Code push done!

Aug. 29th, 2015 10:00 pm
[staff profile] karzilla posting in [site community profile] dw_maintenance
We're updating the site momentarily! Once the dust settles, please let us know if anything isn't working as expected. I'll edit the entry here if we confirm any issues.

Update, 22:30: We've been done for about 30 minutes and haven't seen any issues, so please go ahead and let us know if you notice any problems!

Artist Training Ground V, Day Eight

Aug. 29th, 2015 08:50 pm
ponyville_trot: Six cartoon ponies in a huddle (Default)
[personal profile] frith posting in [community profile] ponyville_trot
Overclocked_by_sintakhra
Source: http://sintakhra.deviantart.com/art/Artist-Training-Ground-Day-8-556909259

It's day eight, and on this day of the Newbie Artist Training Grounds, the assignment is: "Draw a pony cooling off/Draw a pony chilling", making this definitely a summer theme. I expect that there's going to be a back to school prompt next. The submitter for this one is here, with the pictures ending up in this gallery here. The official deadline is midnight MDT (3 am EDT).

Code push!

Aug. 29th, 2015 01:12 pm
[staff profile] karzilla posting in [site community profile] dw_maintenance
[staff profile] mark and I are planning to do a code push tonight! We will start working around 7pm Pacific time but since it's my first time, the actual push to the site probably won't happen until closer to 8pm Pacific time.

Here's a partial list of changes that will go live with this push:

  • Rename swaps will accept rename tokens purchased on either account.

  • OpenID community maintainers will be able to edit tags on community entries.

  • Adorable new mood theme called "angelikitten's Big Eyes".

  • Username tag support for lj.rossia.org.

  • Embedded content support for screen.yahoo.com and zippcast.com.

  • Additional space on the user profile page to list your Github username.


And as usual, many tweaks, small bugfixes, and the occasional page source rewrite.

We'll update again to let you know when the code push is in progress!

Being Productive Offline

Aug. 29th, 2015 02:00 am
[syndicated profile] accidentallyincode_feed

Posted by Cate

shows a productivity of 89%

Rescue Time score from my flight

Normally I embrace flights as a chance to generally disconnect (who else is unenthused about in-flight wifi? Holla!). I read, sometimes I write, but I’m not too concerned about “achieving things”. Sometimes I try to find something to work on offline, typically at the last minute in the lounge and it’s not been very successful.

This last trip though… with so much going on and an 11 hour flight in business class (my travel agent got me a deal – yay!) I saw it as a chance to do some Real Work whilst disconnected. 

One thing I think we lose by living “in the cloud” is that our computers have become portals to other people’s data centres and without internet much of what we do day to day doesn’t work. So it’s important to be organised.

I finally figured out how to be effective offline.

  • In the week or so leading up to it, I started tagging things in my trello board with a label to mean that this could be done offline.
  • I organised my Google Drive, made sure things were shared with the right account (offline multi-account support is lacking) and sync’d the folders that I needed to my computer.
  • I don’t entirely trust Google Drive to work offline so I also downloaded reference things as a pdf as a backup (turns out: good decision).
  • The day before I went through my “offline” tagged things and moved them to a plain text document (Trello offline support is sketchy).
  • I collected things I needed (e.g. blog posts I’d written that I was building a talk from) with the list or in another plain text document.
  • I made sure my GitHub repos were sync’d to my laptop.

When I got on the plane I was good to go! Key things that made a difference:

  • I had a choice of things to do. Because I’d been organised I had around 5 significant projects to work on. I got through two. Turns out I was in the mood for refactoring, so I got through a bunch of coding tasks on Show and Hide, and then refreshed the slide deck for our workshop.
  • I’d identified a bunch of coding stuff that was really straight forward where I wouldn’t need to look things up.
  • I’m not usually a fan of “work on what I feel like” but having not had a huge amount of sleep, it was nice to take on a task that didn’t require me to be creative.
  • Noise cancelling headphones. I love these Bose ones (Amazon), but they are pricy.
  • Not gonna lie, being in business class. I had a little nap, and some delicious food, then feeling refreshed, I got to work.

Afterwards:

  • The slide deck I put in the Google Drive folder, the next time I connected it sync’d to the cloud and Chiu-Ki could see it. No need to remember anything!
  • Code was a little tricker. I’d done a significant refactoring and branches had built on each other. I kept a list of what order they were in, and then spent around an hour creating and reviewing my own pull requests early the next morning (yay early morning jet lag productivity).
  • I caught up Trello on what I’d got done.
  • Because I had prepped more stuff than I had got through I am covered for a bunch more time offline! A lot of it falls under important but not urgent and it’s nice to have time to focus there. My next long-ish flight, I picked up where I left off and made some more progress.

Artist Training Ground V, Day Seven

Aug. 28th, 2015 08:14 pm
ponyville_trot: Six cartoon ponies in a huddle (Default)
[personal profile] frith posting in [community profile] ponyville_trot
at_the_beach_by_onegutsypony
Source: http://onegutsypony.deviantart.com/art/At-the-Beach-ED-ATG-2015-Day-7-556801659

It's day seven, and on this day of the Newbie Artist Training Grounds, the assignment is: "Draw a pony at the beach/Draw a pony catching rays". The submitter for this one is here, with the pictures ending up in this gallery here. The official deadline is midnight MDT (3 am EDT).
[syndicated profile] bruce_schneier_feed

Posted by schneier

Beautiful diorama.

As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.

Mickens on Security

Aug. 28th, 2015 03:58 pm
[syndicated profile] bruce_schneier_feed

Posted by schneier

James Mickens, for your amusement. A somewhat random sample:

My point is that security people need to get their priorities straight. The "threat model" section of a security paper resembles the script for a telenovela that was written by a paranoid schizophrenic: there are elaborate narratives and grand conspiracy theories, and there are heroes and villains with fantastic (yet oddly constrained) powers that necessitate a grinding battle of emotional and technical attrition. In the real world, threat models are much simpler (see Figure 1). Basically, you're either dealing with Mossad or not-Mossad. If your adversary is not-Mossad, then you'll probably be fine if you pick a good password and don't respond to emails from ChEaPestPAiNPi11s@virus-basket.biz.ru. If your adversary is the Mossad, YOU'RE GONNA DIE AND THERE'S NOTHING THAT YOU CAN DO ABOUT IT. The Mossad is not intimidated by the fact that you employ https://. If the Mossad wants your data, they're going to use a drone to replace your cellphone with a piece of uranium that's shaped like a cellphone, and when you die of tumors filled with tumors, they're going to hold a press conference and say "It wasn't us" as they wear t-shirts that say "IT WAS DEFINITELY US," and then they're going to buy all of your stuff at your estate sale so that they can directly look at the photos of your vacation instead of reading your insipid emails about them. In summary, https:// and two dollars will get you a bus ticket to nowhere. Also, SANTA CLAUS ISN'T REAL. When it rains, it pours.

German BfV - NSA Cooperation

Aug. 28th, 2015 09:23 am
[syndicated profile] bruce_schneier_feed

Posted by schneier

The German newspaper Zeit is reporting the BfV, Germany's national intelligence agency, (probably) illegally traded data about Germans to the NSA in exchange for access to XKeyscore. From Ars Technica:

Unlike Germany's foreign intelligence service, the Bundesnachrichtendienst (BND), the domestic-oriented BfV does not employ bulk surveillance of the kind also deployed on a vast scale by the NSA and GCHQ. Instead, it is only allowed to monitor individual suspects in Germany and, even to do that, must obtain the approval of a special parliamentary commission. Because of this targeted approach, BfV surveillance is mainly intended to gather the content of specific conversations, whether in the form of e-mails, telephone exchanges, or even faxes, if anyone still uses them. Inevitably, though, metadata is also gathered, but as Die Zeit explains, "whether the collection of this [meta]data is consistent with the restrictions outlined in Germany's surveillance laws is a question that divides legal experts."

