Saturday, January 23, 2010

Surreal Saturday: Oil Navigates Maze; Rats, Mice Consider Forming Union (New Scientist)

According to a recently published paper with the unlikely title: "Maze Solving by Chemotactic Droplets", by the equally unlikely research group called the Grzybowski Group, oil droplets can, like rats trying to find cheese or wizards trying to find the Goblet of Fire, solve mazes all on their own. See the video below:

Friday, January 22, 2010

Chinese, Russian, Turkish Hackers Almost Certainly Targeting, Penetrating US Energy Provider Networks (Project Grey Goose)


Jeff Carr, author of Inside Cyber Warfare and IntelFusion, along with Sanjay Goel at the State University of New York, Albany and other contributors, has recently completed another of the Grey Goose reports, this time on hacker attacks on the power grid, both domestically and internationally.

The report's key findings are chilling:

  • "State and/or Non-state actors from the Peoples Republic of China, the Russian Federation/Commonwealth of Independent States, and Turkey are almost certainly targeting and penetrating the networks of energy providers and other critical infrastructures in the U.S., Brazil, the Russian Federation, and the European Union."
  • "Network attacks against the bulk power grid will almost certainly escalate steadily in frequency and sophistication over the next 12 months due in part to international emphasis among the G20 nations on Smart Grid research, collaborative development projects and the rich environment that creates for acts of cyber espionage"
  • "The appeal of network intrusions against the U.S. Grid is enhanced by two key factors:"
    • "90% of the U.S. Department of Defense's most critical assets are entirely dependent on the bulk power grid."
    • "Most Grid asset owners and operators have been historically resistant to report cyber attacks against their networks as well as make the necessary investments to upgrade and secure their networks."
Grey Goose reports are volunteer efforts to analyze various cyber threats through the use of open source information. Previous reports have analyzed the Russia-Georgia cyber war and the evolution of cyber warfare.

In the interest of full disclosure: Jeff kindly listed me as a "reviewer" in the recent report but my input was limited to a little light editing. I don't consider myself a cyber war expert. I do think, however, that Jeff's record and the records of his co-contributors' speak for themselves and believe that those interested in this area (and those who should be interested in this area) need to read this report carefully (whether you ultimately agree with its conclusions or not).
Reblog this post [with Zemanta]

Wednesday, January 20, 2010

How To Spot An ATM "Skimmer" And Why You Should Care (KrebsOnSecurity)


Skimming is the theft of ATM or credit card information during the course of what appears to be an otherwise legal transaction. ATM skimmers are designed, for example, to acquire the ATM card number and then, through a variety of different devices also acquire the PIN. This allows the thief to collect the data and then use it to get access to the account.

KrebsOnSecurity (via Boing Boing) had a very interesting example of one such skimming device (see picture) with links to pictures of other such devices. A casual search of the internet yielded many, many other examples (including this YouTube video). Lifehacker also linked to a very good PDF by an Australian firm with some detailed info on both the skimmer and the PIN capturing devices.

This type of fraud has been around for some time now and the tricks used by the bad guys continue to get more sophisticated. Despite this, it seems that many people are not aware of the risks. It is worth taking a look at Krebs and the YouTube video simply to be armed with a little bit of info.

Reblog this post [with Zemanta]