blogspot visitor
Generally Recognized As True

Sunday, July 02, 2017

WannaCry overshadowed a more serious attack on credentials via DoublePulsar and foreshadowed Petya

The global impact of the WannaCry ransomware attacks made international headlines, but a recent story in the New York Times suggests that the noise from this event may have overshadowed a more serious attack that stems from the same leaked NSA hacking toolkit as WannaCry but is much more difficult to detect.

One company affected by this alternate attack - IDT Corporation, a US-based telecommunications company - was hit two weeks prior to WannaCry being unleashed. The exploit that affected IDT used the same technical attack vector as WannaCry, but then layered a second kernel-based attack called DoublePulsar to first steal an employee's network credentials and then turn into a standard ransomware attack, apparently to hide the more nefarious motive of credential theft.
... the ransom demand was just a smoke screen for a far more invasive attack that stole employee credentials. With those credentials in hand, hackers could have run free through the company’s computer network, taking confidential information or destroying machines. Worse, the assault, which has never been reported before, was not spotted by some of the nation’s leading cybersecurity products, the top security engineers at its biggest tech companies, government intelligence analysts or the F.B.I., which remains consumed with the WannaCry attack. this case, modern-day detection systems created by Cylance, McAfee and Microsoft and patching systems by Tanium did not catch the attack on IDT. Nor did any of the 128 publicly available threat intelligence feeds that IDT subscribes to. Even the 10 threat intelligence feeds that his organization spends a half-million dollars on annually for urgent information failed to report it.
The unanswered question is: how many organizations are affected but do not realize it? In this case, when the ransomware is cleaned up, the problem is not over... and this fact isn't easily discovered.
Were it not for a digital black box that recorded everything on IDT’s network, along with Mr. Ben-Oni’s tenacity, the attack might have gone unnoticed.
Scans for the two hacking tools used against IDT indicate that the company is not alone. In fact, tens of thousands of computer systems all over the world have been “backdoored” by the same N.S.A. weapons.
Attacks that are widely-detected and have serious visible impact grab the headlines, but attacks that are allowed to go on for months without detection are arguably far worse as they can either provide ongoing entry to a private network at will, or can set the stage for triggering some future large-scale, coordinated attack using agents that have been spread throughout a network.

Also interesting is that, although the IDT attack preceded the latest revision of the Petya attack, it shares the above advancements with Petya (NotPetya) as the latter not only tries to exploit the same SMB vulnerability as WannaCry but then tries to steal credentials from the local credential store and make further authorized connections around the network using legitimate channels.

As with WannaCry, the following factors contributed to prevention:
  • Anti-phishing programs: Malware commonly enters an organization's network via e-mail attachments that are clicked on and run by an employee.
Once malware has entered the network, the extent to which it succeeds spreads is determined by the points that follow.
  • Regimented OS patching program: Ensuring that software (especially OS) updates are applied in a timely manner across the entire organization. To spread over the network, both attacks used the same SMB-based vector that had been patched in March 2017. The IDT attack used a second vector that was also patched at that time.
  • Privileged access management: Although some ransomware limits itself to the user space, those like Petya will request and use administrator privileges if they are available to infect the file system and take over the entire PC during the next reboot. Consider what this means when your credentials are stolen and are then used in conjunction with administrator-level privileges on a Windows server to remotely execute code on that server.
  • Managed end user devices: IDT had patched its corporate systems but was affected when a contractor connected to the company network from a personal computer highlighting the potential risks of unmanaged bring-your-own-device (BYOD) facilities.

Justin Trudeau on recent vs. distant immigrants' affinity for Canada - aboriginal context

Ahead of Canada's 150th birthday celebration, Justin Trudeau recently said that more recent immigrants to Canada have more affinity for the country because they chose to come here, rather than simply being born here:
“I always sort of laugh when you see people who are – not many of them, but – intolerant or who think, ‘Go back to your own country,’” Trudeau said in the television interview.

