Category Archives: computer security

Windows malware as a romance

Security updates for Windows are starting to sound more like  romance novels.

This week’s offerings:

MS17-010: Security Update for Microsoft Windows SMB Server:(4013389)

Eternal Blue

Eternal Champion

Eternal Romance

Eternal Synergy

Wanna Cry

Eternal Rocks

I’m speculating this series is about two immortal system administrators who are sad (blue), become champions of the downtrodden network users in the second volume, and find one another and have a budding romance in the third. In the fourth novel, after a constant tease in the first three, the two engage in some intimacy, then experience great regrets in the next novel, and find their romance on the rocks in the last.

It could be more interesting than the “Twilight” series. While the Twilight series took place in Forks, Washington, the Eternal Blue series takes place in Redmond, Washington, which has fewer trees but far more computers and smart phones.

Visit to NSA

The National Security Agency (NSA) has a large campus on Fort Meade, Maryland, protected by fences, barbed wire, police dogs, guards, and maybe a dragon or two. It is not visitor friendly.

But right outside of the campus is the National Cryptologic Museum,  an old motel once used by visitors for housing guests. The motel is no longer a motel, but a rather casually laid out museum, sprawling through hallways and odd spaces, filled with artifacts on the art of sending, receiving, and stealing secret messages.

This formerly super-secret agency (nicknamed “No Such Agency,” as even the name was a secret) recently displayed a sign in the entrance claiming it was a Pokémon Go stop, which is a major step forward into the world of publicity.

The National Cryptologic Museum at Fort Meade started advertising itself as a Pokemon Go "Pokéstop" shortly after the Pokemon Go craze started. You could hunt for Pokemon and learn about secret messages at the same time.
The National Cryptologic Museum at Fort Meade started advertising itself as a Pokémon Go “Pokéstop” shortly after the Pokémon Go craze started. You could hunt for Pokémon and learn about secret messages at the same time.

Right inside, and probably to the great surprise of the British Museum, is the Rosetta Stone, one of the best examples of coding from the ancient world,

The Rosetta Stone, often thought to be housed at the British Museum in London, but really located outside the gift shop of the National Cryptologic Museum in Fort Meade, MD. Unlike that one in London, this one is easier to photograph and touch.
The Rosetta Stone, often thought to be housed at the British Museum in London, but really located outside the gift shop of the National Cryptologic Museum in Fort Meade, MD. Unlike that one in London, this one is easier to photograph and touch.

The museum houses artifacts that may not so obviously be associated with cryptology, such as a hunk of wreckage from Gary Powers’ U-2 surveillance aircraft, shot down over the Soviet Union on May 1, 1960. The Soviets fired fourteen missiles at the high-flying  U-2, finally hitting it with an S-75 Dvina, specially designed for the attempt. The Soviets also accidentally shot down one of their own MiG-19 fighters, sent up in an attempt to intercept the U-2.

The wreckage of the U-2 fell almost 14 miles before hitting the ground. A piece of that wreckage was presented to the US by Russia in 1994.

A piece of the wreckage from Gary Powers' U-2 surveillance aircraft, shot down by the Soviets in 1960 and presented to the US by the Russian government in 1994.
A piece of the wreckage from Gary Powers’ U-2 surveillance aircraft, shot down by the Soviets in 1960 and presented to the US by the Russian government in 1994.

You can check out a earlier blog entry for more photos and information about the museum, including the famed Enigma coding machine.

SMS Spam

Spam has become epidemic. Corporations and government agencies report that 80-95% of all email they get is spam: unsolicited messages either trying to sell something, or attempting to steal something of value (corporate or government secrets, confidential or private information), or compromise individual computers with malware so that hostile third parties can take them over.

While corporations and governments have staffs to try and thwart these problems, people do not, and most of the malware-infected computers around the world belong to individuals. That is bad.

But so is the following SMS (Short Message Service) message texted to my phone recently. Apparently the cyber crooks decided that sending email was old-fashioned, so they sent a message (with an invalid phone number) to my phone, careful to include all the necessary information in 160 characters or less. All I needed to do was contact “Barr Cyrus Dillion” (presumably Barr was short for “Barrister”) and some transaction, presumably financial, could take place:

The wonders of technology: you can now be going about your daily routine, away from your computer, and still collect spam. Progress!
The wonders of technology: you can now be going about your daily routine, away from your computer, and still collect spam. Progress!
Not only is this illegal, it is also costly: if your phone plan allows for a set number of text messages per month, SMS spammers could subject you to substantial phone charges. Even if you don’t accept the offer from “Barr Cyrus Dillion.”

FOSE was gunning for business

FOSE is the largest computer conference and exhibition in the Washington, DC, metropolitan region. At one time, it had days of meetings, classes, speeches, and other educational events, plus miles and miles of aisles filled with the latest computer hardware and software. Every single hardware and software company of any note was there, either with their own branded booth or with a Beltway partner acting as a proxy.

This year, FOSE probably had more guns than computers. For a show that began life as the Federal Office System Expo, it was a bit alarming to see racks of shotguns, automatic pistols, machine guns, assault guns, silencers, ammunition clips, ammunition belts, special holsters, special transport containers for weapons and ammunition, body armor, and all manner of things not normally found at a computer show or an office. Unless you were planning on shooting a computer, it is unlikely this weaponry would make computers any more secure.

These assault rifles, manufactured by Heckler & Koch, a German arms manufacturer, were on display at FOSE, the largest computer show in the Washington, DC, region.
These assault rifles, manufactured by Heckler & Koch, a German arms manufacturer, were on display at FOSE, the largest computer show in the Washington, DC, region. The sales representative sported a US flag, with no sense of irony.

When plumbing fails

What happens when a high-tech urinal crashes? It no longer flushes, but it does flash an indicator light and occasionally beeps. No, it was not made by Microsoft.

The beep sound occurs only about once every ten seconds. This is a long enough interval that you aren’t really sure you heard a beep, but frequent enough that it will annoy you if you think to use the restroom as a place to take a nap away from coworkers. Curse you, beep!

Something else you can’t help but notice: nobody seems to know what to do with a crashed urinal. Should you call a plumber? Should you call the computer help desk? Should you bring in a systems analyst? An electrical engineer?

Nobody seems to know.