Software developer, racing fan
755 stories
·
40 followers

Adding a Hardware Backdoor to a Networked Computer

1 Share

Interesting proof of concept:

At the CS3sthlm security conference later this month, security researcher Monta Elkins will show how he created a proof-of-concept version of that hardware hack in his basement. He intends to demonstrate just how easily spies, criminals, or saboteurs with even minimal skills, working on a shoestring budget, can plant a chip in enterprise IT equipment to offer themselves stealthy backdoor access.... With only a $150 hot-air soldering tool, a $40 microscope, and some $2 chips ordered online, Elkins was able to alter a Cisco firewall in a way that he says most IT admins likely wouldn't notice, yet would give a remote attacker deep control.

Read the whole story
vitormazzi
1 day ago
reply
Brasil
Share this story
Delete

How this climate change economist changed my world

3 Comments and 4 Shares
Undercover Economist

How this climate change economist changed my world

I read a lot of economics papers, but I don’t often read economics papers that make me think, “this changes everything”. But Martin Weitzman wrote one. I still remember exactly where I was when I read it. Even for a nerd like me, that’s not normal.

Professor Weitzman took his own life in late August. He was 77 and had reportedly been worried that he was losing his mental sharpness.

Weitzman’s sad death prompted me to reflect on what it was about his essay that so struck me. It was a commentary on Lord Nicholas Stern’s Review on the Economics of Climate Change. Weitzman gently pulled the Stern Review apart — “right for the wrong reasons” — and offered an alternative view of the problem.

For those of us who think climate change requires bold, urgent action, there are two awkward facts to contend with. The first is that its most worrying impacts — including floods, crop failures and diseases — are unlikely to manifest at full strength for decades or even centuries. The second is that because the world has been getting dramatically richer, future generations are likely to be much wealthier than we are.

Both these awkward facts militate against doing anything too expensive in the short term.

Here’s an analogy: imagine that I discover an incipient damp problem in my house. A surveyor tells me that if I spend £1,000 now, that will spare my great-grandchildren £5,000 of repair works in a century. At first glance it seems that I should fix the damp.

On reflection, though, spending money now would be foolish. Investing £1,000 in the stock market on their behalf would be better. At a modest 3 per cent real rate of return, it should be worth about £20,000; at 5 per cent it will be worth £130,000.

In any case, won’t my great-grandchildren be vastly richer than I am, just as I am vastly richer than my great-grandparents? Why worry? They’ll cope.

This oversimplification of the complexities of climate change gets at something important. Lord Stern’s case for action depended on arguing that our super-rich descendants living in the far future should weigh very heavily in our calculations. It is hard — not impossible, but hard — to square that with how we behave in respect to any other issue, personal or social. We simply do not set aside nine-tenths of our income to benefit future generations.

Weitzman was among several prominent economists to raise this concern. But he then asked us to contemplate the risk of runaway effects. An example: as arctic permafrost thaws, a huge volume of methane, a powerful greenhouse gas, may be released. Other economists have recognised the issue of “tail risks”, well outside the most likely scenarios. None have thought more deeply about it than Weitzman.

Central estimates can lead us astray. The most likely scenario is that climate change will cause real but manageable suffering to future generations. For example, the World Health Organization estimates that between 2030 and 2050, climate change may cause an extra 250,000 deaths a year because of threats such as malaria, heat exposure and malnutrition — a less serious problem than local and indoor air pollution, which kill 8m people a year. If we focus on the central forecast, it is local air pollution that should get most of our attention.

It is only when we ponder the tail risk that we realise how dangerous climate change might be. Local air pollution isn’t going to wipe out the human race. Climate change probably won’t, either. But it might. When we buy insurance, it isn’t because we expect the worst, but because we recognise that the worst might happen.

The truly eye-opening contribution — for me, at least — was Weitzman’s explanation that the worst-case scenarios should rightly loom large in rational calculations. If there’s a modest chance that the damp problem will give all my great-grandchildren fatal pneumonia, I shouldn’t ignore that. And my great-grandchildren wouldn’t want me to: the probably rich great-grandchildren would happily sacrifice some trivial amount of income to avoid being the possibly dead great-grandchildren. But they won’t have the choice. It’s up to me.

Weitzman was a stupendously creative man. Other celebrated contributions studied the trade-off between pollution taxes and pollution permits, the “Noah’s Ark” problem of what to focus on when preserving biodiversity, and an early argument in favour of companies sharing profits with their employees.

