an 40 bit cellphone processor is good for 24 bit signatures, but other partitions are possible depending on address space layout and size.

2 Comments

CVE-2016-10229: Remote UDP Exploit or why did your Nexus want a new kernel this morning?

CVE-2016-10229: Almost perfect score.

CVSS v3 Base Score 9.8 (Critical)

»udp.c in the Linux kernel before 4.5 allows remote attackers to execute arbitrary code via UDP traffic that triggers an unsafe second checksum calculation during execution of a recv system call with the MSG_PEEK flag.«

Affects your Linux, and hence all the unupdateable Android you own. Or “why did your Nexus need a reboot this morning?”

3 Comments