Saturday, December 6, 2014

Crews maintaining 450 ICBMs had just one wrench with which to attach nuclear warheads

Staff at bases in North Dakota, Wyoming and Montana had to send the toolkit to each other via FedEx, the review found. Mr Hagel said that problem had now been rectified.

Inspectors reportedly ignored the fact that ageing blast doors at nuclear silos would no longer seal shut.

On staffing, the reviews found that a culture of micromanagement and extreme exam-testing distracted from major problems with equipment and nuclear readiness.

Thursday, December 4, 2014

Sony Kept Thousands of Passwords in a Folder Named "Password"

I especially like ALL_SSL_Certs_2012.xlsx!

The second trove of data snuck out sometime yesterday, and it didn't take long for Buzzfeed to stumble upon the Facebook, MySpace (an ancient form of Facebook), YouTube, and Twitter "usernames and passwords for major motion picture social accounts." Likely due to the fact that they were saved in a huge file called "Password." Which contained even more passwords called things like "Facebook login password." So they would know that that was the password. Because who needs encryption or security or common sense or even the vaguest attempt at grade-school level online safety.

Friday, November 28, 2014

Cheap Black Friday Android tablets: Security threats found

 "Bluebox Labs purchased over a dozen of these Black Friday 'bargain' Android tablets from big name retailers like Best Buy, Walmart, Target, Kmart, Kohl's and Staples, and reviewed each of them for security," the company wrote on its blog. "What we found was shocking: most of the devices ship with vulnerabilities and security misconfigurations; a few even include security backdoors. What seemed like great bargains turned out to be big security concerns. Unfortunately, unsuspecting consumers who purchase and use these devices will be putting their mobile data and passwords at risk."


Tuesday, November 11, 2014

New Attack Method Can Hit 95% Of iOS Devices

 FireEye recommends that organizations warn users to protect themselves three ways. One, users shouldn't install apps from third-party sources other than Apple's official store or an enterprise app store. Two, users shouldn't click on install buttons on a pop-up from third-party web pages. Three, if iOS shows an alert with an "Untrusted App Developer" warning, users should click "Don't Trust" and uninstall the app immediately.


Saturday, October 25, 2014

IAF asks personnel not to use Xiaomi phones

 IAF personnel and their families have been asked to desist from Chinese 'using Xiaomi Redmi 1s' phones as these are believed to be transferring data to their servers in China and could be a security risk.

"F-secure, a leading security solution company, recently carried out a test of Xiaomi Redmi 1s, the company's budget smartphone, and found that the phone was forwarding carrier name, phone number, IMEI (the device identifier) plus numbers from address book and text messages back to Beijing," says an advisory issued by the IAF to its personnel.

The IAF note, issued some weeks back, has been prepared by the intelligence unit based on the inputs from Indian Computer Emergency Response Team (CERT-In), according to IAF sources.


Thursday, October 23, 2014

New Fitbit activity tracker release, price, specs, new features

Here we look at what to expect from the next Fitbit tracker, when it will be available, and what it will cost. We're basing our report on the latest rumours and leaks, historical data, rival trackers, and recent Fitbit trademark applications for a Fitbit Surge, Fitbit Charge and PurePulse. In what may be no coincidence, just weeks after the razzmatazz unveiling of the Apple Watch, first Gizmodo then The Verge suddenly get leaked information each on one of the new trackers.

Fitbit Charge activity tracker leak

New Fitbit Charge and Charge HR trackers: new features – Force replacement and heart-rate monitor


Thursday, October 16, 2014

This POODLE bites: exploiting the SSL 3.0 fallback

SSL 3.0 is nearly 18 years old, but support for it remains widespread. Most importantly, nearly all browsers support it and, in order to work around bugs in HTTPS servers, browsers will retry failed connections with older protocol versions, including SSL 3.0. Because a network attacker can cause connection failures, they can trigger the use of SSL 3.0 and then exploit this issue.