The BfV had no problems convincing itself that it was consistent with Germany's laws to collect metadata, but rarely bothered since­ -- remarkably­ -- all analysis was done by hand before 2013, even though metadata by its very nature lends itself to large-scale automated processing. This explains the eagerness of the BfV to obtain the NSA's XKeyscore software after German agents had seen its powerful metadata analysis capabilities in demonstrations.

It may also explain the massive expansion of the BfV that the leaked document published by Netzpolitik had revealed earlier this year. As Die Zeit notes, the classified budget plans "included the information that the BfV intended to create 75 new positions for the 'mass data analysis of Internet content.' Seventy-five new positions is a significant amount for any government agency."

Note that the documents this story is based on seem to have not been provided by Snowden.

[syndicated profile] krebsonsecurity_feed

Posted by BrianKrebs

Authorities in the United Kingdom this week arrested a half-dozen young males accused of using the Lizard Squad’s Lizard Stresser tool, an online service that allowed paying customers to launch attacks capable of taking Web sites offline for up to eight hours at a time.

The Lizard Stresser came to prominence not long after Christmas Day 2014, when a group of young n’er-do-wells calling itself the Lizard Squad used the tool to knock offline the Sony Playstation and Microsoft Xbox gaming networks. As first reported by KrebsOnSecurity on Jan. 9, the Lizard Stresser drew on Internet bandwidth from hacked home Internet routers around the globe that are protected by little more than factory-default usernames and passwords. The LizardStresser service was hacked just days after that Jan. 9 story, and disappeared shortly after that.

The Lizard Stresser's add-on plans. In case it wasn't clear, this service is *not* sponsored by Brian Krebs.

The Lizard Stresser’s add-on plans. In case it wasn’t clear, this service was *not* sponsored by Brian Krebs as suggested in the screenshot.

“Those arrested are suspected of maliciously deploying Lizard Stresser, having bought the tool using alternative payment services such as Bitcoin in a bid to remain anonymous,” reads a statement from the U.K.’s National Crime Agency (NCA). “Organisations believed to have been targeted by the suspects include a leading national newspaper, a school, gaming companies and a number of online retailers.”

The NCA says investigators also in the process of visiting 50 addresses linked to individuals registered on the Lizard Stresser Website but who haven’t yet carried out any apparent attacks. The agency notes that one-third of those individuals are below the age of 20, and that its knock-and-talk efforts are part of its wider work to address younger people at risk of entering into serious forms of cybercrime.

According to research published this month, the Lizard Stresser had more than 176 paying subscribers who launched more than 15,000 attacks against 3,907 targets in the two months the service was in operation.

For more information about how to beef up the security your Internet router, check out the “Harden Your Hardware” subsection in the post Tools for a Safer PC.

Further reading:

Stress-Testing the Booter Services, Financially

Story Category: DDoS-for-Hire

Finnish Decision is Win for Internet Trolls

Who’s In the Lizard Squad?

Crooks Use Hacked Routers to Aid Cyberheists

Spam Uses Default Passwords to Hack Routers

Friday Favs 8/28/15

Aug. 28th, 2015 01:01 pm
[syndicated profile] cakewrecks_feed

Posted by Jen

Heather asked her bakery if they could add a unicorn to her cookie cake.

They said - and this is a direct quote - "Yes."

"YES."

So just so we're clear: the professional baking people said yes, they could add a unicorn to Heather's cookie cake.

NOOOOOOOOO

 

"Little did the princesses know that directly above their heads..."

"... lurked the tragically misunderstood tentacle volcano optometrist.

 

I hear it ain't easy.

 

"Hey Sal, this drunk melting blue cat just isn't weird enough, you know? Anything else we can add?"

AHA! Pirate chest hat!
PERFECT.

 

Occasions That Call For Sh*t Balloons:

- Your First Hemorrhoid
- Anniversary of Your First Hemorrhoid
- Someone Else Asked About Your Hemorrhoid
- The Hemorrhoid Cream Worked!
- Your Boss's Birthday

 

Thanks to Heather C., Marie S., Chris H., Joy J., & Michele A. for the crappy occasions.

*****

Thank you for using our Amazon links to shop! USA, UK, Canada.

And from my other blog, Epbot:


[syndicated profile] epbot_feed

Posted by Jen

Time for another month's best art finds! I spotted almost all of these during Tampa Bay Comic-Con.



"San"

 "Spider-Gwen"

 "Mononoke Hime Inspired Deer God"

Absolutely gorgeous. Prints come in a huge variety of sizes & materials, and start at just $10 in Biggers Etsy shop.


I'm a big fan of papercutting, so John and I spent a while ogling The Paper Pony's booth:


These are made by a husband-and-wife team, and we ended up chatting with the hubs, Brian, quite a while. Super sweet guy. Their pieces start at $35 for the individually framed ponies up there, and go up to $100 for this insanely intricate Wind Walker design:


As their name suggests they make LOTS of different MLP art, but there are plenty of other fandoms, too, from Mario to Buffy to Totoro. Go see their Etsy shop for the rest!


"Inked Belle" by Joel Santana

LOVE her tattoos. And check out little Chip!

Joel does sell prints, but it looks like his online shop is down for maintenance right now. Maybe watch his Facebook page for updates?

Oh, and I talked John into buying that print at Tampa Comic-Con, but he was so embarrassed - and still is - that I don't think he'll ever hang it up. So you guys MAY be getting a new prize option on the give-away board later. ;)


Fantastic colors from Luis Santiago, aka Pertheseus:

 

You can see all of his work on DeviantArt, and he sells some prints here on Redbubble. (You can also follow him on Facebook!)


Iron Giant by Kalli LeFav:

I bought a small version for the board, but you can buy larger sizes here, starting at $15.

I couldn't find the other two prints I got from Kalli on any of her various sites, which is frustrating. (I find most artists have an average of 4-6 different websites/social media accounts, each with a different assortment of art. It... gets really confusing. :/)

Anyhoo, here's a low quality scan of my favorite of hers:

 Isn't it gorgeous? You can follow Kalli on Facebook, and see more of her prints in this online store.


New droid print from my friend Christie Cox:

This and her other prints are just $5! Here's her Etsy shop for the rest.


Will Pigg also has some STUNNING paper art, including these intricate hand-cut silhouettes:
 
He frames them between two pieces of glass, so the white sections are actually clear. 

 They have an elegant, almost art nouveau feel. Love.

Check out all the tiny details in this Princess Bride one:

The papercuttings are $45 at Will's Etsy shop - or more, if you want them framed.

Oh! And Will also paints! John fell for this sad, crooked little TARDIS, and had to buy a print:

Small prints start at just $10. Go see the rest!


Erich Schoenholtz is a new artist with some fun, retro-styled comic posters:




Really punchy in person, especially in large sizes. Erich doesn't sell online yet, so I bought the Cap one for the give-away board. Give Erich a follow on Facebook, and while you're at it, tell him to open an online shop!


Some pretty watercolors by Jessica Thomas:


These prints start at just $3! 

Her ACEOs are also quite drool-worthy:
 
So... tempted....

Lots more goodies - from bookmarks to stickers to pins - in Jessica's Etsy shop.


I had to buy these 2 poster prints from James Mascia:


See why? :)

Lots more in his DeviantArt Gallery, but sadly James doesn't sell his art online. Those two are going on the give-away board, though, so at least you can win them here!


For you parents, here's something fun from the Epbot P.O. Box: David Zobel sent me his new "Monsterbet" book:



Really delightful stuff, and there are a few bonus coloring pages at the end of the book.
Then David sweetened the surprise by including this:
AWW YEAAAAH, monstrous EPBOT! Woot woot!

You can buy prints of David's monsters, plus his book, PLUS custom name plates like mine, here at his website.