“No!” Trudeau continued. “You chose this country. This is your country more than it is for others because we take it for granted.”
I wonder if he was thinking of the broader context: does this apply to the aboriginal relationship to Canada? I'm not sure he intended it that way, but Europeans chose to come to Canada moreso than did the aboriginal peoples that had already been here for generations when they arrived.

Or maybe I am underestimating him - maybe he did intend it to be taken both ways, as a statement on the continuum of immigration.

Sunday, June 25, 2017

Digital disruption and its effect on Canada and profitable business

There has been a lot of coverage of the trouble that retail in the Western world is in, and Amazon is largely on the pointy end of the wagging finger. Generally, though, it's an intervention of highly digital, Internet- and data-driven companies against more traditional companies that have a higher dependency on widely distributed physical assets.

Canadian revenue diversion to US

From a Canadian perspective, I think we should be worried about these things in relation to the replacement of things that keep funds within the Canadian economy with things that send funds down to US-based companies instead:
  • Newspapers: it's understood that newspapers are suffering, and this is largely due to a collapse in readership and therefore print advertising. Readership is generally older and naturally in decline, and this is not the demographic that many marketers want to target.
  • Advertising: what's not so apparent is that much of this Canadian-made print advertising is largely being replaced by US-based digital companies such as Google and Facebook, which despite all appearances are really advertising companies. Google makes money from intercepting searches for things that you are looking for an steering you toward companies that pay to feature prominently in the search results, and again from anonymized data that can be used to sell things to your market/demographic. Facebook can target advertising to you directly based on the massive amount of detail it knows about you from the interactions you have on its platform, and every "like" advertises a product between friends, which is a far more trusted relationship than is the relationship you have with an anonymous corporation.
  • Streaming: the collapse of Canadian-operated retailers like HMV and video rental outlets is largely being replaced by US-based streaming services like Netflix, iTunes, Amazon/Google services, or other foreign companies like Spotify. Worse, few of these services seem to collect Canadian sales tax.
It all seems like a significant diversion of revenue and value-added employment outside of the country, and Canada was already over-weighted on non-value-added commodities.

Unprofitable companies killing off profitable companies

It used to be that disruptive companies would enter an existing market, change the way that things were done, and become massively profitable as a result. And this has been the case with companies like Google, Facebook, and Apple. Apple's case is especially interesting, as they are the only smartphone manufacturer making windfalls despite having less than 20% of the market share.

However, what about companies like Amazon and Uber? As far as I can tell, these companies have largely been operating at a loss and threatening or killing off traditional retail and taxi companies and the jobs they sustained in the process.

In international trade, this is frowned upon and is known as "dumping". From Investopedia:
Dumping, in reference to international trade, is the export by a country or company of a product at a price that is lower in the foreign market than the price charged in the domestic market. As dumping usually involves substantial export volumes of the product, it often has the effect of endangering the financial viability of manufacturers or producers of the product in the importing nation.
But I'm not clear why this is desirable domestically. Sure, it's private money and I assume these investors can do what they want with it. But where is the wisdom in not intervening in cases where sustainable businesses are being killed off in favour of businesses that despite considerable disruption and employment shrinkage haven't proven that they can be profitable? With the way that tech funding works, the goal will be to blow out the incumbents and take as much of the market as possible so that a strong position is demonstrated and the early investors can cash out their winnings in an IPO.

The shoe that hasn't dropped yet is the one that drops when the incumbents are largely gone or incapacitated and an effective monopoly is in place for the new digital companies. That's the missing piece in the story of how these new companies become profitable and we don't know what that will look like.

What happens next is anyone's guess, but perhaps it'll be come to known as Gig Economy 2.0 - living in a rented car that you also use to operate your ride-sharing business, with the car's rightful owner working an entirely separate job to pay off the 84-month loan he took out to buy the car. The "gig economy" meets "financial engineering".