Disabling SSL 3.0 support, or CBC-mode ciphers with SSL 3.0, is sufficient to mitigate this issue, but presents significant compatibility problems, even today. Therefore our recommended response is to support TLS_FALLBACK_SCSV. This is a mechanism that solves the problems caused by retrying failed connections and thus prevents attackers from inducing browsers to use SSL 3.0. It also prevents downgrades from TLS 1.2 to 1.1 or 1.0 and so may help prevent future attacks.

Tuesday, October 14, 2014

Truly scary SSL 3.0 vuln to be revealed soon: sources

Gird your loins, sysadmins: The Register has learned that news of yet another major security vulnerability - this time in SSL 3.0 - is probably imminent.


Maintainers have kept quiet about the vulnerability in the lead-up to a patch release expected in in the late European evening, or not far from high noon Pacific Time.


Details of the problem are under wraps due to the severity of the vulnerability.


To that end it is unknown what platforms were impacted, but as SSL is very widely used any flaw will require plenty of urgent attention ... and probably be unwelcome news to a tech community already reeling from the recent Shellshock vulnerability in Bash and the Heartbleed flaw.


The SSL flaw won't be the only thing keeping security bods and system administrators busy. A dangerous worm has been discovered exploiting a zero-day flaw (CVE 2014-4114) in all versions of Microsoft Windows and Server 2008 and 2012.



Saturday, October 11, 2014

DEFCON Router Hacking Contest Reveals 15 Major Vulnerabilities

According to the rules of the contest, an entry wasn't considered valid unless the contestant also showed proof of disclosure to the manufacturer. Here's a full list of routers in which 0-days were reported in Track 0, along with our current understanding of the fix in progress:

  • ASUS AC66U; reported, but no response from the manufacturer.
  • Netgear WNDR4700; reported, but no response from the manufacturer.
  • D-LINK 865L; reported, and manufacturer confirms it is working on a fix, currently in beta.
  • Belkin N900; reported, and manufacturer acknowledgedbut was unclear on providing a fix.
  • TRENDnet TEW-812DRU; reported, and manufacturer claims all reported 0-days are fixed.
  • Actiontec Q1000; reported, and manufacturer acknowledged the report.

For details please see the full contest results.

Tuesday, October 7, 2014

OMB gives DHS new powers to scan some civilian agency networks for cyber threats

OMB added this new requirement for DHS to scan civilian agency networks in the aftermath of the Heartbleed vulnerability. During that time, DHS had to get permission from agencies to scan their networks, which delayed its mitigation strategy by a few days.

DHS made it clear in May during a House hearing that it needed Congress to give it more authorities to scan agency networks.

Andy Ozment, the assistant secretary of the Office of Cybersecurity and Communications in DHS, told Federal News Radio in an interview before OMB issued the FISMA guidance that when DHS doesn't have the explicit authorities that it needs and Congress wants them to have, it makes everything harder.


Friday, October 3, 2014

Hackers’ Attack on JPMorgan Chase Affects Millions -

Until just a few weeks ago, executives at JPMorgan said they believed that only one million accounts were affected, according to several people with knowledge of the attacks.

As the severity of the intrusion — which began in June but was not discovered until July — became more clear in recent days, bank executives scrambled for the second time in three months to contain the fallout and to reassure skittish customers that no money had been taken and that their financial information remained secure.

The hackers appeared to have obtained a list of the applications and programs that run on JPMorgan's computers — a road map of sorts — which they could crosscheck with known vulnerabilities in each program and web application, in search of an entry point back into the bank's systems, according to several people with knowledge of the results of the bank's forensics investigation, all of whom spoke on the condition of anonymity.

Saturday, September 27, 2014

43% of companies had a data breach in the past year

 Even in companies that have breach plans in place, employees aren't convinced they will work. Only 30% of those responding to the survey said their organization was "effective or very effective" at creating such plans.

One reason might be that few companies seem to take the need seriously. Of the companies surveyed, just 3% looked at their plan of action each quarter. Thirty-seven percent hadn't reviewed or updated their plan since it was first put in place.


Friday, September 19, 2014

World Wide Web inventor slams Internet fast lanes: ‘It’s bribery.’

