No thanks.

Save To Job Cart Apply Online

Director of Vulnerability Management Engineering

Job Code: 4956568 Location: Washington, DC

 

Posted in Uncategorized | Leave a comment



The Australian Financial Review reports that Little Kim’s Internets are down.

North Korea’s already tenuous links to the Iinternet went completely dark on Monday after days of instability, in what internet monitors described as one of the worst North Korean network failures in years.

The loss of service came just days after President Barack Obama pledged that the United States would launch a “proportional response” to the recent attacks on Sony Pictures, which government officials have linked to North Korea.

North Korea doesn’t have a large internet presence. Their public address space is 175.45.176.0 — 175.45.179.255. Some companies have more addresses than that. Your JoeDog looked for servers in that address space to see if he could substantiate this report.

At the time this article was published, the North Korean government portal www.naenara.com.kp (175.45.176.67) was inaccessible by any means. To circumvent firewalls, he used web tools that allow you make requests from various locations throughout the globe. As best as he can tell, their network is indeed completely black.

 

Posted in Security, Tech Media | Leave a comment



hacked

Gawker is on the case, you guys. Today they ran a story which raised concerns about the official FBI narrative of the Sony Pictures infiltration. It’s mostly a recap of concerns we’ve already raised. However, down in the comment section we find an interesting perspective. Let’s examine that comment.

The commenter taught English to Korean students for a several years. To this person, the splash screen doesn’t read like English used by a Korean ELS speaker:

The use of contractions (we’ve and we’ll) is characteristic of someone near-fluent, too sophisticated to be dropping articles.

Ordinal date — my students always hated ordinals because they’re irregular (24th)

The repeated pronouns (“we” and “you” and “us”) doesn’t seem like how a Korean person would phrase it, because Korean pronouns are freighted with t/v distinction and honorifics that English doesn’t capture. For that reason, my students circumlocuted those words when they could because they felt imprecise.

It’s totally possible that the North Korean version of Korean is different enough than the South Korean that the markers would be different, though.

The author of the article, Sam Biddle, responded “Interesting.”

Indeed.

 

Posted in Security, Tech Media | Leave a comment



little kim plays computerThe official narrative holds that agents of the North Korean government infiltrated Sony Pictures’ corporate network and used that attack as leverage to stop the release of a Seth Rogen film. While that might make a good Seth Rogen movie, it hardly seems plausible given what is currently known.

You don’t have to be a conspiracy theorist to take a skeptical view of the official narrative. Yet only the most conspiratorial would claim the attack was fabricated. Somebody infiltrated the Sony network. The question remains: Who done it?

Over at New York Magazine, Margaret Hartmann offers four alternative culprits:

  1. A disgruntled former employee. There are many ways to make money from this intrusion but the attacker(s) chose instead to embarrass the company.
  2. Hacktivists. This was a high profile breach largely because the intruders contacted and taunted Sony executives in the press. Their behavior more closely resembles Anonymous or LulzSec than a nation state.
  3. The Chinese. The cybersecurity firm Mandiant has been hired to investigate the breach. They’ve investigated so many Chinese attacks that they’ve become the firm’s specialty.
  4. Everybody. There’s overlap in all these theories and it’s possible the answer is D.) All of the above.

Regular readers know Your JoeDog subscribes to “All of the above” or as he put it, “everybody and his sister.” For a successful attack on a corporate network to generate maximum LULZ, bragging must occur. It’s very likely somebody breached the network and provided details that enabled successive visitors to play inside the breach.

 

 

Posted in Security, Tech Media | Leave a comment



lil-kimIn response to Washington’s allegation that it was behind the Sony Pictures cyberattack, Pyongyang demanded a joint inquiry into the matter. North Korea claims it can prove it was not involved.

If the US has the goods, then it should welcome this offer. Does anybody think they have the goods? Your JoeDog does not. The information they’ve revealed thus far is weak and void of detail. Apparently the good stuff is classified. We’re supposed to take them at their word.

