Archive for August, 2019

Newer Entries »

Obit watch: August 9, 2019.

Friday, August 9th, 2019

Rosie Ruiz, historical footnote. She apparently died in early July, but her death was not widely reported until recently.

For the younger set: Ms. Ruiz “won” the 1980 Boston Marathon, with a “finishing time” of 2:31:56.

But suspicions about her victory arose immediately. Spotters had not seen her at checkpoints along the 26-mile course, and after the race she told a television interviewer that she had run only one other marathon, the 1979 New York City Marathon, and that she had finished that race in 2:56:33.

Eventually, it came out that Ms. Ruiz hadn’t actually finished the NYC Marathon:

New York City Marathon officials invalidated Ruiz’s time after reviewing videotape showing that Ruiz had not crossed the finish line in the time she had mistakenly been assigned by a volunteer, who thought Ruiz was an injured runner.
Days later, Ruiz’s victory in Boston was also nullified. Race organizers there based their decision on about 10,000 photographs taken along the last mile of the race as well as on information supplied by the news media and observers along the route. In addition, at least one witness recalled seeing Ruiz enter the course at Kenmore Square, about a mile from the finish line.

Jacqueline Gareau was declared the women’s winner. According to Wikipedia (I know, I know) her time was 2:34:28, which was a record women’s time for the Boston Marathon.

Posted in History, Obits, Sports | Comments Closed

Black Hat/DEFCON 27 links: August 8, 2019.

Thursday, August 8th, 2019

So here’s the first round of stuff from Black Hat and DEFCON 27. I apologize that I’m just posting links, but I haven’t had time to really digest any of these presentations, and I want to get the links up while they are still semi-timely:

  • “Look, No Hands! — The Remote, Interaction-less Attack Surface of the iPhone” by Natalie Silvanovich. Slides here. Google Project Zero blog post here.
  • “Bypassing the Maginot Line: Remotely Exploit the Hardware Decoder on Smartphone” by Xiling Gong and Peter Pi. White paper here. Slides here. Blog post here.
  • “Attacking and Defending the Microsoft Cloud (Office 365 & Azure AD)” by Sean Metcalf and Mark Morowczynski. Slides here.
  • “Reverse Engineering WhatsApp Encryption for Chat Manipulation and More” by Roman Zaikin and Oded Vanunu. Slides here.

I think it’s still early for today’s Black Hat and DEFCON presentations. I may try to get another post up tonight.

Posted in Apple, DEFCON, DEFCON 27 | Comments Closed

Don’t be evil.

Wednesday, August 7th, 2019

I’m seeing reports that Google is deleting gun blogs.

The only one I’ve been able to “confirm” so far is “No Lawyers – Only Guns and Money”: John Richardson has posted on Twitter that his blog has been locked. (Hattip: SayUncle.)

Thing is, one data point doesn’t make a trend, and it could be just incompetent Google support (is that redundant?). Or it could indeed be a Google decision.

My point here is mostly: it doesn’t matter if you’re on Google, or on a third party hosting provider, or even if you own your own server. Back your (stuff) up.

And in that vein, thanks to McThag for the valuable reminder that I hadn’t backed my (stuff) up in a while. A failing which I have since corrected.

Posted in Admin, Backups, Guns | 2 Comments »

Lock, lock, baby, baby.

Wednesday, August 7th, 2019

I missed these the first time around, but the Hacker News Twitter linked to them a couple of days ago. I thought I’d blog them for the benefit of all my lock/computer security/Internet of Broken Things fans.

There’s a type of lock called the FB50 smart lock. It’s manufactured by a Chinese company, and sold “under multiple brands across many ecommerce sites”. As you might guess, it has Bluetooth and an app.

And, of course, it’s vulnerable. Once you get the lock’s MAC address (which, you know, you can get just by looking for Bluetooth devices in the area), you can use a series of HTTP requests to get the lock ID and the user ID, and then disassociate the user from the lock and associate yourself.

Discussion and proof of concept code here.

And the footnotes on that led me to another Pen Test Partners lock exploit (these are the folks who brought you the Tapplock one). This time the target is something called the Nokelock, which is apparently popular on Amazon (“…they do a number of different formats in a number of different body types, sometimes with other unlocking devices, such as a fingerprint sensors. There are other brand names they get repackaged as, such as Micalock.”)

So the Bluetooth packets are encrypted. But…

…the key can be obtained from the API by two methods. All the API requests need a valid API token, which can be obtained by simply creating a user with a throw away email address.

And:

…all traffic, including the user’s traffic is sent via the unencrypted HTTP protocol.