 "We need rules," said Berners-Lee. "If businesses are to move here and start here rather than start in Europe or Brazil or Australia — they're going to look around and make sure, 'Oh, does the power stay up?' And they'll look for other things. "Is the Internet open?' Will they have to effectively bribe their ISPs to start a new service? That's what it looks like from the outside. It's bribery."


CDC: 90% of kids who died last flu season didn't get vaccine

SALT LAKE CITY — The flu took the lives of more than 100 children in the U.S. last flu season, and most of those kids didn't get a flu shot.

That's according to a new report by the Centers of Disease Control and Prevention, aimed to encourage Americans to get vaccinated now. The flu kills up to approximately 36,000 people each year, but less than half of the population gets an annual flu shot. That's something the CDC wants to change.

Saturday, September 6, 2014

The Police Tool That Pervs Use to Steal Nude Pics From Apple’s iCloud

On Tuesday afternoon, Apple issued a statement calling the security debacle a "very targeted attack on user names, passwords and security questions." It added that "none of the cases we have investigated has resulted from any breach in any of Apple's systems including iCloud® or Find my iPhone."

But the conversations on Anon-IB make clear the photo-stealing attacks aren't limited to a few celebrities. And Zdziarski argues that Apple may be defining a "breach" as not including a password-guessing attack like iBrute. Based on his analysis of the metadata from leaked photos of Kate Upton, he says he's determined that the photos came from a downloaded backup that would be consistent with the use of iBrute and EPPB. If a full device backup was accessed, he believes the rest of the backup's data may still be possessed by the hacker and could be used for blackmail or finding other targets. "You don't get the same level of access by logging into someone's [web] account as you can by emulating a phone that's doing a restore from an iCloud backup," says Zdziarski. "If we didn't have this law enforcement tool, we might not have the leaks we had."

Friday, September 5, 2014

US Air Force admits to quietly changing a regulation that now requires all personnel to swear an oath to God -- Airmen denied reenlistment for practicing constitutional rights

The Air Force said it cannot change its AFI to make "so help me God" optional unless Congress changes the statute mandating it.

Miller pointed out that Article VI of the Constitution prohibits requiring religious tests to hold an office or public trust.

"Forcing [the airman] to swear to a supreme being as a condition of his reenlistment is tantamount to a 'religious test' and is therefore violative of this constitutional provision as well," Miller said


Thursday, September 4, 2014

Well, isn't that special... Army can't track spending on $4.3b system to track spending, IG finds

The problem, according to the IG, is that the Army has failed to comply with a variety of federal laws that require agencies to standardize reporting and prepare auditable financial statements.

"This occurred because DOD and Army management did not have adequate controls, including procedures and annual reviews, in place to ensure GCSS-Army compliance with Treasury and DOD guidance," the IG report concludes.

"Although Army personnel have been responsive to correcting deficiencies identified during the audit, the Army has spent $725.7 million on a system that still has significant obstacles to overcome" to comply with federal financial reporting laws.

Tuesday, September 2, 2014

Apple says iCloud is safe and secure, stolen celebrity pics were targeted accounts

 Apple said it has completed more than 40 hours of investigation to date, and found that the iCloud accounts in question were compromised based on practices that are "all too common on the Internet."

The company's statement dispels rumors that a wider exploit of its iCloud services, including the Find My iPhone function, played a part in the leaks. Apple recommends that its users employ a strong password, and also enable two-step verification to maximize security.


Monday, September 1, 2014

Android security mystery - 'fake’ cellphone towers found in U.S.

"What we find suspicious is that a lot of these interceptors are right on top of U.S. military bases." says Goldsmith.  "Whose interceptor is it?  Who are they, that's listening to calls around military bases?  The point is: we don't really know whose they are."

Baseband attacks are considered extremely difficult – the details of the chips are closely guarded. "Interceptors" are costly devices – and hacking baseband chips is thought to be technically advanced beyond the reach of "ordinary" hackers, ESD says. The devices vary in form, and are sold to government agencies and others, but are computers with specialized software designed to defeat the encryption of cellphone networks. The towers target the "Baseband" operating system of cellphones – a secondary OS which sits "between" iOS or Android, for instance, and the cellular network.