I've featured Katrina of Kicking Cones before, but she's come out with some fabulous new (to me) pieces. In fact, John and I kept coming back to buy more of her stuff! John got this for his man cave:
And I got this one:
I don't usually go for words on art, but this one socked me right in the gut. Love it.

Katrina likes to combine two of my favorite things: cuteness, and PUNS:

Where my math nerds at?

 We got this one on a coffee mug for a friend:
 And this happens to be the only print in Katrina's Etsy shop for some reason. Uh... Katrina? MOAR PLS.


And finally, an original marker sketch we picked up from Kit Steele:

This was just an ink sketch at first, and Kit actually never intended for him to look like Figment. Isn't he the spitting image, though? So we asked her to add some Figmenty colors. :)

Kit doesn't sell online, but she goes to LOTS of conventions. Give her a follow on Facebook to keep up.


Phew, lotta art this month! Hope you guys enjoyed. Now, as always, comment below for a chance to win your choice of art from my Pinterest Art Give-Away Board!

In addition to my one wildcard winner, I'll ALSO be choosing 2 winners for these original pieces of art:


So if you like either (or both!) of these, let me know in your comment so I can enter you in the extra drawings.

Winners will be randomly selected in a few days, and internationals are always welcome. Happy commenting!
[syndicated profile] female_cs_feed

Posted by Gail Carmichael

This blog post originates from the Heidelberg Laureate Forum Blog. The 3rd Heidelberg Laureate Forum is dedicated to mathematics and computer sciences, and takes place August 23-28, 2015. Abel, Fields, Turing and Nevanlinna Laureates will join the forum and meet 200 selected international young researchers.

I've long had a special interest in computer science education. I recently worked as a full time lecturer for two years, and I have been designing and delivering outreach initiatives for more than seven. So when it came time to request interviews with this year's HLF Laureates, John Hopcroft, who created one of the world's first computer science courses, caught my attention.

I began our conversation by introducing my interests in education, and right away Hopcroft pointed out that there is so much talent distributed around the world, but that educational opportunities are not so widely available. This has been in the case in China, for example, where Hopcroft has been working; he says their educational system needs help, and they know it. Of course, improving education everywhere is important. Hopcroft points out that as we move more and more into an intellectual economy, we need to better prepare our workforce.

John Hopcroft during his lecture at #hlf13 ©HLFF // C.Flemming - All rights reserved 2013

For me, this means ensuring that we educate everyone with at least the basics of computing. Right now, the field of computer science is not very diverse. For example, in the United States, according to the National Centre for Women & Information Technology, only 18% of computer and information science bachelor degrees went to women in 2013, and women made up only 26% of the computing workforce. Hopcroft suggests that one factor in a rather complicated issue is that women seem to want to help people, while men are satisfied by learning more abstract things. This idea validates my own theory that many men are often happy to primarily learn about the tools of computing (code, hardware, etc) for the sake of it, while women tend to want to know what you can do with these tools.

So what was the diversity like in Hopcroft's very first computer science class? Understandably, he wasn't really aware of diversity at the time. After all, there was enough to worry about, like figuring out how to teach one of the world's first courses on computer science despite having a background in electrical engineering. Ed McCluskey asked Hopcroft to teach the course, and in doing so, Hopcroft found himself becoming one of the world's first computer scientists. This lead him to be at the top of the list whenever anyone needed a computer scientist for, say, an important committee, thus giving him opportunities that for most disciplines wouldn't be possible until close to retirement. Hopcroft admitted he feels lucky for the way things worked out, and credits Ed for making it possible.

After learning that Hopcroft's first courses covered automata theory, I wanted to know what he thought the best computer science teachers do more generally. He told me he went into teaching because of the impact his many world-class teachers had on him at every stage of his education – he wanted to do the same. To be a great educator, he told me, it is not about the content, which anyone can specify. The single most important thing is to make sure your students know you care.

I was curious what Hopcroft thought of recently proposed active learning techniques like peer instruction and flipped classrooms. He said he didn't have any experience with them, so couldn't really comment. However, he did reveal that he still uses the blackboard during lectures – that way, he can change his lecture on the fly according to student needs. I pointed out that this could be considered a form of active learning, as there would be a feedback loop in the classroom. He did point out that techniques like the flipped classroom have some hidden concerns. For example, one must consider the credit hours a course is worth. If you are shifting what was done during lecture into videos or reading ahead of time, are you adding more pressure to the students' time?

I quite enjoyed my conversation with Hopcroft, and will leave you with some advice that he gives his students. Don't focus on what your advisors have done in their careers; their work was done in an era where the focus was on making computer systems useful. Look instead to the future, when we will be focussing on doing useful things with computers.


Artist Training Ground V, Day Six

Aug. 27th, 2015 10:07 pm
ponyville_trot: Six cartoon ponies in a huddle (Default)
[personal profile] frith posting in [community profile] ponyville_trot
candy_checkers_by_johansrobot
Source: http://johansrobot.deviantart.com/art/Candy-Checkers-ATG-V-556493496

It's day 6, and on this day of the Newbie Artist Training Grounds, the assignment is: "Draw a pony playing games/Draw a pony champion". The submitter for this one is here, with the pictures ending up in this gallery here. The official deadline is midnight MDT (3 am EDT).
[syndicated profile] krebsonsecurity_feed

Posted by BrianKrebs

The FBI today warned about a significant spike in victims and dollar losses stemming from an increasingly common scam in which crooks spoof communications from executives at the victim firm in a bid to initiate unauthorized international wire transfers. According to the FBI, thieves stole nearly $750 million in such scams from more than 7,000 victim companies in the U.S. between October 2013 and August 2015.

athook

In January 2015, the FBI released stats showing that between Oct. 1, 2013 and Dec. 1, 2014, some 1,198 companies lost a total of $179 million in so-called business e-mail compromise (BEC) scams, also known as “CEO fraud.” The latest figures show a marked 270 percent increase in identified victims and exposed losses. Taking into account international victims, the losses from BEC scams total more than $1.2 billion, the FBI said.

“The scam has been reported in all 50 states and in 79 countries,” the FBI’s alert notes. “Fraudulent transfers have been reported going to 72 countries; however, the majority of the transfers are going to Asian banks located within China and Hong Kong.”

CEO fraud usually begins with the thieves either phishing an executive and gaining access to that individual’s inbox, or emailing employees from a look-alike domain name that is one or two letters off from the target company’s true domain name. For example, if the target company’s domain was “example.com” the thieves might register “examp1e.com” (substituting the letter “L” for the numeral 1) or “example.co,” and send messages from that domain.

Unlike traditional phishing scams, spoofed emails used in CEO fraud schemes are unlikely to set off spam traps, because these are targeted phishing scams that are not mass e-mailed. Also, the crooks behind them take the time to understand the target organization’s relationships, activities, interests and travel and/or purchasing plans.

They do this by scraping employee email addresses and other information from the target’s Web site to help make the missives more convincing. In the case where executives or employees have their inboxes compromised by the thieves, the crooks will scour the victim’s email correspondence for certain words that might reveal whether the company routinely deals with wire transfers — searching for messages with key words like “invoice,” “deposit” and “president.”

On the surface, business email compromise scams may seem unsophisticated relative to moneymaking schemes that involve complex malicious software, such as Dyre and ZeuS. But in many ways, the BEC attack is more versatile and adept at sidestepping basic security strategies used by banks and their customers to minimize risks associated with account takeovers. In traditional phishing scams, the attackers interact with the victim’s bank directly, but in the BEC scam the crooks trick the victim into doing that for them.

Business Email Compromise (BEC) scams are more versatile and adaptive than more traditional malware-based scams.

Business Email Compromise (BEC) scams are more versatile and adaptive than more traditional malware-based scams.

In these cases, the fraudsters will forge the sender’s email address displayed to the recipient, so that the email appears to be coming from example.com. In all cases, however, the “reply-to” address is the spoofed domain (e.g. examp1e.com), ensuring that any replies are sent to the fraudster.

