Show Notes: coder.show/346

The post Serverless Squabbles | Coder Radio 346 first appeared on Jupiter Broadcasting.

Carolyn went from working in data science to mobile developer at Lookout Mobile. She discusses writing “magic hands” to automate her old job & what it’s like to self teach.

Direct Download:

MP3 Audio | OGG Audio | Video | HD Video | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed

Become a supporter on Patreon:

Show Notes:

• Carolyn Dolnick (@CarolynMelissa) | Twitter
• CodePath
• Build products | Christina Cacioppo
• Why Learning to Code is So Damn Hard
• thoughtbot
• Thinkful
• Upcase
• Mobile Security | Lookout, Inc.
• Cookware, Cooking Utensils, Kitchen Decor & Gourmet Foods | Williams-Sonoma

Transcription:

ANGELA: This is Women’s Tech Radio.
PAIGE: A show on the Jupiter Broadcasting Network, interviewing interesting women in technology. Exploring their roles and how they’re successful in technology careers. I’m Paige.
ANGELA: And I’m Angela.
PAIGE: So, Angela, today we talk to Carolyn and she is a recent mobile developer at Lookout. She comes from a data scientist background and we have some really interesting chat about her transition and just all the things that she’s gotten into; what’s been hard, what’s been awesome, and it’s a really good time.
ANGELA: Yeah. And before we get into the interview I just want to mention that you can support Women’s Tech Radio by going to Patreon.com/today. It is a subscription based support of our network. It supports all the shows, but specifically this show, Women’s Tech Radio. So go to Patreon.com/today.
PAIGE: And we got started by asking Carolyn what she’s up to in technology these days.
CAROLYN: Yeah, so I have sort of an interesting story of, or at least I think it’s interesting, of how I got into tech. I was a business major, not sure what I wanted to do with my life. Ended up in operations at a big company, but I always really, really loved data and I just loved spreadsheets and i met someone that let me, sort of taught me SQL and taught me how to be faster with what I was doing with SQL and I found out I really loved SQL. So I sort of just started building from there. I ended up at Lookout which is a mobile security anti malware company and just sort of opened my eyes to a lot of technology. I started as a data analyst. Started managing the data warehouse and then earlier this year just moved over to Android development. So I’m learning a lot. So I’m new to engineering, but I have been speaking engineer, that’s what I say, for a very long time. So right now I”m working on a side project which we’ll be releasing at the end of this year and currently learning RxJava, which is pretty new. It’s really cool, but there’s definitely not really a lot out there about it. So I spend my days currently just really doing a lot of learning.
PAIGE: All right. So I will admit, I am not familiar with RxJava. How is it different than normal Java?
CAROLYN: It deals with like streaming data and so it’s really good for when you’re trying to chain things together without, you know, the data might not be available yet.
PAIGE: Oh, okay. So it’s Java non-blocking?
CAROLYN: Yeah.
PAIGE: Cool. You can probably continue explaining that for the audience.
ANGELA: And me.
PAIGE: Oh yeah.
CAROLYN: Well I’m still wrapping, I was just, like, so I, earlier this year did an online Android boot camp while I was still doing my data job and managing the data team and just sort of doing 20 things at once. And now, once I started to feel like I really got a foothold in Java, we decided to use RxJava and now I’m relearning a lot of things. So it’s still, I’m still feeling like I’m in a foreign country where I don’t speak the language. So I’m definitely, it’s made me actually have this huge respect for Netflix, because they are the ones that wrote the Android library for it and they’re just doing so much cool stuff over there. And they have a lot of good tutorials about it. So I definitely recommend, there’s a podcast about it and the head at Netflix is talking about RxJava. It’s really interesting. So I can add that to the show links for you guys too.
PAIGE: Netflix is really interesting because they, essentially their stack, they’re really stack agnostic where they look at their teams and they say do what you need to do to get your job done. And find the best way to do it. So I know that they have angular, amber, you know, they have imbedded team. The have the RxJava team and they all just kind of talk together because they really piece these pieces out. It’s really fascinating how they’re kind of making that work with being probably one of the biggest data companies in the world right now.
