Friday Squid Blogging: Live Squid Washes up on North Carolina Beach
A “mysterious squid”—big and red—washed up on a beach in Carteret County, North Carolina. Someone found it, still alive, and set it back in the water after taking some photos of it. Squid scientists later decided it was a diamondback squid.
So, you think that O’Shea might know the identity of the squid Carey Walker found on the Portsmouth Island Beach, just by looking at an emailed photo or two? Indeed, he did. After a couple of days of back-and-forth emails—it can be difficult to connect consistently with a world-famous man who lives now in Australia—he reported that, while unusual to be seen on beaches in our parts, this was not a particularly unusual squid: It was a diamondback squid, known in scientific nomenclature as Thysanoteuthis rhombus.
T. rhombus, also known as the diamond squid or diamondback squid, is a large species that grows to about 100 centimeters in length, which translates to about 39 inches, and ranges in weight from 20 to 30 kilograms, which translates to 44 to 50 pounds. Which means that, if nothing else, Carey Walker is pretty good at estimating the weight and length of big red squids he picks up on remote beaches.
As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.
Read my blog posting guidelines here.
Ben A. • April 28, 2017 4:42 PM
Who Is Publishing NSA and CIA Secrets, and Why?
Bruce Schneier: “There’s something going on inside the intelligence communities in at least two countries, and we have no idea what it is.”
https://www.lawfareblog.com/who-publishing-nsa-and-cia-secrets-and-why
NSA’s DoublePulsar Kernel Exploit In Use Internet-Wide
http://threatpost.com/nsas-doublepulsar-kernel-exploit-in-use-internet-wide/125165/
N.S.A. Halts Collection of Americans’ Emails About Foreign Targets
http://www.nsa.gov/news-features/press-room/statements/2017-04-28-702-statement.shtml
https://www.lawfareblog.com/nsa-statements-stopping-certain-foreign-intelligence-collection-activities
https://www.lawfareblog.com/can-nsa-drop-about-collection-without-gutting-tofrom-collection
http://www.nytimes.com/2017/04/28/us/politics/nsa-surveillance-terrorism-privacy.html
How to Avoid Going to Jail under 18 U.S.C. Section 1001 for Lying to Government Agents
http://corporate.findlaw.com/litigation-disputes/how-to-avoid-going-to-jail-under-18-u-s-c-section-1001-for-lying.html
UK drops in World Press Freedom Index following surveillance and anti-espionage threats
https://www.theregister.co.uk/2017/04/26/uk_drops_in_world_press_freedom_index_following_gov_surveillance_and_antiespionage_threats/
The Slitheen technique uses popular sites as camouflage for banned ones
“We propose Slitheen, a decoy routing system capable of perfectly mimicking the traffic patterns of overt sites. Our system is secure against previously undefended passive attacks, as well as known active attacks.”
A Seven Dimensional Analysis of Hashing Methods
“Our study clearly indicates that picking the right combination may have considerable impact on insert and lookup performance, as well as memory foot-print. A major conclusion of our work is that hashing should be considered a white box before blindly using it in applications, such as query processing. Finally, we also provide a strong guideline about when to use which hashing method.”
http://www.vldb.org/pvldb/vol9/p96-richter.pdf
Exploiting .NET Managed DCOM
http://googleprojectzero.blogspot.com/2017/04/exploiting-net-managed-dcom.html
Alert: If you’re running SquirrelMail, Sendmail… why? And oh yeah, remote code vuln found
https://www.theregister.co.uk/2017/04/24/squirrelmail_vuln/
http://threatpost.com/no-fix-for-squirrelmail-remote-code-execution-vulnerability/125151/
FBI allays some critics with first use of new mass-hacking warrant
https://arstechnica.com/tech-policy/2017/04/fbi-allays-some-critics-with-first-use-of-new-mass-hacking-warrant/
Next Steps Toward More Connection Security
“Beginning in October 2017, Chrome will show the “Not secure” warning in two additional situations: when users enter data on an HTTP page, and on all HTTP pages visited in Incognito mode.”
