Serious Security Threat or Marketing Ploy? – WSJ “Night Dragon” February 10, 2011
Posted by wastedspacer in 1, Global Industry, IT Security, Notable Incidents, Political Issues, Rants, Spam, SPIM and other annoyances, Technologies.1 comment so far
According to a report from the Wall Street Journal – on “Night Dragon” attacks:
Oil Firms Hit by Hackers From China, Report Says
How convenient for something like this to turn up the week before RSA! Seemed like an important headline and I suspect some additional news coverage could have been imminent given there was even a scrolling ticker about this on a couple of the local TV News channels this morning. Unfortunately for whoever thought this was a perfect time to disclose they got usurped by the Egypt breaking news alerts!
The McAfee PDF report is an interesting enough study however, there appears to be a number of shortcomings in the analysis, far too much circumstantial intelligence and many disclaimers of actual allegations. Furthermore “Night Dragon” is merely McAfee’s selected report moniker for their particular identification of a threat-bundle. Symantec, Microsoft, Trend, Sophos may select the same individual threats but call them different names and may not pull them together into a creative study such as McAfee sponsored. A couple of virus definitions are highlighted identifying known threats several months ago from May and August 2010.
I’m always skeptical when a security products company does a periodic security driven “the sky is falling” in-depth analysis. There may indeed be some bread crumbs of significance, my main concern is that it could just be another thinly disguised “wag the dog” company visibility increase exercise.
My more cynical side suggests that perhaps this is an effective security company marketing strategy that undertakes a “scientific” study around high-visibility targets, periodically wave a headline comprised of: (insert enemy state here) hackers attack (insert newsworthy Western iconic industry here) Gigabytes of data and trade secrets stolen. Then add some vague traffic analysis to show the volume, where it’s going and who’s allegedly controlling it, who knows, maybe some US bank or oil company outpost had been leveraged and was being unwittingly used as a Chinese/Ukrainian managed BitTorrent host for illegal videos? Or is it really corporate sensitive bidding information and active well log data? Without concrete proof in-stream or at the endpoint, any possible botnet C&C and network findings results would show pretty much the same data stream which could allow any security company to allege such a finding without actual proof.
We (or at least corporate executives as the target of this info when escalated to the lofty heights of a WSJ article) certainly appear to fall for it every time and then demand answers around what their internal security experts intend to do about it? Of course in the shadow of “cry wolf” warnings , once in a while there really are dire and present issues that require immediate remedial action so those security experts always have to remain vigilant but circumspect.
Perhaps if we (and apparently the WSJ) are really concerned about threats from “Chinese Hackers”, we should also address the oil industry “best-practice” of off-shoring to low-cost-geographies and perhaps consider that hiring an increasing number of our Western petroleum engineers and geologists from Chinese universities may pose a more insidious threat in the potential espionage space over the long term? We certainly should take security integrity and sustainability in mind when chasing the almighty short-term efficiency and cost savings fuelled drive to top ratings supporting the investors on Wall Street itself.
On a positive side, the WSJ article cited the attack vectors were typically via Microsoft vulnerabilities so companies that take an aggressive stance towards rapidly applying patches to help obviate threats. McAfee and Sophos share threat signatures so in this particular case where the detection was spearheaded by McAfee, at least, customers of these companies may enjoy a slightly better level of immediate protection and thus should benefit from any behind-the-scenes patching that McAfee had put in place to mitigate these threats. I just cant help wonder when Symantec, then Trend, then Kaspersky will see this approach as a “winning” strategy and start spinning their own versions perhaps “Soup Dragon” or “Nuts Dragon” analysis variations?
This seems like an ideal opportunity for security personnel to put in place better detection systems beyond IDS/IPS. Perhaps including honey-pots to at least be in a position to identify the liklihood of actual inside-the-perimeter threat activity. Furthermore, they will be able to consistently state whether they are being actively targeted over time and how frequently. Those metrics could be easily accumulated and used to not only track down current threats but also provide a current state report to executives when these kinds of issues are raised by the media.
In the meantime it’s ok to cry “wolf” (or depending on your security company’s naming convention: “loup”, “mac tíre”, “भेड़िया”, “الذئب”, “lupo”, “úlfur”), CVE goes a little way towards individual definitions but would help if anti-malware security companies got together and agreed upon a common name or at least resolution for a collection of threats from a suspected single source.
