UK PM Proposed Social Media Kill Switch

• UK PM David Cameron is proposing that the police, intelligence agencies and telecom industry investigate if it would be right and technically feasible to disable access to social networks during times of civil unrest
• “Everyone watching these horrific actions will be struck by how they were organised via social media”
• This is obviously the wrong way to solve the problem, and it will never work. Even if the telcos block access to facebook and twitter via the Internet and cellular networks, rioters could just use text message trees like those that were used to organize the riots in Egypt.
• Some are even proposing entirely disabling the cellular networks in affected areas, however this would be seriously disruptive considering that many in the UK only have cellular phones. Leaving citizens without access to emergency services would obviously be untenable.
• Even if the UK government was successful in blocking access to the major social networks, protesters could use other networks, there are an infinite number of competing services. Protesters could also use proxies and other techniques to mask their access to social media. This is common place in workplaces that block access to the sites.
• A number of people have already been arrested for posting messages on facebook that were said to be ‘inciting violence’ and ‘public disorder’
• More detailed article from the BBC

Denial of Service Attack results in suspended trading on the Hang Seng Stock Exchange

• An attack against a site used to post official announcements about issues on the Hang Seng stock exchange resulting in the site being unreachable
• Trading in stock issues that were to make important price affecting announcements was suspended.
• Trading of shares in HSBC, Cathay Pacific, China Power International and the Hong Kong exchange itself, among others, was suspended
• If the site remains offline, the Hang Seng exchange will find an alternate way to release the announcements and trading will resume
• Earlier this year the US NASDAQ exchange revealed that cyber attackers had planted malicious code on its “Directors Desk” web application

eBay begins migration to pure SSDs in its datacenters

• Approximately half of eBay’s 4000 VMs are now backed purely by SSD storage
• The average time to deploy a VM has dropped from 45 minutes to 5
• Previously, eBay had been using 15k RPM drives via Fibre Channel
• One rack full of SSDs is equivalent in performance to eight or nine racks of the previous drives
• After replacing 100TB of storage, a 50% reduction in rack space, a 78% drop in power consumption and a five-fold boost in I/O performance were realized
• The appliance eBay is using does not use traditional hard drive form factor SSDs, but rather 2U modules of pure flash storage via a 6 Gbit/sec SAS interface.
• Storage is priced at $10,000 per Terabyte, and comes in 2.5TB, 5TB, and 10TB modules

Radios used by US Federal Law Enforcement suffer Security Flaws

• The P25 Radios used by many Federal Law Enforcement Agencies support encryption, but not always use it. Many messages are sent in the clear, even when the users believe they are communicating securely
• This vulnerability results in trivial passive attacks, where the supposedly secure communications can be eaves dropped on
• The P25 Radios are also subject to active attacks. An attacker with very modest resources is able to jam specific types of communication to and from the P25. This would allow an attacker to block LEOs in the area from sending or receiving encrypted messages.
• The available symmetric encryption systems are DES, 3DES and AES. Obviously the first two options have not been considered secure for many years.
• Because the radios are based on a best-effort protocol, and do not have the ability to retransmit garbled frames, advanced encryption mechanisms like CBC (Cipher Block Chaining) cannot be used. This also means that MAC (Message Authentication Code) cannot be used to verify that the incoming transmissions have not been altered.
• Because of this, it is possible for an attacker to impersonate a legitimate user, inject voice and data traffic, and replay captured traffic resulting in false signals, even when the messages are encrypted
• PDF of the official University of Pennsylvania study

Defcon presentation claims MITM attack on 4G and CDMA mobile phones

• Reports indicate that a successful Man-in-the-Middle attack was executed against devices in and around the Defcon venue.
• The attackers were able to gain permanent kernel-level root access in some Android and PC devices by using rootkits and non-persistent user space access in some other devices. In both cases, whoever launched this attack against both CDMA and 4G devices was able to steal data and monitor conversations.
• It is speculated that the attacker was able to inject specially crafted packets in to the data streams, possibly displaying prompts to the user, that if accepted would install the rootkit
• Once the device is compromised, it is trivial to monitor ongoing communications or steal the 4G encryption key

A tour of Microsoft’s cloud data centers

• Microsoft’s newest data center designs are modular and containerized
• The new design allows them to bring new data centers online much more quickly
• The new designs allow the contains to be ‘plug and play’, and results in far less packing materials being required

Round Up

• Syrian hackers deface Anonymous’ social network, apparently retaliation for Anonymous’ attacks against the Syrian governments’ websites
• Some apparent members of Anonymous claim they will attempt to take down facebook on November 5th
• 8 ways to circumvent the PROTECT-IP Act
• DEFCON presentation defeats card and code locks used by Governments in seconds
• How a trivia CompSci decision 40 years ago has haunted us ever since
• How to succeed at working remotely
• Court claims Domain Seizures do not violate your free speech rights
• Landlord leaves 1000s of tenants personal details, and some banking details on an unencrypted USB drive at the pub
• Surprising number of US ISPs hijack their customers’ google searches

Bitcoin Blaster

• Bitcoins were back above $10 USD but have started to slide again
• MyBitcoin Incident Report – August 5th 2011
• Bitcoins hit 7 million total in circulation!
• Mining Factor Chart – Revenue per 100 MHash/s