CAROLYN: Yeah. Well they’re definitely finding, you know, if there’s not a tool out there that meets their needs, they’ll build it. I have a friend who’s a doctor and I was explaining this concept to her and she was like this is so weird. She was like, why would they build it and open source it? You know. For me, personally, one of the things I actually stumbled upon in the tech community, which I didn’t really realize, is just the amount of support that people are willing, and companies are willing to give each other. I mean, there’s obviously companies that are competing and hate each other, but at the same time, I’m sure if you got their engineers together they would talk shop and share things they’re doing and it’s really cool. When I decided to be an engineer, late last year, I had so many people that were giving me free materials and helping me and the tech community, like every night of the week you can go to a meetup and have dinner and meet people and have people help you. Which was sort of a happy accident to find out about the tech community in general.
PAIGE: Yeah. I totally love that. And I love that it comes out of some of our roots of open source and being able to reach out and touch each other’s projects and just help out. I was listening to a podcast recently, ironically, and they were talking about how they’d opened sourced their website, kind of, It’s a paid service. The guy was like, I”m shocked because every week we get somebody who just pops in and was like hey I forked your website and made this change, because I found this problem and here it is back. And this guy that fix things is a paid customer of theirs, but he’s still jumping in to fix things for the company. It’s just like-
CAROLYN: Yeah.
PAIGE: Really awesome.
CAROLYN: Yeah. Actually, the boot camp that I did, um, is Code Path, which is a link in the show notes. And what they do is they go out to companies and do consulting and then they also have a boot camp if you are an engineer that you can, if you’re already two or three years in you can go. So I wasn’t like a candidate to be part of their boot camp. And even part of the consulting, my company said they’d pay for it, but they said you really need to learn Java before you do this boot camp. So they gave me all the materials for free. And they just said I could learn it on my own, which was pretty awesome. And had calls with me and sort of got me started on my path, just totally pro bono, which is really awesome.
ANGELA: That is really awesome.
CAROLYN: Yeah.
PAIGE: Very cool. Okay. So as a developer, I have to ask, how is it that it was SQL that grabbed your attention, because most developers I know just absolutely hate working in SQL, like we will avoid it like the plague. I actually kind of got my start in SQL as well, so I do like it, but most people I talk to they’re like I love all this web stuff, please don’t make me write SQL.
CAROLYN: Yeah, so what’s funny is the engineers on my team, when I see the SQL queries are writing I’m like, I’m so happy because that’s a place I can teach them and be like whoa this is not good. So what happened was, I was working for Williams Sonoma, which is, they also own Pottery Barn and they run it as this big monolithic company where they don’t really care if people are efficient and they would be perfectly happy with people just entering data all day instead of making efficient processes or systems. It was my first job out of college so I didn’t really know that life didn’t really have to be like that. So I was spending a lot of time manually going in and doing things and I just so happened to meet someone in my company named Mark Grassgob [ph] who really opened the door for me. He’s like just learn SQL and you can do this job that took you all day, you can do it in like 20 minutes. So it was more just a fact of me being like this is pretty powerful. These people are really living in the dark ages. So we literally wrote a script that would do our jobs for you. We called it magic hands. And then we’d go to coffee and no one that i worked for really — they just wanted us to get the work done. They didn’t know that we could eliminate everyone’s jobs and we’re like — we called it magic hands. It was so funny. We’d unleash magic hands on three computers and then realize oh the system couldn’t take that much input so we’d bring it down to two. And then it would enter in a price of a million dollars for a couch instead of $1,000 or something and so we’d get a call from like, you know, tech team in India overnight when something process blew up, so we definitely had to fine tune magic hands. Then I moved over to the technical team after that, because they sort of saw she can actually be on this team and do this without having really a background. And then once I moved into data, it’s like SQL is king no matter what anyone says about big data and all these big data tools. It really, the backbone of everything is really SQL. So learning how to do efficient queries will make your job so much happier. If you write SQL wrong you’re going to give people wrong answers. So on the data side, you know, SQL just, to me, just made so much sense. But I guess it was sort of the first real programming I ever got my hands on. I love it.
PAIGE: I actually have had a couple friends recently who have asked me, because I kind of learned SQL the hard way by just throwing my head against Access, which is probably the worst interface ever.
CAROLYN: Yeah.
