Security

Everyone is in race for drone technology…some of the developments are astonishing.

Controlling drones is still labour intensive…but not anymore.

For those who dream of force multiplication—military tacticians and nerdy loners alike—not much beats having a drone. Unless it’s having a whole fleet of coordinated drones. That vision has now come a little closer to reality.

A startup called DreamHammer last week announced that it was rolling out a beta version of software that would allow for the coordinated control of multiple drones. Those drones wouldn’t have to all be in the air, either—some could be unmanned aerial vehicles, some could be wheeled rovers, some could be watercraft, or submarines. In theory, a single person wielding an iPad could carry out a personal robo-D-Day.  Read more »

Hackers can be roughly divided into two groups:  hobbyists and those that are in it for the money.

It appears the latest round of hacked New Zealand web sites are simply defaced with the hacker’s “signature page”.

Later in this post there is a complete list of New Zealand domain names affected in this way over the years, but here is a partial list of sites that have been hacked over the last 48 hours:   Read more »

A reader emails:

Hi Cam

I really should stop looking for Herald bombs, it’s just too easy.

Clearly the Herald still thinks we’re in 1968 when the standard “computer” font looked like the one in this photo they always seem to use for technology security articles. 45 years later, fonts are a little different now, and you tend not to get commands such as “Enter Password” or even “Does not compute”.

It’s also been a while since I heard “Danger Will Robinson” and “Beam me up Scotty” too, but you wouldn’t know it from reading the Horrid.  Read more »

Took this photo when out for a walk the other day…either this person is seriously paranoid, or is the local drug dealer.

Cameras are circled in red, lights in yellow, with motion control.

Read more »

A reader emails this article and says:

Probably the best piece I’ve read on the gun debate so far – takes a look at both sides.

It is a very good article on the issue of gun control and well worth a read. My favourite part is this explanation about reality for liberal panty-waists:

Like most gun owners, I understand the ethical importance of guns and cannot honestly wish for a world without them. I suspect that sentiment will shock many readers. Wouldn’t any decent person wish for a world without guns? In my view, only someone who doesn’t understand violence could wish for such a world. A world without guns is one in which the most aggressive men can do more or less anything they want. It is a world in which a man with a knife can rape and murder a woman in the presence of a dozen witnesses, and none will find the courage to intervene.  Read more »

I see the crim hugging liberal sooks are moaning about the proposal to arm police:

Claims policing is becoming more dangerous are a bid to create unjustified public fear a lobby group says.

The rate of assault per sworn police officer had barely changed over the past decade, Rethinking Crime and Punishment director Kim Workman said today.

The Police Association has called again for police to be armed after four attacks on officers over Christmas.

Police Association vice-president Luke Shadbolt said the incidents had emphasised the increasing danger faced by staff.

“Increasingly, members are calling for general arming. And we know, amongst the staff … more and more are leaning toward general arming as well,” Shadbolt said.

I can’t see any reason why our police can’t be armed…the criminals are.

For that matter I can’t see any reason why suitably trained and licensed citizens can’t be armed either…the criminals are.

There was a time in NZ history when people were able to easily carry firearms, you will note too that in those times there was less crime.

Keith Ng, The Greens, Labour and assorted proxies all accused Paula Bennett’s office of “leaking” the name of Ira Bailey to the media. Documents obtained under the Official Information Act show that simply isn’t true.

They also show why the initial search for possible breaches failed to detect the vulnerability and it relates to the details publicly available about Ira Bailey.

Once the Chief Executive of the ministry notified the minister of the details on 10 October a staff member did a search and came across his LinkedIn profile. The organisation Ira Bailey works for is apparently an accredited training provider and so the Ministry checked which systems they had access to.

They did this based on the scant knowledge that had been provided in his initial phone call to the Ministry. The emails also reveal that his initial phone call was not recorded.

A subsequent contact was made with Ira Bailey on 10 October. No further information was garnered from that phone conversation.

The ministry remained in the dark, and as one of our largest would have had no idea where to even start looking. Ira Bailey simply didn;t provide enough information or was unwilling to once he found out he couldn’t shake them down for cash.

He instead decided to go to the media and his left wing pal and former Clark office staffer Keith Ng. Far from being the honourable whistle blower it is clear that he gave them next to nothing other than his name and a claim that he had penetrated the systems and that he had spoken to media.

This paints a somewhat different picture than that which Keith Ng would have us believe.

The minster’s office then has to deal with allegations that they “leaked” his details to the media, the emails show that these allegations are untrue. They were more concerned with ascertaining precisely the details of the systems breach.

It would appear that Keith Ng ratted out his source on a paranoid assumption based on a phone call from a proper journalist. Keith Ng named his source, and yesterday he named his hacker pal as well. People will start to wonder whether or not it is worth the risk of ever speaking with him again if he continually rats out his sources.

