CENTCOM Gets PWND

baseYour JoeDog followed the events in France pretty closely. After reading two days of reports from the US and Europe, he had no fscking clue what was going on. The killers were captured and one was dead! Um, the killers are in the woods with helicopters overhead! Um, no, they’re inside a Jewish deli back in Paris. In a rush to publish, the only thing they did was add to our confusion.

And so it goes with the CENTCOM hack. Your JoeDog heard ISIS was inside Pentagon computers!!1!1!!! After sifting through news reports, it appears that ISIS simply defaced their Twitter and YouTube accounts. Wait a second — CENTCOM has a twitter account? What do they post besides “blew up some shit today!”

Is this a Big Deal? It depends on your perspective. From a security standpoint, it’s not. Imagine if you shared your GMail password with a friend and he started sending dick pics to everyone in your address book. That’s pretty much what happened. ISIS gained access to the accounts and pranked the military.

From a public relations perspective, it’s embarrassing. Unless they’re absolute morans, no sensitive data was compromised.  You wouldn’t link your bank account to your twitter feed, there’s no reason to believe CENTCOM would do the same with its operational servers. But at the same time, it paints US military as a careless organization. It didn’t use two-factor authentication, its credentials were easy to crack and/or it fell for a phishing expedition.

It does make you wonder what else they’re “protecting” with ‘password123′ or to what extent the people inside Central Command are click-happy. Those are speculative musings which may have no basis in fact. Still, you can imagine a military ass-chewing that began with the Commander-in-Chief and worked its way down to the lowliest private. Your JoeDog is glad he doesn’t work in CENTCOM today.

 

 



Little Kim Needs Tech Support

The Australian Financial Review reports that Little Kim’s Internets are down.

North Korea’s already tenuous links to the Iinternet went completely dark on Monday after days of instability, in what internet monitors described as one of the worst North Korean network failures in years.

The loss of service came just days after President Barack Obama pledged that the United States would launch a “proportional response” to the recent attacks on Sony Pictures, which government officials have linked to North Korea.

North Korea doesn’t have a large internet presence. Their public address space is 175.45.176.0 — 175.45.179.255. Some companies have more addresses than that. Your JoeDog looked for servers in that address space to see if he could substantiate this report.

At the time this article was published, the North Korean government portal www.naenara.com.kp (175.45.176.67) was inaccessible by any means. To circumvent firewalls, he used web tools that allow you make requests from various locations throughout the globe. As best as he can tell, their network is indeed completely black.

 



Do Native Koreans Even Talk Like This?

hacked

Gawker is on the case, you guys. Today they ran a story which raised concerns about the official FBI narrative of the Sony Pictures infiltration. It’s mostly a recap of concerns we’ve already raised. However, down in the comment section we find an interesting perspective. Let’s examine that comment.

The commenter taught English to Korean students for a several years. To this person, the splash screen doesn’t read like English used by a Korean ELS speaker:

The use of contractions (we’ve and we’ll) is characteristic of someone near-fluent, too sophisticated to be dropping articles.

Ordinal date — my students always hated ordinals because they’re irregular (24th)

The repeated pronouns (“we” and “you” and “us”) doesn’t seem like how a Korean person would phrase it, because Korean pronouns are freighted with t/v distinction and honorifics that English doesn’t capture. For that reason, my students circumlocuted those words when they could because they felt imprecise.

It’s totally possible that the North Korean version of Korean is different enough than the South Korean that the markers would be different, though.

The author of the article, Sam Biddle, responded “Interesting.”

Indeed.

 



So Who Hacked Sony? Four Theories

little kim plays computerThe official narrative holds that agents of the North Korean government infiltrated Sony Pictures’ corporate network and used that attack as leverage to stop the release of a Seth Rogen film. While that might make a good Seth Rogen movie, it hardly seems plausible given what is currently known.

You don’t have to be a conspiracy theorist to take a skeptical view of the official narrative. Yet only the most conspiratorial would claim the attack was fabricated. Somebody infiltrated the Sony network. The question remains: Who done it?

Over at New York Magazine, Margaret Hartmann offers four alternative culprits:

  1. A disgruntled former employee. There are many ways to make money from this intrusion but the attacker(s) chose instead to embarrass the company.
  2. Hacktivists. This was a high profile breach largely because the intruders contacted and taunted Sony executives in the press. Their behavior more closely resembles Anonymous or LulzSec than a nation state.
  3. The Chinese. The cybersecurity firm Mandiant has been hired to investigate the breach. They’ve investigated so many Chinese attacks that they’ve become the firm’s specialty.
  4. Everybody. There’s overlap in all these theories and it’s possible the answer is D.) All of the above.

