Monday, August 30, 2010

Obama is Gargamel and he's killing all the Smurfs!!!

...and... "The planned "ultra-mosque" will be a staggering 5,600ft tall – more than five times higher than the tallest building on Earth – and will be capped with an immense dome of highly-polished solid gold, carefully positioned to bounce sunlight directly toward the pavement, where it will blind pedestrians and fry small dogs."

-Charlie Booker - The Guardian UK. 

Just go read the Op-Ed. Too good not to share...

Monday, August 23, 2010

Patriot Hackers

Editor's note:  I began writing this the last week of July.  Today I decided it was as good as it's going to get - added a little, edited a bit and pulled the trigger.  I hope it gets the point across. 

I haven't posted in a while - a week or more.  I know, bad blog etiquette.  I apologize.

Quite literally I've been rattling around my own head reeling from the experience of Def Con.  DC is like a drug to someone like me. The pure outlet of creativity and just being among others (about 10,000 by best estimates) afflicted with the same kind of analytic thinking I have.   Non-hackers don't see the world the same way.  When I go to the grocery store I choose my parking space according to it's closeness to a shopping cart corral.  When I see a nifty mechanism - like a bus door - I take it apart in my head and try to discover it's weaknesses.  When I get a new tool or gadget I take it apart, improve it where possible, exploit weaknesses where I can.  Everything is like that in my mind.  Nothing escapes hacking.  I even hack food.  It's crazy.  It tends to drive the normal people around me crazy too.

Anyway - back to Def Con.  It was beyond cathartic to know that I'm not alone.  Not by a long shot.  I now understand why hackers make the pilgrimage every year and why the con grows every year as more of us discover it.

One of the overriding things that I came away with was the concept of the patriot hacker.  I attended a couple of sessions of "meet the fed".  This has traditionally been an interesting meetup of hackers and their supposed nemesis in law enforcement.  The truth - It becomes really obvious that for the most part the hackers and the feds are on the same side.  Sure the hackers complain and make jibes and directly inflammatory comments about the feds methods.  But the overriding theme is how do we do this better?  Protect our country that is.

I'd say that 90% of the questions had to do with what can we do to help? or How do I come work for you? or Will you stop doing this the dumb way and listen to us?

The feds I have to say were great.  The tops of most of our organizations get it.  They are frustrated by government regulations in areas like hiring.  All but one agency (the Navy) lamented that it takes at least a year to become an employee and that there was almost no leeway for those that have a "colorful" past.

I've seen this first hand as a good friend of mine went to work for the federal government a few years ago.  It took him about a year - traveling to DC on his own dime for multiple interviews and testing. Then the FBI background checks and more interviews.  Then months of training on how the government does things. 

With recent developments of the Chinese, Russian and middle eastern countries taking advantage of their own patriot hacker ranks the US is like a third world country hoping to someday become a nuclear power.

Anyway enough rambling.  The point - if there is one to this post - is that it's time to take advantage of the patriot hacker in the US.  In order to do that we need to change business as usual in DC.  Get these agencies the talent that they desperately need.  Where do we start?

Geeks v Normals

Monday, August 02, 2010

Even "tech" media gets it wrong.

Everyone - most especially late night hosts and comedians are always down on "the media" for reporting on fluff stories. Justin Beiber or Lindsey Lohan anyone?  But they aren't the only ones.  The so called tech media is equally full of crap.

Case in point.  I just spent the weekend at Def Con.  You know the hacker conference that happens in Vegas every year.  Def Con is aptly named.  In a word it's Awesome, Awesome, Awesome.  Several times sitting in presentations I took a bite out of my chair due to the magnitude of the exploit being shown. 

Scary stuff - like a new exploit of WPA2.  This is the gold standard of wireless network security.  It's now useless.  Done. Over.  The industry will have to go back to the drawing board and try again.  Every wireless network out there is vulnerable.  WPA2 is totally broken.

What gets reported in the "news":  Well everyone from my local paper to CNet reported on the talk where a guy (with amazing skills and knowledge) built a device that can intercept GSM phone calls in the immediate area.  Yawn.  It's an amazingly cool hack and will be really useful for exactly NO ONE.  Think about this.  Anyone that's anyone will be using secondary encryption. i.e. government.  Anyone doing something nefarious will be subject to legal wiretaps that are a whole lot simpler to implement and everyone else is talking about picking up milk on the way home or Jaquita's new doo and how her booty looked in that purple and gold skirt.  Couple this with the fact YOU HAVE TO BE IN THE IMMEDIATE AREA.   Like I said,  YAWN. 

The other "big story" was a guy that hacked ATM machines.  The vulnerability is bad and the companies need to fix it,  but the access to the ATM that is required will make any actual exploitation of this bug very rare.  Much rarer than card skimmers - and this can be fixed by the vendors with a software patch.

Meanwhile the new vulnerability in the LAMP platform (i.e. the platform that runs 80% of the internet) goes completely un-reported.

These omissions are just as grave as choosing to publish photos of Ms Lohan's cleavage over reports from Iraq (remember that little war anyone).  Sure, boobies and ATMs make for great headlines and attract the drooling masses to your rag in line at the supermarket but these are hardly the important stories.

Then again if all the outlets reported on this stuff and everyone understood them - the world wouldn't need guys like me and I'd be out of a job.  Way to go Cnet!  Keep reporting fluff!