Who needs to log stuff anyway…I wonder what that other process is?
Archive for the ‘ Security ’ Category
I just had a look at the mindflash training course, and having completed the sample course was greeted with the following error :
Mindflash – Thank you is a bad request
Looks like the url is not being escaped properly – it seems that the %d and %s are place holders that should have content replaced. Examining the other urls for the course the address should have been : https://www.mindflash.com/player/677505279/thank-you/
The other week Miss Vicki and I went to see SPECTRE, and maybe it’s my age, but while I enjoyed the film, later on I felt that a lot of the film was trying its hardest to dig up 1960s bond memes
Hey remember Bond drove an Aston Martin? Quick chuck in an Aston Martin – quick!
Hey, remember how cool all the voodoo stuff was in Live and Let die? here’s a sequence at the Mexican Day of the dead for no reason whatsoever
Hey remember the crap flirting between bond and Moneypenny, that somehow looks sexist in a modern society? SHAZAM- it’s back Baby!
Hey remember how bond villains used to have rooms full of henchmen operating machinery? yeah chuck a high-tech headquarters in there
Well here at the Bunker we have wings of high-tech machines that go ping and are operated by legions of guys in overalls and hard hats so we know a thing or two about running an underground base, so I thought it would be fun if I dug out this months copy of ‘Lairs and Bunkers’
and look at some of the reviews inside:
The Death Star
classic with full on retro 70s stylings, with occasional swathes of red which is a welcome relief. Everything here is a monochromatic nightmare. Granted it can destroy a planet, but sheesh!
The word here is variety, there are lots of different styles of Henchmen White plated storm troopers, Black plated TIE fighter pilots grey officers all suited and booted with a certain Nazi stylings chuck into the mix the black-robed Emperor, and Darth Vader. However having lots of different Henchmen does not make up for the fact that yet again everything is GREY! it’s a mercy that imperial guards are crimson, because otherwise I might think I was watching a black and white film.
Health & Safety
Well, where to begin with this? The layout of the Death Star seems wildly illogical, the station seems to be hollow, with the most dangerous explosion-causing device (the main reactor) situated in the dead centre of the facility. This means that an explosion will destroy the whole facility. Whereas positioning the reactor off-centre would only destroy a section of the facility, and would allow the henchmen time to get to escape pods. The designers for the death star also thought that having long bottomless shafts without handrails was a perfectly acceptable way to design an interior along with doors that operate bridges. This is important if you are a storm trooper, you can surely not see much in that helmet and the reduced visibility will only lead to more accidents, which is a damming indictment of what is a government facility.
Don’t Believe the hype. The ability to destroy a planet is insignificant next to the power of a work place free from tripping hazards and bottomless pits.
Joker’s Lair – Batman
Vivid bright colours and circus memorabilia all over the place, there are very few Lairs that accurately reflect the personality of their owner, The Joker takes every lair he has and makes it something totally unique. But here’s the problem: Any city planner worth their salt would simply devise a scheme where a wealthy philanthropist, like Bruce Wayne, could buy up all the disused joke shops, factories that made goods for joke shops or derelict fun fairs and turn them into affordable homes, reducing the number of potential lairs for the joker, it also makes him very easy to find. The point of a secret lair is that its secret. If batman can guess where you live and he’s right 9 times out of 10, then maybe its time to think about changing your property M.O.
Depends, Sometimes the joker opts for normal hoodlums and gives then cars to match his colour-scheme, sometimes he demands they actually dress like clowns, and some days he simply hires a lot of hoodlums and kills them off during the heist! Capriciousness. This makes for a stress filled working environment, No doubt an average henchman’s locker will be crammed depending on the mood of the joker, or if it’s dress-down Friday.
Health & Safety
Structurally, The Joker’s lairs seem sound, if not a little dilapidated. They have all variety of exploding props and things with spring-loaded hidden blades that can cause problems. There is also the possibility you will be sacrificed by your boss just for a punchline.
The Joker’s lair is surprisingly well laid out with a consistent aesthetic. High turnover of staff however will cause problems for the continued smooth running of the lair.
V’s Lair – (V for Vendetta)
As a contrast to most of the lairs on the list, V’s lair is can be described as a Man-cave for the intelligent man. Expect to see priceless works of art hanging on the wall next to a Wurlitzer jukebox , books stacked ceiling high and a copy of the Count of Monte Cristo on DVD.
None, This is a solitary place, a refuge from the world. The last thing V needs is a house guest – if you do find yourself his guest, expect to stay for at least a year.
Health & Safety
There is very little wrong with V’s lair, probably the only thing V would need to worry about would be to make sure that his central heating boiler is serviced regularly, as with no windows, any build up of carbon monoxide could prove fatal. On the plus side the lair does come with its own tube train and track – only 1 destination – but it beats walking, and do you know how much property prices are in London these days?
A place for quiet reflection, the overall feeling from this lair is of overstuffed wing back chairs, some Vivaldi or Ella Fitzgerald playing in the background and some dusty tome to read, accompanied by a cheeky red wine.
Well that was quite interesting, I’ll probably grab the next issue and print some of them out too.
I received a letter from my local council regarding the electoral register, and that I needed to refresh my information. So I visited their website and entered the super secret codes from the letter to obtain access to my records. I must say the process seemed straightforward enough – until I reached the feedback section.