Friday, June 16, 2017

Algonquin - Highlands Backpacking Trail - May 2017

Following last year's mosey around Algonquin Western Upland Backpacking Trail, in May 2017 I did the Highlands Backpacking Trail. This trail is shorter than the Western Upland trail and so this trip was only 3 days instead of 5 days for the former trail.

My write-up of the previous trail contains a lot more detail and I did most of the same things this time through, as well as followed all of the things I said I'd want to change on my next backpacking trip.

Trail closure
Both of the large backpacking trails opened much later than normal this season due to the late thaw and prolonged periods of rain that Ontario experienced in early 2017 (also linked to record-setting levels in Lake Ontario). The trails were flooded as a result and the trip was delayed until May 17th, which was the first day of the trail being open.

There were quite a few fallen trees blocking the trail along the way, and some muddy sections, but none of these were a problem.

Because of the late start, this increased the risk of running into the region's notoriously annoying insect season (blackfly and then mosquitoes). Ultimately, there were a lot of blackfly and a smaller number of mosquitoes, but the blackfly were not biting in large numbers and were more of a swarming nuisance (near the lakes only) than a literal pain.

Spring backpacking
This was my first time backpacking in Spring. Combined with the late onset of spring, there were a couple of interesting features:
  • Cold overnight temperatures: very cold and damp following a major thunderstorm passing through ahead of a cold air mass and then down to near-freezing the following night.
  • Leaves not fully out on the deciduous trees: in the deciduous parts of the forest, this meant that the trails were exposed to the sun where they would normally have been in near full shade.

After last year's trip and the resulting knee and foot injuries, I made the following changes:
  • Regular daily knee exercises
  • Being more conscious of how I am using my knee while hiking: it wasn't even on my mind on the previous hike. I used it however was most expedient.
  • Larger, proper backpacking boots: Scarpa Zanskar GTX. Nothing bad to say about these. They did well in the wet sections and after breaking them in for weeks ahead of the trip, they fit and wore well. I got a slightly larger boot (EU size 46 where I would normally wear US 11.5) and found that while these were a bit loose at the beginning of the day, when my feet were at "hiking size" after some activity they fit very well. They were heavier than my light trail boots and didn't vent as well, but that seems like an unavoidable tradeoff.
  • Better socks: last time, I wore cotton sports socks which was a mistake as they are both abrasive and take a long time to dry out. This time, I had a pair of very thin synthetic nylon liner socks as well as a Darn Tough light blended merino wool hiking sock. I didn't find that the liner socks made a big difference and stopped wearing them after day 1. The wool socks were more comfortable overall. Combined with the larger boot, I didn't have any sole or toe blisters. I did nearly get heel blisters but I'm starting to thing that is a physiological thing that I'll have to deal with with moleskin or something similar.
Overall, for one reason or another these were all of benefit. I didn't feel any oncoming knee issues after Day 3 and my feet were still in good condition. However, though it's wasn't what's normally classified as an "easy" or "moderate" trail in Ontario Provincial Park nomenclature, I'm not sure the trail was as challenging as Western Upland.

  • Day 1: trail head to east end of Provoking Lake
  • Day 2: Provoking Lake to Head Lake
  • Day 3: Head Lake to trail head
Day 1 thunderstorm
A significant thunderstorm rolled through at the end of Day 1 which gave quite a lashing of rain. This revealed known problems with my MSR Hubba tent, where the inner fly coating has deteroriated and lets water through. However, this sort of thing is only a serious problem during incessant rain rather than large volumes in a short time, and there were opportunities to dry things out on Day 2.

So, a new tent may be in order for the next trip. If I can confirm that the fly is better-made in the newer MSR Hubba models then I may get the same again - it is a very good backpacking tent that is easy to setup, fits into small spaces, and is relatively light.

Compared to Western Upland in September
As with the Western Upland trail, the visible wildlife was quite minimal, though there was plenty of audible wildlife. No bears; no moose; lots of birds, and some close-up loons.

The terrain did not seem to be quite as challenging as Western Upland, though there were definitely constant elevation changes that turn the 14km you'd in 2-3 hours in the flat land of the GTA into something significantly longer.

