Computer security just got harder

Posted on by

This has been coming for quite some time (H/T to Jeff):

Triulzi said he’s seen plenty of firmware-targeting malware in the laboratory. A client of his once infected the UEFI-based BIOS of his Mac laptop as part of an experiment. Five years ago, Triulzi himself developed proof-of-concept malware that stealthily infected the network interface controllers that sit on a computer motherboard and provide the Ethernet jack that connects the machine to a network. His research built off of work by John Heasman that demonstrated how to plant hard-to-detect malware known as a rootkit in a computer’s peripheral component interconnect, the Intel-developed connection that attaches hardware devices to a CPU.

I wrote and demonstrated to some folks in D.C. a prototype of something like this in 2004 or 2005. Even before that lots of people knew it was possible.

You can remove all hard disks from your computer, install empty ones, and as the computer is booting up for the first time infect the new hard disk before the O/S even attempts to boot off of the CD drive. Of if you wanted you could just refuse to boot.

Imagine a stealth virus that infected some large percentage of all computers then on September 11th would only perform one function—format any storage device it had control of.

Sleep well.

Quote of the day—Robert J. Avrech

Posted on by

We return to Stalin’s omelet. Over and over, Democrats calmly and cruelly explain that only five percent of Americans will be booted off their insurance plans. And those insurance plans were substandard anyway.

First of all, five percent translates into roughly 16 million Americans. Each person whose insurance is terminated because Obama does not like his or her choice is a story of fear and panic and possible financial ruin. Further, does anyone even believe the Democrat apologists’ quote of five percent? That number will grow and grow as ObamaCare tightens its death grip.

The “only five percent” line of reasoning tells us a great deal about the utopian vision of Democrats. The individual does not count. Democrats claim to see the larger picture. But they see only a collective, a manageable herd. And once again, they know better. Forget that millions of Americans voluntarily entered into contracts they deemed right for themselves and their families. This counts for nothing to the Democrat political class. They are experts. They attended Ivy League schools. This makes the professional political class — overeducated, inbred elitists — better qualified to make decisions for us, the American people, that are truly about matters of life and death.

The core of American values is liberty, not government.

Robert J. Avrech
October 30, 2013
The Democrat-ObamaCare Purges
[You should never forget that “only five percent” line. Communists have used identical reasoning in their purges. The good of the whole is more important than the good of the individual. And if they have to “break a few eggs” they really don’t see what the problem is.

The differences between us cannot be resolved with a compromise. If they liquidate 1% or 10% it does not matter to me. They would still be committed mass evil and deserve whatever the “Nuremburg Courts” rule.—Joe]

Low-speed heavy bullet expansion

Posted on by

I was pondering my earlier experience with bullet performance, and got to wondering about the other end of things, with low-velocity rifle bullets. When shooting at very long ranges, or when using a subsonic cartridge like a 300 Blackout / Whisper, what heavy .30 cal bullets expand reliably at around 1000 fps? Obviously something like a 200 grain Nosler Partition will hold together, but will it mushroom at all at low velocity? They only brag about expansion down to 1800 fps on their Ballistic Tip, which only goes to 180 gr. Their “long range” Accubond recommends greater than 1300 FPS. Now, with a BC of .730 in a 210 gr Spitzer it’s still going to hurt what it hits, but if you want to maximize energy transfer, punching a neat hole isn’t the way to do it.

Any thoughts, experience, recommendations, or rumors?

Downrange is a bad place to be

Posted on by

Supposed to be real footage, from something like a thousand meters on full zoom. Not a fun spot to be filming from. Likely fake, but hey, it’s cool.

NSA spying has rippling effects

Posted on by

From the Wall Street Journal:

AT&T Inc.’s ambitions to expand in Europe have run into unexpected hurdles amid the growing outcry across the region over surveillance by the National Security Agency. German and other European officials said any attempt by AT&T to acquire a major wireless operator would face intense scrutiny, given the company’s work with the U.S. agency’s data-collection programs.

This is no different than the problems China would have buying Intel, Microsoft, T-Mobile, or Google. Would you want a country with such a poor record of human rights having the ability to surreptitiously read all your Internet traffic, listen to your phone calls, and even read the snail mail letter you wrote using Microsoft Word?

Guess what. Our country now has a poor record on human rights and is suffering the consequences for it.

8/DQe9vHOEVGfDjWVzCvYXDgeJSzNe/Yn53aZVA74SkcYp+ViaVeIsgh5DI7HMaULSa7p9EH
hM4YYuR3kTSmT2NvWi13SW+wmymHKkwoGCE4iabn6+/c+yZ9meFmVZWs0DHiOeSpOviK50Q
o6z/kVzOn6PdRwmyJaglacIgNXANJLf6qfn3sTiN27vaf8zL1ipeqVYfGjAiViDkMr93jiA
kCH38Ay7f9ZBxVz3CUvvmCMy7fiuMKHVmfItmGvLviWMty+RkFIj77Gp/b/fSToY7NF4hIp
sP3GtbsHCX29RlXe5JhrHjrvLcs9rmC4eCupAaSo/YcANI9farWDcTbUUGSr0H476VPA+SS
PGw2lT2pnEtpjlNGJgUMcVgPpJSGlESHoXXs929NfHtMuU3qxsb6LrLZDwlen/TI4oyRwMA
pEV7E8tGRDE00IF4FTMnGyxUSRFPbJpdOhA0h8T/YDOByBljhZdZlXBXOmqHdLmeMDC0zO/
0iNghodB0Qn6sKnkOrYLO6jnKEilvsmxsyP8rTcSxOV2asuqSWxzvx4UHWC3gAegpMSh2iy
uLvzuU/Ai5YdNYYGfA5ufRZLDMPKyQle5Oa64PN/XN9SSxI4+jevhK5JhNJI/48sgHFZkFM
JIFV/ptFvPF9ckVwDDcKcAFBBa/HJzkIkhLQgHOLtVLlm65/1VMeWXZPr0WM44gGeXJBIDD
zU5uTQ2quTaH/nKEzAnaqkUkccfGImjw/IR0MP9vKeX/oZgC510C1naWl3aYPReAM/rLF9A
LUivuhVUXyS2yShqs4A/nIsSKM8Be/wONI9SgFjM/Bce5pZ6Dd2f+FmiZeC7e1lP8QInWhe
m1RkH1VC5/fRt0qDUJtn7Bc/R/kiXofZYF3+dlK0psHZLhDe6Zaj2EBJSZT8iVB01BingVA
8kPmk2DxUdwIeLtypALDPtJHQNTsUo87/UQypQsxbclhOo+17hjX/zVVWSyMkIkUhEFk7OF
G4bG7ylZvh1JATuJgUT0tYVdehbM2kcfZpbkqiwJBqY/d7XCgayIOcQYCkbookg3zex4rRA
puXseixUEEUHon5G6ikR9NvdBgzVtmzNlr6sKMqhZ5hUn4ULJVet3MMHS9C+uu9TroQ81yb
OYWAturzmMm84dhGrZ9d5Tj3vD6exjbi3VwAMQzqDwPs5SXFXE8akf823BRpZAS7VPeVWiP
YRZZ2fBIytcBgVQHaUGAdfjKHhLBOe2LMUFm54+Zm7RQ2rgRr1TXHAdEob0t6gwofE25f92
uqKpIOceve8C+SpSIMTZVboy78MShmL/9z8EE6d5CN0p07arST9DtAlKl8KiHC5lp1FoY4P
oSNXwWUEaIiDjJPotvxrJ1+B8YhsBaCneVOntouIRoTBiGcNdSrnqccGRw0rWGqw4Ppi4rM
Lam90DXtX21VLvRZRmAEjSzfMIPbV8vGyUyUvHI4ZPK1+JrbjIXRKpe9QwibgzD2YqPmvDK
dQBlk/iulXY++WC4DYepyxBxrVAfeP8tH7tBuxDiWfVdtZoS8z8+uQYOV9AkQJZwRvN+Slf
tpF0C66rj57oKpeH5Flz+HrrA7I1kIIFoC0GEiV71OuhMyOYdrZPSYOyvB2j0NUHquZAyit
UI7avHX3s=

Quote of the day—Roberta X

Posted on by

Lining up armed men in uniform to say “Verboten!” to members of the public wanting to pay their respects at a revered monument (one made of hard, hard rock and solidly anchored) is utterly necessary to the continued functioning of our great republic.

Okay, then.  But they’re gonna need taller, shiner boots.

Roberta X
October 6, 2013
Fed.Gov Has Shut Down The Vietnam Veterans Memorial Wall?
[I think I will start stealing that last line even though it’s not the shiny boots that make the difference. It’s the guns that back them up.

What they don’t seem to understand is that we have guns too. Not only guns but numbers. Numbers of people and numbers of guns that outnumber their guns and numbers. Please stop pushing because demonstrating the guns or the numbers will be very unpleasant for all involved.—Joe]

Chilling effect

Posted on by

New York City recently had its “stop and frisk” policy struck down as violating the Fourth Amendment. The city has not implemented a “monitor” of the program as the court ordered. Now New York City senior attorney Celeste Koeleveld says Judge Scheindlin’s order has had a “chilling effect” on police officers.

And her point is? Does she have a concern about the “chilling effect” of the Fifth Amendment not allowing police officers to torture suspects for confessions? How about the “chilling effect” of the Eight Amendment on Judges because of the prohibition against cruel and unusual punishments in the Eighth Amendment?

The entire intent of the Bill of Rights was and is to have a “chilling effect” on the power of government. In U.S. law the phrase “chilling effect” refers to the stifling effect that vague or excessively broad laws may have on legitimate … activity. A “chilling effect” only exists when government passes laws that private citizens have to obey. Not when government is overstepping bounds that have been in place for hundreds of years. It appears Koeleveld either does not understand government is a servant of the people or she wishes to change the relationship.

NSA decryption

Posted on by

From Leaked Slide Shows NSA Celebrated Victory Over Google’s Security With A Smiley Face:google-cloud-exploitation1383148810

That’s good to know. What that means is that either they can’t break the encrypted messages directly or that it is more work to do so. So they do it by attacking the Google servers that do the encryption and decryption.

That means encrypting my data on my computer before it hits the Internet makes it more difficult or impossible for the NSA to read. Hence:

jfFMMWu3VNTJs0iuzM/h1J9wEDojd3+34PNTyb/u/rEnedy3y9YywxRPtP8wX5nZ13xfkduP
/7+vNFbz7150wnHv8+hyEiubOLVB2D4e2Qu62jVS6E9M7q47BGCgv59S/vhV6EKhJ3GyfqK
taan8ss0V+fBjZbpsBGbhsRXaHT+A8tXSx3DpApmVbc4MIzHr9w8WG5pzCSBI/F2CXjqTE8
EMu/5zmxm+XmawdM4IAtPotIiLDTsw8IoHVJFAMdlagQDlla2z5fGJoZlDu7fsrFu7SYTso
5gEJUZF8eju5sWsqfZp1i8KvdFPYuXbzBdKJYCg/Hq0iD3/yGr4TeuW0yZ4Xrx20Wmv3nit
rOhrWZVAOsbfYB6LgoP8j2w0UkJPtzSr3d+zWk80EDMvsuPgnA93Sn5A+omipxXTimZes6Y
nz0NyXO745pZcOH3CNlddW8AFqQ0KlJC5qNVejPRs3rEQL5y+/pXyEd8JHIo0M2Qm+Elrdn
ZwZLSmNHfCeQk7aNAfD3lHTsaCQmbTZzBVWmq1YFDxiJU5ZJGNy3pXw7LT5BUVXLV9ShlSs
RGbZObCH9W8SaMrW7hu9VBJjYvpXftv0+SpbkTcxRS2IXt1Tfuqi8VgtRyJuDf7uk3wGgmI
4Pip7A/FzAwZFCqSy3zKpkVLNg/Bvos390Y5bATdDIvefJq/4QXS/gfJZkLaDUR1+bhxhBW
tRYdi2Rto3B/+hFZ8GpFCGMQpnJBXmoPsUgNtHKkfYC9PsC6dv7iP9U1NRb5KFiRzsUAutD
9blIUkogSwFvc+zyx4YX7zdY1cMLOqmLbIpep8p2TlStjSj2w6LFQddJUQxwSHSJrd3yVlo
jWtxIJU8FvopqR/LUMBjrAG7bYddOWvbuxFF6Pk/UthK12Ih138Na7OdvuTzkQQmjhXdk9z
o/zjyNyZZAVaFsZa0h/RxQjyZUEihMtEMZDXKZNHgtU3urMkQOTR9k1MZahmhbJtEydMiGJ
6ESoyejbMzD1eqzxmZkIXMrZ3VQfPf1lUxjTPwdOoLtzTbUHvuA02vpd9Gx6L0xbqgn7obb
81TAkuYb4SWn+J7gF8Fi7FVwGFZ2V692KQ05lNDP4mWkGoAGuLZmqjvlee6TqXmIaEE0YWz
HVpvRfsdvpZNQxd

One big happy family

Posted on by

This ought to make you feel all warm and fuzzy.

The same company that made the healthcare.gov website (on a no-bid contract, naturally) is the same one that created the Canadian gun registry that cost roughly twenty times the original estimate and got scrapped a decade later after being found to be both useless and seriously defective.

But they want us to just trust their good intentions, ’cause they are so smart and transparent. Yeah, riiiight.

If a tree falls in the forest

Posted on by

Yesterday, in reference to spying on U.S. citizens, U.S. Congressional Representative Mike Rogers and Intelligence Committee Chair insisted:

You can’t have your privacy violated if you don’t know your privacy is violated.

I can only conclude he would also insist that he hadn’t actually stolen cash from your wallet if you didn’t know it had been taken. Or that a teenage girl hadn’t been raped if she had been drugged and didn’t know what happened.

Someone should tell him that must also mean his privacy wasn’t violated if someone made of video of him having sex with a sheep and didn’t tell anyone.

Field Ballistics bug fix

Posted on by

I fixed a minor bug in Field Ballistics. The new version is 1.1.1.0. It is available on the Windows Phone store now.

The bug was that under certain situations you could delete the last target. Other places in the app required that at least one target exist at all times. After deleting the last target the app would immediately crash.

As a side note: I submitted the changed version Sunday evening. It made it through Microsoft certification in less than three days.

Quote of the day—Daniel Greenfield

Posted on by

Liberal supersessionists claim to be worried about conservative secessionists when they should be far more worried about conservative supersessionists. The consensus we all live by is a fragile thing. It is being torn apart by the radical left and once it is destroyed, it will not bind the right, in the same way that it no longer binds the left.

And then the true conflict will begin.

Daniel Greenfield
The Supersessionists of the Liberal Confederacy
October 20, 2013
[H/T Kevin Baker.

Every paragraph in this awesome post could qualify as a quote of the day or week or even month. It is very, very good.—Joe]

The only purpose

Posted on by

With as many crazy people as there are it’s surprising the world isn’t more messed up than it actually is.

And of course with a psychotic belief like that they have no reservations whatsoever about destroying your guns and you.

I tweeted back the following:

But trying to reason with the mentally ill is hopeless. I know, I’ve tried it before.

Ever had a cell phone get strange on you?

Posted on by

Ever heard of “carrierIQ?” Its an “app” on most cell phones (one that is hidden) that’s sort of part of the OS. It sends stuff to the carriers. It can also execute commands that someone texts to your phone by intercepting them before you see them. It has bugs, and might get a buffer overflow and blow chunks on your phone. Or it might just execute the code, and send a keylog or your current location or contact list back, then delete the text message so you never see it.

As a friend of mine that has been doing software research for years said, it’s basically a trojan that gets loaded by your phone manufacturer, and yes it’s been hacked more than once. (Of course I’m sure a software researcher would never hack the OS of a phone, any more than they’d see if they could run UNIX on an XBox 360, and here of course I’m just making up hypotheticals that no one would ever do.)

Just thought you’d like to know. Sleep well.

The government lies and people die

Posted on by

FACT: Nothing in #Obamacare forces people out of their health plans. No change is required unless insurance companies change existing plans.

— Valerie Jarrett* (@vj44) October 29, 2013

I asked a friend who is in the health insurance business if the above was true. I knew the answer but thought maybe there was some narrow definition of the word “is” or maybe “in” that would make it something other than a false statement.

The response was a laugh and, “No. That’s what I have been doing for the last several weeks. We have been preparing notification letters for individuals telling them their insurance plans are no longer available. Plans they were perfectly happy with and could afford cannot be offered anymore because of ACA.”

I was a bit surprised by the laugh and the almost cheerful mood. They explained, “It’s what we deal with everyday. They constantly say things that are not true and it has gotten to the point where we joke and laugh about it.”

I shouldn’t have been surprised, it’s obvious in hindsight, but they also told me, “We can’t say anything about it though. If we do we will be audited and harassed by the regulators. It’s just not worth it. You don’t say anything bad about the regulators.”

They also told me, “It’s going to be sad. Due to “health care reform” a lot of people that used to have insurance will no longer be covered.

I could say a lot, lot more…if it weren’t for the fear of the government taking revenge upon someone for exposing their lies.

A single person losing their health insurance is a tragedy. 16 million is a statistic. https://t.co/0hgOrYnSEZ

— Mark Hemingway (@Heminator) October 29, 2013

If you don’t recognize the form of the quote above; it’s from Stalin who probably actually said, “’When one man dies it is a tragedy, when thousands die it’s statistics’”.

It’s appropriate to bring Stalin into the discussion for more than just this one reason. Read this book: How Do You Kill 11 Million People?: Why the Truth Matters More Than You Think. It’s a very quick read. There is one thing that government have proved, again and again, that they are very, very good at. It’s killing people. Particularly their own people. One of the crucial links in accomplishing this is lying to their victims and to those who carry out the orders to arrest, transport, and jail them. The lie could be a black as “Arbeit macht frei” or telling the friends and relatives of those executed in the basements of the local police station in the USSR that the ‘counter-revolutionaries and traitors’ had been sent to labor and reeducation camps. It could be the lie that the crowded rail cars were carrying everyone to a place where they would have good homes, schools, and jobs. Or it could be what many would consider a white lie of a campaign promise to provide universal health care. Never mind the “health care panels” administrating the “care” would decide who were treated and who were euthanized.

Obamacare is now being recognized for the disaster so many people knew it would be. What comes next is that the failure will and is being blamed on political obstructionists. This is a lie. The system, as I explained in my previous post, cannot work because of the principles involved. But some are calling for Republicans and the Tea Party to be tried for treason.

What happens next? There is a good chance that the democrats will lose seats in the next election because of it. But that isn’t the only possible outcome. Stalin and the Khmer Rouge regimes handled the failures and criticism of their policies in a different manner without giving up control. And many in the U.S. media approved with rationalizations such as (H/T to Alan Gura):

The new government of Cambodia may have to resort to strong measures against a few to gain democratic socialism for all Cambodians. And we support the United Front in the pursuit of its presently stated goals.

The current administration has consistently lied about gun control, operation Fast and Furious, the massive spying, stopping the wars, closing Guantanamo Bay, Benghazi, jobs creation, and health care reform. But the really scary stuff is what they have told the truth about. They said they would be willing to use drones to kill U.S. citizens on American soil.

Lying is what comes naturally to them. They tell lies the people want to believe. But once you have told enough lies your brain changes and you have trouble telling or even knowing the truth.

History has some very brutal examples of what happens when government policy is to lie. We must not let that happen here.

* Valerie Jarrett (@vj44) is an official Whitehouse twitter account.

Quote of the day—Mike Konczal

Posted on by

It’s important we get more sophisticated analysis of what has gone wrong with the ACA rollout to better appreciate how utilizing “the market” can be far more cumbersome and inefficient than the government just doing things itself.

Mike Konczal
October 23, 2013
What Kind of Problem is the ACA Rollout for Liberalism?
[In other words, “Our government program is such a disaster that we need a new and expanded government program to fix it.”

Monopolies are almost always a bad thing. The lack of choice creates a situation where inferior and expensive products do not get improved or replaced. Konczcal and hard-core liberals want government monopolies. The soft-core liberals want to regulate the market.

What Konczal doesn’t understand is that he, politicians, and government in general, do not have the domain knowledge to solve most problems. This includes regulating the solution providers. When I read the instruction manual for my car and it says to use a particular grade of gasoline and change the oil every 5000 miles I follow their recommendations. They know their car far better than I do. Even though I am a software engineer when a software package says it requires X megabytes of RAM Y megabytes of disk space I follow their recommendations because they know their software far better than I do.

The advocate for more government might say, “We will bring in experts and/or we will become experts.” This doesn’t work. I worked in a government lab for three years. I remember sitting in a meeting discussing how to get more research contracts. One guy said, “What we have is the ability to become experts on anything within a couple of weeks.” He was serious. I felt the blood drain out of my face. I had been working with him for over two years and I had not yet discovered anything that I considered him an expert on. They spent several years and millions of dollars coming up with a software testing and quality program for the software being developed at the lab. What they came up with was something that the industry had left behind a decade or two previously (the “waterfall model”).

The reason government cannot acquire the expertise is because they are a monopoly and expertise is like a product. It must constantly be improved and updated to remain relevant. And without the marketplace pressure it will stagnant and become obsolete.

Because of this lack of domain knowledge and the inherent inferiority of monopoly products government “doing it itself” will always be the wrong answer to a problem that doesn’t involve the use of force.—Joe]

Random thought of the day

Posted on by

I find it odd that many of the people who believe they are wise enough to know the world would be a better place if the second article in the Bill of Rights were eliminated choose the people they wish to associate with according to what they believe is a proxy for penis size.

Win prizes and meet “The Gunny”

Posted on by

Optics Planet is giving away a free trip to Las Vegas plus a bunch of knives and a meeting with “The Gunny”. The knives include:

  • One (1) AU03-N Aura SEAL Knife (X0-KN-SLSL-AU03-N) (Value: $60.00)
  • One (1) TF-1 Trident, Partially Serrated Black TiNi Folding Knife (X0-KN-TR23IO-TF-1) (Value: $114.00)
  • One (1) F18-N Voodoo Hawk, Black, Black F18-N (X0-A2-F18-N) (Value: $75.00)
  • One (1) F06PN-CP FastHawk Tactical Tomahawk with Nylon Sheath, Polished Finish, Black F06PN-CP (X0-A2-F06PN-CP) (value: $50.00)
  • One (1) DarkEnergy 247 Lumen Tactical Handheld LED Flashlight with Belt Clip, Large (DE-02-X0-FL-DE-02) (value: $130.00)
  • One (1) M37-N SEAL Pup Powder Coated Knife, Nylon Sheath (X0-KN-SLPOP-M37-N) (value: $98.50)
  • One (1) MC02-N SOGFari Black Machete, 18in Blade w/ Sheath & Pouch (X0-KN-SJH76TS-MC02-N) (value: $33.00)
  • One (1) PowerAssist Multiool w/ Nylon Sheath, 15ools Combined, BLK Oxide Finish, Black (B66N-CP X0-M3-GAS8U-B66N-CP) (value: $126.50)
  • One (1) Gunny Folding Knife – Limited Edition (X0-KN-SOG-GFL01-L) (value: $520.00)
  • One (1) VL02 VULCAN MINI Folding VG-10 Kn (X0-KN-HSG12-VL-04) (value: $188.50)
  • One (1) Bowie 2.0 Knife (X0-KN-S1T-L) (value: $248.50)
Sweepstakes info.

The odds of winning depend on how many people enter so please don’t enter as it decreases my odds.

Quote of the day—Jeff Fyke

Posted on by

@linoge_wotc @rickygervais Couldn’t agree more. @NRA members need guns to prove their men. #PenisEnvy #GunControl

Jeff Fyke
Tweeted on May 6, 2013

[It’s another Markley’s Law Monday! Via still another Tweet from Linoge.—Joe]

Gun control humor (almost)

Posted on by

I like the following but it’s a little “too close to home” to actually get a laugh out of me.

TrustTheGovernment

Undocumented

Via email from Pat A.