Thursday, August 28, 2014

Good to know Tor isn't absolute protection... This scumbag needed to be caught.

Cybersecurity official uses Tor but still gets caught with child porn

...One site frequented by DeFoggi was PedoBook, hosted by Aaron McGrath—a Nebraska man who was convicted earlier for his role in the operations. The websites were only accessible to users who installed Tor on their browsers. DeFoggi used names such as "fuckchrist" and "PTasseater" to register on the sites, where he could view more than 100 videos and more than 17,000 child porn images.

The FBI seized McGrath's site in late 2012 after monitoring him for a year. Then they kept it up and running for several more weeks, gathering private communications from DeFoggi and other users. The FBI used "various investigative techniques… to defeat the anonymous browsing technology afforded by the Tor network."...


Sunday, August 24, 2014

I wonder how many lives 15 more minutes of fame might cost

George Zimmerman Arrested While Visiting Ferguson - National Report

Zimmerman is heard yelling something again, and finally the teens stop. One of the teens rather articulately asks Zimmerman to leave him, his friend, and his town, alone. "Sir, sir, we don't… we don't have an issue with you, sir. Please leave us alone," the younger teenager says in the video, while Zimmerman continues to rant about something in the background. "Mr. Zimmerman, I don't know why you're here in Ferguson, but It's pretty damn insensitive, you showing up here. This town's been through enough already, we don't need you here intensifying things, okay? And my friend and I didn't say anything to you."

"I have a right to be here. It's a free country, we're on a public street," Zimmerman angrily says to the teens. "Why were you following me? Why were you harassing me?"

"We did no such thing, Mr. Zimmerman. You were leaving the store and we saw you and crossed the street," the younger teen replies. "You followed us for a whole block. We said nothing to you and we were not following you."

Friday, August 22, 2014

Researchers find it’s terrifyingly easy to hack traffic lights

--This can't end well...

Taking over a city's intersections and making all the lights green to cause chaos is a pretty bog-standard Evil Techno Bad Guy tactic on TV and in movies, but according to a research team at the University of Michigan, doing it in real life is within the realm of anyone with a laptop and the right kind of radio. In a paper published this month, the researchers describe how they very simply and very quickly seized control of an entire system of almost 100 intersections in an unnamed Michigan city from a single ingress point.

Thursday, August 21, 2014

Seriously? The Day Ferguson Cops Were Caught in a Bloody Lie

Police in Ferguson, Missouri, once charged a man with destruction of property for bleeding on their uniforms while four of them allegedly beat him.

"On and/or about the 20th day of Sept. 20, 2009 at or near 222 S. Florissant within the corporate limits of Ferguson, Missouri, the above named defendant did then and there unlawfully commit the offense of 'property damage' to wit did transfer blood to the uniform," reads the charge sheet.

Wednesday, August 20, 2014

Decoding the Antikythera Mechanism

I had not seen this before. Fascinating. Well worth less than an hour of your time. 

"Decoding the Antikythera Mechanism" 

Monday, August 4, 2014

Why, Unless You're Running With Amazon, Google and Microsoft, You Should Never Build Another Data Center - Forbes

The Make-vs-Buy Question

The question every IT executive must answer is whether it's worth a $20+ million investment to build, own and operate a facility, which is probably still not state-of-the-art, but merely much sufficient for future needs and much better than existing facilities? Or would it be better to lease space in a veritable data center superstore that provides higher efficiency, better physical and perimeter network security, ample room for growth and far better network connections to major ISPs, wireless carriers and cloud services? I contend that for IT organizations both large and small, owning, operating, maintaining and upgrading data centers yields no significant business advantage and is a waste of IT capital and effort.

Thursday, July 31, 2014

What is EMV?

U.S. banks are switching up the insides of your customers' credit cards. They're adding something called EMV technology, which stands for "Europay, MasterCard, and Visa." Translation: Credit cards will be equipped with a super-small computer chip that's extremely hard to counterfeit. If you've gotten a card recently, chances are it's souped up with this technology.