PAIGE: But do you have any good recommendations for books for online resources for SQL, because it’s kind of like this weird black hole where i can learn almost everything else online and I can’t seem to find anything good for SQL.
CAROLYN: The thing about SQL is that you will not be good at it. You will not really get your hands around it until you actually use it. So it’s one of those things where you need access to a dataset and you need questions to answer and then you’ll get it. So there are resources out there. I actually, when I was hiring data analyst as a manager I just created my own dataset and posted it for people and then had them answer some questions to show me they knew SQL or not. It’s really a learning by doing kind of thing. Which I guess most things are. But if you don’t have an interesting dataset to work with and you’re not trying to solve interesting problems, you’re just never going to pick it up. But I haven’t really found, there are available datasets out there and as bad as Access is and it gives you the graphical interface, don’t use that, you need to actually physically write it out. If you use Access, if you get access to a dataset dump it into Access and then use the, just handwriting the SQL, you know, you’ll get it.
PAIGE: Yeah, totally.
ANGELA: So in the form that you filled out before the show you said that you’re still trying to figure out why you never thought to be an engineer before.
CAROLYN: Yeah.
ANGELA: I think there’s a lot of people that don’t know that the way their personality and skills would make them perfect for a position. What would you recommend people do to figure out what best to be or do or try?
CAROLYN: I’ve been thinking about his a lot, actually. When I was younger, I grew up in San Diego and it was very much a beach culture, like very dude broey. It wasn’t cool to be smart when I was a kid. That’s how I felt. I was networking the internet in my parent’s house, like running the wireless, created their wireless, and I was one of the first people on Napster stealing music and creating CDs. I had this little computer in my room and my friends would come over and they’d be in their bikinis like beep, beep, let’s go to the beach. Did you make us CDs? I’m just like, you know, like stealing music off the internet. But to me, it was like, I mean this is like 1998 so I was really probably one of 10,000 people doing this.
PAIGE: We might have shared that stolen music together.
ANGELA: Yeah, I was just going to say, yeah 1998, that was golden year too for Napster and WinAmp.
CAROLYN: Yeah, totally.
PAIGE: It’s really kicks the llama’s ass.
ANGELA: Yeah.
CAROLYN: But for some reason it never crossed my mind that I was really good at this. I was way more interested in it than any of my friends. But instead I just was like, I’m just going to go to the beach and we’re going to try to get beer and do all these things. And I’m trying to figure out why it never crossed my mind to do that. But I also think it was a different time and technology wasn’t, people weren’t talking about technology. People weren’t interested in talking about apps. You know, like 1 in 20 people had a cell phone back then.
ANGELA: Right.
CAROLYN: So I think maybe it was just kind of like that time. When I went to college I was a business major and I thought I would just do business. I wasn’t really sure what I wanted to do. I think I had all the tools and I knew that i loved computers and I loved building things, but I never really had someone set me down. I never really had that career thought. I just sort of followed the path that I thought was laid out. And it really wasn’t until like mid last year that I thought I could really be an engineer and do it. It was really — what sort of tipped me was all these boot camps coming out and people just going and doing it. I had this deep — this thought of what would I do if I could do anything and I wasn’t scared to do it? To me, engineering was it. Lookout was incredibly supportive and let me move teams, which was really great and sort of a rare find in a company that would support someone to do this. So I got really lucky. But, you know, I think now with Women Who Code and a lot of organizations asking these questions of why women aren’t engineers, I think it’s because no one ever asked me and I never asked myself. And now that it’s sort of becoming the norm, you know, I’m hoping that more women will sort of naturally follow the path to be an engineer, because I think if there would have been more of that growing up that I probably would have found that path earlier.
PAIGE: That’s actually a part of why we started the podcast is because, you know, you say oh it was a different time then. And it was actually my conversation with a 16 year old that spawned me to start this, because I had this conversation and the 16 year old is good at math, enjoyed science, liked tech stuff, you know, didn’t do the assembling computers thing because nobody really do that anymore. But I was like, well have you considered being a programer? And she was like, no that’s for boys, right? And I was like, whoa.