The FBI’s numbers would seem to indicate that the average loss per victim is around $100,000. That may be so, but some of the BEC swindles I’ve written about thus far have involved much higher amounts. Earlier this month, tech firm Ubiquiti Networks disclosed in a quarterly financial report that it suffered a whopping $46.7 million hit because of a BEC scam.

In February, con artists made off with $17.2 million from one of Omaha, Nebraska’s oldest companies — The Scoular Co., an employee-owned commodities trader. According to Omaha.com, an executive with the 800-employee company wired the money in installments last summer to a bank in China after receiving emails ordering him to do so.

In March 2015, I posted the story Spoofing the Boss Turns Thieves a Tidy Profit, which recounted the nightmarish experience of an Ohio manufacturing firm that came within a whisker of losing $315,000 after an employee received an email she thought was from her boss asking her to wire the money to China to pay for some raw materials.

The FBI urges businesses to adopt two-step or two-factor authentication for email, where available, and/or to establish other communication channels — such as telephone calls — to verify significant transactions. Businesses are also advised to exercise restraint when publishing information about employee activities on their Web sites or through social media, as attackers perpetrating these schemes often will try to discover information about when executives at the targeted organization will be traveling or otherwise out of the office.

Consumers are not immune from these types of scams. According to a related advisory posted the FBI today, in the three months between April 1, 2015 and June 30, 2015, the agency received 21 complaints from consumers who suffered losses of nearly $700,000 after having their inboxes hijacked or spoofed by thieves. The FBI said it identified approximately $14 million in attempted losses associated with open FBI investigations into such crimes against consumers.

[syndicated profile] adulting_feed

There is nothing worse than being lost in a kitchen. Also, this way you can be like, “Yeah, help yourself to anything, feel free to cook!”

This is also useful if your significant other doesn’t approve/refuses to learn your unorthodox yet totally valid kitchen organizational plan (ahem, David.)

image

Iranian Phishing

Aug. 27th, 2015 12:36 pm
[syndicated profile] bruce_schneier_feed

Posted by schneier

CitizenLab is reporting on Iranian hacking attempts against activists, which include a real-time man-in-the-middle attack against Google's two-factor authentication.

This report describes an elaborate phishing campaign against targets in Iran's diaspora, and at least one Western activist. The ongoing attacks attempt to circumvent the extra protections conferred by two-factor authentication in Gmail, and rely heavily on phone-call based phishing and "real time" login attempts by the attackers. Most of the attacks begin with a phone call from a UK phone number, with attackers speaking in either English or Farsi.

The attacks point to extensive knowledge of the targets' activities, and share infrastructure and tactics with campaigns previously linked to Iranian threat actors. We have documented a growing number of these attacks, and have received reports that we cannot confirm of targets and victims of highly similar attacks, including in Iran. The report includes extra detail to help potential targets recognize similar attacks. The report closes with some security suggestions, highlighting the importance of two-factor authentication.

The report quotes my previous writing on the vulnerabilities of two-factor authentication:

As researchers have observed for at least a decade, a range of attacks are available against 2FA. Bruce Schneier anticipated in 2005, for example, that attackers would develop real time attacks using both man-in-the-middle attacks, and attacks against devices. The"real time" phishing against 2FA that Schneier anticipated were reported at least 9 years ago.

Today, researchers regularly point out the rise of "real-time" 2FA phishing, much of it in the context of online fraud. A 2013 academic article provides a systematic overview of several of these vectors. These attacks can take the form of theft of 2FA credentials from devices (e.g. "Man in the Browser" attacks), or by using 2FA login pages. Some of the malware-based campaigns that target 2FA have been tracked for several years, are highly involved, and involve convincing targets to install separate Android apps to capture one-time passwords. Another category of these attacks works by exploiting phone number changes, SIM card registrations, and badly protected voicemail

Boing Boing article. Hacker News thread.

Open Belly, Insert Foot

Aug. 27th, 2015 01:00 pm
[syndicated profile] cakewrecks_feed

Posted by Jen

Friends, countrypersons, CCC-makers (ptooie!):

I've tried to be reasonable.

I've tried to show you the appetite-killing effects of edible mommy bodies:

I've tried to show you the cannibalistic undertones, the disturbing ramifications, and the flat-out creepiness of neck stumps and booby slices.

I've even shared with you the horror stories of raspberry fillings, plastic baked-in babies, and mock C-sections!

All to no avail.

And now - NOW - bakers are adding an homage to the scariest scene in Ghostbusters. Because that scene with the demon dogs pressing their faces through the door? [sing-song] A-DOR-ABLE!

Quick! GET OUT OF THE ARMCHAIR, DANA!!

 

Sure, they might have started out small...

"Aw, lookit da cutesy-wootsy lil' foot sticking out! Haha! So sweet!"

 

...but it wasn't long before bakers were pushing the boundaries of what anyone could stomach.

Literally.

(Also, ow.)

 

And because more is ALWAYS better...

"Leeeet ussss ooooouuuut!!"

 

...it wasn't long before the laws of physics went completely out the window:

Sweet mercy, woman, TELL ME you're getting an epidural.

 

So I ask you, fellow citizens, are we to stand for this? Or will we put our foot down, stop toeing the line, and kick belly cakes to the curb once and for all?!

Hey, wait a second. You just saved these photos to your "inspiration" folder, didn't you, bakers? YOU'RE NOT EVEN LISTENING TO ME, are you??

Oh, fine. Just send me photos when you're done, and we'll call it even.

 

Thanks to Amy U., Elizabeth M., Alanna E., Amanda R., Mary V., & Holly T. for today's belly laughs.

*****

Thank you for using our Amazon links to shop! USA, UK, Canada.

And from my other blog, Epbot:


[syndicated profile] female_cs_feed

Posted by Gail Carmichael

This blog post originates from the Heidelberg Laureate Forum Blog. The 3rd Heidelberg Laureate Forum is dedicated to mathematics and computer sciences, and takes place August 23-28, 2015. Abel, Fields, Turing and Nevanlinna Laureates will join the forum and meet 200 selected international young researchers.

The Anita Borg Institute is a non-profit organization "on a quest to accelerate the pace of global innovation by working to ensure that the creators of technology mirror the people and societies who use it." For many years, ABI has supported women in technology through programs like the Grace Hopper Celebration of Women in Computing and through research.

One of ABI's initiatives is called Systers, originally a mailing list for women in systems computing and now a community for all women in technology. Today, Systers donate money to help supportPass-It-On Awards, "intended as means for women established in technological fields to support women seeking their place in the fields of technology." Each award winner has a moral obligation to somehow pass the benefits of the award on, broadening the its impact.

One of this year's Pass-It-On winners is Foghor Tanshi, a Nigerian researcher currently teaching at the Federal University of Petroleum Resources. Tanshi received financial support for travel to this year's Heidelberg Laureate Forum, where she hopes to launch her research career.

I asked Tanshi a few questions about her involvement with computer science, and would like to share some of her answers here.

Image courtesy of Foghor Tanshi

Gail Carmichael: Why did you get interested in computer science?

Foghor Tanshi: Because it is a field that easily finds application in a variety of other fields of endeavour. This particularly appeals to me because I enjoy applying my knowledge to new challenges.

GC: What is your research area? What made you interested in it?

FT: I have broad interests in machine learning applications in natural language processing and robotic motion and vision. This was inspired by the most basic need for machines – they make work easier. I am therefore interested in these interconnected research areas because they enable the development of collaborative and assistive technologies for humanity, e.g language-based teaching aids, human-robots collaborative manufacturing systems, etc.

GC: You also have an interest in computer science education. Can you tell me more about that?

FT: I am presently a computer science educator and plan to continue for most of my life because I am interested in inspiring – by any available means – more students (especially female Nigerian students) to use its techniques to solve problems. This is because of the fact that computer science tends to play an important role in the achievement of flexible solutions.

GC: What made you want to come to HLF?

