标签: hacking

Amid a huge number of recent news stories about systems getting hacked I read several in the area of IoT about Zigbee getting hacked , Chrysler getting hacked , and Tesla getting both hacked and fixed . Granted, part of the rush came from the recent DEFCON conference in Las Vegas, but such stories still can be very depressing for engineers trying to build the next generation of devices. Are we really doing the world a favor by creating ever more complex systems that inevitably expose the users to hackers?   This got me thinking about the nature of system development. We have all seen descriptions of the various stages of maturity for any technology, but I realized that the ones I have seen are missing a step. Consider the one below.   A more realistic description of the stages of technology.   The first three stages are familiar, but consider the consequence of implementing a design to make it broadly useful. That wider audience is also what makes it interesting to hackers. There is really no point to hacking something that no one is using, and new technology is always the most fertile ground in terms of complexity and the availability of exploitable holes. It seems like these days a new technology barely has a chance to enjoy being in the ‘Useful’ stage before it gets pushed into the ‘Abuse-able’ stage.   Up until now I have carefully avoided characterizing the hacking involved as being “white hat” or “black hat” hacking. In fact, even those two characterizations are too limiting. The only difference between them is if the flaw is discovered by the good guys or the bad guys. What I have come to realize over the years is that the world is infinitely more complex than that.   Right now we have encryption technology that is good enough that the FBI is very publicly calling for the creation of back doors into it. Their rationale is that the bad guys are using it too effectively to do what they do that makes them bad. That is a very reasonable argument when the FBI is hunting pedophiles. Does the same argument hold when it is the Chinese government that is hunting underground discussion of the Tiananmen Square massacre? The definition of good guys and bad guys is very open to interpretation.   Garage mechanics have been hacking cars just about as long as there have been cars in an effort to make them faster or in some other way more interesting. This is considered abuse by the car manufacturers and the government regulators, but it is very different from finding ways to break into or take control of someone else’s car.   Whether any type of hacking of a new technology is good or bad is a judgement that largely depends on how the hack is used. As I said, the world is an infinitely complex place – this is what makes it interesting. Whether or not we are really making it better by making it even more complex is a question that we each have to answer for ourselves.   Larry Mittag is a consultant on connected embedded systems .

In a recent New York Times article , the author shares how her mother got hit by the CryptoWall virus, which encrypted her mother’s files and demanded a $500 ransom for access to the key. I had three reactions to this article. First, is the threat itself. Like most of us I was aware of ransomware but didn’t really think that much about it. Just another nasty virus that can corrupt the system. But this one seems to be spreading quickly. It’s insidious in that all files on all drives mapped to letters will be encrypted. That backup drive? You’ll lose access to it. A networked drive? Ditto. Mapped cloud services, too, will be attacked. This is a serious problem in that we really need to use automatic backups; ones that are scheduled daily (at least). But because of these sorts of threats, that backup drive must be disconnected from the network to preserve the files if the main system gets compromised. It would be nice to have a command-line utility that locked access to a drive with a password, so the automatic backup program can invoke a batch file to open it, do the backup, and then lock the drive down. I have not been able to find such a program. Here in Ganssleville we use SecondCopy to roll changed files to a separate internal disk and to a USB-connected disk every night. Once a week I swap that USB drive with another, which is kept at a remote area. So we’re at risk for, at most, a week’s worth of data, which can be rather a lot. I may change to a daily swap, but that is really a pain. Weekly, I do a manual backup to a Mac and to a big thumb drive. Both are air-gapped from the network at all times except during the backup. The flash drive is stored off-site. My second reaction was one of disgust. Pre-computers one had to actually walk into a bank with a gun to commit a robbery. That barrier which required physical presence and entailed considerable risk seems to have kept a lid on this sort of behavior. Today any script kiddie or 419er can drain someone’s accounts from thousands of miles away. Cloak some in the anonymity of the Internet and the veneer of civilization evaporates. Presumably this applies to a small portion of society. But how were these people brought up? What moral sense debases, in their minds, human beings to nothing more than targets of opportunities? What makes these people (I use that word loosely) so amoral? It’s terribly sad the world is rife with these criminal predators. My last thought was of the author’s mother. The article leads me to suspect she is relatively young. Many aren’t. My parents, in their very late 80s, recently moved to an elder-care facility. A computer room there has a handful of PCs, all with bright yellow keys emblazoned with huge letters for the faint of sight. Other residents, like my folks, have their own computers. I often give them the rules for safe surfing, but those rules, which have been explained many times, are now received as new information with each retelling. Increasing confusion makes me worry that a costly mistake is just a click away. The elderly, most of whom are not particularly computer literate, have always been targets for the evil who prey on our society. We engineers take computer-savviness to be a given, but a preponderance of PC users know little about their machines or the threats to them. One mistaken click on what looks like a completely innocent link can lead to CryptoWare or thousands of other viruses to hugely disrupt life. Probably very few outside of the cognoscenti have an in-depth defense system. Their machines are like unguarded banks whose vaults are stuffed with cash, unlocked, and a big sign outside reading “easy-to-steal cash.” What’s your take?

