Category Archives: Security

Security

Free exploit automation: Pmcma released

Leave a comment

Funny intro in the README

Is this tool for me ?
———————

[…]

As a script kiddie, you may have found a piece of code you don’t understand on the internet, but are nonetheless decided to go to jail.

In all those cases, and surely many others, Pmcma was probably made for you.

I think they mean that if you run Pmcma on code without authorization and get caught you will go to jail. The decision to go to jail? That sounds like a protest. I don’t think that fits with the motive of someone who wants to run scripts in the sense of a “kiddie”. Perhaps it could be translated into French like this:

En tant que pirate adolescent vous voulez tester le logiciel sur Internet et ne se soucient pas d’aller en prison.

Ok, that’s my attempt at Canadian French, but still…I put the emphasis on being unaware of consequences rather than making it a decision to go to jail.

Anyway, Pmcma offers to automatically write exploits for flaws it finds in software (given it has root privilege) without the need for sourcecode.

Food, Security

Restaurants That Stalk Online Commenters

Leave a comment

Interesting quote from the owner of a San Francisco restaurant.

Weinberg says in her blog that: “With a bazillion places online to tell us how badly we sucked, we do take it very personally”. “We scour the sites, cyber-stalking our customers.” She isn’t joking about the cyber-stalking.

When they see a negative comment, Weinberg and her team will track the customer through cyber-space to see what other restaurants they frequent and how they have rated them, before determining whether the complaint should be taken seriously. If they get the feeling that something should change, they change it. “Both online comments and in-house feedback usually reflect if the menu needs tweaking,” she says.

It sounds like they take the comment seriously because they take the trouble to track the customer. Then they determine whether it is a false positive. What restaurants need like a behavioral index tool. In other words they could save a lot of time if they had a simple reputation engine that gave them a score for an identity based on a list of other restaurants with comments from the same identity. Then they wouldn’t have to take every negative comment seriously, only the ones from identities they “respect”.

Then again this indicates a serious logical fallacy as a filter. It begs the question of how they respond to comments from identities they can recognize even without tracking them. Do they think it’s wise to judge the person before they listen to the message?

What if they designed a filter instead to be based on details of an event? When a commenter gives specific feedback about a taste, a detail that only a real patron could know, then they would know to take the comment seriously. A generic comment would be ignored. The flip side of this is that the restaurant would have to accommodate change in their menu and/or service to allow comments to be unique.

If they serve up a hot dish of key management, so to speak, then they can easily track the day and time the customer ate, and they can focus on the facts of the comment rather than the person writing a comment. A win-win; valuable feedback for restaurants and freedom (from stalkers) for their customers.

And just for reference, here is the restaurant owner’s FAQ, which might give you some insight into what she really thinks when people comment…

Q. Wow, Anna did you notice how big this space is? That’s a ton of seats to fill…

A. Yes a#$%##e I noticed how big it is.

Q: It really doesn’t look like you will be done by September. Or even this year.

A. Yes a###%^^e I noticed we are a little behind.

Q: Isn’t it like, impossible to find this many good staff?

A. Yes a$%$&&hole. It’s very hard to find good staff these days.

Q: Is that where the bar is going?

A. Yes a$$%%@e, that’s where the obviously brand spanking new bar is going. It’s right there in front of you.

Security

Cisco Sued for Aiding Chinese Authorities

Leave a comment

The New York Times reports that a human rights advocacy group has filed a complaint in reference to Cisco network surveillance product marketing material.

The group’s evidence includes documents that the group says were part of Cisco’s marketing pitch to Chinese organizations and government agencies, including a page from a PowerPoint presentation boasting that Cisco’s technology can “recognize over 90% of Falun Gong pictures” in e-mail traffic. Another document, which the group says was used by Cisco’s sales teams, described a broad public security database that would contain information on Chinese citizens, including “key personnel of ‘Falun Gong’ evil cult organization.” That database would in turn be connected to a system of firewalls and monitoring systems that could be used to filter content that the Chinese government considers to be sensitive.

There are many odd details in this case. Why would Cisco make a direct reference to Falun Gong instead of an indirect reference, for example. Did they have to say Falun Gong pictures could be recognized? That seems unusually tailored for a customer pitch. And why would Cisco be headed into this market/sales pitch when they are at the end-of-life for their entire security product line (MARS, ASA, etc) everywhere else? But the much larger question this case raises, beyond any specific presentation or sales pitch, is whether any tech company could be sued on the same basis for selling to the Chinese.

Energy, Security

Warning Labels for Coal Power Plants

Leave a comment

Illustration by Tom Toles.

Warning Labels for Coal

He forgot serious illness such as cancer, birth defects

…huge rates of coal consumption were a factor behind an increase in cancer and birth defects as well as non-specific and chronic nervous, immune and respiratory illnesses.

Coal-fired power plants contribute three quarters of China’s total electricity needs, but also around 70 percent of energy sector air pollution.

The government has been studying how to reduce its toxic effects, but “clean coal” remains a misnomer, said the group’s China campaign manager, Yang Ailun.

“There are many coal power plants saying they are now ‘clean’ but there are a lot of misunderstandings — coal creates pollution and clean coal is impossible,” she said.

Studies of the effect of coal used in homes have a similar warning:

[Kirk Smith, a professor of global environmental health at the University of California, Berkeley] said the results of the study do provide further evidence that coal causes significant health problems and should be replaced by other fuel sources. “Coal can’t be burned cleanly…it should be banned from all household use,” he told Reuters Health.