Don't Talk to the Police

In case you've never seen the most excellent lecture from Regent Law School professor, James Duane, or if you just haven't watched it recently.

Take a look.

Protecting Cars from Viruses

Reuters is running a story that should amuse any computer security professional: Experts hope to shield cars from computer viruses.

An excerpt:

Intel's McAfee unit, which is best known for software that fights PC viruses, is one of a handful of firms that are looking to protect the dozens of tiny computers and electronic communications systems that are built into every modern car.

It's scary business. Security experts say that automakers have so far failed to adequately protect these systems, leaving them vulnerable to hacks by attackers looking to steal cars, eavesdrop on conversations, or even harm passengers by causing vehicles to crash.

Our guess is that when cars get to the point that they drive themselves, those who understand how malware works-- and more important: how undeniably complicated modern software and its hardware architecture can be-- will start donning a pair of Converse Chuck Taylors and resemble a modern Luddite by driving themselves, a la Will Smith in I, Robot.

When you look at the statistics, you are far more likely to get injured or die in a car accident than you are in nearly any other security risk you face in your daily life.  Even with the vast skies being what they are, and the regulations on the airlines industry and their pilots, it's not possible to keep air travel 100% safe, though it's safer than driving (once you get past the TSA checkpoint).

Computerized, self-driving cars may improve (emphasis on "may") safety stats; however, not if their software landscape looks like anything else we operate with a CPU in it these days.  There are agencies with an operating budget larger than the GDP of several nations that are terrified about the possibility of malware injected into things like military aircraft or missile guidance systems.  Given that, how in the world is an automobile for ~$20K (which is at most 1% of the price tag of the military's concerns) ever going to be 100% free of malware?  Simple: it won't be.

Toyota Motor Corp, the world's biggest automaker, said it was not aware of any hacking incidents on its cars.

"They're basically designed to change coding constantly. I won't say it's impossible to hack, but it's pretty close," said Toyota spokesman John Hanson. [emphasis ours]

Oh, we've never heard that before...

Officials with Hyundai Motor Co, Nissan Motor Co and Volkswagen AG said they could not immediately comment on the issue.

A spokesman for Honda Motor Co said that the Japanese automaker was studying the security of on-vehicle computer systems, but declined to discuss those efforts.

Mums the word is a much smarter response to the press.

A spokesman for the U.S. Department of Homeland Security declined to comment when asked how seriously the agency considers the risk that hackers could launch attacks on vehicles or say whether DHS had learned of any such incidents.

They probably declined to comment because they are working on exploits for these as well.  Say it ain't so?  Look no further than Stuxnet and Flame, of which the US Gov takes full authorship credits.  It's the future of the "cyberwarfarestate".

We can't keep malware out of critical infrastructure SCADA systems.  There's no way we can keep it out of your mom's minivan.

Is Your License Plate Tracked?

Time Magazine is running an interesting article about automated license plate tracking systems and privacy ramifications.

A snippet:

If you drive through Maryland, the state may be using an automated reader to photograph your license plate — and storing your movements away for future use. Maryland is not alone. ACLU offices in 38 states are looking into how the government is using license-plate readers across the country — and what it is doing with the data. The ACLU is already calling the license-plate readers “the next big thing in government tracking.”

Read the rest.

More on Surviving the Aurora Massacre

Another interesting perspective.  The diagram below is one of the best visuals of the theater layout we have seen yet.

Cell Phone Survival

Broken cell phone parts

This is a great list of uses for a broken cell phone in a wilderness survival situation: as a signal mirror, spear/arrow head, using the speaker magnet to magnetize a needle for an improvised compass, or using steel wool to short the battery and start a fire.

The list goes on and on at the original article.

Using your fingers to aim a mirror at air search and rescue

Creating a sharp Spear Tip

Improvised Compass Making

Starting a fire with the cell phone battery

Classic Trust

Ken Thompson is on the left. That's not Adam Savage on the right.

If you work in computer security or software development, and you have never read Unix co-creator Ken Thompson's original 1984 speech "Reflections on Trusting Trust" then you are hereby obliged to at least read the following snippet for today's history lesson, which is just as relevant-- actually more so-- today:

The moral is obvious. You can't trust code that you did not totally create yourself. (Especially code from companies that employ people like me.) No amount of source-level verification or scrutiny will protect you from using untrusted code. In demonstrating the possibility of this kind of attack, I picked on the C compiler. I could have picked on any program-handling program such as an assembler, a loader, or even hardware microcode. As the level of program gets lower, these bugs will be harder and harder to detect. A well installed microcode bug will be almost impossible to detect.

Ken was referring to the trojan modifications he embedded into the C compiler, illustrating that you need to rely on more that source code, but the compiler, the assember, the loader, all the way down to the instruction sets of the CPUs.  Or as Schneier famously pitched: "security is a chain; only as strong as its weakest link".

Who operates on a completely self-built system from software to hardware?  We would venture to say: nary a soul.

Just a good reminder for a random Thursday, in case you forgot.

