- Hackers Gain ‘Full Control’ of Critical SCADA Systems (IT News) — The vulnerabilities were discovered by Russian researchers who over the last year probed popular and high-end ICS and supervisory control and data acquisition (SCADA) systems used to control everything from home solar panel installations to critical national infrastructure. More on the Botnet of Things.
- mcl — Markov Cluster Algorithm, a fast and scalable unsupervised cluster algorithm for graphs (also known as networks) based on simulation of (stochastic) flow in graphs.
- Facebook to Launch Flipboard-like Reader (Recode) — what I’d actually like to see is Facebook join the open web by producing and consuming RSS/Atom/anything feeds, but that’s a long shot. I fear it’ll either limit you to whatever circle-jerk-of-prosperity paywall-penetrating content-for-advertising-eyeballs trades the Facebook execs have made, or else it’ll be a leech on the scrotum of the open web by consuming RSS without producing it. I’m all out of respect for empire-builders who think you’re a fool if you value the open web. AOL might have died, but its vision of content kings running the network is alive and well in the hands of Facebook and Google. I’ll gladly post about the actual product launch if it is neither partnership eyeball-abuse nor parasitism.
- Map Projections Illustrated with a Face (Flowing Data) — really neat, wish I’d had these when I was getting my head around map projections.
"SCADA" entries
Four short links: 15 January 2014
SCADA Security, Graph Clustering, Facebook Flipbook, and Projections Illustrated
Four short links: 5 March 2013
Video Magnification Code, Copyright MOOC, Open Access Cost-Effectiveness, and SCADA Security (Sucks)
- Eulerian Video Magnification — papers and the MatLab source code for that amazing effect of exaggerating small changes in file. (*This work is patent pending)
- CopyrightX — MOOC on current law of copyright and the ongoing debates concerning how that law should be reformed. Through a combination of pre-recorded lectures, live webcasts, and weekly online seminars, participants in the course will examine and assess the ways in which law seeks to stimulate and regulate creative expression. (via BoingBoing)
- Cost Effectiveness for Open Access Journals — This plot reveals the prestige (Article Influence score) and publication charges for open access journals.
- Results of SANS SCADA Survey 2013 (PDF) — Unfortunately, at this time they seem unable to monitor the PLCs, terminal units and connections to field equipment due to lack of native security in the control systems themselves. (via InfoSecIsland)
New vision in old industry
A software startup builds itself to work with Michigan's manufacturers.
Nathan Oostendorp thought he’d chosen a good name for his new startup: “Ingenuitas,” derived from Latin meaning “freely born” — appropriate, he thought, for a company that would be built on his own commitment to open-source software.
But Oostendorp, earlier a co-founder of Slashdot, was aiming to bring modern computer vision systems to heavy industry, where the Latinate name didn’t resonate. At his second meeting with a salty former auto executive who would become an advisor, Oostendorp says, “I told him we were going to call the company Ingenuitas, and he immediately said, ‘bronchitis, gingivitis, inginitis. Your company is a disease.'”
And so Sight Machine got its name — one so natural to Michigan’s manufacturers that, says CEO and co-founder Jon Sobel, visitors often say “I spent the afternoon down at Sight” in the same way they might say “down at Anderson” to refer to a tool-and-die shop called Anderson Machine.
Sight Machine is adapting the tools and formulations of the software industry to the much more conservative manufacturing sector. Changing its name was the first of several steps the company took to find cultural alignment with its clients — the demanding engineers who run giant factories that produce things like automotive bolts. Read more…
Four short links: 7 February 2013
SCADA 0-Day, Complexity Course, ToS Tracking, and Custom Manufacturing Prostheses
- Tridium Niagara (Wired) — A critical vulnerability discovered in an industrial control system used widely by the military, hospitals and others would allow attackers to remotely control electronic door locks, lighting systems, elevators, electricity and boiler systems, video surveillance cameras, alarms and other critical building facilities, say two security researchers. cf the SANS SCADA conference.
- Santa Fe Institute Course: Introduction to Complexity — 11 week course on understanding complex systems: dynamics, chaos, fractals, information theory, self-organization, agent-based modeling, and networks. (via BoingBoing)
- Terms of Service Changes — a site that tracks changes to terms of service. (via Andy Baio)
- 3D Printing a Replacement Hand for a 5 Year Old Boy (Ars Technica) — the designs are on Thingiverse. For more, see their blog.
Hacking robotic arms, predicting flight arrival times, manufacturing in America, tracking Disney customers (industrial Internet links)
The next wave of manufacturing will be highly automated--and American. Also, a hardware hacking collective rehabilitated a pair of cast-off industrial robots.
Flight Quest (GE, powered by Kaggle) — Last November GE, Alaska Airlines, and Kaggle announced the Flight Quest competition, which invites data scientists to build models that can accurately predict when a commercial airline flight touches down and reaches its gate. Since the leaderboard for the competition was activated on December 18, 2012, entrants have already beaten the benchmark prediction accuracy by more than 40%, and there are still two weeks before final submissions are due.