FT: As one pursuing a career in research, it promises an opportunity to network and acquire vital information from Laureates in computer science and mathematics that would launch the next stage of my career. It would also provide an opportunity to share my research and meet potential collaborators, partners, mentors and friends.

GC: What was the role of the Systers Pass-It-On award in your ability to attend HLF?

FT: The Systers PIO enabled me make pre-travel and travel arrangements towards attending the forum.

GC: What are you most looking forward to at HLF?

FT: To re-live several years of knowledge and experience through the laureates. This would mean learning as much as possible within a short period of time; wisdom (for navigating a research career) that they acquired in a lifetime.



[syndicated profile] bruce_schneier_feed

Posted by schneier

In the wake of the recent averted mass shooting on the French railroads, officials are realizing that there are just too many potential targets to defend.

The sheer number of militant suspects combined with a widening field of potential targets have presented European officials with what they concede is a nearly insurmountable surveillance task. The scale of the challenge, security experts fear, may leave the Continent entering a new climate of uncertainty, with added risk attached to seemingly mundane endeavors, like taking a train.

The article talks about the impossibility of instituting airport-like security at train stations, but of course even if were feasible to do that, it would only serve to move the threat to some other crowded space.

Travels in Peru: Machu Picchu

Aug. 26th, 2015 07:50 pm
pleia2: (Default)
[personal profile] pleia2

Our trip to Peru first took us to the cities ofLima and Cusco. We had a wonderful time in both, seeing the local sites and dining at some of their best restaurants. But if I’m honest, we left the most anticipated part of our journey for last, visiting Machu Picchu.

Before I talk about our trip to Machu Picchu, there are a few things worthy of note:

  1. I love history and ruins
  2. I’ve been fascinated by Peru since I was a kid
  3. Going to Machu Picchu has been a dream since I learned it existed

So, even being the world traveler that I am (I’d already been to Asia and Europe this year before going to South America), this was an exceptional trip for me. Growing up our land lord was from Peru, as a friend of his daughters I regularly got to see their home, which was full of Peruvian knickknacks and artifacts. As I dove into history during high school I learned about ancient ruins all over the world, from Egypt to Mexico and of course Machu Picchu in Peru. The mysterious city perched upon a mountaintop always held a special fascination to me. When the opportunity to go to Peru for a conference came up earlier this year, I agreed immediately and began planning. I had originally was going to go alone, but MJ decided to join me once I found a tour I wanted to book with. I’m so glad he did. Getting to share this experience with him meant the world to me.

Our trip from Cusco began very early on Friday morning in order to catch the 6:40AM train to Aguas Calientes, the village below Machu Picchu. Our tickets were for Peru Rail’s Vistadome train, and I was really looking forward to the ride. On the disappointing side, the Cusco half of the trip had foggy windows and the glare on the windows generally made it difficult to take pictures. But as we lowered in elevation my altitude headache went away and so did the condensation from the windows. The glare was still an issue, but as I settled in I just enjoyed the sights and didn’t end up taking many photos. It was probably the most enjoyable train journey I’ve ever been on. At 3 hours it was long enough to feel settled in and relaxed watching the countryside, rivers and mountains go by, but not too long that I got bored. I brought along my Nook but didn’t end up reading at all.

Of course I did take some pictures, here: https://www.flickr.com/photos/pleia2/albums/72157657450179755

Once at Aguas Calientes our overnight bags (big suitcases were left at the hotel in Cusco, as is common) were collected and taken to the hotel. We followed the tour guide who met us with several others to take a bus up to Machu Picchu!

Our guide gave us a three hour tour of the site. At a medium pace, he took us to some of the key structures and took time for photo opportunities all around. Of particular interest to him was the Temple of the Sun (“J” shaped building, center of the photo below), which we saw from above and then explored around and below.

The hike up for these amazing views wasn’t very hard, but I was thankful for the stops along the way as he talked about the exploration and scientific discovery of the site in the early 20th century.

And then there were the llamas. Llamas were brought to Machu Picchu in modern times, some say to trim the grass and other say for tourists. It seems to be a mix of the two, and there is still a full staff of groundskeepers to keep tidy what the llamas don’t manage. I managed to get this nice people-free photo of a llama nursing.

There seem to be all kinds of jokes about “selfies with llamas” and I was totally in for that. Though I didn’t get next to a llama like some of my fellow selfie-takers, but I did get my lovely distance selfie with llamas.

Walking through what’s left of Machu Picchu is quite the experience. The tall stone walls, stepped terraces that make up the whole thing. Lots of climbing and walking at various elevations throughout the mountaintop. Even going through the ruins in Mexico didn’t quite prepare me for what it’s like to be on top of a mountain like this. Amazing place.

We really lucked out with the weather, much of the day was clear and sunny, and quite warm (in the 70s). It made for good walking weather as well as fantastic photos. When the afternoon showers did come in, it was just in time for our tour to end and for us to have lunch just outside the gates. When lunch was complete the sun came out again and we were able to go back in to explore a bit more and take more pictures!

I feel like I should write more about Machu Picchu, being such an epic event for me, but it was more of a visual experience much better shared via photos. I uploaded over 200 more photos from our walk through Machu Picchu here: https://www.flickr.com/photos/pleia2/albums/72157657449734565

My photos were taken with a nice compact digital camera, but MJ brought along his DSLR camera. I’m really looking forward to seeing what he ended up with.

The park closes at 5PM, so close to that time we caught one of the buses back down to Aguas Calientes. I did a little shopping (went to Machu Picchu, got the t-shirt). We were able to check into our hotel, the Casa Andina Classic, which ended up being my favorite hotel of the trip, it was a shame we were only there for one night! Hot, high pressure shower, comfortable bed, and a lovely view of the river that runs along the village:

I was actually so tired from all our early mornings and late evenings the rest of the trip that after taking a shower at the hotel that evening I collapsed onto the bed and instead of reading, zombied out to some documentaries on the History channel, after figuring out the magical incantation on the remote to switch to English. So much for being selective about the TV I watch! We also decided to take advantage of the dinner that was included with our booking and had a really low key, but enjoyable and satisfying meal there at the hotel.

The next morning we took things slow and did some walking around the village before lunch. Aguas Calientes is very small, it’s quite possible that we saw almost all of it. I took the opportunity to also buy some post cards to send to my mother and sisters, plus find stamps for them. Finding stamps is always an interesting adventure. Our hotel couldn’t post them for me (or sell me stamps) and being a Saturday we struck out at the actual post office, but found a corner tourist goodie shop that sold them and a mailbox nearby to so I could send them off.

For lunch we made our way past all the restaurants who were trying to get us in their doors by telling us about their deals and pushing menus our way until we found what we were looking for, a strange little place called Indio Feliz. I found it first in the tour book I’d been lugging around, typical tourist that I am, and followed up with some online recommendations. The decor is straight up Caribbean pirate themed (what?) and with a French owner, they specialize in Franco-Peruvian cuisine. We did the fixed menu where you pick an appetizer, entree and dessert, though it was probably too much for lunch! They also had the best beer menu I had yet seen in Peru, finally far from the altitude headache in Cusco I had a Duvel and MJ went with a Chimay Red. Food-wise I began with an amazing avocado and papaya in lemon sauce. Entree was an exceptional skewer of beef with an orange sauce, and my meal concluded with coffee and apple pie that came with both custard and ice cream. While there we got to chat with some fellow diners from the US, they had just concluded the 4 day Inca Trail hike and regaled us with stories of rain and exhaustion as we swapped small talk about the work we do.

More photos from Aguas Calientes here: https://www.flickr.com/photos/pleia2/albums/72157657449826685

After our leisurely lunch, it was off to the train station. We were back on the wonderful Vistadome train, and on the way back to Cusco there was some culturally-tuned entertainment as well as a “fashion show” featuring local clothing they were selling, mostly of alpaca wool. It was a fun touch, as the ride back was longer (going up the mountains) and being wintertime the last hour or so of the ride was in the dark.

