Category: Geen categorie

DoS Internals

No, no typo. Not DOS Internals or so. Rather, internal DoS attacks.

Are they tractable? [Uhh, that may sound like they’d be positive things to be able to do — sorry, just hinting at “technical feasibility” here]

Yes they are. Stuxnet was the prime example. Something similar would be tractable once one is (somewhat) on the inside, I guess. Like, an APT exploring the internal networks for topology, infecting routers along the way, and then blowing them up all, all at once, with megazillion tons of traffic, internally generated. Denying (internal) network services to all. Or even bricking routers with e.g., flash-ROM attacks. Feasible.

The same, with surreptitious tweaks of kernel scheduling processes, Stux style. Or, there, too, diving deep into and under the virtualisation layers and bricking the core BOISsen and other Level 0 / 1 server software. Overflowing disks with random data (be sure to buffer tons, so restarts / re-mounts will not help too easily).

Hmmm, once one starts thinking about it, the possibilities are huge. Maybe some nationstate party/ies has some arsenal out there in the wild already. Think yesterday’s post; on its own or in combo with Elections, whose interests where?

Oh whatever … plus:

DSCN7411

[A hole in your servers’/routers’ “floatation” capabilities will sink your infra; Baltimore]

Did / Did Not (Know Who Did)

Anyone still have an overview of where we (?) stand qua attribution of “cyber” attacks [ #ditchcyber, of course ] ..?? Apart from this

There’s so much development in attribution with or without proof, e.g., about hacking elections in some outer corner of the world’s population; was it truly hacks, was it some nation state, was it some scapegoat hackster, was it all a set-up, where are Wikileaks, Anonymous, [fill in your favourite Four Horsemen party and colour the pictures] … the possibilities are endless.

But there are indeed flashes like this and this, which spark some controversy whilst blurring the overall picture. And we’d want unblurred pics of hotel room showers oh wait not I.
And what with all the tools out there (remember, the FBI’s stash stolen and now on fire sale for 99% off the previous list price, right?), planting others’ fingerprints and DNA, so to speak (no, literally ..!), and have pictures and videos even that are near-indistinguishable from proof; what evidence if any is still admissible in courts? None …!? So, what attribution …!?

When others talk about “controlling the cyber battlefield” (no, not the FBI but the extraterritorial agency), isn’t there a protracted “cyber” [ #ditchcyber ] world war under way already ..? Just not as hot as the previous one, more like the Cold one, schlepping on ..?

Just accept all Peace For Our Time‘s … and:

hC467CB09

[The SocMed approach: Look! Moose babies!]

Ad Lib / Logic

About some ‘logic’ in an @bookingcom ad.

Where this, commonly well-regarded, travel site sent some spam: “Umbrella in hand, J, it’s raining deals!”
Which may or may not be true, but

  • If it’s deals that it’s raining, I wouldn’t necessarily want to shrug them off with an umbrella
  • If it’s deals, why associate them with bad weather which I may want to escape, through the deals
  • Can’t the deals be collected on some company web site or so; why should it rain into my Inbox?

So, methinks the ad is a wide-net phishing run. Right ..?

Oh, and:
000003 (8)
[Old analog pic; now there‘s deal weather …! Martinique — once was business travel location 😉 ]

Walking away from your desk

This, re yesterday’s post that was in some vincinity (though with quite some distance to spare…) of ranting about bureaucratic stupidity being a pleonasm.
By means of a pic, with:

  • A Bureacrat certainly designed this. The ejection seat would to a bureaucrat mean the danger of you escaping from the post you were supposed to hold no matter what — since in the bureacratic only thinkable scenario, nothing would ever happen or you’re unfortunate collateral loss but hey, the System continues to perform.
  • For all others (the handful, the few good men), the ejection seat is apparently surrounded by just that danger, and to be used to escape from from that immediate and urgent, life-threatening danger of death by utter boredom, by sitting still. Noting that the rig that the sign is on, invariably is one made for dangerous action, not for danger evasion… Ships are safe in harbour but that’s not what ships are for; kites [your check] so much, much less so!

Which side are you on; the sit-stillers’ or the Action Men’s ..?
danger-eject-svg

Two's a Charming Bureaucratic Voilence

First, two (yes) quotes:

To put it crudely: it is not so much that bureaucratic procedures are inherently stupid, or even that they tend to produce behaviour that they themselves define as stupid — though they do do that — but rather, that they are invariably ways of managing social situations that are already stupid because they are founded on structural voilence. (p.57) [ Where structural voilence is … look it up in your sociology study’s notes. Implicit or even explicit threats with disciplinary boards (however pastiche) and ostracism certainly gives you the right idea; ed. ]

At the same time, if one accepts Jean Piaget’s famous definition of mature intelligence as the ability to coordinate between multiple perspectives (or possible perspectives) one can see, here, precisely how bureaucratic power, at the moment it turns to violence, becomes literally a form of infantile stupidity. (pp. 80-81) [ Emphasis mine; ed. ]

This being from Graeber’s Utopia of Rules of course.