Ecuador – Another Chevron Lawsuit proponent disqualified February 9, 2010
Posted by wastedspacer in Global Industry, Political Issues, Rants.add a comment
It seems there’s no end to the corruption elements involved in trying to pick the deep pockets of Chevron. Now we have one of the engineers supported by the Amazon Defence Coalition who despite previous denials has recently been found to be a significant owner of an eco-remediation company who would benefit significantly should the lawsuit succeed!
http://www.chevron.com/news/press/release/?id=2010-02-09
After a Judge is forced to recuse himelf and other prosecution supporting individuals are under clouds of suspicion – who will be next to get tossed off of the suit.
Ground Control to Major Tom – Eve Capsules January 29, 2010
Posted by wastedspacer in Games I'm Playing, The Fun Stuff.add a comment
If you want to move ships around in Eve and a shuttle won’t fit in the hold – try flying naked!
A fundamental element of Eve is that the players are referred to as “Capsuleers”. That means while operating a ship your player is not in a seat but instead in a capsule…. so when your ship gets blown up you fly and warp around in a little peapod thing called a capsule. You can also right click on your ship in the hangar and select “leave ship” your capsule will then pop up as the active ship and you can undock, fly to another station, dock up and make another ship docked there active then fly it away.
The only danger is from another player who could theoretically kill (aka pod) you possibly by even unintended proximity collateral damage. In higher security space, this is very unusual however some suicide pirates have been known to use area effect smartbombs at stargates against large targets such as the recent “Hulkageddon” competitions (they will pretty quickly get themselves killed by Concord and gate guns but their objective was achieved).
I believe the rapidity of response is based on the level above 0.5 security.
If you are in a ship or shuttle, a smartbomb blast could possibly destroy the ship but not the capsule, if you are only in a capsule then it is possible could get killed then your clone gets activated.
You can also choose to eject your capsule from the ship and use it to “board” an unoccupied ship in space. I have discovered an unoccupied ship once or twice and helped myself to it 
Happy capsuleering!
More Eve Mining Musings October 15, 2009
Posted by wastedspacer in Games I'm Playing, The Fun Stuff.2 comments
It seemed that Mining in Eve was a good (though somewhat boring) way to accumulate Eve ISK. On the plus side, I have found that I can read or even play a completely different game while my miner grinds at asteroids
Had I read the miners guide first (see below) – I might have taken a slightly different tack but this doesn’t seem to be too far off track:
I developed Mining V, Astrogeology 3 and Mining Barge 2 then trained specifically for all low-end ore specialties to 2 or 3 on my mining character. I bought a level one Mining Barge (Procurer) and unfortunately a rather excessive 10 year supply of Veldspar with a sprinkling of other ore-type mining crystals. I mined the high-sec belts using my alternate account’s Industrial Badger as ferry and crystal-store with the Procurer’s lone combat drone for defense.
After a few hours of mining I totaled up the haul and was rather disappointed to notice I had only gathered about the same as I had using 3 tech-1 mining lasers on the Osprey (which had 4 combat drones allowing me to mine in lower less-populated high-sec belts). I repeated the study with actual measurements and found this to indeed be the case *sigh*.
With careful power/cpu management I was able to fit 3 Tech-II mining lasers and found I could easily out-mine my procurer and was not limited to the mining crystals I had brought along!
So you don’t make the same mining mis-steps that I did – check out the miners guide.
ATT U(seless)-Verse October 15, 2009
Posted by wastedspacer in 1, Business Directions, Rants, Technologies, Technology Drivers.Tags: ATT, Fiber, Internet, linkedin, UVerse
add a comment
Two and a half years of adverts, one mile from ATT’s HQ, still no U-Verse in it’s own backyard!
Consider the hot summer of 2007 in San Ramon California where AT&T begin a riotous assault on our senses offering a wonderfully fast TV/Internet/Phone service dubbed U-Verse! Excited at the thought that at long last, the fiber channel was finally here and I could get a piece of it. We quite literally live on the doorstep of AT&Ts Northern Cal Headquarters which I can even see from my back-garden.
Ever since moving to San Ramon, I have been a loyal PacBell, er SBC… er AT&T customer thoughout the years and have been an early adopter for ISDN (Project Victoria) and then one of the first DSL subscribers.
Expecting that AT&T would again roll this out to their local community first may have been a little premature but I went to the web site, popped in our phone number and sadly receive the message:
“We’re sorry. Currently, AT&T U-verse service isn’t available for the address associated with this phone number:“
*sigh* but I dutifully sign up to be informed as soon as U-Verse is available, the general sentiment from the advertizing was that it should be within months so I believe I can wait. I hear reports from new housing developments and other cities that are happily getting their U-Verse but still not the loyal AT&T customers in their back yard.
