A fun new post from IOActive Labs Research
The attached code is the code I used to win the backdoor hiding (http://backdoorhiding.com) contest @ DEFCON (http://defcon.org). It is a library class written in C++/CLI that exposes a number of methods that allow for the loading/saving of data to a disk file.
See if you can find the backdoor, I’ll post the explanation and details on the flaw soon.
A new study says people who eat red meat have a far higher risk of premature death. The study reviewed more than 100,000 cases over 20 years, which really is just a tiny amount of data. Nonetheless, here’s the news from the LA Times:
…adding an extra daily serving of processed red meat, such as a hot dog or two slices of bacon, was linked to a 20% higher risk of death during the study.
You might be thinking the researchers are nuts, and you might be right.
Eating a serving of nuts instead of beef or pork was associated with a 19% lower risk of dying during the study.
Not much is said in the article about researcher bias or data integrity issues. This is their best effort at a disclaimer:
…there can be a lot of error in the way diet information is recorded in food frequency questionnaires, which ask subjects to remember past meals in sometimes grueling detail.
But Pan said the bottom line was that there was no amount of red meat that’s good for you.
With that out of the way the reporter then highlights the cost savings from reducing risk.
…a plant-based diet could help cut annual healthcare costs from chronic diseases in the U.S., which exceed $1 trillion. Shrinking the livestock industry could also reduce greenhouse gas emissions and halt the destruction of forests to create pastures, [UC San Francisco researcher and vegetarian diet advocate Dr. Dean Ornish] wrote.
No word yet on whether eating less bacon could have a far greater impact on healthcare costs than patching Windows faster.
A former employee of Bill Gates says the Microsoft leader wanted all user interfaces always to be exactly the same, which led to an awkward exchange
At one particularly frustrating moment, I offered the following: “Bill, a shower, a toilet, and a water fountain all have mechanisms to control water flow, places where the water comes out, some sort of porcelain basin to hold the water, and a drain, but we don’t combine them into one thing to reduce their learning curve. We don’t merge them into one object because each of them are in use in fundamentally different ways at different times.”
Then the pause.
Then Bill’s verdict. [There was an almost interminable pause in the conversation, as Bill thought about what I had said. And then he looked up at me after some processing and exclaimed: ‘That’s just rude.’]
Ouch.
As I saw my career disintegrate before me, I started to question just how “beautiful” my analogy really was.
So I guess now we know why today so many people sh*t on Windows.
But seriously, I am reminded of all the use-cases where we have similar but not the same interface. Motorcycles and cars, for example, are similar within the group but not the same as each other.
As much as a unified interface has some advantages, it certainly doesn’t lead to innovation/competition.
I’m not bothered that I have to ride a road bike differently than a mountain bike, or sail a catamaran differently than a mono-hull…this story also suggests it’s always a good idea to go to the bathroom before having an important meeting to ensure analogies do not go where the mind may already be.
A professor of gender studies at the LSE recently came to San Francisco and presented to a small group. She spoke of interesting global trends and studies being done by the school. None of them addressed the shift I have noticed in technology access by women and how it relates to security or risk.
I asked her if anyone was studying the security effect of China Mobile’s huge infusion of technology (as I wrote about before) to women in Pakistan, for example, or what the effect of social networks and innovative payment systems has had on women-run businesses in Africa. Does the American “hacker” stereotype get radically redrawn as the diversity of online users shifts?
Her blank stare was all I need to know the answer. We then discussed how flyingpenguin could fund graduate students to do some research under our direction and hopefully document and parse some of the fascinating new data for threat analysis.
In the meantime, I continue to watch announcements from various governments about facilitating technology access specifically for women in new and very large markets. Will there be an explicit security effort? Here is an example from the US:
The U.S. Department of State’s Bureau of Educational and Cultural Affairs announced today that TechWomen – an international exchange that uses technology as a means to empower women and girls worldwide – will expand to sub-Saharan Africa beginning in 2013. TechWomen will bring women working in the technology sector from Cameroon, Kenya, Nigeria, Rwanda, Sierra Leone, South Africa, and Zimbabwe to the United States for a four to six week mentoring program with their American counterparts in the United States. The U.S. Department of State is currently accepting proposals to administer TechWomen in 2013. Please visit www.grants.gov for more information.
If you are interested in working with flyingpenguin on a grant proposal, or related analysis of gender and security, please contact me.