Now I hadn’t noticed until the feedback form, but the querystring contained quite a lot of information. I had a quick play with the feedback form, and sent the following communication to the technical department at (I assume) Electoral reform services Ltd. Here’s what I sent them – I’ve censored some of the data within this communication. For more information, the code1/code2 are the security codes from my letter.
I was just looking around the feedback form (I just completed my form on-line) – Have you guys seen how much data is sloshing around in the query string? Here’s the address of this page :
What’s interesting is that this query string data is just slapped into the fields, meaning that if you change the URL, you can effectively send a feedback about a different authority, or person, or address or indeed anything. Why not store this stuff in session, where I can’t access it?
Potential implication : Spam messages sent to every council about every property from a fake name. Once feedback is sent feedback cannot be re sent – this would be a denial of service for all legitimate users.
Potential implication : XSS – These values are posted into the page into fields. It should be possible to strip out anything that looks like JS, and hopefully you’ve done that. I’m too scared to try it.
It’s possible that this information was floating around all the time on my query string but I never saw it.
I’m sure that it hasn’t escaped your attention, but Volkswagen has been caught doing something underhand and sneaky. Volkswagen is accused of implementing software code within a diesel car’s engine management computer to detect the presence of emissions sensing equipment, and modify the flow of fuel through the engine to attain lower emission ratings and therefore pass the emissions test. The effect of this is that Volkswagen had an unfair advantage over other diesel manufacturers, and at the same time the emissions of these cars are actually up to 40% more than under test conditions.
The fall out of this scandal has forced the Chief Executive -Martin Winterkorn- to resign, the share price to plummet and leaves Volkswagen with its reputation in tatters and facing a potential $18 Billion fine.
Artur Fischer (Joint CEO of the Berlin Stock Exchange) – was interviewed on BBC Radio 4 and had the following to say about the scandal, and interestingly about software:
“But I really like your listeners to remember that software changes can be done by small groups of people and can be deployed in millions and the real question I have, from a distance is, How about software quality assurance? How about compliance? How big was that problem inside the company? and for that to analyse you need to have a fresh start”
Overall I’d agree with Artur’s first point – that software changes can be made by small groups of people – however the rest of this statement left me feeling uncomfortable. Artur’s first point about software group size could – if I were more cynical – be an attempt to create a narrative around this. Something along the lines of “It was a few rogue programmers that released this code”, and the “Fresh Start” that he talks about could be an attempt to prevent too much scrutiny of the processes around software development. Fresh Start was also a phrase used by the outgoing Markin Winterkorn. I’m not sure what analysis you can do if you implement a fresh start – and it again cynically may look like an attempt to bury other systemic failures within the VW group.
It’s a fact of life that software is more and more prevalent in the things we buy and consume today, and with the future Internet of Things materialising around us, I think we need to be concious of the issues that can arise from software lurking in things that we may not traditionally associate with running software..
At OggCamp a few years ago I heard Karen Sandler talk about the pacemaker she has fitted, and the issues that she struggled with around the problem of bugs in medical devices that are implanted into your body – like pacemakers and insulin pumps – how these can be hacked or manipulated, and how the code for these devices is unavailable.
We place a huge amount of trust in out cars – and underpinning this trust is code. How can we be sure that the code in my car won’t detect a test condition, and lower the fuel consumption? That could leave me without power while driving, and therefore potentially in danger.
So how do we mitigate the issue that software is going to be ever present in more and more things ?
Well for some devices like My Friend Cayla, or garage door openers security researchers have done the research to identify issues with those devices. Some manufacturers may be able to issue patches to affected devices. I’m less sure how a patch could be distributed to my car, or a pacemaker. The EFF believe that the Volkswagen emission test issue could have been uncovered if there was access to the source code – I’m betting that Martin Winterkorn is probably wishing that their software was accessible through some mechanism.
Title : Villain – Wikipedia, the free encyclopedia
Source : https://en.wikipedia.org/wiki/Villain#/media/File:Villainc.svg
license : Attribution-ShareAlike 3.0 Unported
I saw on the BBC website the other day an interesting article about building security into email.
Error message spotted on an ATM at Birmingham Women’s Hospital 14/08/2015.
- Assemble Avengers
- Content Packaging
- Dr who
- Open Source
- Open University
- Planet Ubuntu
- Quickly Ebook Template
- s book
- Snail Tales
- This Modern Life
- February 2017
- January 2017
- December 2016
- November 2016
- October 2016
- September 2016
- August 2016
- July 2016
- June 2016
- May 2016
- April 2016
- March 2016
- February 2016
- January 2016
- December 2015
- November 2015
- October 2015
- September 2015
- August 2015
- July 2015
- June 2015
- May 2015
- April 2015
- March 2015
- February 2015
- January 2015
- December 2014
- November 2014
- October 2014
- September 2014
- August 2014
- June 2014
- May 2014
- April 2014
- March 2014
- February 2014
- January 2014
- December 2013
- November 2013
- October 2013
- September 2013
- August 2013
- July 2013
- June 2013
- May 2013
- April 2013
- March 2013
- February 2013
- January 2013
- December 2012
- November 2012
- October 2012
- September 2012
- August 2012
- July 2012
- June 2012
- May 2012
- April 2012
- March 2012
- January 2012
- December 2011
- November 2011
- October 2011
- September 2011
- August 2011
- July 2011
- June 2011
- May 2011
- April 2011
- March 2011
- February 2011
- January 2011
- December 2010
- November 2010
- October 2010
- September 2010
- August 2010