Today at RSA, during a keynote session, Sec. Michael Chertoff, Bruce Schneier, and ADM Mike McConnell discussed “cyber war.” The consensus appeared to be that the term cyber war is over used.

I would take it a step further and say many make too big a deal over the term and constantly claim a cyber 911 or cyber Pearl Harbor is coming.

Also today at RSA during a round table with Dorothy Denning and others the audience was asked how many believed we have already had a cyber war. Despite the media’s claims, apparently to sensationalize the news, very few if anyone in the audience was willing to agree a cyber war has already occurred.

So, why all the discussion and uncertainty about cyber war? One word: attribution!

How do you know who is actually attacking you? Should a nation go to war against a 14 year old sitting at home using his parents computer and Internet connection?

Let’s face it, for now cyber war is what will happen between nations when prepping the battlefield prior to a kinetic offensive. Right now, in my opinion, the biggest threat is cyber espionage.

Wireless networks often struggle to run in full duplex because the access points (AP) have a hard time listening when they are transmitting.

An AP would send and then have to say “over” before getting a response that it could hear — like a hand-held radio. Researchers now say that the AP can avoid this problem by adapting to its own transmission noise, canceling it out, so it hears only signal(s) even though it is still transmitting.

It is like wearing headphones that cancel noise and are specifically tuned to eliminate your own voice:

This paper presents Antenna Cancellation, a novel technique for self-interference cancellation. In conjunction with existing RF interference cancellation and digital baseband interference cancellation, antenna cancellation achieves the amount of self-interference cancellation required for full-duplex operation.

This could double the performance of an AP. The authors also explain why doubling the number of physical devices, which also may achieve the same objective, is less compelling:

…a wireless full-duplex system that can nearly double the throughput of a single hop link is practically implementable. On the other hand, the implementation uses additional resources that could otherwise be used to implement a 2×2 MIMO system, that may provide similar physical layer gains. It is unclear if only the physical layer gains of full-duplex would justify the engineering and cost needed to implement these systems. However, we believe that the true benefit of the full-duplex system lies beyond this gain in the physical layer. Practical full-duplexing can mitigate many of the problems with wireless networks today. Full-duplexing helps address three distinct challenges in current wireless systems: hidden terminals, congestion due to MAC scheduling, and high end-to-end delays in multihop wireless networks. Further, full duplex can have applications to future wireless networks that use cognitive radios.

The EFF have released an update to their handy HTTPS Everywhere extension for Firefox. It turns on SSL for most popular sites and can be configured to handle many more.

I found a couple interesting notes in the change log.

0.9.4:
* Disable Cisco by default
* Disable Google Custom Search Engines (they don’t work)

Why disable Cisco? This is not the sort of behavior I would have expected from the EFF, especially as I was just railing on Facebook for the same thing the other day. Google at least gets an explanation.

BMC Patrol is marketed as system management software that will “Proactively detect and automatically resolve IT performance issues and sub-optimal configurations before users and services are negatively impacted.”

Speaking of sub-optimal configurations, the vulnerability database at NIST just popped up an urgent alert that says BMC Patrol actually might be your next source of negative impact:

Stack-based buffer overflow in BMC PATROL Agent Service Daemon for in Performance Analysis for Servers, Performance Assurance for Servers, and Performance Assurance for Virtual Servers 7.4.00 through 7.5.10; Performance Analyzer and Performance Predictor for Servers 7.4.00 through 7.5.10; and Capacity Management Essentials 1.2.00 (7.4.15) allows remote attackers to execute arbitrary code via a crafted length value in a BGS_MULTIPLE_READS command to TCP port 6768.

They give it a CVSS v2 Base Score of 10.0 (the highest rating).

Sometimes this means the vendor is not supplying sufficient information, but in this case it looks like port 6768 is just a short step away from complete control of a system.

Access Vector: Network exploitable
Access Complexity: Low
Authentication: Not required to exploit
Impact Type:Allows unauthorized disclosure of information; Allows unauthorized modification; Allows disruption of service

Fourteen months passed between discovery and this patch/announcement. At least their announcement has been more well-reasoned than the last time I mentioned a BMC remote exploit.