We had our final night in Cusco, and Sunday was all travel. A quick flight from Cusco to Lima, where we had 7 hours before our next flight and took the opportunity to have one last meal in Lima. Unfortunately the timing of our stay meant that most restaurants were in their “closed between lunch and dinner” time, so we ended up at Larcomar, a shopping complex built into an oceanside cliff in Miraflores. We ate at Tanta, where we had a satisfying lunch with a wonderful ocean view!

Our late lunch concluded our trip, from there we went back to Lima airport and began our journey back home via Miami. I was truly sad to see the trip come to an end. Often times I am eager to get home after such an adventurey vacation (particularly when it’s attached to a conference!), but I will miss Peru. The sights, the foods, the llamas and alpacas! It’s a beautiful country that I hope to visit again.

Originally published at pleia2's blog. You can comment here or there.

[syndicated profile] accidentallyincode_feed

Posted by Cate

Bora Ultra Two Dark Cult (6)

Credit: Flickr / Glory Cycles

I was talking to a fellow escapee of The Conglomerate and we were talking about over-engineering culture. In the sense of “lol things built because it was time for someone to get promoted” and in the sense of complexity.

The thing about layers and layers of (debatably necessary) abstractions is that they make things that should be simple, complex. Which makes people feel stupid. The last change I committed there I was adding one field… and I had to change > 15 files. The biggest problem I had? Was thinking I must be doing something wrong because it couldn’t possibly be this hard to add one field, right?

I think of hacking as fixing one corner case only to make two more for later. So, reflecting on this, this is also true of a culture where things are hacked together. Because when hacks build on each other again and again, the result is that simple things become harder (and slower) than they should be. It makes people feel stupid.

We often talk about these two cultures like they are completely separate but this is not true. They feed on each other.

  • Hacking can be a result of over-engineering culture, because things that can’t be done “correctly” may as well not be done properly at all.
  • Hacking can be a reaction to an over-engineering culture, because people tired of things being so hard want to move fast and break things.
  • Over-engineering can be a reaction to hacking because someone bitten by too many corner cases decided that it would be better if everything were a perfect circle.
  • Over-engineering can be a reaction to hacking because perfectionism can be a reaction to things constantly breaking.

Personally, I like to think about the medium term. Essentially this means: don’t hack things because hacks are short-term. But just because there might be a reason why something won’t expand to fulfil some other purpose doesn’t mean that it should be generalised (yet). If that scenario is uncertain, and not in the current timeframe, document and move on.

Hacking to over-engineering isn’t a scale, it’s a circle. At the darkest part where they meet, simple things are hard, and engineers trying to get to grips with it feel stupid. Thinking about it, I’m not sure whether that codebase that required fifteen files to be changed to add one field was over-engineered or made of hacks, but does it matter? The effects were the same. Move slowly, with things that barely work.

Artist Training Ground V, Day Five

Aug. 26th, 2015 08:31 pm
ponyville_trot: Six cartoon ponies in a huddle (Default)
[personal profile] frith posting in [community profile] ponyville_trot
kay_mow_flage_by_sapsdrow
Source: http://sapsdrow.deviantart.com/art/ATG-V-day-5-Kay-Mow-Flage-556327580

Strawberries! It's the fifth day of the madness that is the Newbie Artist Training Grounds on Equestria Daily! This time the assignment is: "Drawing a pony in disguise/Draw a pony faker". The submitter for this one is here, with the pictures ending up in this gallery here. The submitter jumped to 116 because 115 is another art challenge -- draw a scene based on the leaked titles to the future episodes. The official deadline is still midnight MDT (3 am EDT).
[syndicated profile] blog_namei_org_feed

Posted by jamesm

The slides for all of the presentations at last week’s Linux Security Summit are now available at the schedule page.

Thanks to all of those who participated, and to all the events folk at Linux Foundation, who handle the logistics for us each year, so we can focus on the event itself.

As with the previous year, we followed a two-day format, with most of the refereed presentations on the first day, with more of a developer focus on the second day.  We had good attendance, and also this year had participants from a wider field than the more typical kernel security developer group.  We hope to continue expanding the scope of participation next year, as it’s a good opportunity for people from different areas of security, and FOSS, to get together and learn from each other.  This was the first year, for example, that we had a presentation on Incident Response, thanks to Sean Gillespie who presented on GRR, a live remote forensics tool initially developed at Google.

The keynote by kernel.org sysadmin, Konstantin Ryabitsev, was another highlight, one of the best talks I’ve seen at any conference.

Overall, it seems the adoption of Linux kernel security features is increasing rapidly, especially via mobile devices and IoT, where we now have billions of Linux deployments out there, connected to everything else.  It’s interesting to see SELinux increasingly play a role here, on the Android platform, in protecting user privacy, as highlighted in Jeffrey Vander Stoep’s presentation on whitelisting ioctls.  Apparently, some major corporate app vendors, who were not named, have been secretly tracking users via hardware MAC addresses, obtained via ioctl.

We’re also seeing a lot of deployment activity around platform Integrity, including TPMs, secure boot and other integrity management schemes.  It’s gratifying to see the work our community has been doing in the kernel security/ tree being used in so many different ways to help solve large scale security and privacy problems.  Many of us have been working for 10 years or more on our various projects  — it seems to take about that long for a major security feature to mature.

One area, though, that I feel we need significantly more work, is in kernel self-protection, to harden the kernel against coding flaws from being exploited.  I’m hoping that we can find ways to work with the security research community on incorporating more hardening into the mainline kernel.  I’ve proposed this as a topic for the upcoming Kernel Summit, as we need buy-in from core kernel developers.  I hope we’ll have topics to cover on this, then, at next year’s LSS.

We overlapped with Linux Plumbers, so LWN was not able to provide any coverage of the summit.  Paul Moore, however, has published an excellent write-up on his blog. Thanks, Paul!

The committee would appreciate feedback on the event, so we can make it even better for next year.  We may be contacted via email per the contact info at the bottom of the event page.

Who Hacked Ashley Madison?

Aug. 26th, 2015 04:04 pm
[syndicated profile] krebsonsecurity_feed

Posted by BrianKrebs

AshleyMadison.com, a site that helps married people cheat and whose slogan is “Life is Short, have an Affair,” recently put up a half million (Canadian) dollar bounty for information leading to the arrest and prosecution of the Impact Team — the name chosen by the hacker(s) who recently leaked data on more than 30 million Ashley Madison users. Here is the first of likely several posts examining individuals who appear to be closely connected to this attack.

zu-launchpad-july-20It was just past midnight on July 20, a few hours after I’d published an exclusive story about hackers breaking into AshleyMadison.com. I was getting ready to turn in for the evening when I spotted a re-tweet from a Twitter user named Thadeus Zu (@deuszu) who’d just posted a link to the same cache of data that had been confidentially shared with me by the Impact Team via the contact form on my site just hours earlier: It was a link to the proprietary source code for Ashley Madison’s service.

Initially, that tweet startled me because I couldn’t find any other sites online that were actually linking to that source code cache. I began looking through his past tweets and noticed some interesting messages, but soon enough other news events took precedence and I forgot about the tweet.

I revisited Zu’s tweet stream again this week after watching a press conference held by the Toronto Police (where Avid Life Media, the parent company of Ashley Madison, is based). The Toronto cops mostly recapped the timeline of known events in the hack, but they did add one new wrinkle: They said Avid Life employees first learned about the breach on July 12 (seven days before my initial story) when they came into work, turned on their computers and saw a threatening message from the Impact Team accompanied by the anthem “Thunderstruck” by Australian rock band AC/DC playing in the background.

After writing up a piece on the bounty offer, I went back and downloaded all five years’ worth of tweets from Thadeus Zu, a massively prolific Twitter user who typically tweets hundreds if not thousands of messages per month. Zu’s early years on Twitter are a catalog of simple hacks — commandeering unsecured routers, wireless cameras and printers — as well as many, many Web site defacements.

