Fork me on Github
Fork me on Github

Joe Dog Software

Proudly serving the Internets since 1999

Pinochle 1.0.7

Yesterday was Christmas and you know what? You can’t get a stinkin’ slice of pizza on Christmas. Hardly anything is open on December 25th. Christmas is basically house arrest.

To kill the time between Christmas morning and the grand re-opening of his coffee shop, Your JoeDog played a little pinochle. It’s a pretty good game. The computer bids well and plays a reasonably strong hand but — WTF? — the bid dialog box moves all over the place.

Each time you submit a bid, the dialog moves so you can’t just click a second time without moving your mouse. Well that’s annoying. Indeed. Your JoeDog fixed that yesterday. House arrest ended today….

Life is good.

[JoeDog: Pinochle-1.0.7]

 



Hacking Computers

stallmanYour JoeDog has blogged about cyber intrusions recently. (Yeah, we know, how about discussing something else?) In these discussions, he tends to avoid the terms “hacked” or “hackers.” While those words commonly refer to infiltrations and intruders, they are erroneously applied by the tech media. Hacking is an ethic to which hackers subscribe.

This ethic was popularized by Steven Levy in the book “Hackers.” To Levy, the last true hacker was Richard Stallman, founder of the Free Software movement.

In the early 1980s, software producers began putting restrictions on their products and stopped distributing their source code. This put a damper on the hacker community which was used to a free flow of information. Stallman was peeved that he couldn’t freely alter, copy and share licensed software with colleagues. It struck him as highly unethical. In “Hackers” he contrasted this ethic with his own:

“The hacker ethic refers to the feelings of right and wrong, to the ethical ideas this community of people had—that knowledge should be shared with other people who can benefit from it, and that important resources should be utilized rather than wasted.”

When it became apparent that he couldn’t fight City Hall, Stallman decided to build his own operating system. Its copyright would mandate code sharing. You could use the source however you liked as long as you published your changes and made the source available. Distributors could not restrict access to the code. This is the essence of the GNU Public License.

So the key points of hacker ethics were free access, freedom of information and the betterment of all. Yet somehow the term is now almost universally known for breaking-and-entering. Are these people hackers? Well, maybe.

Your JoeDog considers guys like Richard Stallman hackers. He considers himself a hacker as well. When dickheads were attacking his site, he published his method of thwarting them. That’s hacking. Breaking-and-entering guys? They’re just dicks.

Unfortunately, Your JoeDog doesn’t control the lexicon so the term is now applied to the world of cyber-security. And within that community, subcultures have formed. We now have white-hat, black-hat and grey-hat hackers. The first group is dedicated to finding, publishing and fixing security flaws. They are most assuredly hackers that Stallman would recognize.

Black-hats are dedicated to finding and exploiting computer vulnerabilities. Are they hackers? It’s a tricky question: they could be. There are many who publish and share their vulnerabilities. They may do that for LULZ instead of a desire to share for the betterment of the community but the result is the same. These guys often benefit the community but it’s a small community comprised of other black-hats. They tend to restrict information to the outside world.

Grey-hats are morally ambiguous types who fall in between the white and black communities. Your JoeDog considers them the least likeable of all the dark side. Grey-hats are the guys who will work within the white-hat community then sell a zero-day exploit on the black market. Fsck those guys.

As a general rule, if the tech media properly applies the term “hacker” then it probably pulled a Homer, i.e., properly applied the term despite the ignorance of the author.

 



Siege 3.0.9

What’s Your JoeDog doing now? He’s knee-deep in old C code. This code generates software that calculates the optimum way to cut sheets of linoleum as they roll off a production line. Aren’t you glad you asked? How old is this code? It was last updated in 1999 when it was ported to HP-UX.

You know how an old song can take you back — sometimes to a good place, sometimes to hell? Old code works like that. This project was coded by other humans, but Your JoeDog sees his own flaws in it. He sees techniques that remind him to hang himself back in 1999.

Nobody codes like that anymore. There’s a reason why we’ve abandoned some techniques in favor of others. For the past two weeks, Your JoeDog has been dereferencing variables, debugging memory leaks and trying to figure out what’s whacking his stack. Context is everything, people. In this one, you don’t want anything whacking your stack.