ANGELA: Yeah.
PAIGE: And this was last year.
CAROLYN: Yeah.
PAIGE: But I do think it’s changing. I think organizations like Women Who Code Girl Develop It, Chick Tech, all these different things are kind of getting in there and saying hey guys, or hey ladies you can do this too. And there’s no reason, like — like I like to say, girls type just as well as boys.
ANGELA: So I haven’t been to a boot camp, but it seems like that might be, aside from trying to join Women Who Code or another place like that that would support you, but the boot camp might help you. Is it like a conference where you can go and listen or watch different parts of development?
CAROLYN: I did a lot of research on boot camps at the end of last year and there’s some good and — there’s a lot of good, but there’s also a lot of bad. You can’t expect to just go somewhere for three months and then come out and be a fully fledged engineer and be ready to work, you know. So this boot camp is just a once a week for two hours for eight weeks kind of thing. Or I think it’s twice a week for two hours for eight weeks. But they are teaching mobile development to people who are already engineers. They just gave me — they record their lectures and they have all their assignments online and they just gave me access to their materials so I could write — I could work on apps on my own. I’d say it definitely took me a lot longer to get through it and I ended up just doing the parts of the boot camp that really applied to what I”de be working on at Lookout so I could just get up to speed faster, but, you know, their boot camp, there would be like a week of work would take me three weeks or something just to get done. Definitely was like, it took me a while to get through it. But it really is, I couldn’t say enough good things about Code Path. They do some really cool stuff. And they’re really smart guys. Actually, all men, but they do have a lot of women that go to their boot camps, so.
PAIGE: There’s definitely a really wide range of what we’re calling a boot camp right now. We have Codepath which is this kind of part-time thing. ANd there will be other online part-time things. And then there’s even in-person part-time things where you can go in the evenings and it’s a full five days a week. The boot camp that I worked out of is full five days a week. It’s a 16 week program if you do it at night or a 12 week program if you do it in the day. And it is full stack development. You go from the front end all the way through the back end. And I think that’s probably the most common is that it’s essentially two to three months. Some of them go out as far as six months of get in there, get your hands in code, have a portfolio at the end kind of a thing. But agree with you, Carolyn, that you can’t go into a boot camp expecting to come out the other end like a full fledged developer unless you work your butt off. And there are companies hiring beginners. I think that the market is getting a little bit saturated, because there are so many boot camps.
CAROLYN: Yeah.
PAIGE: I’m in Portland, it’s a fairly small city, and I think right now we have five boot camps.
ANGELA: Wow.
PAIGE: And one of them is turning out two classes of 60 people each every 10 weeks.
ANGELA: Wow.
PAIGE: So it’s getting a bit saturated, but the market is still there.
CAROLYN: Yeah, and so I have friends in San Francisco that are recruiters and when I was switching over they were like whoa, whoa, whoa, don’t do boot camp. Don’t do it. We can’t hire people out of boot camps. There’s like 1 out of 20 that are hireable, you know. And so I was like, okay. And I had some talks with them and they were like, you have to — if you’re going to do a boot camp you also have to have another strategy of how you’re still going to become and engineer, you know. You do the boot camp but where are you going to — who is going to take you on as a junior developer? You need to have all those things sort of lined up.
ANGELA: Right.
CAROLYN: Or else you’re just going to do the boot camp and then go do something else.
PAIGE: Yeah. And I think that there are some things coming into the market that are trying to fill that. There’s a couple places like Thoughtbot has apprenticeship programs. A couple of the other bigger dev shops have that where you can kind of transition from beginner into intermediate. And then there’s some online stuff like Think Full or Upcase where you can kind of build those skills after boot camp. And, of course, I’m always a fan; I think the biggest thing in our industry and most industries is mentorship. Like finding a mentor. Finding those people and going out and shaking hands.
ANGELA: Which you’d likely find at Women Who Code or Meetups or-
PAIGE: Totally.
ANGELA: The social aspect of it.
PAIGE: Meatspace as we like to call it.
CAROLYN: Yeah.
PAIGE: For nerd speak.
ANGELA: Whenever I hear meetspace I picture M-E-A-T.
PAIGE: That’s what it means.
ANGELA: Oh. Not M-E-E-T?
PAIGE: No. It’s it’s M-E-A-T.
ANGELA: Oh.
PAIGE: Meatspace.
ANGELA: Why?
PAIGE: Because we’re nerds and it’s not digital, so it’s fleshy, so it’s meat.