On the defacement front, Zu focused heavily on government Web sites in Asia, Europe and the United States, and in several cases even taunted his targets. On Aug. 4, 2012, he tweeted to KPN-CERT, a computer security incident response team in the Netherlands, to alert the group that he’d hacked their site. “Next time, it will be Thunderstruck. #ACDC” Zu wrote.

The day before, he’d compromised the Web site for the Australian Parliament, taunting lawmakers there with the tweet: “Parliament of Australia bit.ly/NPQdsP Oi! Oi! Oi!….T.N.T. Dynamite! Listen to ACDC here.”

I began to get very curious about whether there were any signs on or before July 19, 2015 that Zu was tweeting about ACDC in relation to the Ashley Madison hack. Sure enough: At 9:40 a.m., July 19, 2015 — nearly 12 hours before I would first be contacted by the Impact Team — we can see Zu is feverishly tweeting to several people about setting up “replication servers” to “get the show started.” Can you spot what’s interesting in the tabs on his browser in the screenshot he tweeted that morning?

Twitter user ThadeusZu tweets about setting up replication servers. Note which Youtube video is playing on his screen.

Twitter user ThadeusZu tweets about setting up replication servers. Did you spot the Youtube video he’s playing when he took this screenshot?

Ten points if you noticed the Youtube.com tab showing that he’s listening to AC/DC’s “Thunderstruck.”

A week ago, the news media pounced on the Ashley Madison story once again, roughly 24 hours after the hackers made good on their threat to release the Ashley Madison user database. I went back and examined Zu’s tweet stream around that time and found he beat Wired.com, ArsTechnica.com and every other news media outlet by more than 24 hours with the Aug. 17 tweet, “Times up,” which linked to the Impact Team’s now infamous post listing the sites where anyone could download the stolen Ashley Madison user database.

ThadeusZu tweeted about the downloadable AshleyMadison data more than 24 hours before news outlets picked up on the cache.

ThadeusZu tweeted about the downloadable Ashley Madison data more than 24 hours before news outlets picked up on the cache.

WHO IS THADEUS ZU?

As with the social networking profiles of others who’ve been tied to high-profile cybercrimes, Zu’s online utterings appear to be filled with kernels of truth surrounded by complete malarkey– thus making it challenging to separate fact from fiction. Hence, all of this could be just one big joke by Zu and his buddies. In any case, here are a few key observations about the who, what and where of Thadeus Zu based on information he’s provided (again, take that for what it’s worth).

Zu’s Facebook profile wants visitors to think he lives in Hawaii; indeed, the time zone set on several of his social media accounts is the same as Hawaii. There are a few third-party Facebook accounts of people demonstrably living in Hawaii who tag him in their personal photos of events on Hawaii (see this cached photo, for example), but for the most part Zu’s Facebook account consists of pictures taken from stock image collections and do not appear to be personal photos of any kind.

A few tweets from Zu — if truthful and not simply premeditated misdirection — indicate that he lived in Canada for at least a year, although it’s unclear when this visit occurred.

thad-canada Zu’s various Twitter and Facebook pictures all feature hulking, athletic, and apparently black male models (e.g. he’s appropriated two profile photos of male model Rob Evans). But Zu’s real-life identity remains murky at best. The lone exception I found was an image that appears to be a genuine group photo taken of a Facebook user tagged as Thadeus Zu, along with an unnamed man posing in front of a tattoo store with popular Australian (and very inked) model/nightclub DJ Ruby Rose.

That photo is no longer listed in Rose’s Facebook profile, but a cached version of it is available here. Rose’s tour schedule indicates that she was in New York City when that photo was taken, or at least posted, on Feb. 6, 2014. Zu is tagged in another Ruby Rose Facebook post five days later on Valentine’s Day. Update, 2:56 p.m.: As several readers have pointed out, the two people beside Rose  in that cached photo appear to be Franz Dremah and Kick Gurry, co-stars in the movie Edge of Tomorrow).

Other clues in his tweet stream and social media accounts put Zu in Australia. Zu has a Twitter account under the Twitter nick @ThadeusZu, which has a whopping 11 tweets, but seems rather to have been used as a news feed. In that account Zu is following some 35 Twitter accounts, and the majority of them are various Australian news organizations. That account also is following several Australian lawmakers that govern states in south Australia.

Then again, Twitter auto-suggests popular accounts for new users to follow, and usually does so in part based on the Internet address of the user. As such, @ThadeusZu may have only been using an Australian Web proxy or a Tor node in Australia when he set up that account (several of his self-published screen shots indicate that he regularly uses Tor to obfuscate his Internet address).

Even so, many of Zu’s tweets going back several years place him in Australia as well, although this may also be intentional misdirection. He continuously references his “Oz girl,” (“Oz” is another word for Australia) uses the greeting “cheers” quite a bit, and even talks about people visiting him in Oz.

Interestingly, for someone apparently so caught up in exposing hypocrisy and so close to the Ashley Madison hack, Zu appears to have himself courted a married woman — at least according to his own tweets. On January 5, 2014, Zu ‏tweeted:

“Everything is cool. Getting married this year. I am just waiting for my girl to divorce her husband. #seachange

MARRIEDzu

A month later, on Feb. 7, 2014, Zu offered this tidbit of info:

“My ex. We were supposed to get married 8 years ago but she was taken away from me. Cancer. Hence, my downward spiral into mayhem.”

DOWNwardspiral

To say that Zu tweets to others is a bit of a misstatement. I have never seen anyone tweet the way Zu does; He sends hundreds of tweets each day, and while most of them appear to be directed at nobody, it does seem that they are in response to (if not in “reply” to) tweets that others have sent him or made about his work. Consequently, his tweet stream appears to the casual observer to be nothing more than an endless soliloquy.

But there may something else going on here. It is possible that Zu’s approach to tweeting — that is, responding to or addressing other Twitter users without invoking the intended recipient’s Twitter handle — is something of a security precaution. After all, he had to know and even expect that security researchers would try to reconstruct his conversations after the fact. But this is far more difficult to do when the Twitter user in question never actually participates in threaded conversations. People who engage in this way of tweeting also do not readily reveal the Twitter identities of the people with whom they chat most.

Thadeus Zu — whoever and wherever he is in real life — may not have been directly involved in the Ashley Madison hack; he claims in several tweets that he was not part of the hack, but then in countless tweets he uses the royal “We” when discussing the actions and motivations of the Impact Team. I attempted to engage Zu in private conversations without success; he has yet to respond to my invitations.

It is possible that Zu is instead a white hat security researcher or confidential informant who has infiltrated the Impact Team and is merely riding on their coattails or acting as their mouthpiece. But one thing is clear: If Zu wasn’t involved in the hack, he almost certainly knows who was.

KrebsOnSecurity is grateful to several researchers, including Nick Weaver, for their assistance and time spent indexing, mining and making sense of tweets and social media accounts mentioned in this post. Others who helped have asked to remain anonymous. Weaver has published some additional thoughts on this post over at Medium.

When "Almost" Is Enough

Aug. 26th, 2015 09:00 am
[syndicated profile] epbot_feed

Posted by Jen

Note: I wrote this two days ago because I needed to write it, then decided to wait to make extra sure I wasn't dying before posting it. I'm better now, though still not great. So now you can read this:



It sounds like the start to a bad joke, but yesterday John and I had some bad bologna. Within minutes of our first bites, we were hit with nausea, migraines, and - in my case - recurring heart palpitations.

I spent the rest of the day and into the night alternating between clutching my head and my stomach, and those blasted heart palpitations kept bounding in to do a little dub step (WUB WUB) every hour or so.