Now siege already encapsulates much of his current programming philosophy. It’s written in C but it relies on object-oriented architecture. If you encapsulate memory management it makes it easier to pinpoint flaws.

Unfortunately, his personal projects haven’t kept up with industry standards. This coding experience has prompted him to fix his sins before they become unmanageable. Your JoeDog updated to gcc-4.7.4 and he watched the warnings fly! This version fixes all of those warnings. There’s nothing sexy about it but you should probably upgrade anyway.

[JoeDog: Siege-3.0.9]

 

 



About That JPMorgan Breach…

According to the New York Times, the JPMorgan breach “might have been thwarted if the bank had installed a simple security fix to an overlooked server in its vast network.” And what fix was that?

Two-factor authentication. With this type of security, a user is required to produce two factors of authentication. One could be a password and another could be a dynamically produced PIN number.

This appears to tell us that a major American bank was breached because they exposed a console login on a public network and someone ran a dictionary attack against it.

This means they never picked up thousands of failed login attempts on that server. And it means an unguarded and “overlooked” computer had access to their private network. Just wow.

Later we find another interesting morsel in that article.

It is not clear why the vulnerability in the bank’s network had gone unaddressed previously. But this summer’s hack occurred during a period of high turnover in the bank’s cybersecurity team with many departing for First Data, a payments processor.

Your JoeDog is not suggesting it was an inside job by disgruntled employees, rather it looks like JPMorgan-Chase was a shitty place to work.

 



Little Kim Needs Tech Support

The Australian Financial Review reports that Little Kim’s Internets are down.

North Korea’s already tenuous links to the Iinternet went completely dark on Monday after days of instability, in what internet monitors described as one of the worst North Korean network failures in years.

The loss of service came just days after President Barack Obama pledged that the United States would launch a “proportional response” to the recent attacks on Sony Pictures, which government officials have linked to North Korea.

North Korea doesn’t have a large internet presence. Their public address space is 175.45.176.0 — 175.45.179.255. Some companies have more addresses than that. Your JoeDog looked for servers in that address space to see if he could substantiate this report.

At the time this article was published, the North Korean government portal www.naenara.com.kp (175.45.176.67) was inaccessible by any means. To circumvent firewalls, he used web tools that allow you make requests from various locations throughout the globe. As best as he can tell, their network is indeed completely black.

 



Do Native Koreans Even Talk Like This?

hacked

Gawker is on the case, you guys. Today they ran a story which raised concerns about the official FBI narrative of the Sony Pictures infiltration. It’s mostly a recap of concerns we’ve already raised. However, down in the comment section we find an interesting perspective. Let’s examine that comment.

The commenter taught English to Korean students for a several years. To this person, the splash screen doesn’t read like English used by a Korean ELS speaker:

The use of contractions (we’ve and we’ll) is characteristic of someone near-fluent, too sophisticated to be dropping articles.

Ordinal date — my students always hated ordinals because they’re irregular (24th)

The repeated pronouns (“we” and “you” and “us”) doesn’t seem like how a Korean person would phrase it, because Korean pronouns are freighted with t/v distinction and honorifics that English doesn’t capture. For that reason, my students circumlocuted those words when they could because they felt imprecise.

It’s totally possible that the North Korean version of Korean is different enough than the South Korean that the markers would be different, though.

The author of the article, Sam Biddle, responded “Interesting.”

Indeed.

 



So Who Hacked Sony? Four Theories

little kim plays computerThe official narrative holds that agents of the North Korean government infiltrated Sony Pictures’ corporate network and used that attack as leverage to stop the release of a Seth Rogen film. While that might make a good Seth Rogen movie, it hardly seems plausible given what is currently known.

You don’t have to be a conspiracy theorist to take a skeptical view of the official narrative. Yet only the most conspiratorial would claim the attack was fabricated. Somebody infiltrated the Sony network. The question remains: Who done it?