Regular readers know Your JoeDog subscribes to “All of the above” or as he put it, “everybody and his sister.” For a successful attack on a corporate network to generate maximum LULZ, bragging must occur. It’s very likely somebody breached the network and provided details that enabled successive visitors to play inside the breach.

 

 



Nerd Splaining Large Numbers

Holy shit — the Economist really outdid itself. What now? In this post, they explained why Gangnam Style will break YouTube’s view counter. They used 3726 characters and 612 words to explain that computer integers don’t go on forever. When the Gangnam Style counter reaches 2,147,483,647 it will stop counting. Why?

Integers are stored in a series of ones and zeroes. On a 32-bit platform, you can only store value in 32 consecutive ones or zeros. Go to this binary to decimal calculator and put 32 ones in the binary field. Press “Calculate” and you’ll get this answer: 4294967295.

But the Gangnam Style counter is maxed at half of that? How come? That’s because computers use positive and negative numbers. The range falls above and below zero, i.e., from -2,147,483,648 to 2,147,483,647. Gangnam Style is approaching the upper bound.

If YouTube switched to 64-bit architecture they could capture up to 9 quintilian views.

Remember kids, there are 10 kinds of people in this world. Those who understand binary numbers and those who don’t.

[Economist: Wordy Word Words on Computer Integers]

 



The Times Discovers Bayesian Statistics

From the Article:

A famously counterintuitive puzzle that lends itself to a Bayesian approach is the Monty Hall problem, in which Mr. Hall, longtime host of the game show “Let’s Make a Deal,” hides a car behind one of three doors and a goat behind each of the other two. The contestant picks Door No. 1, but before opening it, Mr. Hall opens Door No. 2 to reveal a goat. Should the contestant stick with No. 1 or switch to No. 3, or does it matter?

A Bayesian calculation would start with one-third odds that any given door hides the car, then update that knowledge with the new data: Door No. 2 had a goat. The odds that the contestant guessed right — that the car is behind No. 1 — remain one in three. Thus, the odds that she guessed wrong are two in three. And if she guessed wrong, the car must be behind Door No. 3. So she should indeed switch.

[NY Times: The Odds, Continually Updated]

 



Apple’s New Locking Screws

As residents in the Information Age, we consider ourselves clever sorts. We no longer waste hours on bar stools arguing about the year of Joe DiMaggio’s 56 game hitting streak. Before someone rebuts with his second “nuh-uh” we’ve smart-phoned the answer: 1941

But are we right?

I just got the answer by Googling. Like most people, I clicked the first link of the search results. In many cases, that link goes to Wikipedia and this was no exception. The free encylopedia is an excellent source of information but like all sources, it’s prone to error. So unless our bar bet is substantial, we probably won’t cross reference the findings. “I guess the next round is on me…”

Apple's locking screws keep users out of their phones

Was this new Apple new proprietary locking screw designed to keep customers from opening their phones? (© 2012 Imgur, LLC)

That was certainly the case when a Swedish firm broke the news about Apple’s new iPhone screws. They were designed specifically to prevent its owner from opening the phone. Given Apple’s penchant for limiting access to the owners of its products, the story struck a nerve. It was picked up by MacWorld, Wired and Yahoo and spread across the Internets.

There was just one problem: the story wasn’t true. Oh, it was truthy. It struck most readers as the type of thing Apple would do but it was a hoax all the same.

The locking screws were fabricated by a Swedish company named Day4. Their intent was to see how easiliy they could spread disinformation. They designed a peculiar screw and posted it to Reddit  along with the following message: “A friend took a photo a while ago at that fruit company, they are obviously even creating their own screws.”

That’s it. Neither Apple nor its phone were mentioned in the message. But Day4’s timing was excellent. iPhone 5 is expected to be announced in September and tech media outlets are jonsing for information. If those outlets would have cross-referenced their information, they would have discovered it was all from a single source. That should have raised red flags. Would those flags have halted publication? I don’t know. Everyone wants to be first with a scoop.

In the Information Age, it is often consumers – not distributors – who must perform integrity checks. When a politician stone-cold misrepresents information, the media rarely corrects his inaccuracies. Instead it notes that the other side disagrees. Instead of a debate in which we’ve established the facts, we tend to argue with two separate sets of “facts.”

On this site, I’m not driven to publish scoops. The Day4 prank is already several days old. All the code and configurations you’ll find here were tested before publication. My facts are generally double-checked. And with regard to the event that accompanies this story, you can confidently assert that Joe DiMaggio batted safely in 56 straight games back in 1941. That information is confirmed by multiple sources….