Downrange.TV High Speed Video of the AK47

Downrange.TV has produced a show on the AK-47, a.k.a. the Avtomat Kalashnikova.  What's novel about the show is the high speed footage of the Kalashnikov being fired.  Anyone with any background in engineering or mechanics will be amazed at how much the metal in the rifle's receiver, barrel, and even the magazine are shaking like wet spaghetti as the sine wave of recoil pulses through the materials.

Video:

Facedeals

Facedeals is a spooky facial recognition application that ties physical cameras at retailers to your facebook pictures of yourself.  Literally a "something you are" authentication mechanism to offer you various deals tailored to you and the retail store you just entered.

Watch the promotional video:

Hacking Hotels

Breaking into a hotel room with less than $50 in hardware

The technical security media has been all abuzz about a recent Black Hat presentation by Cody Brocious on hacking electronic hotel door locks.

The original author's documentation including the paper and slides are here.

Here's the simplified version:

• The vendor of the locks has an overwhelming majority of the market in the U.S. (chances are you stayed in a room that had this exact lock on it)
• The key cards use crypto for implementing the access control
• The mathematical aspect of the crypto is more or less fine (as is usually the case)
• The problem comes in managing keys (which is pretty much always the problem!)
• An administrative feature is easily exploited-- which is only slightly better than vendors shipping products with widely-known default passwords.
• An administrative maintenance device, when connected, can extract the crypto key and break the access control
• You can roll-you-own maintenance device on the very, very cheap
• Yes, this probably looks like a scene in any random Hollywood movie
• This will likely be a majorly expensive pain to fix for the vendor and hotels
• "Compensating controls" in this case include surveillance cameras, internal dead bolt manual locks, et al
• Author Cody Brocious needs to lay off the processed foods!  (couldn't resist that one)

DIY Pepper Spray

Chili Peppers

At Securology, we are fans of the Do-It-Yourself (DIY) category.  We recently came across this DIY Pepper Spray.  Here's an excerpt below.  Oh, and do yourself a favor and read the original source's legal disclaimer.  And if you're not familiar with the Scoville unit of measuring spicy hotness, you may wish to brush up on this Wikipedia article as well.

Step 1. Delivery System

Delivery systems are as simple as a one to three ounce spray canister you get in the travel section for toiletries and up to 32 ounce spray bottles reminiscent of the glass cleaner bottles where you squeeze the trigger in a spray mist or stream. You can also make a delivery system with Garden hand pump pressure sprayers as well as the one to four gallon hand pump pressure sprayers used for gardening, pest control and weed control. Of course the larger the container the more pepper/chili you will need.

...

Step 2. What you need.

• Six peppers or chili’s, the hotter the chili or pepper the better. You can use more pepper/chili if you like to get it as potent as possible.
• Garlic, two medium or one large-sized bulb or two table spoons of minced in a jar or powdered if you don’t have it (the odor repels some bugs and people)
• A method of drying the pepper/chili (dehydrator, stove, solar oven or sun dried)
• Rubber gloves (to handle the pepper and oils)
• Safety glasses (to keep it out of your eyes)
• N95 mask or other respirator (prevent inhalation especially if you are sensitive)
• ...

Step 3. Preparing the pepper/chili.

I am giving instructions for those with and without a blender or grinder.

1. Dry the peppers/chili by means of a dehydrator, sun-dried, solar oven or set in the oven at a low temp.
2. Cut, chop or grind the peppers/chili as fine as possible then place in a bowl.
3. Mince, chop or grind the garlic and place in the bowl.
4. Two table spoons of baby or mineral oil into the bowl.
5. Add twelve ounces of vinegar or alcohol and mash and grind until it’s as close to being smooth as possible. You can slowly add the alcohol or white vinegar as you blend it to avoid splashing.
6. Pour it into the larger bottle with a funnel to let it sit overnight in a cool place to react and increase the effectiveness of the solution.
7. When ready get your funnel, strainer or cheese cloth and water bottle. Place the funnel in the smaller16.9 oz. to 20 oz. water bottle then place the strainer or cheese cloth over the funnel.
8. Pour the pepper/chili mixture into the water bottle using a funnel and strainer. Any left over remnants from the strainer can be used in the garden or trash area to keep pests and animals away.
9. You now have pepper spray and can store it in the refrigerator or a cool place and it’s readyto pour in your sprayers at any time. Since it is sitting in vinegar or alcohol it should last anywhere from a month to three months.

Don't forget to clean up your mess and be careful.

Order a TV, Receive a Sig Rifle Instead

"This is not the TV I ordered."

So one guy orders a TV from Amazon.  UPS ships it.

Then another guy orders a Sig Sauer 716 large bore semi-automatic rifle.  UPS ships it to his FFL (which is perfectly legal and happens millions of times per year in the U.S.).

Somewhere along the lines, the parcels swapped destinations and the TV guy gets the Sig 716.

UPS ships millions upon millions of parcels every year, with an exceptionally good track record.  If their track record wasn't good, people would choose other shipping providers.  UPS's business suggests they do pretty well.

But no shipping provider is perfect.  So it should be no surprise that packages get mixed up from time to time.  This wasn't the first time UPS accidentally shipped items to the wrong address.  This won't be the last time, either. 