Robot Army (NYC Resistor) — A pair of robotic arms, stripped from their previous application with wire cutters, makes its way across the Manhattan Bridge on a bicycle and into the capable hands of NYC Resistor, a hardware-hacker collective in Brooklyn. There, Trammell Hudson installed new microcontrollers and brought them back into working condition.
The Next Wave of Manufacturing (MIT Technology Review) — This month’s TR special feature is on manufacturing, with special mention of the industrial Internet and its application in factories, as well as a worthwhile interview with the head of the Reshoring Initiative.
At Disney Parks, a Bracelet Meant to Build Loyalty (and Sales) (The New York Times) — A little outside the immediate industrial Internet area, but relevant nevertheless to the practice of measuring every component of an enormous system to look for things that can be improved. In this case, those components are Disney theme park visitors, who will soon use RFID wristbands to pay for concessions, open hotel doors, and get into short lines for amusement rides. Disney will use the resulting data to model consumer behavior in its parks. Read more…
Four short links: 23 January 2013
Thwarting Facial Recognition Software, Operations Security, Password Cracking SCADA Systems, and Wearables Evolved
- These Glasses Thwart Facial Recognition Software (Slate) — good idea, but don’t forget to put a stone in your shoe to thwart gait recognition too.
- opsec for Hackers (Slideshare) — how boring and unexciting most of not getting caught is.
- DHS Warns Password Cracker Targeting Industrial Networks (Nextgov) — Security consultants recently concluded that there are about 7,200 Internet-facing critical infrastructure devices, many of which use default passwords. Wake me when you stop boggling. Welcome to the Internet of Insecure Things (it’s basically the Internet we already have, but Borat can pwn your hydro dam and your fridge is telling Chinese milspec hackers when you midnight snack).
- The Evolution of Steve Mann’s Apparatus (Beta Knowledge) — wearable computing went from “makes you look like a robot who will never get laid” to “looks like sunglasses and promiscuity is an option”.
Seeing peril — and safety — in a world of connected machines
Industrial malware has captured the imagination of the tech industry, but efforts by security researchers are promising.
I’ve spent the last two days at Digital Bond’s excellent S4 conference, listening to descriptions of dramatic industrial exploits and proposals for stopping them. A couple of years ago Stuxnet captured the imagination of people who foresee a world of interconnected infrastructure brought down by cybercriminals and hostile governments. S4 — which stands for SCADA Security Scientific Symposium — is where researchers convene to talk about exactly that sort of threat, in which malicious code makes its way into low-level industrial controls.
It is modern industry’s connectedness that presents the challenge: not only are industrial firms highly interconnected — allowing a worm to enter an engineer’s personal computer as an e-mail attachment and eventually find its way into a factory’s analytical layer, then into its industrial controls, bouncing around through print servers and USB drives — but they’re increasingly connected to the Internet as well.
Four short links: 27 December 2012
Industrial Control System Security, Geographic Pricing, Hacker Scouting, pressureNET Visualization
- Improving the Security Posture of Industrial Control Systems (NSA) — common-sense that owners of ICS should already be doing, but which (because it comes from the NSA) hopefully they’ll listen to. See also Wired article on NSA targeting domestic SCADA systems.
- Geographic Pricing Online (Wall Street) — Staples, Discover Financial Services, Rosetta Stone, and Home Depot offer discounts if you’re close to a competitor, higher prices otherwise. [U]sing geography as a pricing tool can also reinforce patterns that e-commerce had promised to erase: prices that are higher in areas with less competition, including rural or poor areas. It diminishes the Internet’s role as an equalizer.
- Hacker Scouting (NPR) — teaching kids to be safe and competent in the world of technology, just as traditional scouting teaches them to be safe and competent in the world of nature.
- pressureNET Data Visualization — open source barometric data-gathering software which runs on Android devices. Source is on GitHub.
Four short links: 17 December 2012
Javascript Traces, SCADA Security, Platform Economics, and Sport Tech
- TraceKit (GitHub) — stack traces for Javascript exceptions, in all major browsers.
- SCADA Manufacturer Starts Own Anti-Malware Project — perimeter protection only, so it doesn’t sound to my inexpert ears like the whole solution to SCADA vulnerability, but it at least shows that one SCADA manufacturer cares.
- Platform Competition in Two-Sided Markets (PDF) — The economic effects of multihoming are fascinating. (via Tim O’Reilly)
- Silicon Valley Straps on Pads (WSJ) — SF 49ers hiring tech people to do what Harper Reed did for Obama. Interestingly, the tech people are the ones who must see what can be done, though they’re slowly working on the rest of the org: [W]ith scouts “what we found is we have to push them to dream even more, because usually it’s like, ‘OK, we can do that for you,’ and it’s done overnight.” Now, he says, scouts are far less shy about seemingly impossible technological requests.