In the past, a single heart skip was usually enough to trigger a full-on panic attack for me, so it is with mixed pride and misery that I tell you I've weathered at least 3 dozen in the last day and a half, and though my palms are sweaty as I type this, so far I've avoided a full-blown attack. Low-level anxiety, sure, but I'm doing my breathing exercises and taking long, slow strolls on the treadmill desk and trying to stay busy...  and I've been having the most curious sensation through it all.

It's a kind of... expectant hope. A delayed-reaction relief. I can SEE the end of the tunnel, and though each new heart skip tells me I'm not there yet, I know I'm just a little bit closer. I know I'm not dying. I know it's going to get better. And that knowledge makes me - to borrow a phrase from the Bloggess - furiously happy.

Sometimes it's true that we need the dark to appreciate the light. We need our inner wars to fully cherish the times of peace. I hate this feeling right now. I hate it. But I'm learning that even this hate will - sometime soon, I hope - be transformed into gratitude. I won't always feel like this. I'm going to be steady and strong and serene again. And when that time comes, be it another few hours, days, or even weeks, I'm going to remember this terrible, fear-fueled hate, and I am going to love the ever-living CRAP out of my life. 

I can almost feel it, you guys. I can almost taste it. And that almost-feeling is getting me through the consuming feelings of fear and pain and awfulness.

So I guess for now, "almost" is enough.





P.S. It's possible this can't all be blamed on bad bologna, of course, since my doctor upped my thyroid meds last month. Rest assured, I'll be dialing those down again, starting tomorrow.


The Dog Days of Dog Day

Aug. 26th, 2015 01:00 pm
[syndicated profile] cakewrecks_feed

Posted by Jen

It's National Dog Day, wrecky minions!

Now, I realize it can be difficult to celebrate dogs when cats are so OBVIOUSLY superior, but hear me out:

1) Dogs are people, too.

Specifically, a kind of mutant Sheep People.

 

2) Today is the PERFECT day to show your dog-loving friends that you respect their life choices, and that you, too, can appreciate a wet nose in the crotch from time to time.*

"LET US AT IT."

 

[*Kidding, no one appreciates that. But don't tell the dog people.]

 

And thirthly, and most importantly, without dogs we would never have these cakes:

(Wow, they really DO poop everywhere.)

Though to be fair, I'm pretty sure most of these bakers have never actually SEEN a dog.

 

For example: bakers, I'm preeetty sure the legs don't go there:

"Woofth."

 

THIS IS YOUR DOG:

 

THIS IS YOUR DOG ON DRUGS:

ANY ORDERS?

 

And finally, is that a real dog biscuit??

'Cuz judging by Sunglasses' smug smile, I'm betting it is.

 

Well, thanks to Celia M., Steff, Julie, Natalie S., Julie D., Lisa, Kimberly & Lindsay N. for proving once again that even cat CAKES are bet... uh...

Never mind.

Happy Dog Day, everybody.

*****

Thank you for using our Amazon links to shop! USA, UK, Canada.

And from my other blog, Epbot:


Regularities in Android Lock Patterns

Aug. 26th, 2015 06:24 am
[syndicated profile] bruce_schneier_feed

Posted by schneier

Interesting:

Marte Løge, a 2015 graduate of the Norwegian University of Science and Technology, recently collected and analyzed almost 4,000 ALPs as part of her master's thesis. She found that a large percentage of them­ -- 44 percent­ -- started in the top left-most node of the screen. A full 77 percent of them started in one of the four corners. The average number of nodes was about five, meaning there were fewer than 9,000 possible pattern combinations. A significant percentage of patterns had just four nodes, shrinking the pool of available combinations to 1,624. More often than not, patterns moved from left to right and top to bottom, another factor that makes guessing easier.

Travels in Peru: Cusco

Aug. 25th, 2015 08:01 pm
pleia2: (Default)
[personal profile] pleia2

We started our Peruvian adventures in Lima. On Wednesday morning we too a very early flight to Cusco. The tour company had recommended an early flight so we could take a nap upon arrival to help adjust to the altitude, indeed, with Cusco over 2 miles high in elevation I did find myself with a slight headache during our visit there. After our nap we met up with our fellow travelers for our city tour of Cusco.

The tour began by going up for a view of all of Cusco from the hillside, where I got my first selfie with an alpaca. We also visited San Pedro’s Market, a large market complex that had everything from tourist goodies to everyday produce, meats, cheeses and breads.

From there we made our way to Qurikancha, said to be the most important temple in the Inca Empire. When the Spanish arrived they built their Church of Santo Domingo on top of it, so only the foundation and some of the rooms remain. I was happy that the tour focused on the Inca aspects and largely ignored the Church, aside from some of the famous religious paintings contained within.

More photos from Qurikancha here: https://www.flickr.com/photos/pleia2/sets/72157657421208352

We then went to the Plaza de Armas where the Cusco Cathedral lords over the square. No photos were allowed inside, but the Cathedral is notable for the Señor de los Temblores, a Jesus statue that is believed to have halted an earthquake in 1650 and a huge, captivating painting by Marcos Zapata of a localized Last Supper where participants are dining on guinea pig and chicha morada!

That evening we had the most exceptional dinner in Cusco, at MAP Café. It’s located inside Museo Arqueologico Peruano (MAP) which is run in association with the fantastic Museo Larco that we visited in Lima. Since this museum also had late hours, we had a wonderful time browsing their collection before dinner. Dinner itself was concluded with some amazing desserts, including a deconstructed lemon meringue pie accompanied by caramel ice cream.

More photos from the museum and dinner here: https://www.flickr.com/photos/pleia2/sets/72157655109721514

Thursday started off bright and early with a tour of a series of ruins outside of Cusco, in Saksaywaman. This was the first collection of ruins in Cusco we really got to properly climb, so with our tiny group of just four we were able to explore the citadel of Saksaywaman with a guide and then for a half hour on our own. In addition to the easy incline we took with the tour guide to walk on the main part of the ruins, which afforded our best view of Cusco, we walked up a multi-story staircase on the other side to get great panoramic views of the ruins. Plus, there were alpacas.

Beyond the main Saksaywaman sites, we visited other sites inside the park, seeing the fountains featured at Tambomachay, the amazing views from a quick stop at Puka Pukara and a near natural formation that had been carved for sacrifices at Q’enqo. The tour concluded by stopping at a local factory shop specializing in alpaca clothing.

More photos from throughout the morning here: https://www.flickr.com/photos/pleia2/albums/72157657034040428

We were on our own for the afternoon, so we began by finally visiting a Chifa (Peruvian-inspired Chinese) restaurant. I enjoyed their take on Sweet and Sour Chicken. We then did some browsing at local shops before finally ending up at the Center for Traditional Textiles. They featured a small museum sharing details about the types and procedures for creating traditional Peruvian textiles, as well as live demonstration from master craftswomen and young trainees of the techniques involved. While there we fell in love with a pair of pieces that we took home with us, a finely woven tapestry and a small blanket that we’ll need to get framed soon.

Our time in Cusco concluded with a meal at Senzo, which had been really hyped but didn’t quite live up to our expectations, especially after the meal we had the previous night at MAP Café, but it was still an enjoyable evening. We’d have one last night in Cusco following our trip to Machu Picchu where we dined at Marcelo Batata, but the altitude sickness had hit me upon our return and I could only really enjoy the chicken soup, but as a ginger, mint & lemongrass soup, it was the perfect match for my queasy stomach (even if it didn’t manage to cure me of it).

More photos from Cusco here: https://www.flickr.com/photos/pleia2/sets/72157657024948969

The next brought an early morning train to Aguas Calientes and Machu Picchu!

Originally published at pleia2's blog. You can comment here or there.

Profile

terriko: (Default)
terriko

August 2015

S M T W T F S
      1
2345678
91011121314 15
161718 19202122
23242526272829
3031     

Most Popular Tags

Page Summary

Style Credit

Expand Cut Tags

No cut tags
Page generated Aug. 30th, 2015 09:49 am
Powered by Dreamwidth Studios