Chip Card Blog Copy

Why the changeover? Here's a crazy statistic: Almost half of the world's credit card fraud now happens in the United States—even though only a quarter of all credit card transactions happen here. The banks want to rein this in ASAP by moving away from magnetic-stripe cards, which are much easier to counterfeit. The recent Target and Neiman Marcus security breaches also added motivation.

CIA Admits to Hacking Senate Computers

In a sharp and sudden reversal, the CIA is acknowledging it improperly tapped into the computers of Senate staffers who were reviewing the intelligence agency's Bush-era torture practices.


Monday, July 21, 2014

Government-Grade Stealth Malware In Hands Of Criminals

Malware originally developed for government espionage is now in use by criminals, who are bolting it onto their rootkits and ransomware.

The malware, dubbed Gyges, was first discovered in March by Sentinel Labs, which just released an intelligence report outlining their findings. From the report: "Gyges is an early example of how advanced techniques and code developed by governments for espionage are effectively being repurposed, modularized and coupled with other malware to commit cybercrime."

Wednesday, July 9, 2014

Apache Spark™ - Lightning-Fast Cluster Computing

Apache Spark™ is a fast and general engine for large-scale data processing.


Run programs up to 100x faster than Hadoop MapReduce in memory, or 10x faster on disk.

Spark has an advanced DAG execution engine that supports cyclic data flow and in-memory computing.

Sunday, June 29, 2014

Gliese 832c: Potentially Habitable Super-Earth Discovered 16 Light-Years Away

The newly discovered exoplanet, labeled Gliese 832c, has an orbital period of 35.68 days, a mass 5.4 times that of Earth's and receives about the same average energy as Earth does from the Sun.

Gliese 832c might have Earth-like temperatures, albeit with large seasonal shifts, given a similar terrestrial atmosphere.

"If the planet has a similar atmosphere to Earth it may be possible for life to survive, although seasonal shifts would be extreme," Prof Tinney said.

Saturday, June 28, 2014

Today I Learned...

 SCOTUS Justice Thomas, who was appointed by President George H.W. Bush, has not asked a single question at oral arguments in more than eight years.

Why is this?


Cardboard - Virtual reality on your smartphone

We want everyone to experience virtual reality in a simple, fun, and inexpensive way. That's the goal of the Cardboard project.

Tuesday, June 10, 2014

Dr. David Brat, Randolph-Macon College

"God and Advanced Mammon – Can Theological Types Handle Usury and Capitalism?" By David Brat for Interpretation, April 2011

I wonder if this is available online.

Sunday, June 8, 2014

Swim With Manatees

People from all around the world come to snorkel with manatees in Crystal River. For just $45.00, all gear is included, mask, snorkel, fins and wetsuit. You will embark on one of our covered, U. S. Coast Guard inspected boats for the most amazing in water experience; to swim with the manatees. Our in water guides, all U.S. Coast Guard Licensed Captains, will take you into the Crystal River National Wildlife Refuge to the best locations for viewing and snorkeling with these friendly, curious and slow moving and gentle giants.

Manatee Snorkeling Adverture!When you arrive to our tour center, coffee, hot chocolate, donuts, and pastries are available for you complimentary. We will watch a brief video about the manatees, go over the rules of swimming with the manatees, and insure that you receive the proper information how to interact in a manner that is fun for both you and the Florida Manatees. We then fit you for a wetsuit to prepare you for your snorkeling adventure. We have wetsuits of all sizes from toddler (2 years old and up) to adult 5X. Our swim with the manatee tours are conducted daily year round. Please call or book online to reserve your seats today. We do accept walk-ins upon availability but reservations are highly suggested to insure availability.

Monday, May 26, 2014

Google Acquires Enterprise-Friendly Device Manager Divide

Google has acquired Divide, a New York-based company that offers a bring-your-own-device (BYOD) solution for corporate environments. Following the acquisition, Divide's team will likely focus on making Android devices more enterprise-friendly. Divide sets up an encrypted workspace so users do not have to worry about privacy or about the company wiping the device. The amount that Google paid for Divide was undisclosed.

Saturday, May 24, 2014

Raspberry Pi: Five alternatives for hackers and modders

The Raspberry Pi has been the darling of the homebrew hacking and modding community since its launch more than two years ago.