https://security.googleblog.com/2017/04/next-steps-toward-more-connection.html
Peace in our time! Symantec says it can end Google cert spat
https://www.theregister.co.uk/2017/04/27/symantec_ca_proposal_for_google/
Linux kernel security gurus Grsecurity oust freeloaders from castle
“Linux users, the free lunch is over. Pennsylvania-based Open Source Security on Wednesday decided to stop making test patches of Grsecurity available for free.”
https://www.theregister.co.uk/2017/04/26/grsecurity_linux_kernel_freeloaders/
https://grsecurity.net/passing_the_baton.php
Attack Method Highlights Weaknesses in Microsoft CFG
https://threatpost.com/attack-method-highlights-weaknesses-in-microsoft-cfg/125242/
https://www.endgame.com/blog/disarming-control-flow-guard-using-advanced-code-reuse-attacks
A serious bug in GCC
https://akrzemi1.wordpress.com/2017/04/27/a-serious-bug-in-gcc/
Browserprint: Browser fingerprint tool now can guess client OS even when spoofed
https://browserprint.info/
Block Me If You Can: A Large-Scale Study of Tracker-Blocking Tools
https://www.securitee.org/files/trackblock_eurosp2017.pdf
git-crypt – transparent file encryption in git
https://www.agwa.name/projects/git-crypt/
Punching holes in nomx, the world’s “most secure” communications protocol
https://arstechnica.com/information-technology/2017/04/punching-holes-in-nomx-the-worlds-most-secure-communications-protocol/
https://www.theregister.co.uk/2017/04/27/nomx_insecurity/
https://scotthelme.co.uk/nomx-the-worlds-most-secure-communications-protocol/
Homebrew crypto SNAFU on electrical grid sees GE rush patches
https://www.theregister.co.uk/2017/04/27/ge_rushing_patches_to_grid_systems_ahead_of_black_hat_demonstration/
Reckon you’ve seen some stupid security things? Here, hold my beer…
https://www.troyhunt.com/reckon-youve-seen-some-stupid-security-things-here-hold-my-beer/
Shutting down public FTP services
https://lists.debian.org/debian-announce/2017/msg00001.html
Facebook says it will act against ‘information operations’ using false accounts
http://www.reuters.com/article/us-facebook-propaganda-response-idUSKBN17T2G6
Uber’s app fingerprinted iPhone hardware, breaking App Store rules
https://arstechnica.com/apple/2017/04/tim-cook-once-slapped-uber-on-the-wrist-for-breaking-the-app-store-rules/
The Backstory Behind Carder Kingpin Roman Seleznev’s Record 27 Year Prison Sentence
https://krebsonsecurity.com/2017/04/the-backstory-behind-carder-kingpin-roman-seleznevs-record-27-year-prison-sentence/
More LastPass flaws: researcher pokes holes in 2FA
“LastPass has been in the news again for another chink in its armour – though it has now been fixed, you’ll be glad to hear.”
https://nakedsecurity.sophos.com/2017/04/26/more-lastpass-flaws-researcher-pokes-holes-in-2fa/
Forensic accountants appointed to pore over Post Office IT scandal
“The UK’s Criminal Cases Review Commission has confirmed that it has appointed a firm of forensic accountants to assist its investigation into whether sub-postmasters were wrongfully prosecuted due to issues affecting the Post Office’s Horizon IT system.”
https://www.theregister.co.uk/2017/04/24/forensic_accountants_appointed_to_pore_over_post_office_it_scandal/
“I don’t want porn coming in to my home”
The owner-operator of Andrews & Arnold Ltd. (a small UK ISP), whose main selling point is anti-censorship, was contacted by a woman who wanted to block adult material [porn]. Humorous story.
http://www.revk.uk/2017/04/i-dont-want-porn-coming-in-to-my-home.html
http://www.aaisp.net.uk/broadband.html
A privacy aware domain registration service
Except they own your domain…
https://njal.la/
Fantastic free Open Journal for Quantum Science
http://quantum-journal.org/papers/