And there’s no authorization for API calls. All you need is a token, which (as noted above) you can get with an email address. Once you’ve got a token, you can grab the information about any lock, “including email address, password hash and the GPS location of a lock”.

And the password hash is unsalted MD5. “This is a cryptographically weak hash type that can be run through very quickly.”

Extra bonus points: the footnotes for the Pen Test Partners entry point to yet another lock exploit, this one for something called the Klic Lock.

An authentication bypass in website post requests in the Tzumi Electronics Klic Lock application 1.0.9 for mobile devices allows attackers to access resources (that are not otherwise accessible without proper authentication) via capture-replay. Physically proximate attackers can use this information to unlock unauthorized Tzumi Electronics Klic Smart Padlock Model 5686 Firmware 6.2

I don’t think I can put it any better than icyphox did:

DO NOT. Ever. Buy. A smart lock. You’re better off with the “dumb” ones with keys.

Posted in Bluetooth, Locks, Radio | Comments Closed

Also an obit watch.

Tuesday, August 6th, 2019

It has been really, really hard to find anything linkable on this, but Lawrence has a post up at his other blog:

Barry Hughart, noted fantasy writer. I’m not a big fantasy fan, but I’ve heard a lot of folks I trust (including Lawrence) rave about the Master Li and Number Ten Ox books. I do want to read them: I just haven’t been able to accumulate copies.

(Of course, if I were sufficiently motivated, Lame Excuse Books could probably take care of that.)

Posted in Books, Obits | Comments Closed

Layers and layers of fact checkers.

Tuesday, August 6th, 2019

I noticed this over the weekend and pointed it out to a few people, but it’s still going on:

Posted in Media, Music, Obits | Comments Closed

Obit watch: August 6, 2019.

Tuesday, August 6th, 2019

The NYT is reporting the death of Toni Morrison, Nobel prize winning writer.

Preliminary NYT obit here, which will probably be replaced by a full obit later.

Posted in Books, Obits | Comments Closed

Here’s an odd clipping for you…

Monday, August 5th, 2019

Odd because:

1) I don’t like talking about religion.
II) I don’t like linking to ESPN.
c) I don’t like basketball.

With those stipulations: Shelly Pennefather was one of the great women’s basketball players.

She scored 2,408 points, breaking Villanova’s all-time record for women and men. She did it without the benefit of the 3-point shot, and the record still stands today.

After college, she played in Japan for a while. But she felt a calling, so in 1991…

…she became a cloistered nun.

The Poor Clares are one of the strictest religious orders in the world. They sleep on straw mattresses, in full habit, and wake up every night at 12:30 a.m. to pray, never resting more than four hours at a time. They are barefoot 23 hours of the day, except for the one hour in which they walk around the courtyard in sandals.
They are cut off from society. Sister Rose Marie will never leave the monastery, unless there’s a medical emergency. She’ll never call or email or text anyone, either. The rules seem so arbitrarily harsh. She gets two family visits per year, but converses through a see-through screen. She can write letters to her friends, but only if they write to her first. And once every 25 years, she can hug her family.

Don’t really have much more I want to say about this, other than I recommend you read the linked story.

Posted in Religion, Sports | Comments Closed

Obit watch: August 5, 2019.

Monday, August 5th, 2019

D. A. Pennebaker, noted mostly as a documentary filmmaker. (“Don’t Look Back”, “Primary”, “The War Room”.)

His political films are now part of the canon, but the scenes from Mr. Pennebaker’s catalog that still circulate most widely are of pop culture figures in action: Jimi Hendrix lighting his guitar on fire in “Monterey Pop”; Elaine Stritch in “Original Cast Album: Company,” exhausted and straining to record “The Ladies Who Lunch” while Stephen Sondheim and others look on in despair; Mr. Dylan showing up the softer-edged singer Donovan in a hotel room crowded with their hangers-on; and the actor Rip Torn attacking Norman Mailer with a hammer at the end of “Maidstone” (1970), one of three eccentric movies directed by Mr. Mailer, for which Mr. Pennebaker served as a cameraman.

Nuon Chea is burning in Hell.

“Who?”

Known as Brother No. 2 — he was second in command to the movement’s founder, Pol Pot, who died in 1998 — Mr. Nuon Chea was convicted of, among other crimes, directing the forced evacuation of perhaps two million people from the capital, Phnom Penh, and overseeing the torture and killing of more than 14,000 people in a notorious prison, Tuol Sleng.
Often described as the movement’s chief ideologist, he was accused of laying out a “master plan” for the transformation of society that included the abolition of money and religion, the extermination of the educated class and the killing and expulsion of ethnic Vietnamese.
In the words of the court’s formal detention order, he planned or directed crimes including murder, torture, imprisonment, persecution, extermination, deportation, forcible transfer and enslavement.