Creative tinkerers have used the $35 Linux board tocook up talking mirrors, drones and automated book readers. The volume of creations has shown the appetite among the maker community for low-cost, energy sipping and versatile boards like the Pi.

While small board computers predate the Pi the market for boards and small form factor PCs is increasingly crowded with machines that bake-in features or performance not offered by the Pi.

Here are five alternatives that attempt to deliver something more than the Pi.

Tuesday, May 20, 2014

FreeRDP - RD Gateway client for Linux |

So what did I do?–  I turned to the wonderful world of opensource software. FreeRDP is an awesome project started by Awake Coding aka Marc-André Moreau. It is still in development so bugs and missing documentation are to be expected. This tutorial will show you how to compile and use FreeRDP to connect through an RD Gateway to a terminal server from Ubuntu 13.10 32 bit.


Wednesday, May 14, 2014

Chasing Unicorns: How to Find 'Blended' IT-Business Pros

With the largest IT budget in the world at her disposal, you might think the CIO of the Department of Defense could just order up whatever IT talent she needs. Yet Teri Takai encounters the same challenge that technology chiefs in every industry wrestle with today: finding that elusive "blended" IT-business professional.

"It's hard for tech people--even middle manager on up to senior managers--to think the way that the business thinks," she points out. "They tend to explain things from their own perspective."

These days, the ideal IT manager is seen as someone deeply technical yet business savvy, wonderfully communicative and, of course, a strategic thinker. In other words, as mythic a creature as a unicorn. "This talent issue is hardly new," writes Stephanie Overby in our cover story ("CIOs Struggle with the Great Talent Hunt"). "IT leaders have preached the importance of the blended IT professional for years. But after a decade, it's clear that help is not on the way."

Friday, May 9, 2014

3 Ways Mobile Identity Management Improves BYOD Security

One emerging technology that can reinforce Bring Your Own Device (BYOD) security is mobile identity management. Some vendors refer to it as mobile identity management and authentication. I've even seen some analysts go as far as calling it Bring Your Own Identity.

Mobile identity management creates a digital identity for mobile users that can function as a focal point for mobile security. It's a great addition to your existing BYOD security stack of:



Here are three ways mobile identity management can improve your BYOD security.

Thursday, May 8, 2014

Senator Schumer calls for Congressional oversight and end of “cookie jar” practices by state governors at Port of New York and New Jersey

Very Interesting. 

To clean up the mess, Schumer proposed a seven-point makeover of the agency, which would include:

  • The executive director should be elected by the board, not appointed by a governor, as opposed to the current shared bistate leadership with the executive director splitting control with the agency chairman and the deputy executive director;
  • The commissioners need to be selected for their expertise, not their political links;
  • More transparency in finances and contracts could reduce conflicts of interest, with at least an annual review;
  • Billions of dollars should not be spent on projects that generate no revenues, and there should be a ban on spending agency money on projects in either state;
  • And the agency's board of commissioners should choose its executive director.

Wednesday, May 7, 2014

HCL:ARMChromebook - openSUSE

  1. Put your Chromebook into developer mode.
  2. Open a root shell: login to ChromeOS, open crosh with 'ctrl-alt-t', start a real shell with 'shell', become root with 'sudo -i'
  3. Enable USB/SD booting by running the following command as root from ChromeOS.
    "crossystem dev_boot_usb=1"
  4. Download the latest image at choose between:
    1. JeOS image (1GB) for a minimal system openSUSE-12.3-ARM-JeOS-chromebook-*.raw.xz or
    2. XFCE image (4GB) for a graphical system openSUSE-12.3-ARM-XFCE-chromebook-*.raw.xz
  5. As root extract the image onto your SD-Card or USB drive (replace sdX with the device name of your SD-Card or USB drive). WARNING: all previous data on the SD-Card or USB drive will be lost.

Tuesday, May 6, 2014

Target CEO departure watershed for IT, business alignment

Summary: The exit of Target CEO Gregg Steinhafel can largely be attributed to a massive IT failure. The lesson: IT is your business now and the two functions are intertwined and aligned.

