Schneier on Security
A blog covering security and security technology.
« Insecure Chrome Extensions |
| HTC Android Vulnerability »
September 30, 2011
Friday Squid Blogging: Interesting Squid Recipes
Plus a slide show of pretty dishes.
Posted on September 30, 2011 at 4:42 PM
• 21 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
Questions abound about the Amazon Silk browser.
What about handling secure (https) connections?
We will establish a secure connection from the cloud to the site owner on your behalf for page requests of sites using SSL (e.g. https://example.com).
Amazon Silk will facilitate a direct connection between your device and that site. Any security provided by these particular sites to their users would still exist.
Exactly how will SSL work when using Silk?
Yesterday's Dilbert on flash drives from co-workers: http://www.dilbert.com/2011-09-29/
Microsoft and partners have contained another botnet by taking over the command and control networks, or creating a "sinkhole". While this technique (started a year ago?) has been very successful so far, I have to wonder how long before malware writers create even more robust command and control methods. They Oh, yeah, and according to Washington,, I am a filthy criminal right now, because I am backing up a children's movie (from Disney, no less) that my daughter started scratching up. already have a lot of redundancy, using P2P command distribution. They had to take over that command mechanism, by seeding a fake C2 peer that rose to the top of the list on most peers. To me, this approach seems like an arms race, with the traditional defender (the security industry) becoming the attacker. This means that once the attacker has the defender (the multiple botnet nodes) contained, it seems to me that the botnet nodes only need a single breakthrough to an outside control mechanism in order to get new commands and refresh the botnet.
http://arstechnica.com/business/ne multiple fake CNC ws/2011/09/sinkhole-contains-botnet-nuked-by-microsoft-and-kaspersky.ars
Massachusetts Man Charged in Plot to Bomb Pentagon Using Model Airplane...
You'd think our domestic jihadi wannabes would have learned by now that anyone who encourages them to pursue their stupid plan and offers them all the cash they need, a pile of C4, and a mess of AK47s is almost certainly an FBI informant. Oh well, best they lock up this fellow, before he begins running with scissors or refusing to wash his hands after visiting the restroom.
So why are model planes "hot" all of a sudden. First there was this gadget from a few months ago:
Then there is the entrapment of the poor fellow from MA using a model plane, as noted above.
And finally there is the premier of this:
It's as if some 12 year old has taken over the security industry. Although maybe I'm just envious. I never could build those things; glue made me sick.
"Massachusetts Man Charged in Plot to Bomb Pentagon Using Model Airplane..."
Yup not. the brightest light bulb in the corridor.
The stupid thing is that all you need to know is fairly freely available on the Internet.
However you have to be able to do some basic calcultions (that most pilots get taught) to put such a plan into action.
There is a lot of difference. between making a model plane that can carry surveillance type equipment that comes in at a few hundred grams and a block of C4 etc that needs to be several Kgs to make an effective. weapon.
I think model planes are hot because military drones are hot. Perhaps a 12 year old has taken over the Pentagon...
NYC now has a cache of stinger missiles with which to shoot down errant aircraft. I give it 2.5 years before one or more of the missiles is stolen or "goes missing".
Had fresh squid sushi last night.
@aikimark: Do you have a source for this? After that press conference, the only thing I heard discussed was that NYPD has a 50 Cal BMG Barrett sniper rifle (probably M107, semi-automatic). If that was the capability the chief was talking about, he was pretty much talking out his a**. While a 50 Cal machine gun can shot down an aircraft, it would be near impossible to hit the engine on an aircraft flying several hundred mph with a semi-automatic. Furthermore, anything big enough to destroy a building is going to have 2 - 4 engines, good luck hitting all of them. Finally, if you shoot down anything large like an airliner, you will have to blow it out of the sky, either an explosion or enough damage to cause it to break apart. This will take one potent missile, and you will not want to do it over a populated area, especially as unlike B-17 pilots in WWII who were trying to crash land safely if they couldn't bail out, some jihadi wannabe is just going to divert the plane to the closest sky scraper. New York's got tons of them.