The days are longer in May - about 1 hour extra on each end. However, the nights were significantly colder. Last year's WU trip ran into an unusually warm September - low-mid 20C in the day and low teens at night. This trip was cooler during the day and much cooler at night - getting to near-freezing overnight after Day 2.

Next time
I can't think of much else I'd do differently next time through, which is a pretty good result. I would use something to guard against heel blisters, but that is about all.

Sunday, May 07, 2017

Ableton Live - 20170507

More messing around with Ableton Live. This is mainly using the core instruments and plugins, with some help from NI Massive.

Sunday, March 26, 2017

Uber autonomous vehicle accident and self-driving cars in general

An Uber autonomous vehicle accident on Fri Mar 24th has caused a suspension of their autonomous vehicle program for the time being.

I've always been a skeptic of the promise of autonomous vehicles. But not because of things like this - there have been relatively few autonomous vehicle accidents, all things considered.

I think that the promise of fully automated door-to-door transportation will be realized as something much more diluted. And then we'll probably collectively pretend that what we got is what we wanted all along (similar to how GPS delivered a watered-down version of the self-piloting flying car - we're not talking about the flying car part anymore).

I think we'll get some interesting and beneficial crash avoidance and safety-enhancing features as well as some new takes on cruise control coming out of the technologies involved in autonomous driving; and I think we'll get some closed-circuit autonomous vehicles that work within a defined and well-mapped/instrumented areas or road lanes in the public realm. These types of vehicles already exist in industrial settings, and existing semi-autonomous vehicles like planes work in a controlled airspace where they will only encounter other trained professionals driving ridigly-maintained vehicles.

But I also think that we'll quickly realize that automated driving only really works when you can fully rely on it to take full control, rather than requiring tentative ongoing attention from a human driver to take over at any given time. Some car companies are always working on this assumption (others are not).

One big problem with fully automated driving is that you need to be perfect and there's no room for the 80/20 type of approach that so much other automation depends on to add value, where the automation does 80% of the work and leaves 20% of the automation failures and/or work that can't be done by the automation to be highlighted and shuffled off to human workers for completion. This speaks to the vast majority of automation. It's why existing semi-automated vehicles (i.e. planes) are manned by redundant (pilot and co-pilot), highly-trained professionals.

Automated vehicles need to be consistently and overwhelmingly better than human drivers, because what you need to convince people of is that the car is a better driver than them and not just better than the average. People don't see themselves as average, and there are truly good drivers that never get themselves into "accidents" and awful drivers who leave a trail of destruction behind them.

To have any chance of success, assuming we get near to the fully-autonomous capability regardless of climate, terrain, or road condition (again, I remain a skeptic), I don't see this happening without:
  • Mandatory maintenance schedules to ensure mechanical soundness of the vehicle and operation of the autonomous equipment (again, as with existing semi-autonomous vehicles)
  • Refusal of the vehicle to operate in certain conditions (i.e. poor weather)
  • Clear rules on liability when accidents occur, not involving the human driver.
It's starting to look more and more like this autonomous vehicles need to become a fleet-based service that you use on a pay-as-you-go basis rather than something that anyone owns. Hence Uber's involvement, I suppose.

Aside, I don't know what type of successful, advanced automation people look in their day-to-day lives to as a sunny reference point when they expect autonomous vehicles to become a rapid and unqualified success. My microwave still can't cook my food to perfection. I still need to cut my own lawn. Above-grade rail is still mostly run by humans yet operates in a restrictive, controlled environment. Shouldn't those be easier nuts to crack?

And we haven't even talked about the unions yet.

Saturday, March 25, 2017

Let's just call it... 20170319

I continue to be impressed by the complexity and potential of tools like Ableton Live (and I am quite late to the game in appreciating this - having grown up with Cakewalk). I'm still quite early on the learning curve, but here's something I put together using Ableton Live and Komplete 11.