Target CEO Gregg Steinhafel's departure from the retailer following a massive data breach that damaged the company's reputation could be a watershed moment for information technology and business alignment.

Simply put, IT is your business and massive failures even cost the big dogs their jobs. Technology execs have worried about business alignment forever. Stop worrying because business and IT are aligned. If IT blows up---or 110 million customer accounts are breached---so does the business.

Thursday, May 1, 2014

Wednesday, April 30, 2014

Tankers carrying oil derail, catch fire in VA

Tankers carrying oil derail, catch fire in Va.


LYNCHBURG, Va. (AP) - Several CSX train cars carrying crude oil derailed and caught fire Wednesday along the James River, with three black tankers ending up in the water and leaking some of their contents, becoming the most recent crash involving oil trains that has safety experts pushing for better oversight.

Nearby buildings were evacuated for a time in downtown Lynchburg, but officials...

Read Full Story

Friday, April 11, 2014

LMI's OpenPolicy(tm) Wins Destination Innovation Competition

LMI’s OpenPolicy™ Wins NVTC Destination Innovation Competition - Semantic web search tool.

McLean, Va., April 10, 2014 — LMI, showcasing its OpenPolicy™ tool, won the most innovative technology award in the government category at Destination Innovation 2014. The event and award was the culmination of a months-long competition sponsored by the Northern Virginia Technology Council and The Washington Post. OpenPolicy is LMI’s solution to a growing problem—massive amounts of data and knowledge locked away within countless pages of unstructured written prose.

“We are thrilled to be recognized at Destination Innovation for OpenPolicy’s innovative, state-of-the-art use of semantic web standards, and are excited to continue making accessible the knowledge found within the millions of pages of government policy and regulation,” said project leader Gus Creedon, a program manager at LMI.
If today’s rudimentary search engines and file search tools are able to procure just 20 percent of the knowledge that’s out there, then extracting the remaining 80 percent is a critical requirement for those who need that information. OpenPolicy, with its groundbreaking use of existing Worldwide Web (W3C) semantic web standards, is that tool for revealing this hidden knowledge.
OpenPolicy is built by combining a blend of open source semantic software with a semantic triple-store database and custom application code. Instead of returning document names and their file locations, it innovates by returning complete paragraphs (semantic chunks) within documents. It searches hundreds of documents simultaneously. And the search uncovers synonyms, acronyms, and other concepts related to the search. You then expand the paragraph to view it in context within the document. Currently, OpenPolicy can index thousands of terms, phrases, and their variations, across tens of thousands of pages of text spread among scores of documents.


Pretty Cool.

The Internet Bug Bounty rewarded @neelmehta with a $15,000 bounty for the TSL heartbeat read oversrun, aka HeartBleed.

And then @neelmehta donated the reward to the Freedom of the Press Foundation.

Very Cool!


#6626 CVE-2014-0160

TLS heartbeat read overrun

Someone reported a bug to OpenSSL.
A missing bounds check in the handling of the TLS heartbeat extension can be used to reveal up to 64k of memory to a connected client or server.

Only 1.0.1 and 1.0.2-beta releases of OpenSSL are affected including 1.0.1f and 1.0.2-beta1.

Thanks for Neel Mehta of Google Security for discovering this bug and to Adam Langley and Bodo Moeller for preparing the fix.

Affected users should upgrade to OpenSSL 1.0.1g. Users unable to immediately upgrade can alternatively recompile OpenSSL with -DOPENSSL_NO_HEARTBEATS.

1.0.2 will be fixed in 1.0.2-beta2.;a=commitdiff;h=96db9023b881d7cd9f379b0c154650d6c108e9a3

Thursday, April 10, 2014

BrickFair LEGO Convention, August 2 - 3, 2014

BrickFair VA 2014 is 4 months away!
Join us Aug 2nd & Aug 3rd2014 at the Dulles Expo Center in Chantilly, VA.
Doors open 11:00am to 4:00pm.
Over 900 LEGO artists from across the country will exhibit LEGO models and games spread over 100,000 square feet.
$12 at the door. Visit

Wednesday, April 9, 2014

Emergency SSL/TLS Patching Under Way

Emergency SSL/TLS Patching Under Way

A "Heartbleed" flaw revealed in the OpenSSL library leaks the contents of memory, including passwords, source code, and keys.