ANGELA: Oh my gosh. Okay. Interesting. Okay.
PAIGE: Sorry.
ANGELA: Wow, that’s a great, I’m glad, okay. Continue with the interview.
PAIGE: Yeah. So you talked a little bit. You’ve moved over to the Android team. What’s fun and what’s hard about Android? I haven’t really dug in on Android development. I’ve done some iOS.
CAROLYN: What’s really fun about Android is, you know, day one you can open up your Android Studio and download the STK and create a page. It has like a button, you know, and you can click the button and it can like play a song. You can do that in two days. You can publish it to the app store. You could put it on your phone. There’s definitely this — you can hit and API and pull data back. You know, you could do that in a couple days, learn all that from scratch. So there’s a very easy sort of, like, you know, there’s a link on Learning to Code in the notes where it’s a graph of — at first you, like, peek. It’s like a honeymoon at first. ANd everything seems really easy, but as you sort of start to unfold things, Android is really complicated and there’s 9,000 versions of Android that people are running out there and different sized devices and tablets and people are going to be using your app only on Wifi, and there’s so many things to think about. As you want to do more, you get royally confused very quickly. So it’s cool to just sort of get up and running and get started, but there’s a lot to learn. There’s things you have to think about like battery usage and memory and all these things that you don’t really deal with if you’re a web developer. So it’s definitely a lot to get started. I work on a team where there’s a lot of senior engineers and a lot of people that really know what’s going on, so it’s like, it’s fun but it’s also — you know, you take some hits to your ego a little bit, because I feel like I used to know everything about the data warehouse and stepping into something where you don’t know what’s going on and you really have to feel your way through it, it can be a shot to your ego and how you feel about yourself. I always say, like, sometimes i feel like Tom Hanks, like when I get code reviews, like in a League of Their Own where he’s like, “There’s no crying in baseball.”
PAIGE: Uh-huh.
CAROLYN: Like, I literally have to tell myself, there’s no crying in coding when I get a lot of comments on a code review or I just totally, like — it’s a lot of falling down. A lot.
PAIGE: I’m so glad I’m not the only person that says, there’s no crying in coding.
CAROLYN: Yes, I say that to myself all the time.
PAIGE: Me too.
CAROLYN: It makes me feel better, because at least I’m out there. I’m out there and I”m like, they’re always like, oh no you’re doing really, really good, you just have this — where you just want — I want to be — I don’t want to say, I want to be perfect, but I want to be contributing and I don’t — I want to be getting things done and moving forward and writing really good code and you’re not going to do that when you move into engineering for like a year or two, you know. So just setting those expectations. You just have to lower your expectations for yourself a little bit.
PAIGE: Yeah. I think — this is a talk that I have with a lot of — I meet a lot of junior developers through Women Who Code and explaining to them, like listen I”ve been doing coding for a lot of years as a professional now, and there’s rarely a week that goes by where I don’t go, wow I feel like I know nothing.
CAROLYN: Yeah.
PAIGE: I”m totally Jon Snow. It’s not fun.
CAROLYN: But then when I share that feeling with other developers they’re like, welcome to being an engineer.
PAIGE: Yep, exactly.
CAROLYN: That’s what everyone says to me. They’re like oh you were frustrated all day and the last 10 minutes of your day everything made sense and you got it to run, like that’s your life.
PAIGE: Uh-huh.
CAROLYN: And I kind of love that. Like, personally. I actually really love that. I love working all day on a problem . To me, the day goes by in 30 minutes to me, even if I want to cry sometimes. It’s fun and I feel like I’m using more of my brain than I ever did before.
PAIGE: Yeah, it’s like 30 minutes of success after an entire day of the crying game.
CAROLYN: Yeah.
PAIGE: It’s totally, it’s where you’re at. And I think that knowing that going in, I like to say that programmers need to be eternally optimistic because it will work this time, I swear.
ANGELA: Thank you for listening to this episode of Women’s Tech Radio. Remember you can find a full transcription of this show over in the show notes at JupiterBroadcasting.com. YOu can also subscribe to the RSS feeds.
PAIGE: And while you’re there you could also reach out to us on the contact form. Let us know what you think about the show or any guests you might like to hear. Don’t forget, we’re also on iTunes and if you have a moment leave a review so we know how we’re doing and how we can improve the show. If you’d like to reach out to Angela and I directly, you can use WTR@JupiterBroadcasting.com for an email or check us at at Twitter, @HeyWTR. Thanks for listening.

