"malware" entries

Four short links: January 15, 2016

Four short links: January 15, 2016

Bitcoin Resolution, Malware Analysis, Website Screw-Ups, and Dronecode.

  1. The Resolution of the Bitcoin ExperimentIf you had never heard about Bitcoin before, would you care about a payments network that: Couldn’t move your existing money; Had wildly unpredictable fees that were high and rising fast; Allowed buyers to take back payments they’d made after walking out of shops, by simply pressing a button (if you aren’t aware of this “feature” that’s because Bitcoin was only just changed to allow it); Is suffering large backlogs and flaky payments; … which is controlled by China; … and in which the companies and people building it were in open civil war?
  2. Malware Analysis Repository the materials as developed and used by RPISEC to teach Malware Analysis at Rensselaer Polytechnic Institute in Fall 2015.
  3. How Websites Screw Up Experiences (Troy Hunt) — they’re mostly signs of a to-the-death business model.
  4. Dronecode Moves Forward — Linux Foundation’s Dronecode project has 51 members, is used commercially, and has technical working groups looking at camera and gimbal controls; airspace management; and hardware/software interfaces.
Four short links: 17 December 2014

Four short links: 17 December 2014

Security Stick, Spyware Toy, Bezos Time, and Popular JavaScript

  1. USB Armory — another Linux-on-a-stick, but this one has some nifty dimensions and security applications in mind.
  2. Who’s the Boss?The Elf on the Shelf essentially teaches the child to accept an external form of non-familial surveillance in the home when the elf becomes the source of power and judgment, based on a set of rules attributable to Santa Claus. Excellent deconstruction of ludic malware. (via Washington Post)
  3. Bezos on Time (Business Insider) — Where you are going to spend your time and your energy is one of the most important decisions you get to make in life. We all have a limited amount of time, and where you spend it and how you spend it is just an incredibly levered way to think about the world. This (he says at 9 p.m. in the office, in a different city from his family!).
  4. libscore — popularity of JavaScript scripts and libraries in the top million sites. But remember, just because all the cool kids do it doesn’t make right for you. (via Medium)
Four short links: 10 October 2014

Four short links: 10 October 2014

Evolving Malware, Male Advocates, Every BU is an Internal Startup, and Amazonian Warehouses

  1. Slow Release MalwareProf. Vigna outlined scenarios in which an increasingly sophisticated and opaque breed of malicious executable will evolve to ‘mimic’ the behaviour patterns of benign software, in an attempt to avoid wasting its payload behaviour on a sandbox or virtualised environment. (via Slashdot)
  2. Top 10 Ways to be a Male Advocate — pass to any men in tech that you know.
  3. All Businesses are Now Digital Businesses (Vikram Kumar) — given that your business units are buying their own IT and thus reinventing their own business, How many CEOs and CIOs think of business units acting as tech start-ups?
  4. Amazon Opens First Physical Store (WSJ, paywall) — in NYC, for pickups, returns, exchanges, and same-day delivery of some items from the accompanying warehouse. I’m curious to see what of Amazon’s infrastructure, analytics, and other thin-margin tricks they can bring to substantial physical presence.
Four short links: 5 March 2014

Four short links: 5 March 2014

Cheap Gesture Sensor, Ignorance as Strength, Android Malware Resistance, and Security Talks

  1. $1 Gesture-Recognizing Device (GigaOm) — the AllSee is the size of a quarter, harvests RF for power, and detects the variations in signal strength caused by gestures.
  2. A Conversation with Sydney BrennerThe thing is to have no discipline at all. Biology got its main success by the importation of physicists that came into the field not knowing any biology and I think today that’s very important. I strongly believe that the only way to encourage innovation is to give it to the young. The young have a great advantage in that they are ignorant. Because I think ignorance in science is very important. If you’re like me and you know too much you can’t try new things. I always work in fields of which I’m totally ignorant.
  3. Android Almost Impenetrable to Malware — multiple layers of defence, including signatures of known-bad systems found in the wild, necessary to retain an “open” marketplace vs Apple’s lock-down.
  4. TrustyCon (YouTube) — video of the speakers at the conference that was set up by speakers who withdrew from the RSA conference. (via BoingBoing)

Power over USB

USB could make power consumption more intelligent, but security concerns need to be addressed.

I’ve been reading about enhancements to the USB 3.0 standard that would allow a USB cable to provide up to 100 watts of power, nicely summarized in The Economist. 100 watts is more than enough to charge a laptop, and certainly enough to power other devices, such as LED lighting, televisions, and audio equipment. It could represent a significant shift in the way we distribute power in homes and offices: as low voltage DC, rather than 110 or 220 volt AC. Granted, 100 watts won’t power a stove, a refrigerator, or a toaster, but in a USB world, high-voltage power distribution could be limited to a few rooms, just like plumbing; the rest of the building could be wired with relatively inexpensive USB cables and connectors, and the wiring could easily be done by amateurs rather than professional electricians.

It’s an interesting and exciting idea. As The Economist points out, the voltages required for USB are easily compatible with solar power. Because USB cables also carry data, power consumption can become more intelligent.