Your JoeDog has a hard time taking governments at their word. He never bought the case against Saddam Hussein and thus far he remains unconvinced on this one. If North Korea was involved, then declassify the evidence and display it to the public. If not, then Your JoeDog will continue to call bullshit.

Here’s what we know:

  • On November 21st, the perpetrators contacted Sony executives and demanded ransom. The group called itself “God’sApstls.” There was no mention of the supposedly offensive Seth Rogen film.
  • Soon after that, we learned about the Guardians of Peace. Images of hacked Sony Computers appeared on the Internet in which a splash screen exclaimed, “Hacked by #GOP
  • On December 1st, a representative of the GOP contacted CSO. The group claimed it had no ties to North Korea and no aims to stop The Interview as Sony suggested.
  • On December 9th, Joe Demarest, assistant director with the Federal Bureau of Investigation’s cyber division, told a conference there was no attribution to North Korea. This means they couldn’t find a trail of crumbs back to the attackers.
  • Yesterday, the FBI announced that Pyongyang was behind the attack. It staked its claim based on a code signature and IP addresses it claims were hard coded inside the malware.

So somehow we’ve gone from a ransom note by God’sApstls to a cyberattack from Pyongyang. Are we supposed to think North Korea was demanding ransom and taunting Sony before it got around to the movie it found so offensive? Certainly North Korea is a strange place, but that doesn’t make sense even for them….

 

Posted in Security | Leave a comment



The FBI disagrees with Your JoeDog. As of a few minutes ago, the Times published an article in which the FBI accuses North Korea of organizing the cyber attack on Sony Pictures.

Okay, what do they got?

The bureau said that there were significant “similarities in specific lines of code, encryption algorithms, data deletion methods, and compromised networks” to previous attacks by the North Koreans. It also said that there were classified elements of the evidence against the North that it could not reveal.

This is not unexpected. Cyber attackers around the world share code, tools and ideas. I wouldn’t be surprised if this toolkit contains signatures that match those used by the CIA, Iran, Israel or Anonymous.

What else do you got?

“The F.B.I. also observed significant overlap between the infrastructure used in this attack and other malicious cyberactivity the U.S. government has previously linked directly to North Korea,” the bureau said. “For example, the F.B.I. discovered that several Internet protocol addresses associated with known North Korean infrastructure communicated with I.P. addresses that were hardcoded into the data deletion malware used in this attack.”

The wording here is curious: “known North Korean infrastructure.” What does that mean? Are they in North Korea’s one known block of public IP addresses or are these Class C addresses the FBI has seen before? Kim Hak Uhr codes at a workstation with a 192.168.0.4 address so it must be North Korea!!1!1!

So we have a similarities of code, unknown IP addresses and evidence the FBI can’t reveal because s3cr37s! That’s pretty scant. I remain skeptical, very skeptical.

 

Posted in Security | Leave a comment



Sproxy is a word Your JoeDog invented to describe his [S]iege [Proxy]. At the time of this writing, this site has the top three positions for ‘sproxy’ on Google. In the past week, nine hundred people typed ‘sproxy’ into the Google machine. Of those nine hundred, only 110 clicked a link to this site. That’s a 12.22% click-through rate for a made-up word that describes an esoteric piece of software that exists right on this very site. Let’s just say that falls a little below expectation….

 

 

 

Posted in Applications, Siege, Technology | Leave a comment



Hacky Hack HackYour JoeDog is skeptical — very skeptical.

Unnamed US intelligence agents claim North Korea was “centrally involved” in the Sony Pictures cyber break-in. A leading “expert” is ninety percent certain North Korea was behind the attack. Well, Your JoeDog is one-hundred percent certain they weren’t.

Remember Stuxnet? It was a worm that infiltrated Iran’s nuclear facilities and attacked their centrifuges. It was certainly developed by a nation state. We still don’t know which one. Israel? They’re on the short list. The United States is, too.

That’s how nations roll when they commit cyber attacks. They don’t send emails which berate a target over its lax security. Nor do they send ransome requests. They certainly don’t give themselves nicknames like Guardians Of Peace. If North Korea would have infiltrated Sony they would have kept it on the downlow. Their message would have been implicit.