I am under a constant barrage of eMail asking me to sign up for U-Verse all the way through to the summer of 2008. AT&T continues to pump out millions of dollars to advertize in magazines, on the radio and TV waving the flags of U-Verse successes all over the place, but not in our neck of the woods 
Again, I am constantly invited to check to see if we can have access.
“We’re sorry. Currently, AT&T U-verse service isn’t available for the address associated with this phone number:“
Another year goes by with the constant battering of advertisements from AT&T amid the tortoise and other ATT denigration “Slowski” campaigns from their chief rival – Comcast. Again and again I check my telephone number and sign up for “tell me when U-Verse” notifications. I constantly hear of freinds and colleagues that are getting their U-Verse connections all over California (even remote parts). Still no sign of U-Verse again in our part of San Ramon
Finally, well over another year later, I am hearing more pitches and received yet another series of Email requests to sign up for U-Verse. Once again that disappointing phrase comes up:
“We’re sorry. Currently, AT&T U-verse service isn’t available for the address associated with this phone number:“
I have no idea why AT&T can’t either get its act together and deliver its promise -or- tell its back-yard neighbor customers what technologies, process (or politics) of the local town infrastructure has been blocking our ability to recieve this service? It just seems that if a company wants to be commercially successful the LAST thing they should be doing is shouting availability from the rooftops where there seems to be no capability to deliver it to much of the audience!
One of these days, AT&T might eventually wander up the hill and connect us or maybe we’ll see the Verizon guy with the glasses appear instead?
Ah well, should I again don the pink glass spectacles and chant: “all I want for Christmas is High Speed Internet (That doesn’t involve Comcast)”!
*** Update Feb 2010 ***
STILL NO U-VERSE GOOGLE – Please connect San Ramon to your Fiber link and sock it to ATT
**** News Flash March 2010 ***
I was informed by a workmate that ATT Is cutting up roads and digging huge long trenches only a few miles away in Dublin. Wow – could this finally be some high-speed fiber closing in?
NOT A CHANCE *sigh* After my colleague asked the works foreman if that was fiber being pulled the answer was NO JUST REPLACING THE COPPER – AAAAGGGHHH!! ATT what is wrong with you, if you are digging up roads why oh why are you NOT putting in fiber for goodness sake??? Is it as simple as you ordered a load of copper ten years ago and have to bury it somewhere??
(Twitter: MPWA)
Seagate bakes in security September 23, 2009
Posted by wastedspacer in Architecture, IT Security.add a comment
Looks like Seagate has now standardized on producing drives with native encryption features baked in to their enterpise products – consumer products should be next! With this direction, other HD manufacturers should quickly follow suit.
This direction should make corporate/government encryption at rest standards a lot more achievable. An added bonus would be a reduced performance overhead caused by software such as Bitlocker.
Here’s the full article:
Eve on the Road September 23, 2009
Posted by wastedspacer in Everything Else, Games I'm Playing, The Fun Stuff.add a comment
Long time no post… and this one is a meager lame excuse for one just before I head off for some sleep…. thought I might add just a few thoughts on Eve on a hotel link…. just about playable, but don’t think of PvP with a Ventrillo server – sums it up !
I’m on a rare business trip from San Francisco to Houston – due to economic pressure, almost all employees have been grounded for the forseeable future! I took a lowly laptop with me to play Eve though the Marriott hotel iBahn seems to like to toss me offline every now n then
Eve + Hotel + iBahn = Aaaaaargh
The performance is passable for simple missions, mining and the inevitable skill planning and inventory management. I would certainly avoid low-sec or combat-heavy missions on this particular Residence Inn network connection though
Cash for Hunkers August 13, 2009
Posted by wastedspacer in Political Issues.Tags: Clunkers, Economy, Hummers
add a comment
Unbelievable, so much for any kind of common sense on this program, seems that a number of folk are trading in their old inefficient land-boats for new land-boats like F150 Trucks, Hummers, Boat towing Caddies, Lexus and other monsters.
Recapping the declared point of the cash for clunkers program, I thought it was sold by the government as a way to cut emmissions and stimulate the economy? Seems it has merely redirected spending from the retail channel and encouraged many folk who already abuse the environment to keep on “trucking”!
The German program has to traps to stem this potential abuse since it has a sting in the tail with up to a $1000 tax addition based on vehicles with a more significant CO2 production.
The US program has no such clause!
http://tinyurl.com/myn7og