Transcribed by Carrie Cotter | Transcription@cotterville.net

The post No Crying In Coding | WTR 39 first appeared on Jupiter Broadcasting.

We finally have the answer to how the Target network was physically breached, and it just might make you face-palm.

Plus some urgent Adobe news, the NSA ORCHESTRA program, and a big batch of your questions and our answers.

All that and a heck of a lot more, on this week’s TechSNAP!

Thanks to:

— Show Notes: —

Security Protocols and Evidence

• Researchers at Cambridge propose a new way of thinking about security protocols, designing in to them the facilities required to generate proper evidence to be used in court for dispute resolution
• The goal of the research is to highlight the types of design considerations that should be put into cryptocurrency systems like bitcoin and other payment systems like electronic banking and mobile payment apps
• The research uses EMV (Chip&Pin) as an example and shows how it does not currently provide the evidence required for proper dispute resolution
• The paper outlines 5 design considerations:
• Principle 1: Retention and disclosure.
• Protocols designed for evidence should allow all protocol data and the keys needed to authenticate them to be publicly disclosed, together with full documentation and a chain of custody
• Principle 2: Test and debug evidential functionality.
• When a protocol is designed for use in evidence, the designers should also specify, test and debug the procedures to be followed by police officers, defence lawyers and expert witnesses
• Principle 3: Open description of TCB (trusted computing base)
• Systems designed to produce evidence must have an open specification, including a concept of operations, a threat model, a security policy, a reference implementation and protection profiles for the evaluation of other implementations
• Principle 4: Failure-evidentness.
• Transaction systems designed to produce evidence must be failure-evident. Thus they must not be designed so that any defeat of the system entails the defeat of the evidence mechanism
• Principle 5: Governance of forensic procedures
• The forensic procedures for investigating disputed payments must be repeatable and be reviewed regularly by independent experts appointed by the regulator. They must have access to all security breach notifications and vulnerability disclosures
• The paper then goes on to describe ways these principles could be applied to the existing EMV system to improve its security and dispute resolution facilities