Firearms are one of several categories of highly regulated items that are shipped.  Likewise are hazardous or dangerous chemicals, such as for a laboratory, and even medicines for a hospital or doctor's office.  A knee-jerk response of "well, UPS should not ship items like that anymore" would cripple the economy and keep vital items from making their way to important people.  Even if fall into the "firearms only belong to military and police" crowd, you should take note that the milipolice receive UPS shipments, too.

"Huh? Is this the TV's remote control?"

This recipient, Seth Horvitz, is a resident of Washington DC, a city with the mantra: "we have more gun violence here than most U.S. places because it's nearly impossible for the citizen sheep to own a firearm".  Some in the pro-gun community has pointed out how this "hipster", "urbanite" man who lives in a disarmed zone and admittedly doesn't own a firearm probably was all too happy to rid himself of the "evil" item, instead of just "keeping his mouth shut" about it, or selling it across state lines where it is legal to own that particular rifle.  And they are probably right about their estimation of him.

However, if yours truly received a Sig 716 in the mail unexpectedly, my response would probably be the same.  Sure, I like free stuff, and certainly appreciate firearms-- especially free ones.  But if somebody else received my boring $320 Westinghouse TV instead of their $2200 rifle, it's only common sense that they are going to go looking for it.  Add in the fact that there is a required paper trail for the firearm to transfer through an FFL dealer, and that means the US DoJ will be involved.  UPS will get involved with its tracking system, and they'll figure it out.  It's certainly not "free" if it involves search warrants, interrogations, and lawyers, is it?

Not to mention the moral issue: if somebody receives something for which they did not pay, then that means somebody paid for something that they did not receive.

MS-CHAPv2 Crack

It should come as no real surprise: MS-CHAPv2 is broken.  It's an ancient scheme.  If you were paying attention, you would have migrated your VPNs and Wireless networks away from it years ago anyway.

Here's a great break down of what this means to your wireless networks.

An even simpler one is to just note that these combinations are still fine:

• IPSEC and OpenVPNs are fine.
• WPA2 Enterprise wireless with PEAP is fine.
• WPA2 Non-Enterprise (i.e. home) wireless is fine (from this).

And, of course, keep in mind it still takes 24 hours (right now, but that's sure to be sped up) to actually crack the DES encryption key with this exploit.  Since it's 24 hours and not 24 ms, that means an attacker will more than just casually find you and exploit you.  Your network will have to be a target first, at least to some degree.

Los Alamos Hermit

Los Alamos Nuclear Research Facility

Awhile back, we came across a handful of older stories about hermits who squatted in various interesting locations.  Some of the locations are considered fairly high security areas, yet there they lived undetected for long periods of time.

One hermit lived on the 40 square mile Los Alamos property-- a top secret nuclear research facility-- "for years":

That's where Roy Michael Moore, 56, was recently discovered living in a cave equipped with a glass front door, a wood stove, a bed, electricity-generating solar panels with batteries to store the power, and lights.

"From the campsite that I saw, he had been there quite a long time," said Los Alamos deputy fire chief Doug Tucker. "He had all the comforts of home... I was really impressed with his ability to set up a camp."

Tucker said he had heard Moore might have been living undetected in the cave in Los Alamos Canyon for as long as four years but couldn't confirm that.

 How was he detected?

It was the stove—re-lit for the first time this autumn—which alerted someone at the lab to his presence, as the soot-filled stove kicked up an abnormally large plume of smoke.

Was he living near a high security area on the property?

The lab had not used the restricted area where the cave was located for years, said Bernie Pleau, a spokesman for the department and the National Nuclear Security Administration in Los Alamos. 

But it may have still been fairly close by:

The lab has not used the restricted area where the cave is located for years, said Bernie Pleau, a spokesman for the department and the National Nuclear Security Administration in Los Alamos. It is about 50 yards out his office door and down the cliff, he said. 

It's a bizarre story that does not happen often, but there is a lesson in here for anyone interested in securing a large physical plot of land: even for those with significant funding to do so, it may be a daunting task to keep unwanted others out.

65 Year Old Woman Stops Armed Robbers

This is similar to the 71 year old man defending himself in an internet cafe.

A 65 year old woman who owns a jewelry store, used her own handgun in self defense against 5-- yes 5-- armed robbers!  Watch the footage for yourself as they tuck tail and run, colliding into each other at the door on their way out, and leaving a couple of their gang behind as the getaway vehicle takes off quickly.

Ban Knives

A Chinese teenager's homocidal rage with a knife was 2/3 as deadly as the recent Aurora, Colorado shooting:

BEIJING (AP) -- A teenager killed eight people with a knife and wounded five more in northeast China after falling out with his girlfriend, state media said Thursday.

The teen killed two of her family members and six more people before fleeing, the state-run Legal Daily newspaper said. It reported he was caught but did not describe the circumstances.

Pay particular attention to this last part and recall how China is a "gun free zone":

Violent crimes are growing more common in China. There was a string of knife attacks against schoolchildren across the country in early 2010 that killed nearly 20 and wounded more than 50. [Emphasis ours]

 Killed 20?  That's nearly double the casualties of Aurora.

Ban Knives