“If you don’t think an idea might be worthy of the Nobel Prize, you shouldn’t be working on it,” he told one colleague. Some economists would say that he reached that impossibly high standard more than once — and were surprised that he was not named as a joint Nobel Prize winner last year, when William Nordhaus was recognised for his work on climate change economics.

Nevertheless, the message of Weitzman’s recent work has influenced the policy debates on climate change: the extreme scenarios matter. What we don’t know about climate change is more important, and more dangerous, than what we do.

Written for and first published in the Financial Times on 13 Sep 2019.

My book “Fifty Things That Made the Modern Economy” (UK) / “Fifty Inventions That Shaped The Modern Economy” (US) is out now in paperback – feel free to order online or through your local bookshop.

Read the whole story
samuel
8 days ago
reply
This is such a short jump to hedonism I don't know that it's not already hedonism.
Cambridge, Massachusetts
vitormazzi
8 days ago
reply
Brasil
Share this story
Delete
1 public comment
gmuslera
7 days ago
reply
Always leave some space to what you don't know that you don't know. Specially about the future. You may have an opportunity to do something now, but maybe later you (or your grandchildren) won't be able to do anything.
montevideo, uy

Look out for the second 2019 GPS week number rollover

3 Shares

If you're a time nut, a GPS nut, or just paying attention to certain peculiar sources, you might have read that the GPS (Navstar, if you want to be particular about it) had a "Y2K" type situation happen earlier this year. There's a 10 bit number representing the week number, and for the second time since it launched, it rolled back around from 1023 to 0.

Yes, really.

Since it happened six months ago, you'd think that if you got through it, you're good to go, right? Heh, yeah, well, no, not so much.

It seems like nobody's really talking about this yet, but apparently, certain LTE chipsets have an OFFSET WEEK... and they haven't hit 1023 yet. Oh no. According to what I've managed to dig up, they're going to hit it 2019-11-02 at 23:59:42Z.

"Big deal", you might think. Well, think again. Do you have a car that has a GPS-driven nav system in it? Does it use one of these chipsets? If so, you might have about one more month of sanity and then it's probably going to lose its mind.

How do I know? I got a recall notice in the mail this afternoon.

Yes, my car needs to be patched. First smart TVs and now cars.

I've been able to find two reference points for this. There's this note and also at least one other site which seems sketchy so I won't link to it here.

What a mess.

Read the whole story
vitormazzi
15 days ago
reply
Brasil
jepler
16 days ago
reply
Earth, Sol system, Western spiral arm
Share this story
Delete

On Chinese "Spy Trains"

1 Share

The trade war with China has reached a new industry: subway cars. Congress is considering legislation that would prevent the world's largest train maker, the Chinese-owned CRRC Corporation, from competing on new contracts in the United States.

Part of the reasoning behind this legislation is economic, and stems from worries about Chinese industries undercutting the competition and dominating key global industries. But another part involves fears about national security. News articles talk about "spy trains," and the possibility that the train cars might surreptitiously monitor their passengers' faces, movements, conversations or phone calls.

This is a complicated topic. There is definitely a national security risk in buying computer infrastructure from a country you don't trust. That's why there is so much worry about Chinese-made equipment for the new 5G wireless networks.

It's also why the United States has blocked the cybersecurity company Kaspersky from selling its Russian-made antivirus products to US government agencies. Meanwhile, the chairman of China's technology giant Huawei has pointed to NSA spying disclosed by Edward Snowden as a reason to mistrust US technology companies.

The reason these threats are so real is that it's not difficult to hide surveillance or control infrastructure in computer components, and if they're not turned on, they're very difficult to find.

Like every other piece of modern machinery, modern train cars are filled with computers, and while it's certainly possible to produce a subway car with enough surveillance apparatus to turn it into a "spy train," in practice it doesn't make much sense. The risk of discovery is too great, and the payoff would be too low. Like the United States, China is more likely to try to get data from the US communications infrastructure, or from the large Internet companies that already collect data on our every move as part of their business model.

While it's unlikely that China would bother spying on commuters using subway cars, it would be much less surprising if a tech company offered free Internet on subways in exchange for surveillance and data collection. Or if the NSA used those corporate systems for their own surveillance purposes (just as the agency has spied on in-flight cell phone calls, according to an investigation by the Intercept and Le Monde, citing documents provided by Edward Snowden). That's an easier, and more fruitful, attack path.