Target Hackers Broke in Via HVAC Company

• Last week, Target told reporters at The Wall Street Journal and Reuters that the initial intrusion into its systems was traced back to network credentials that were stolen from a third party vendor.
• Sources now tell KrebsOnSecurity that the vendor in question was a refrigeration, heating and air conditioning subcontractor that has worked at a number of locations at Target and other top retailers.
• Sources close to the investigation said the attackers first broke into the retailer’s network on Nov. 15, 2013 using network credentials stolen from Fazio Mechanical Services, a Sharpsburg, Penn.-based provider of refrigeration and HVAC systems.
• The HVAC company president confirmed that the U.S. Secret Service visited his company’s offices in connection with the Target investigation
• It’s not immediately clear why Target would have given an HVAC company external network access, or why that access would not be cordoned off from Target’s payment system network.
• According to a cybersecurity expert at a large retailer who asked not to be named because he did not have permission to speak on the record, it is common for large retail operations to have a team that routinely monitors energy consumption and temperatures in stores to save on costs (particularly at night) and to alert store managers if temperatures in the stores fluctuate outside of an acceptable range that could prevent customers from shopping at the store.
• Sources said that between Nov. 15 and Nov. 28 (Thanksgiving and the day before Black Friday), the attackers succeeded in uploading their card-stealing malicious software to a small number of cash registers within Target stores.
• Those same sources said the attackers used this time to test that their point-of-sale malware was working as designed.
• While some reports on the Target breach said the stolen card data was offloaded via FTP communications to a location in Russia.
• Sources close to the case say much of the purloined financial information was transmitted to several “drop” locations.
• These were essentially compromised computers in the United States and elsewhere that were used to house the stolen data and that could be safely accessed by the suspected perpetrators in Eastern Europe and Russia.
• These compromised hosts serve as cut-outs, after the stolen data is copied from them by the attacker, the logs can be erased to break the trail of evidence

Adobe announces emergency patch for Flash Player, flaw being exploited in the wild

• Adobe has issues an emergency security advisory for all versions of Flash Player
• Adobe released 12.0.0.44 for Windows and Mac, and 11.2.202.336 for Linux and FreeBSD
• Bundled versions for Chrome (12.0.0.41) and Internet Explorer (12.0.0.38) were also updated to 12.0.0.44
• “These updates resolve an integer underflow vulnerability that could be exploited to execute arbitrary code on the affected system (CVE-2014-0497).”
• Researchers Alexander Polyakov and Anton Ivanov of Kaspersky Lab discovered an exploit for the vulnerability being used in the wild and reported it to Adobe
• Adobe has released no further details about the ongoing attack
• Researcher’s Post
• “During the past months we have been busy analysing yet another sophisticated cyberespionage operation which has been going on at least since 2007, infecting victims in 27 countries. We deemed this operation “The Mask” for reasons to be explained later”
• “The “Mask” is leveraging high-end exploits, an extremely sophisticated malware which includes a bootkit and rootkit, Mac and Linux versions and a customized attack against Kaspersky products. This is putting them above Duqu in terms of sophistication, making it one of the most advanced threats at the moment”
• “Most interesting, the authors appears to be native in yet another language which has been observed very rarely in APT attacks.“
• The language in question appears to be Korean
• Kaspersky Labs have released more technical details about the exploit
• Additional Coverage

Feedback:

• Alternative to shared users
  • FUDO Security Appliance
• Where Puppet ends
• FreeNAS Jails ??
• How do sites save card information?

Round Up:

• Gates Spends Entire First Day Back in Office Trying to Install Windows 8.1
• Why the USA doesn’t have Chip&Pin yet
• Skype ads in rotation have been compromised
• 2014 will be the year of encryption and the summer of Key Management
• CBS screws up Superbowl security
• Finnish hacker decodes GPS signal in youtube video of helicopter tracking a police chase
• Mass hack attack on Yahoo Mail accounts prompts password reset
• FBI is looking for a vendor to sell it a constant stream of malware, appears to not understand researches collect and share these for free
• British intelligence used DDoS tactics against Anonymous, Snowden documents show
• NSA operation ORCHESTRA – a ficticious NSA briefing, Closing key-note of FOSDEM 2014

The post Targeting the HVAC | TechSNAP 148 first appeared on Jupiter Broadcasting.