But I have one concern that I haven’t seen addressed in the press. Of course USB cables carry both data and power. So, when you plug your device into a USB distribution system, whether it’s a laptop or phone, you’re plugging it into a network. And there are many cases, most notoriously Stuxnet, of computers being infected with malware through their USB ports. Read more…

Four short links: 9 October 2013

Four short links: 9 October 2013

Android Malware Numbers, Open Networking Hardware, Winning with Data, and DIY Pollution Sensor

  1. Android Malware Numbers — (Quartz) less than an estimated 0.001% of app installations on Android are able to evade the system’s multi-layered defenses and cause harm to users, based on Google’s analysis of 1.5B downloads and installs.
  2. Facebook Operations Chief Reveals Open Networking Plan — long interview about OCP’s network project. The specification that we are working on is essentially a switch that behaves like compute. It starts up, it has a BIOS environment to do its diagnostics and testing, and then it will look for an executable and go find an operating system. You point it to an operating system and that tells it how it will behave and what it is going to run. In that model, you can run traditional network operating systems, or you can run Linux-style implementations, you can run OpenFlow if you want. And on top of that, you can build your protocol sets and applications.
  3. How Red Bull Dominates F1 (Quartz) — answer: data, and lots of it.
  4. Ground-Level Air Pollution Sensor (Make) — neat sensor project from Make.
Four short links: 28 March 2013

Four short links: 28 March 2013

Chinese Lessons, White House Embraces Makers, DC Codes Freed, and Malware Numbers

  1. What American Startups Can Learn From the Cutthroat Chinese Software IndustryIt follows that the idea of “viral” or “organic” growth doesn’t exist in China. “User acquisition is all about media buys. Platform-to-platform in China is war, and it is fought viciously and bitterly. If you have a Gmail account and send an email to, for example, NetEase163.com, which is the local web dominant player, it will most likely go to spam or junk folders regardless of your settings. Just to get an email to go through to your inbox, the company sending the email needs to have a special partnership.” This entire article is a horror show.
  2. White House Hangout Maker Movement (Whitehouse) — During the Hangout, Tom Kalil will discuss the elements of an “all hands on deck” effort to promote Making, with participants including: Dale Dougherty, Founder and Publisher of MAKE; Tara Tiger Brown, Los Angeles Makerspace; Super Awesome Sylvia, Super Awesome Maker Show; Saul Griffith, Co-Founder, Otherlab; Venkatesh Prasad, Ford.
  3. Municipal Codes of DC Freed (BoingBoing) — more good work by Carl Malamud. He’s specifically providing data for apps.
  4. The Modern Malware Review (PDF) — 90% of fully undetected malware was delivered via web-browsing; It took antivirus vendors 4 times as long to detect malware from web-based applications as opposed to email (20 days for web, 5 days for email); FTP was observed to be exceptionally high-risk.

Seeing peril — and safety — in a world of connected machines

Industrial malware has captured the imagination of the tech industry, but efforts by security researchers are promising.

I’ve spent the last two days at Digital Bond’s excellent S4 conference, listening to descriptions of dramatic industrial exploits and proposals for stopping them. A couple of years ago Stuxnet captured the imagination of people who foresee a world of interconnected infrastructure brought down by cybercriminals and hostile governments. S4 — which stands for SCADA Security Scientific Symposium — is where researchers convene to talk about exactly that sort of threat, in which malicious code makes its way into low-level industrial controls.

It is modern industry’s connectedness that presents the challenge: not only are industrial firms highly interconnected — allowing a worm to enter an engineer’s personal computer as an e-mail attachment and eventually find its way into a factory’s analytical layer, then into its industrial controls, bouncing around through print servers and USB drives — but they’re increasingly connected to the Internet as well.

Read more…

Four short links: 26 June 2012

Four short links: 26 June 2012

Post-Capture Zoom, Load Gen, Inventive Malware, and Manufactured Normalcy

  1. SnapItHD — camera captures full 360-degree panorama and users select and zoom regions afterward. (via Idealog)
  2. Iago (GitHub) — Twitter’s load-generation tool.
  3. AutoCAD Worm Stealing Blueprints — lovely, malware that targets inventions. The worm, known as ACAD/Medre.A, is spreading through infected AutoCAD templates and is sending tens of thousands of stolen documents to email addresses in China. This one has soured, but give the field time … anything that can be stolen digitally, will be. (via Slashdot)
  4. Designing For and Against the Manufactured Normalcy Field (Greg Borenstein) — Tim said this was one of his favourite sessions at this year’s Foo Camp: breaking the artificial normality than we try to cast over new experiences so as to make them safe and comfortable.
Four short links: 28 March 2012

Four short links: 28 March 2012

Mac OS X Malware In the Wild, AntiBotnettery, Fabbing And Designers, Networked Products

  1. MS Office Exploit In The Wild, Targeting Mac OS XThis is one of the few times that we have seen a malicious Office file used to deliver Malware on Mac OS X. (via Hacker News)
  2. Please Do Not Take Down The Sality BotNet — best responsible disclosure ever.
  3. 3DifficultI’m an industrial designer at heart, and I’m saddened by what’s happened to my craft. We were once the kings of things, but for a variety of reasons I think we’re in danger of being left behind. […] Making became the talk of the town, and to some extent it still is. We’re in the first stumbling days of the Internet of Things, and are increasingly seeing the paper thin definition between digital and tangible falling away.
  4. Air Quotes Product (Matt Webb) — Recently I noted down some places in which traditional products have changed and he goes on to list some critical ways in which networked objects challenge our thinking. I love the little brain/big brain distinction–great to have words for these things at last!