We have credible reports that the Chinese hacked Gmail around 2010, and there are ongoing concerns about both censorship and surveillance by the Chinese social-networking company TikTok. (TikTok's parent company has told the Washington Post that the app doesn't send American users' info back to Beijing, and that the Chinese government does not influence the app's use in the United States.)

Even so, these examples illustrate an important point: there's no escaping the technology of inevitable surveillance. You have little choice but to rely on the companies that build your computers and write your software, whether in your smartphones, your 5G wireless infrastructure, or your subway cars. And those systems are so complicated that they can be secretly programmed to operate against your interests.

Last year, Le Monde reported that the Chinese government bugged the computer network of the headquarters of the African Union in Addis Ababa. China had built and outfitted the organization's new headquarters as a foreign aid gift, reportedly secretly configuring the network to send copies of confidential data to Shanghai every night between 2012 and 2017. China denied having done so, of course.

If there's any lesson from all of this, it's that everybody spies using the Internet. The United States does it. Our allies do it. Our enemies do it. Many countries do it to each other, with their success largely dependent on how sophisticated their tech industries are.

China dominates the subway car manufacturing industry because of its low prices­ -- the same reason it dominates the 5G hardware industry. Whether these low prices are because the companies are more efficient than their competitors or because they're being unfairly subsidized by the Chinese government is a matter to be determined at trade negotiations.

Finally, Americans must understand that higher prices are an inevitable result of banning cheaper tech products from China.

We might willingly pay the higher prices because we want domestic control of our telecommunications infrastructure. We might willingly pay more because of some protectionist belief that global trade is somehow bad. But we need to make these decisions to protect ourselves deliberately and rationally, recognizing both the risks and the costs. And while I'm worried about our 5G infrastructure built using Chinese hardware, I'm not worried about our subway cars.

This essay originally appeared on CNN.com.

EDITED TO ADD: I had a lot of trouble with CNN's legal department with this essay. They were very reluctant to call out the US and its allies for similar behavior, and spent a lot more time adding caveats to statements that I didn't think needed them. They wouldn't let me link to this Intercept article talking about US, French, and German infiltration of supply chains, or even the NSA document from the Snowden archives that proved the statements.

Read the whole story
vitormazzi
23 days ago
reply
Brasil
Share this story
Delete

Backdoors in Webmin

1 Comment and 2 Shares
Anybody using Webmin, a web-based system-administration tool, will want to update now, as it turns out that the system has been backdoored for over a year. "At some time in April 2018, the Webmin development build server was exploited and a vulnerability added to the password_change.cgi script. Because the timestamp on the file was set back, it did not show up in any Git diffs. This was included in the Webmin 1.890 release."
Read the whole story
jepler
58 days ago
reply
"Because the timestamp on the file was set back, it did not show up in any Git diffs" WAT
Earth, Sol system, Western spiral arm
vitormazzi
58 days ago
reply
Brasil
Share this story
Delete

Supernova Cannon Expels Pulsar J0002

3 Comments and 4 Shares
Supernova Cannon Expels Pulsar J0002 What could shoot out a neutron star like a cannon ball? A supernova. About 10,000 years ago, the supernova that created the nebular remnant CTB 1 not only destroyed a massive star but blasted its newly formed neutron star core -- a pulsar -- out into the Milky Way Galaxy. The pulsar, spinning 8.7 times a second, was discovered using downloadable software Einstein@Home searching through data taken by NASA's orbiting Fermi Gamma-Ray Observatory. Traveling over 1,000 kilometers per second, the pulsar PSR J0002+6216 (J0002 for short) has already left the supernova remnant CTB 1, and is even fast enough to leave our Galaxy. Pictured, the trail of the pulsar is visible extending to the lower left of the supernova remnant. The featured image is a combination of radio images from the VLA and DRAO radio observatories, as well as data archived from NASA's orbiting IRAS infrared observatory. It is well known that supernovas can act as cannons, and even that pulsars can act as cannonballs -- what is not known is how supernovas do it.
Read the whole story
jepler
65 days ago
reply
wow
Earth, Sol system, Western spiral arm
vitormazzi
63 days ago
reply
Brasil
Share this story
Delete
2 public comments
zwol
51 days ago
reply
I’m a little surprised at the closing “we don’t know how this happens”—seems like all it would take is for the supernova to be just a little bit asymmetrical, and the recoil forces would send the remnant flying.
Pittsburgh, PA
zwol
51 days ago
... seems like that’s exactly what happens, it’s just that we don’t have a good detailed model of the process yet.
DexX
67 days ago
reply
Woooowwww...
Melbourne, Australia
Next Page of Stories