Select Page
All your rooms are belong to us

All your rooms are belong to us

 

I know that there are other mobile device "sensory" apps out there such as spiPhone and SoundMiner that make use of your phone microphone to gather info, such as credit card numbers, but this is first that I have seen that would make good use of your camera.
 
PlaceRaider, a proof of concept app developed by the Naval Surface Warfare Center and University of Indiana, takes a stream of images using the camera in your smartphone, then sends the images to a server where they are used to construct a 3D model of your room(s).   The idea is that this app would be surreptitiously loaded onto your smartphone and run in the background, snapping pics or your surroundings. Scary-cool.  From now on I am showering without my phone.
 
You can download the PlaceRaider paper here:  http://arxiv.org/pdf/1209.5982v1
 
Learn more: http://blogs.computerworld.com/malware-and-vulnerabilities/21092/visual-malware-remotely-exploits-android-camera-secretly-snaps-pic-every-2-seconds
Mistakes admitted, security restored, exploiters caught

Mistakes admitted, security restored, exploiters caught

This is a fairly techie tale of a company CEO that was a little sloppy (well, not paranoid enough), a couple of security holes in two different systems and a lot of patient work to take over a website.  In short, a small group of hackers managed to wrest control of the Google Apps account and voicemail box of a hosting company president, then used that information to temporarily take over a group of websites hosted by that company.  The attack was detected and stopped quickly and control was returned to the hosting company, but it took a lot of work and a lot of people to thwart one attack.

A detailed blog post by the CEO of the hosting company, CloudFlare's Matthew Prince, tells the entire story, including mistakes and apologies.  CloudFlare even went so far as to create a nice timeline to illustrate the timing of the hack, the response, and the key details.  Going one step even further, CloudFlare took the opportunity to use this incident as a teachable moment, to inform and advise their clients and the general public in how to protect one's self from the same abusive tactics.  Even though CloudFlare made some mistakes, they more than made up for it in their quick and thorough response and then took it one step farther to help others to prevent the same attack.  This is the kind of excellence in community building and collaboration that warms my heart and confirms my faith in our society and people in general.  Well done.

Google fixed their part of the problem and also admitted the flaw, so they get some credit there.  To end the tale on a happy note, the FBI was able to track down and catch the perpetrators, thus furthering my confidence in the Path of the Good.  For some light bedtime reading, the FBI press release following the arrests of the exploiters can be found here

Since this incident occurred, others have taken place that exploited weaknesses in support and recovery policies at other Biggies Amazon and Apple.  Policies at those companies have been changed to prevent similar attacks again, though the companies seemed more concerned about inconveniencing their customers than security.  While I understand that convenience is a key to keep customers coming back to your site or service, the inconvenience of having my data (or website) taken away is more important to me than the speed with which I use a service.  Others seem to think so too That balance between being convenient and being secure is slowly leaning towards secure.

As a local investment advisor in my town that I like says, "Here's the Nugget":

  • Be paranoid as much as is practically possible without super-pissing other people off.  Inconveniencing them is OK, when done lovingly.
  • Get help from and work with your vendors to help *them* make their systems better for you and others.  We all benefit in the long run.
  • Admit your mistakes, ask forgiveness, show how you have fixed this problem and tell why it will not be a problem again.  This keeps you humble, demonstrates your commitment to your tribe and helps others, who will, in the future, and under the influence of your example, help others in return.

A friend of mine who manages a corporate office says that his users, most of them ladies, respond well to his super-paranoia because it is "sincere" paranoia and they secretly love the attention.  I imagine that the conversations go something like this:

Office Lady: "Do we have to go to all of this trouble just to get our e-mail?"

Paranoid Admin: "Yes, this really is necessary to protect your data."

OL: "It seems a bit extreme."

PA: "I don't want to see you lose valuable time and information. Now hold still for your retina scan."

OL: "I really don't…"

PA: "You have very pretty eyes."

OL: "Oh. *Thank* you. Hold still like this?"

Unmuffled

Unmuffled

I am riding back from picking up beer and dinner with my friend Erik and my cousin Allen.  We are in Erik's aged, bulletproof Dodge van, Erik is driving and we are on a short stretch of freeway on the way back to Casa Bachelor.  We have gone out on a food run for the umpteen guys back at Erik and his brother Kirk's place.  Allen is riding shotgun and playing one of his "What if, what would" games.

A:  What would you say if I suddenly did this?

(Allen reaches over and throws the van's gear selector into "N".  The van continues quietly along, but is now slowing)

E:  (Looking annoyed) I'd say you were an *idiot*.

A:  (Smiling) I guess I'd better not do that then.

(Allen reaches back over and slaps the gear shift back into "D".  The van has been coasting but it is still going about 50MPH.  There is a sudden lurch that throws us all forward, a high whine from the transmission that has just been jammed into first gear, and then a very loud *BANG* as the muffler explodes.)

E:  (A little wide eyed and raising his voice to be heard above the new roar of his unmuffled exhaust) *NOW* I'D SAY YOU WERE AN IDIOT THAT OWES ME $70 FOR A NEW MUFFLER.

Swept Away

Swept Away

 

This is the way it felt to read when I was kid.  Some authors still manage to do that, but mostly I think it is a matter of having the time and mental relaxation to become deeply absorbed in another world.  Usually, I get a chapter into a book and then the phone rings.  After that, the rhythm is broken and I end up reading a chapter at a time with a one ear tense. 
 
The last time I think that I allowed myself to relax enough to fall under the spell of the story was on a long car trip listening to Philip Pullman's "His Dark Materials" series on cassette.  I don't miss the driving part so much as the uninterrupted exercise in guided imagination, the taking-in of description and the creative outputting of an entire universe.  I think that we all need that mental stretching from time to time, to keep us fresh.  Vacation is supposed to do that, but vacation has become a tactical sport to see how much activity we can cram into a short span.  The opposite is needed, and not with a group either.
 
Rambling here.  In short I like the picture.  You can find it on a WootShirt today (6/21/2012).  If it is gone (Woot does not keep things in stock for long), the artist is patrickspens of Sandy, UT.  You may be able to find his work elsewhere (http://patrickspens.blogspot.com maybe?)

Link to shirt:

http://shirt.woot.com/offers/swept-away

Fungal Laser Feet

I get these email offers every day and some of them are just silly.  This is a good one. 

First of all there's the Subject "Foot Fungus Treatment – 3 locations".  I only have *two* feet myself but perhaps the population of bonus-limbed people is bigger than I thought.  Then there are the pictures.  Sure the picture of feet kind of makes sense (I still don't see that extra foot), but the others make me scratch, well, elsewhere.  Kitchen fungus?  Chin fungus?  Bum fungus?  There is so much I never knew.

Best of all, there is the section title "Laser Foot Fungus Removal"  Laser feet?!?!  How cool is that?  I have heard of lasers on sharks but never on feet.  Is this the updated version of the ol' switchblade in the shoe?  Has the embedding of devices in our bodies finally come to fruition?  Soon will I be able to call my mother by pulling on my *left* ear lobe (volume control is in the right) and then using my laser foot to augment my PowerPoint presentation?  I imagine there will be quirks to work out.  If your laser enhanced feet can get fungified who do you call to take care it?  A dermatologist or a laser technician?  If your phone goes out do you call an E.N.AT&T?

What a whiz bang world we live in.