Now, apply this to the obviously receptive [what is the opposite side from ‘applicable’?] situation at some petty association that aggrandised itself and use the introduction of ‘quality control’ — not over itself but over parts of its member base — in a criminal way [since the legal and (self- and external) regulatory arguments were and are simply invalid, and procedures at points illegal outright] to force them into obedience to Kafkaesk procedures that wouldn’t and still don’t apply to those in power at the association. Gollum “the ring is mine!”.

My point being the conclusion of infantile stupidity. Charming for its tragicomedy. A disaster at many fronts for those affected by it…

Oh well:
DSC_0196
[To swat a completely imagined fly; Edinburgh]

Hoodies are off

Truly, we have arrived in a distopian world when crime fighters go after the petty ‘criminals’ only — if there were any bigger catches, the headlines would be flooded and as we hardly ever see that, this is the best for the fighters that they can brag about ..?
I mean, have a look at <link>; a real Cyberrr! (#ditchcyber) criminal was caught! How incredibly clever he was! Being traceable by his ‘own’ IP address and own bank account. So certain of his own greatness that he didn’t even seem to have worn a hoodie — you know, the device that keeps all ‘hackers’ [Dammit! Learn the difference between hacking and cracking!!! or remain a stool forever] completely anonymous. And in Russia. Or did I say R I meant China, when it’s about nation-state retaliation (sic!).

Where in Lucky Luke and Billy the Kid was it that the quote passes “Yes yes be silent dear little boy we do know you’re a really grow-up thug.” ..?
Time to hold this to the Police …?

Oh, and:
DSCN9971
[Surely, no-one would dare to attack here? Surely, this is just a decoy and nothing of value would be inside ..? — Well, the value’s not only in the hotel facilities but much more in the wine cellars … next door; Castello Gabbiano]

Super Mario gives wrong impression of plumber's degree

On our first day of class, we had to pull three students from the sewer pipe

January 16, 2017 by Harry Withstander

At the start of every school season, Duke University welcomes hundreds of enthousiastic, motivated students, but after only a semester more than half of them will have dropped out, disillusioned and disaffected. “Young hopefuls arrive with the idea they too can be Super Mario”, Vice President Renzo DiLuigi says.

Almost immediately after the release of the very first Super Mario game in 1985, the Master of Plumbing program saw skyrocketing enrollment numbers. “That’s also where trouble starts”, explains DeLuigi. “On our first day of class, we had to pull three students from the sewer pipe. Party’s very much over for us, then. We learn people how to unclog a toilet, not how to save a princess.”

Jack Fore has been a teacher of Siphon Trap Technology with the Plumbling program. He has seen things develop before his eyes: “First day of the semester, they all come rushing into the car park in their carts, banana in hand. This makes clear to me: They’ll never be an A-grade plumber. If you want to fight with monkeys, why not do Biology, but don’t come wrecking the school building.”

Still, for DiLuigi the profession of plumber still is the best the world has to offer. “In the end, the true plumbers come to the fore. Every year, they generate so much energy on campus. As I use to say: Let’s-a go!”

with permission I guess

[Original, in Dutch, on the Speld; translated with permission]

Hacking not allowed

… at least, if you’re from an official agency that would have to stick to basic rules of common decency.
Despite the push for the police to be allowed to exploit backdoors (and not report/repair them), the thing seems to not sit well with supreme legislation… (link in Dutch; with PDF and/or give Alphabet’s translator a try) — apart from making us all including themselves, much unsafer…

We’ll see. And:
DSCN8502
[The humane workplace — non doctored pic; Zuid-As Amsterdam]

Two AI tipping point(er)s

You may have misread that title.

It’s about tips, being pointers, two to papers that give such a nice overview of the year ahead in AI-and-ethics (mostly) research. Like, this and this. With, of course, subsequent linkage to many other useful stuff that you’d almost miss even if you’d pay attention.

Be ware of quite a number of follow-up posts, that will delve into all sorts of issue listed in the papers, and will quiz or puzzle you depending on wether you did pay attention or not. OK, you’ll be puzzled, right?

And:
DSCN1441
[Self-learned AI question could be: “Why?” but to be honest and demonstrating some issues, that’s completely besides the point; Toronto]

No, you're hacked

OK, we have a couple of little things:

  • “It’s not if but when an organisation is hacked”
  • This leads to access to some of your personal data however innocious (or not)
  • Only a handful of your however innocious personal data is needed to identify you and/or take over your ID
  • Your personal data however innocious on the surface (sic) is with so many organisations.

Syllogically, ID theft will ruin your life, pretty soon.

Now you may counter that … blabla you’re not interesting enough (maybe, but how sure are you, and if you’re so clean your ID has value to the not-so-clean), it won’t happen to you because it hasn’t happened to you (yet, that’s the point) … et cetera.

But oh, you will be hit …

And with that positive reminder, this:

DSCN8391

[If life were as simple as at once major global city Edam…]

Maverisk / Étoiles du Nord