I must also point out how quickly the request was turned around. I asked this request on Thursday and received the results at 6pm yesterday. Normally government departments and politicians use 20 days as a target timeframe despite information being to hand. In this case it is apparent that the information was to hand, and because I confined the request to a small timeframe and specific details was able to be provided in a timely manner. I think Paula Bennett’s office ar to be commended for that.

The full copy of documents released are below.

Ministry of Social Development – OIA 18 October 2012

There has been a great deal of talk about the poor coding efforts of Wheedle.

NBR broke that story and found security holes in the site of another Trademe wannabe.

This post is about another woeful coding effort, this time from Scoop.co.nz. This has all the hallmarks of the infamous Labour Party screw up with their website but with a very real risk in this instance of someone placing malicious code within sites that are having ads served by Scoop.

To be extremely clear before I go into the story. I have not hacked or performed any hacking of Scoop or any other site. The aderver is completely open to the public and searchable via Google. 

I also shared my discovery with some media so as to protect myself from accusations of hacking. You simply do not need to perform any such illegal activity as Scoop has left the door wide open and the keys in the ignition.

I was searching on Google for some details about adservers for a project I am working on and stumbled upon something that is very concerning about the set up of Scoop’s adserver. For a start to you can google it. (Image of search).

Even basic protections like creating a disallow for the folder that contains the adserver in their robots.txt have not been perfomred. That is not security, rather it is obscurity that at the very least would have hidden the adserver from search results.

Once you find it however, then you have unfettered administrative rights to the entire adserver:

I was able to view their entire adserver setup:

Including settings for individual ads:

Access and edit live ads:

Control which sites they would appear on:

Create new campaigns:

Place new ads:

And ad code including iframe code that would allow me, or anyone else for that matter to place malicious code within sites that Scoop delivers ads to:

This line in their source calls code into an iframe:

<iframe id=”ad_50767E148AB1_SCSG” align=”center” src=”/xl?c=SCSG;iframeid=ad_50767E148AB1_SCSG” width=”988″height=”26″ frameborder=”0″ marginwidth=”0″ marginheight=”0″ vspace=”0″ hspace=”0″ scrolling=”no”>

Because the content of that iframe is editable, anyone could inject their own malicious code to distribute malware etc. You could happily play havoc without them being any the wiser.

To prove my point I have placed ads on Scoop and on The Standard…ads they really wouldn’t want on there, but I could do it nonetheless, without any hacking.

On Scoop:

On The Standard:

This is very shoddy work from Scoop Media. If I had my advertising with them  I would be distinctly unhappy that they had potentially exposed my site to the risks of malicious code. If I was an advertiser I’d be more unhappy that all my campaign details are there for all to see.

One wonders what other security holes exist on Scoop’s website.

ᔥ NZ Herald

The Police Association has renewed its calls for “guns on hips” after a rifle was allegedly aimed at a female officer in the Bay of Plenty early yesterday morning.

The officer had been responding to a report of suspicious activity in Katikati when she spotted a man near an intersection, police said.

When she stopped to speak to him, he dropped bags he was carrying and is alleged to have swung a rifle toward her.

The officer left immediately and called for back up, before armed offenders squad members were deployed in the area.

A 20-year-old man was arrested and yesterday appeared in Tauranga District Court on charges including burglary and using a firearm against a law enforcement officer.

I have no problem with arming the Police, but if the Police are to be armed then I also believe that suitably trained citizens should also be allowed to similarly armed. After all if you start arming state authorities with out similar rights passing to citizens then you run the very real risk fo the citizenry being able to be suppressed through fear and intimidation buy those same authorities.

A second point would also be that criminals already have and use firearms and the Police simply can;t be everywhere, thereby leaving unarmed citizens at risk. If the risk is great for the police then surely the risk is greater for citizens.

I am not saying that we should be allowed tio willy-nilly carry firearms…I am saying the with training and certification and appropriate club membership then this should be allowed.

I find it ironic that Mr Martyn Bradbury snivels about there being not enough Police on Queen Street.

He said that years ago police would be out in force dealing with anyone causing trouble.

“I used to watch the old school police coming in with the paddy wagon, the pushy-shove type of police. But in the last six months they’ve dissipated overnight.

“There are a lot of foot patrols during the day, but after 8pm you don’t see them like you used to.”

However, police say they are out in force and have dedicated significant resources to covering the worst areas in the CBD.

Is this the same snivelly Martyn Bradbury who constantly posts anti-police propaganda as represented in the image on the linked post?

Martyn “DBD” Bradbury better hope that the cops don’t remember his anti-police tirades and decided that wee Martyn can be left to his own devices when confronted with scum on Queen Street.