A recent New York Times article details how the author’s mother got hit by the CryptoWall virus, which encrypted her mother’s files and demanded a $500 ransom for access to the key. I had three reactions to this article. First, is the threat itself. Like most of us I was aware of ransomware but didn’t really think that much about it. Just another nasty virus that can corrupt the system. But this one seems to be spreading quickly. It’s insidious in that all files on all drives mapped to letters will be encrypted. That backup drive? You’ll lose access to it. A networked drive? Ditto. Mapped cloud services, too, will be attacked. This is a serious problem in that we really need to use automatic backups; ones that are scheduled daily (at least). But because of these sorts of threats, that backup drive must be disconnected from the network to preserve the files if the main system gets compromised. It would be nice to have a command-line utility that locked access to a drive with a password, so the automatic backup program can invoke a batch file to open it, do the backup, and then lock the drive down. I have not been able to find such a program. Here in Ganssleville we use SecondCopy to roll changed files to a separate internal disk and to a USB-connected disk every night. Once a week I swap that USB drive with another, which is kept at a remote area. So we’re at risk for, at most, a week’s worth of data, which can be rather a lot. I may change to a daily swap, but that is really a pain. Weekly, I do a manual backup to a Mac and to a big thumb drive. Both are air-gapped from the network at all times except during the backup. The flash drive is stored off-site. My second reaction was one of disgust. Pre-computers one had to actually walk into a bank with a gun to commit a robbery. That barrier which required physical presence and entailed considerable risk seems to have kept a lid on this sort of behavior. Today any script kiddie or 419er can drain someone’s accounts from thousands of miles away. Cloak some in the anonymity of the Internet and the veneer of civilization evaporates. Presumably this applies to a small portion of society. But how were these people brought up? What moral sense debases, in their minds, human beings to nothing more than targets of opportunities? What makes these people (I use that word loosely) so amoral? It’s terribly sad the world is rife with these criminal predators. My last thought was of the author’s mother. The article leads me to suspect she is relatively young. Many aren’t. My parents, in their very late 80s, recently moved to an elder-care facility. A computer room there has a handful of PCs, all with bright yellow keys emblazoned with huge letters for the faint of sight. Other residents, like my folks, have their own computers. I often give them the rules for safe surfing, but those rules, which have been explained many times, are now received as new information with each retelling. Increasing confusion makes me worry that a costly mistake is just a click away. The elderly, most of whom are not particularly computer literate, have always been targets for the evil who prey on our society. We engineers take computer-savviness to be a given, but a preponderance of PC users know little about their machines or the threats to them. One mistaken click on what looks like a completely innocent link can lead to CryptoWare or thousands of other viruses to hugely disrupt life. Probably very few outside of the cognoscenti have an in-depth defense system. Their machines are like unguarded banks whose vaults are stuffed with cash, unlocked, and a big sign outside reading “easy-to-steal cash.” What’s your take?

According to an entry on Wikileaks and other sources, hackers broke into a database used by pharmacists in Virginia, US last April 2009. Eight million records were deleted. The bad guys are demanding a $10 million ransom to return the data. They claim to have deleted the backups, too. One could rant about poor security practices that left the data vulnerable. But what I find appalling, assuming the claim is correct, is the apparent lack of adequate and safe backups. I really shouldn't be surprised, as many of us—way too many—do a poor job insuring there's a safe copy of our digital data archived. I hear constantly from developers who are losing weeks and months in recreating missing source code. A few years ago, a company informed me they were shutting the doors due to a fire in the engineering department that took out their source code; no off-site backups were maintained. My computer-illiterate brother has lost all of his pictures, twice, due to hard disk crashes, yet he still refuses to get serious about a simple backup solution. One would think a single bad experience would be reforming; to have had this happen twice and still not take preventative measures boggles the mind. The most important asset many companies posses is their data, whether that's customer files, source code, or accounting files. Yet in far too many you're liable to get in trouble for defacing an unimportant asset—like a desk—while the data is vulnerable to hackers, fire, or an rm "r *.* from an angry laid-off worker. Once we were told to keep an off-site backup. That is no longer good advice. We learned from Hurricane Katrina that it's possible to lose an entire city. Keep a backup a kilomile away. In this day of cloud computing that's simple and cheap. We paint our houses to preserve them. Change the oil in the car to keep it running well. Owning anything implies a level of responsibility, and that, too, is true of computers. Even a ma and pa shop needs effective backups. Your home data, those pictures, music and other records, need to be archived frequently and safely. How do you protect your data?