The race is on to fix SSL-based websites and software in the wake of a newly revealed and dangerous flaw in the popular OpenSSL library for encrypting HTTP traffic, with nearly one-third of major websites potentially at risk.

OpenSSL released a patch yesterday for a read-overrun bug in its implementation of the Transport Layer Security protocol's "heartbeat" extension, an extension to the protocol that checks on the site to which it is connecting to ensure it's connected and can respond. If exploited, the bug leaks the contents of the memory from the server to the client and vice versa, potentially exposing passwords and other sensitive data and, most alarmingly, the SSL server's private key. OpenSSL Versions 1.0.1 and 1.0.2 beta are affected by the vulnerability, which was discovered by security researchersat Google and Codenomicon.

Saturday, March 29, 2014

Removing Glued LEGO Magnet Minifigures

I decided to spend a bit of time myself trying to find a solution that is both safe for the minifig and the person using the method. (Please read our Tutorials Disclaimer for your safety here.) I will start with the process that I found working, and below that I will list my failed attempts for your further amusement (and horror!). ;)

Sunday, March 23, 2014

In defense of UDP

Heard through @StrongwaterSec

the_skys_kid comments on Freenode under DDOS again

[–]the_skys_kidRHODESIA WAS SUPER! 2284 points  agox7

I'll defend UDP.

UDP is the honey badger of the internet protocol suite.

UDP is all about the transaction. UDP is standing on a cliff yelling, "Come at me, bro", whether you're there or not.

UDP is a man's protocol doing real shit like bootstrapping your ass and slapping an IP on you. Get up, motha fucka!

UDP will talk shit to one of you or all of you. UDP ain't scared. UDP brought the fear.

UDP understands that you may be slow sometimes. So UDP will wait for your sorry ass. UDP grew up without a father, too.

UDP sends a message and couldn't give a fuck if you got it or not.

UDP got a message from you saying that you got his messages and guess what? UDP didn't even open it! Not one fuck given.

Don't try to shake UDP's hand! You crazy?

And, when UDP dies because you weren't available, UDP doesn't shed a tear. UDP is hardcore. He's going out even if he knows you ain't there. UDP is a goddam one-man slaughter house.


Because UDP doesn't give a fuck.

Sunday, March 16, 2014

Hate Small Talk? One Approach Anyone Can Use - by Jeff Haden

"Look around the room. Pick someone who looks uncomfortable. Pick someone who seems to feel out of place. Pick someone just like you."

"Then go talk to them. Make it your goal to make that one person feel more comfortable. Then you'll feel more comfortable too."

Try it. If it's painful to mingle, if it's awkward to make small talk, use those feelings in a positive way. Turn sympathy for yourself into empathy for another. Go rescue someone.

Just introduce yourself to people and ask a basic question: what they do, where they're from, why they're attending. You don't need to be a conversational genius. The people you rescue won't notice. They'll be too busy feeling less like wallflowers and more like people who belong--and they will always remember that it was you who made them feel that way.


Thursday, February 13, 2014

Applied DNA Sciences Teams with LMI, a Leading Government Consulting Firm to Tackle Supply Chain Counterfeiting |

This collaborative relationship seeks to educate the public and private sectors on the increasing risk posed by counterfeits, and encourage the development and fielding of preventive measures.

LMI has deep supply chain consulting and inventory management experience for the military and across the federal government. APDN invests in industry-leading research and provides a variety of authentication solutions to both commercial and government clients.

"Supply chains critical for commerce and security are under attack. In the electronics arena, remarking, cloning, and manufacture from salvaged die are creating increasingly sophisticated counterfeits. Industry and public sector users alike are struggling to ensure authentic components in this flood of fakes," said Joe Doyle, senior consultant for LMI. A cutting edge technology company in this space working with a leading supply chain consultancy is just the sort of collaboration that can make a difference, Doyle added.