So, I think this is just a bunch of hot air. If you want the job done right, you call the Air Force/Air National Guard. A couple of F-16s can easily intercept anything, and if the aircraft refuses to respond, can shoot them down before they get near a heavily populated area. Some gung-ho cop is not going to be able to do this, missile or gun.
You left out the best squid recipe ever, squid in its own ink (chipirones en su tinta). It is a Basque speciality.
They say it is the only black sauce in the world. When my grandma made them, we all put old shirts on; the stains are impossible to take out. But the taste is incredible. We would always clean out the pan with a loaf of bread.
The "Feds" having a stash of Stingers in Manhattan is a little like Patton wearing pistols on his belt, interesting but not likely to matter. As Gabriel suggests, a timely cellphone call to the national command authority is much more powerful than any MANPAD.
At least there are no Stingers riding around in the trunk of an NYPD supervisor's squad car...
I wonder if the recent embassy attacks were not so much about physical access, but about forcing the staff to begin destroying crypto, or forcing a switching to other forms of crypto, i.e. hoping to catch some comm secrets?
The 20k missiles is how many Libya had, rather than how many are lost. That number is not yet known, but I did see an estimate of 5K when searching on google. If news reports are accurate, this is the Soviet era Strela-2 (NATO SA-7), which is a good helicopter killer, but not a jet killer according to the article on Wikipedia. To even be effective against a passenger jet, which doesn't descend on targets, you will have to be positioned near airports. Numerous aircraft have been hit and managed to land, so it's more like a .22 cal vs. 30.06 (both can be lethal, but one has less stopping power). There are already a plethora of these type MANPADS available that terrorists could have already procured, so my guess is that:
1. Most of the loss is due to poor inventory control, they'll show up in the "right hands" but in the wrong building or vehicles.
2. Any that were actually stolen are for sale on the black market, not for any nefarious purpose. Terrorists could acquire these, but they will probably also go into the hands of guerillas and other insurgent groups in the middle east and Africa.
Of course, I am not Jane's, so I have no idea how many are floating around the world or mid-east to begin with. It seems many of these missiles are easily defeated by cheap countermeasures, so it makes sense to install them on aircraft, particularly ones going overseas into regions with higher risk. I just don't see terrorist owned MANPADs showing up outside of LAX or La Guardia. Now, Mexico might become dangerous (with our without Libyan missiles), because the narcos like to prove how big their cojones are by perpetrating some of the most brutal and disgusting crimes. I could foresee one of the cartels shooting down a passenger airliner (and they have the resources to get close to the airports) just to make a sick point.
Post-Conflict Potter | Foreign Policy -- [Voldemort's dead, but the struggle's not over. How Harry Potter and the magical world of J.K. Rowling might begin the long process of reconciliation and reform.] (via ) -- This is brilliant satire of world events as they relate to terrorism and global security. :D
"Surviving Death Eaters will have to be brought to justice or reintegrated into magical society. Long-standing rifts among magical communities that the war widened must be healed. Most of all, we must ensure that the values that triumphed in the final battle -- tolerance, pluralism, and respect for the dignity of all magical and non-magical creatures alike -- are reflected in the institutions and arrangements that emerge from the conflict. What ultimately matters is not just whether something evil was defeated, but whether something good is built in its place.
As experts on human rights, civilian protection, and national security, we were recently asked by officials in the British Ministry of Magic to suggest lessons from the Muggle world that might apply to challenges facing post-Voldemort magical society. Our recommendations are summarized below."
Skreidle: Great summary of our acheivements, although I would say post WWII was one of the most successful efforts in more recent history. It's always been spoils of war for the conqueror, and subjugation, slavery, or annihilation for the conquered.
Of course, if I recall, in Harry Potter, they took the approach of locking all of the villains up in Azkaban, a rather hellish place. Not terribly different from what we are doing now, except Gitmo isn't hell, but rather limbo.
Interesting article. The Soviet Union top-level domain (.su) is still around & growing in popularity. The domain would have been extinguished along with the Soviet Union, but political forces keep it going. Krebs recently reported it's also popular with Russian online crime groups. Had to use the Wayback Machine to retrieve the article.
Schneier.com is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc.