Multiverse 2.357
paused to apply patches
There’s a lot of excitement around blockchain-based games and the promise of non-fungible tokens (NFTs) to enable new opportunities for players to own in-game objects that have utility across game platforms. I get the vision, yet I think it’s mostly a case of overinflated expectations.
Let’s break it down. Tokens are standardized digital assets issued on some blockchain (or similar) platform. They are not the coins that are native to a blockchain, but rather assets issued on top of such a system. There are such token systems on most of the major blockchains currently, and while some are highly standardized they are generally not interoperable between platforms.
Read More
The creation of viruses goes way back in computer history, but the commercial explosion of virus remediating software began in earnest in 1987. Several virus removal programs were released in that year, including McAfee Company’s VirusScan software, and Ross Greenberg’s Flushot Plus. Viruses have proliferated and grown in complexity since then, and in the 1990s an industry sprung up to counter this trend.
In this post we’re going to address commercial AntiVirus software aimed at the consumer market in terms of efficacy, security and privacy. Businesses have different needs, have different networks to protect and use different sorts of endpoint security solutions.
Read More
Ever wonder how to create packages for your operating system distro? I did – in fact for a long time I didn’t know much about how they worked – they just did. For linux users, life would be rough without these amazing helpers that keep track of versions and dependencies. They install, upgrade, remove and manage software and the repositories that software comes from.
Read More
VPNs are becoming so widely used, it’s worth taking a closer look at them. Previously in Intro to VPNs we talked about the basics including what a VPN is and what they’re used for by individuals and businesses. Let’s focus now on personal use of VPN providers in this post.
Never use a free VPN service! Running a VPN service requires buying, setting up and maintaining servers and software, paying the people who do that work, and paying for lots of bandwidth; i.e. high initial setup and ongoing operating costs. If the VPN provider is not charging you, they’re covering the costs in another way – perhaps by selling your profile data based on your Internet usage, or violating your privacy in other ways.
Read More
In the last post about biometric identification, “Fingers, Eyes & Veins” we looked at some of the technologies in use today, after an introduction to facial recognition in the previous post. Now let’s look at what governments are doing with the biometric data they’re collecting and using. They believe this will drive efficiency and fairness in government-personal interactions but the early indicators suggest disasterous results.
India has a government run program called Aadhaar that is essentially a giant database of biometric identity markers plus demographic data for their citizens, used by the state assistance programs. Other national governments have also expressed interest in this system if successful. The Indian government claimed this would lead to budgetary savings due to increased efficiencies and reduce corruption, but results are not clear.
Read More
We mentioned that hiding text within text is the common ancestor of all steganographic techniques earlier, in our initial post on digital steganography basics. However, in the digital age there are some new wrinkles due to the existence of various kinds of computer files. Of course text messages can be concealed in any number of file types – in fact every file type, but we need to begin somewhere so let’s examine text-based steganography.
Text files are simply files that are interpreted as such by an operating system. The notion of files and filesystems is an abstraction the OS provides us so we can more easily manage data. These “files” are ones and zeros just the same as binary files, but they are comprised of human readable text encoded using a standard scheme like ASCII or Unicode. In the modern version of American Standard Code for Information Interchange (ASCII) each byte is interpreted as one character, and since a byte is 8 ones and zeros, it can represent 256 (2 possibilities per bit, 8 bits so 2^8=256) characters.
Read More
I’m new to Python although I’ve been programming for years in other languages. So imagine my surprise when I found out how great scapy is! In a couple of earlier posts I wrote about crafting custom packets and using scapy commands, so now I’m going to talk about programming with scapy. Instead of finishing scripts and then moving on to something else, it’s nice to write a post about one because going over it in detail really reinforces what I’ve learned.
This script is a basic DNS lookup tool not unlike nslookup or dig, only not as full featured. It currently only supports querying A recs and NS recs, but it will allow you to first lookup the nameservers for a domain, then find the A rec using an authoritative nameserver.
Read More
What are VPNs? Virtual Private Networks are popular and a useful tool in your quest to guard your online security and privacy, as well as being an important tool for companies to allow remote access to their internal networks. Wikipedia defines them as follows, “A virtual private network (VPN) extends a private network across a public network, and enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network.”
VPNs have long been used in the enterprise to allow remote access to internal networks for remote workers, contractors, traveling workers, etc. In the corporate environment, VPNs allow remote users to access resources on internal networks. In the past decade, however, we’ve seen a surge in usage among privacy conscious individuals. It’s important to understand the security and privacy implications of VPNs, and to consider the criteria for choosing a VPN provider.
Read More
Fingerprint readers are commonly used today to unlock smartphones, as well as providing a second factor in physical access control systems. In the previous post we took a look at facial recognition systems, now let’s introduce some other types of biometric identifiers commonly used today.
Certain fingerprints will match a variety of similar prints; they can be searched for and collected for use in these types of systems. Worse still, synthetic fingerprints have been shown to be highly effective, against standard systems like the type used in consumer devices, they have been shown to match up to 77% of prints with only a 1% error rate. If this method of authentication becomes more widely used, people will likely improve these systems, so more accuracy is not the answer.
Read More
Let’s talk about modern steganography. I don’t want to cover the long history of it, since that requires dedicating a full post to the techniques used over the centuries to conceal information. Old techniques are typically meant to hide text messages, since audio and video recording was not possible, and recorded images were not digital.
Steganography is about hiding secrets in plain sight. It is not encryption, which is a scrambling of information so that it’s unreadable. The term is derived from the greek words steganos (covered) and graphos (writing), which has become misleading in the computer age. Modern steganography is all about hiding text or files inside digital files.
Read More
Facial recognition systems measure and match facial feature patterns to identify people. The only thing required in terms of sensors is a camera, so it is well suited for use with mobile phones and CCTV cameras. This technology works well with crowds of people as well as with individuals, so it is not only used by apps and devices to identify the user, but also being used in concerts, sporting events and in airport terminals.
In the previous post, an introduction to biometric identification systems we mentioned the complexity of evaluating different use cases for these technoogiues, and discussed the problems around error rates. We also mentioned inherent bias showing up in facial recognition systems, and now we get to dive in a bit deeper.
Read MoreWelcome to the second part of our scapy series of posts. In the previous post we discussed creating custom packets using scapy and gave some simple examples.
In this post we’ll cover common commands for operations on packets like inspecting them and for network operations like sniffing traffic. In the next post we’ll introduce programming with scapy, as it was designed to be used in Python programs.
Read More