Mr. Chea and Khieu Samphan were the only leading members of the Khmer Rouge who were convicted of any crimes. A third man, Kaing Guek Eav, who ran a prison (and reported to Mr. Chea), was also convicted: two other Khmer Rouge leaders died during the trial.

Mr. Nuon Chea denied involvement in the widespread killings. But in video recordings played to the court, he was heard acknowledging the purges, saying, “If we had shown mercy to these people, our nation would have been lost.”
He added: “We didn’t kill many. We only killed the bad people, not the good.”

Posted in History, Movies, Obits | Comments Closed

DEFCON 27/Black Hat 2019 preliminary notes.

Thursday, August 1st, 2019

DEFCON 27 starts a little later than I’m used to this year (August 8th, so a week from today.) Black Hat 2019 starts August 7th. Black Hat schedule is here. DEFCON schedule is here.

Again this year, I’m not going. While I feel like I’m moving closer to the point where I’m ready to return (expenses paid or expenses unpaid) I’m not quite where I want to be yet to go on my own dime. And as far as the company paying for me to go…not this year, for reasons I won’t go into. (Nothing bad. At least I don’t think so. Just don’t want to run my mouth about internal stuff.)

So, as usual: what would I go to, if I were going?

Let’s look at the DEFCON schedule first.

(more…)

Posted in Apple, Bluetooth, DEFCON, DEFCON 27, Radio, SDR | Comments Closed

Obit watch: August 1, 2019.

Thursday, August 1st, 2019

The paper of record has updated their Hal Prince, “Giant of Broadway and Reaper of Tonys” obit in place.

They’ve also added three corrections. So far.

I do like this a lot:

As both a producer and a director, Mr. Prince was a nurturer of unproved talent. Tom Bosley, for instance, later known as Howard Cunningham on the nostalgic television sitcom “Happy Days,” won a Tony in his first starring role in 1959 as the titular mayor of New York, La Guardia, in “Fiorello!” Liza Minnelli made her first Broadway appearance — and won a Tony — as the title character in “Flora, the Red Menace,” a 1965 politically-inflected musical set in 1935 about a spunky fashion designer who falls for a Communist. Produced by Mr. Prince and directed by George Abbott, “Flora” also featured the first Broadway score by the songwriting team of John Kander and Fred Ebb, who later wrote “Chicago” and two shows produced and directed by Mr. Prince: “Zorba” and “Cabaret.”
A featured actor in “Cabaret,” Joel Grey, was a largely unknown nightclub performer with few theater credits when Mr. Prince hired him in 1966 for what turned out to be a career-defining role: the arch, leering M.C. of the bawdy Kit Kat Club in Weimar-era Berlin.

I think that’s one of the nicest things you can say about anybody in an obit: they were good at spotting and developing unknown talents.

But Mr. Rich was writing on the heels of one of Mr. Prince’s most calamitous failures, “A Doll’s Life,” a musical sequel to “A Doll’s House,” Henrik Ibsen’s domestic drama of a woman’s revolt against the stultifying expectations of womanhood. With book and lyrics by Adolph Green and Betty Comden and a score by Larry Grossman, huge sets and grandiose sound amplification, it closed after five performances, a victim of its outsize self-importance.

Five performances. I thought the original production of “Carrie” ran for eight performances, but no: it only ran for five as well.

Also among the dead: Nick Buoniconti, linebacker for the Miami Dolphins in the 1970s (yes, he was one of the players on the 1972 team).

For many years Buoniconti was an intelligent, articulate and tough player for the Boston Patriots (now the New England Patriots) and the Dolphins, winning All-Pro honors five times in a 14-year pro football career. A former All-American at the University of Notre Dame, he anchored the Dolphins’ vaunted “No-Name Defense” under Coach Don Shula.

Mr. Buoniconti’s son, Marc, was paralyzed in a football accident in 1985. Mr. Buoniconti founded the Miami Project to Cure Paralysis:

For more than 30 years afterward, Buoniconti helped raise nearly $500 million for spinal cord and brain research carried out by the organization. He also played a critical role in directing the research and was a charismatic motivator of scientists and researchers.
Dr. Barth Green, a neurosurgeon and longtime chairman of the Miami Project, said in a phone interview: “People are walking now because of cellular transplants and the latest neuroengineering and bioengineering that has been applied to humans with disability. Nick was a stimulating force in that area, from bench to bedside. And this is someone who probably never took a science course.”

Posted in Media, Music, NFL, Obits, Sports, Theatre | 1 Comment »

Newer Entries »