Over at New York Magazine, Margaret Hartmann offers four alternative culprits:

  1. A disgruntled former employee. There are many ways to make money from this intrusion but the attacker(s) chose instead to embarrass the company.
  2. Hacktivists. This was a high profile breach largely because the intruders contacted and taunted Sony executives in the press. Their behavior more closely resembles Anonymous or LulzSec than a nation state.
  3. The Chinese. The cybersecurity firm Mandiant has been hired to investigate the breach. They’ve investigated so many Chinese attacks that they’ve become the firm’s specialty.
  4. Everybody. There’s overlap in all these theories and it’s possible the answer is D.) All of the above.

Regular readers know Your JoeDog subscribes to “All of the above” or as he put it, “everybody and his sister.” For a successful attack on a corporate network to generate maximum LULZ, bragging must occur. It’s very likely somebody breached the network and provided details that enabled successive visitors to play inside the breach.

 

 



Pyongyang Responds

lil-kimIn response to Washington’s allegation that it was behind the Sony Pictures cyberattack, Pyongyang demanded a joint inquiry into the matter. North Korea claims it can prove it was not involved.

If the US has the goods, then it should welcome this offer. Does anybody think they have the goods? Your JoeDog does not. The information they’ve revealed thus far is weak and void of detail. Apparently the good stuff is classified. We’re supposed to take them at their word.

Your JoeDog has a hard time taking governments at their word. He never bought the case against Saddam Hussein and thus far he remains unconvinced on this one. If North Korea was involved, then declassify the evidence and display it to the public. If not, then Your JoeDog will continue to call bullshit.

Here’s what we know:

  • On November 21st, the perpetrators contacted Sony executives and demanded ransom. The group called itself “God’sApstls.” There was no mention of the supposedly offensive Seth Rogen film.
  • Soon after that, we learned about the Guardians of Peace. Images of hacked Sony Computers appeared on the Internet in which a splash screen exclaimed, “Hacked by #GOP
  • On December 1st, a representative of the GOP contacted CSO. The group claimed it had no ties to North Korea and no aims to stop The Interview as Sony suggested.
  • On December 9th, Joe Demarest, assistant director with the Federal Bureau of Investigation’s cyber division, told a conference there was no attribution to North Korea. This means they couldn’t find a trail of crumbs back to the attackers.
  • Yesterday, the FBI announced that Pyongyang was behind the attack. It staked its claim based on a code signature and IP addresses it claims were hard coded inside the malware.

So somehow we’ve gone from a ransom note by God’sApstls to a cyberattack from Pyongyang. Are we supposed to think North Korea was demanding ransom and taunting Sony before it got around to the movie it found so offensive? Certainly North Korea is a strange place, but that doesn’t make sense even for them….

 



BREAKING: The FBI Makes A Claim

The FBI disagrees with Your JoeDog. As of a few minutes ago, the Times published an article in which the FBI accuses North Korea of organizing the cyber attack on Sony Pictures.

Okay, what do they got?

The bureau said that there were significant “similarities in specific lines of code, encryption algorithms, data deletion methods, and compromised networks” to previous attacks by the North Koreans. It also said that there were classified elements of the evidence against the North that it could not reveal.

This is not unexpected. Cyber attackers around the world share code, tools and ideas. I wouldn’t be surprised if this toolkit contains signatures that match those used by the CIA, Iran, Israel or Anonymous.

What else do you got?

“The F.B.I. also observed significant overlap between the infrastructure used in this attack and other malicious cyberactivity the U.S. government has previously linked directly to North Korea,” the bureau said. “For example, the F.B.I. discovered that several Internet protocol addresses associated with known North Korean infrastructure communicated with I.P. addresses that were hardcoded into the data deletion malware used in this attack.”

The wording here is curious: “known North Korean infrastructure.” What does that mean? Are they in North Korea’s one known block of public IP addresses or are these Class C addresses the FBI has seen before? Kim Hak Uhr codes at a workstation with a 192.168.0.4 address so it must be North Korea!!1!1!

So we have a similarities of code, unknown IP addresses and evidence the FBI can’t reveal because s3cr37s! That’s pretty scant. I remain skeptical, very skeptical.