Dec. 19th, 2013

thewayne: (Cyranose)
"Socialism makes me sick."
—slogan on the "Official Obama Barf Bag" offered by Rep. Steve Stockman, fundraising for his Senate campaign

Just go around his district, and the rest of his state, and announce that he's going to campaign to eliminate public roads, Medicare, Social Security, the fire department and police department, libraries, emergency room access for the uninsured, I'm sure his campaign and his anti-socialism message will take off like something that takes off really fast!
thewayne: (Cyranose)
There's not a lot of firm data, but it looks like they were hacked for the period of Thanksgiving 2013 to December 15th. Originally it was thought to be a week, but it expanded. No really solid information has been released as to methods, but it looks like over a million cards were compromised and that it only affected in-store purchases, not online purchases.

It is anticipated that this could become one of the biggest hacks when everything is analyzed, which I find kind of noteworthy for one of such short duration.

http://krebsonsecurity.com/2013/12/sources-target-investigating-data-breach/
thewayne: (Cyranose)
Both from Bruce Schneier.

The paper purports that you can read a 4096 bit GnuPG RSA key through acoustic monitoring of the computer that's doing a decryption. It also talks about measuring the electrical potential of the actual computer chassis as a low-bandwidth attack. Strange stuff.

https://www.schneier.com/blog/archives/2013/12/acoustic_crypta.html


The other day a Harvard student emailed in multiple bomb threats to avoid taking a final exam. Idiot. He was mildly clever in that he used an anonymous email account and used Tor, his epic fail was that he used Tor within the Harvard campus network, so they could easily identify IP addresses and locations of people using Tor and at what time, so it wasn't difficult to nab him.

If he had used Tor from coffee shops off-campus, they would have had a much tougher time tracking him down.

Schneier has a great comment: "This is one of the problems of using a rare security tool. The very thing that gives you plausible deniability also makes you the most likely suspect. The FBI didn't have to break Tor; they just used conventional police mechanisms to get Kim to confess."

I think this might adversely affect his academic standing.

https://www.schneier.com/blog/archives/2013/12/tor_user_identi.html
thewayne: (Cyranose)
There are a lot of reasons, one of the big ones being that the Republicans gutted the funding which forced Health & Human Services to scrounge for money which forced them to use almost 50 contractors to build this thing. HHS screwed up in two major ways. First, they didn't appoint a top dog contractor who was responsible for integrating this mess. HHS thought they had the in-house expertise to handle managing it all, and they clearly did not. They also chose a Canadian shop that had a track history of poor performance on government contracts. I have no idea how they got the contract, there's talk that there was some higher level quid pro quo going on, in that the company that bought out the main contractor is owned by Obama fund raisers and that fundraiser-owned company has been hired to fix the mess.

But the second one was a biggie: HHS specified that the system would run on top of a database system called MarkLogic. Not Oracle, not SQL Server, not IBM bringing in something. Most databases used in business for record-keeping use SQL, Structured Query Language. This organizes data in to tables that control the amount of redundant data and do lots of things to enforce data quality. SQL is predicated on algebraic set logic where the tables (sets) are manipulated using set operations: intersections, joins, differences, etc. I've been working with relational databases for about 30 years and I absolutely love the way it works. It's extremely fast, it's extremely robust, and has a very long and proven track record.

MarkLogic is not an SQL database. It uses a technology called NoSQL, which eschews a lot of the strengths of SQL databases, gaining speed, a smaller footprint in the OS, and lower cost. It is a datastore, but not like SQL. It has such a small footprint, as a matter of fact, that pretty much all smartphones use it internally to structure operations.

And MarkLogic seems to be a pretty good database (I've never worked with it). The London Olympics last year used MarkLogic to organize and stream all their data and video, and it performed marvelously. There are lots of examples of MarkLogic performing well.

There's only one big problem: the developers had never worked with it before. So in addition to creating a complex system, the developers had to abandon a lot of their previously honed techniques and learn new ones. New development techniques, new testing techniques. The developers balked at the spec, but HHS held firm.

And now we have the mess that we have.

http://www.nytimes.com/2013/11/23/us/politics/tension-and-woes-before-health-website-crash.html

http://beta.slashdot.org/story/194761

August 2025

S M T W T F S
     12
34 56789
10111213 141516
17181920212223
24252627282930
31      

Most Popular Tags

Style Credit

Expand Cut Tags

No cut tags
Page generated Aug. 18th, 2025 04:36 am
Powered by Dreamwidth Studios