Thursday, January 30, 2014

APOD: 2014 January 27 - From the Northern to the Southern Cross

 New desktop image :)

Sunday, January 26, 2014

Royals by Mayer Hawthorne

 Royals by Mayer Hawthorne

Shared from the SoundCloud iOS app. Get it for free here:

Wednesday, January 22, 2014

A secure phone, designed with user privacy and security as the primary objective

Will government call on the Blackphone for secure comm?

The latest tool for secure communication in government might be the Blackphone. The sleek, black smartphone uses encryption so users can make secure phone calls, use video chat features and store files securely. And while the Blackphone name may not be well known yet, its creators, Geeksphone and Silent Circle, are at the heart of many efforts to improve secure communications. 

Geeksphone is a Madrid-based company specializing in the development, promotion and commercialization of open-source mobile telephony. The company launched an Android smartphone in 2009 and the world's first Firefox OS-powered smartphone in 2013. Silent Circle provides a peer-to-peer platform for encrypted voice, video, text and file transfer on mobile devices via a secure, proprietary network, software and mobile apps.


Wednesday, January 15, 2014

Costco pricing codes - the real deals

 Price ending in .99 – the product is full price

Price ending in .97 – a deal decided by the manager

Price ending in .49 or .79 – manufacturer's special -
The manufacturer is testing out at Costco, usually at a lower price than Costco would sell the item

Price ending in .00 – It means the manager wants the item out.

A price tag with an asterisk – it's discounted and discontinued


Saturday, January 11, 2014

Meet the Other Mayor Accusing Chris Christie of Retaliation | Mother Jones

Interesting. I think this might be a pattern, no? 

After being told that Sokolich was asking questions about the George Washington Bridge lane closures, recently resigned Port Authority official David Wildstein replied, "Radio silence. His name comes right after mayor Fulop." Fulop told the Jersey Journal that after seeing that exchange he believes he's "Enemy Number 1."


Friday, January 10, 2014

Schneier on Security: JETPLOW: NSA Exploit of the Day

From Bruce Schneier.  Fascinating stuff. 

I was worried about Supply Chain Security based on where this equipment is made.  Seems like that is minor compared to this...

JETPLOW: NSA Exploit of the Day

Today's implant from the NSA's Tailored Access Operations (TAO) group implant catalog:


(TS//SI//REL) JETPLOW is a firmware persistence implant for Cisco PIX Series and ASA (Adaptive Security Appliance) firewalls. It persists DNT's BANANAGLEE software implant. JETPLOW also has a persistent back-door capability.

(TS//SI//REL) JETPLOW is a firmware persistence impant for Cisco PIX Series and ASA (Adaptive Security Appliance) firewalls. It persists DNT's BANANAGLEE software implant and modifies the Cisco firewall's operating system (OS) at boot time. If BANANAGLEE support is not available for the booting operating system, it can install a Persistent Backdoor (PDB) designed to work with BANANAGLEE'S communications structure, so that full access can be reacquired at a later time. JETPLOW works on Cisco's 500-series PIX firewalls, as well as most ASA firewalls (5505, 5510, 5520, 5540, 5550).

(TS//SI//REL) A typical JETPLOW deployment on a target firewall with an exfiltration path to the Remote Operations Center (ROC) is shown above. JETPLOW is remotely upgradable and is also remotely installable provided BANANAGLEE is already on the firewall of interest.

Status: (C//REL) Released. Has been widely deployed. Current availability restricted based on OS version (inquire for details).

Unit Cost: $0


Wednesday, January 8, 2014

How Does RSA-NSA Deal Affect You?

As part of the deal, RSA Security will provide backdoors that the NSA can make use of in order to gain access to crucial information stored in what used to be a relatively safe database. This backdoor involves setting a particular random number generator (DUAL_EC_DRBG) as a default in its BSAFE cryptographic library. This doesn't sound like much of a big deal, but there is clear evidence pointing to the fact that this particular random number generator'soutcomes can be predicted effectively under some conditions. This wasdiscovered at some point in 2005.

RSA Security has come out with the news to its customers, telling them not to use the default generator, but as the old adage goes, "too little, too late." Customers who have long had faith in RSA and are unaware of the $10 million deal will not have the time to make a complete switchover on their algorithms.


Monday, January 6, 2014

BlackBerry CEO: 'I Believe We Can Succeed' | Mobile Device Management content from MSPmentor

Not so sure about the claim that only BB has a DOD ATO... 


BlackBerry (BBRY) interim CEO John Chen last week released another open letter to assure enterprise customers that the company is "strong financially, technologically savvy and is well-positioned for the future." He failed, again, to mention how BlackBerry will work with channel partners in 2014.

In his letter, Chen continued to stress the importance of surrounding himself with "a talented team of industry leaders," noting that he will add to his "leadership team with those who have the skills and passion to get BlackBerry back on the path to profitability."

Chen said his team needed to move to a new operating unit structure to place more emphasis on  what he called core business drivers. He then went on the offensive, calling out BlackBerry's competitors in the mobile device management (MDM) space.

"With a global enterprise customer base exceeding 80,000, we have three times the number of customers compared to Good,AirWatch and MobileIron combined," he said. "This makes BlackBerry the leader in mobile device management."

Chen said BlackBerry's customers include those who have the most stringent security needs.

"For governments, BlackBerry cannot just be replaced. We are the only MDM provider to obtain Authority to Operate on U.S. Department of Defense (DoD) networks," he said. "This means the DoD is allowed to use only BlackBerry. Across the globe, seven out of seven of the G7 governments are also BlackBerry customers."