The initial interaction between the attackers and Sony was all about money. “Pay the damage,” they implored, “or Sony Pictures will be bombarded as a whole.” There was no mention of Seth Rogen’s film. There was nothing political in that message. The group that claimed responsibility was called “God’sApstls.” The “Guardians of Peace” surfaced later, after depictions of a splash screen on Sony computers surfaced on the Internets. It read, in part, “Hacked by #GOP”

In a December 1st email to CSO, a GOP representative claimed the group had no ties to North Korea:

“We are an international organization including famous figures in the politics and society from several nations such as United States, United Kingdom and France. We are not under direction of any state.

“Our aim is not at the film The Interview as Sony Pictures suggests. But it is widely reported as if our activity is related to The Interview. This shows how dangerous film The Interviewis. The Interview is very dangerous enough to cause a massive hack attack. Sony Pictures produced the film harming the regional peace and security and violating human rights for money.

“The news with The Interview fully acquaints us with the crimes of Sony Pictures. Like this, their activity is contrary to our philosophy. We struggle to fight against such greed of Sony Pictures.”

Distancing yourself from the country you represent is a funny way to promote its interests….

Personally, I wouldn’t be surprised if everybody and his sister has been inside Sony’s network. Compromising a system is only half the fun. Bragging about it is the other half. Could NK agents have caught wind of the break-in along with enough details to gain entry themselves? Sure. They may even exchanged Bitcoins for details. Maybe they were inside Sony but they didn’t orchestrate the attack and they certainly weren’t the ones who sent those emails.

 

Posted in Security | Leave a comment



Holy shit — the Economist really outdid itself. What now? In this post, they explained why Gangnam Style will break YouTube’s view counter. They used 3726 characters and 612 words to explain that computer integers don’t go on forever. When the Gangnam Style counter reaches 2,147,483,647 it will stop counting. Why?

Integers are stored in a series of ones and zeroes. On a 32-bit platform, you can only store value in 32 consecutive ones or zeros. Go to this binary to decimal calculator and put 32 ones in the binary field. Press “Calculate” and you’ll get this answer: 4294967295.

But the Gangnam Style counter is maxed at half of that? How come? That’s because computers use positive and negative numbers. The range falls above and below zero, i.e., from -2,147,483,648 to 2,147,483,647. Gangnam Style is approaching the upper bound.

If YouTube switched to 64-bit architecture they could capture up to 9 quintilian views.

Remember kids, there are 10 kinds of people in this world. Those who understand binary numbers and those who don’t.

[Economist: Wordy Word Words on Computer Integers]

 

Posted in Programming, Tech Media, Technology | Leave a comment



Your JoeDog was debugging C code. Not just any C code, but C code that was last updated in 2001 by a man who’s now retired. Or maybe he’s dead — the point is he can’t be consulted.

Well, sir, this code was inserting 4 billion and change into a field that expected 1 or 0. The insert was based on a result from a previous query. Your JoeDog debugged that variable and determined it was -1966631820. Hoping that number would shed light on his problem, he plugged it into the Internets.

As of 13:22:05 EST, no human has ever typed that into the Internets. Sensing an opportunity to monopolize a keyword, Your JoeDog typey-typed and added this: -1966631820

UPDATE: Couple things. 1.) A JoeDogger says that Google excludes from its results parameters that are prefaced with a minus sign. 2.) Your JoeDog removed the minus and tried again. A minute after publication, he had captured the number one spot on Google for the keyword ‘1966631820’

 

Posted in On The Job | Leave a comment



Recent Comments

  • CC: Many thks for your reply.
  • Jeff Fulmer: You mean your operating environment can only sustain more than 1000 connections for a few minutes....
  • CC: HI BUDDY I met this when the number of concurrent connections > 1000,siege can only sustained for a few mins....
  • Patrick: Hello- Have a simple 3 tier system and wanting to have multiple Siege testers run against multiple...
  • Oleg: Hello. Are the response time is the same as TTFB?