ePuzzler

I heard about this on NPR. "When the Berlin Wall came down in 1989, East Germany's secret police, the Stasi, frantically tore up millions of files gathered during decades of spying on its own citizens." The Stasi shredded millions of documents. Much of them were shredded using s pecial shredding machines that were able to shred hundreds of meters of files. They shredded so much stuff, the shredders burnt out and the remaining papers had to be ripped by hand. When the stasi finally abandoned their posts and their headquarters were taken over by angry protesters, they left behind 16,000 of those sacks, containing hundreds of millions of pieces of paper. It was estimated it would take decades if not a millennia to put the pieces back together.
This is where computers and algorithms come in. A piece of software was developed with help from the Fraunhofer Society, that uses pattern recognition computer technology to reassemble the pieces together. It's essentially a reverse shredder and they call it the e-Puzzler. You scan torn-up documents into it. It matches up the pieces using color, paper texture, fonts, tear lines and other details. The E-Puzzler machine can process 10,000 two-sided sheets an hour.

Jan Schneider from the Fraunhofer Institute describes the steps as follows:"First we have to digitise all the pieces from the bags. This is done by a special high-speed scanning device.
"The next step is to segment the image itself from the raw scan - we need the outline of the pieces, pixel-wise, to perform the reconstruction process after that.
"Then all digitised pieces of paper are stored in the database. After that we reconstruct a lot of the descriptive features of the pieces."

References:
Stasi files emerge through software
BBC News, Tuesday June 3, 2008
http://news.bbc.co.uk/2/hi/technology/7396272.stm
Piecing Together 'The World's Largest Jigsaw Puzzle'
by Phillip Reeves, NPR News, Monday October 8, 2012
http://www.npr.org/2012/10/08/162369606/piecing-together-the-worlds-largest-jigsaw-puzzle
The machine that is putting together the Stasi's 600m-piece spy jigsaw
Kate Connolly, the Guardian, Wednesday May 9, 2007
http://www.guardian.co.uk/world/2007/may/10/germany.kateconnolly1

Java 7u7 is now available for download!!!!

Java 7u7 update is now available for download!!!

If you have ANY version of Java 7, UPDATE IT NOW!!!

There's a major security hole in the previous versions of Java 7! See my previous post for the details!

New Vulnerability in Java 7!

Hackers have been able to exploit a new vulnerability to Java 7 update 6 to infect computers with malware. This exploit has been found to work in all Java 1.7.x run-time environments. The process is as follows:
1. A redirector is placed in the HTML.
2. At the redirected site, a malicious applet then installs a dropper (Dropper.MsPMs) without any notifications.

This exploit works on both Windows and Mac machines. Secunia rated the vulnerability as extremely critical because it allows the execution of arbitrary code on vulnerable systems without user interaction.

At the Black Hat security conference in July, security researchers warned that Java vulnerabilities are increasingly targetted by attackers. This is because of the widespread use of Java over various platforms and hackers can create exploits without having to worry about various security mechanism.

The largest issue with Java vulnerabilities is not the vulnerabilities themselves. The first issue is people may not install the patch. The second more unsettling situation is that Oracle is one of the most unresponsive vendors at the moment. They avoid communicating openly about security issues or confirming their existence, even to security researchers who report the vulnerabilities to them. Finally, Oracle is slow to respond with patches to prevent the vulnerability, which exposes people to the found vulnerability for longer periods of time.

Google Chrome automatically disables outdated plug-ins that are known to be vulnerable. Chrome also features a "Click to play" feature that requires the user to click on a plug-in embedded on a website in order to run it. This prevents automatic execution of enbedded plug-ins and security experts recommend enabling this. Mozilla has a plug-in blacklist for Firefox and actually used it to block vulnerable Java plug-ins in April in response to widespread attacks targeting a vulnerability in older versions.

Anti-virus programs will only stop this attack if it's recognized and a tool such as MalwareBytes will just prevent you from visiting explouted sites. That won't help if someone puts this exploit on web sites that everyone visits.

The best way to avoid this is to step back to Java 6 unless you really need Java 7. Java 6 is still being maintained. Java 6 update 34 was released August 14th.

New eBooks Online

I added two new pdf eBooks for developers:

Ant In Brief
This is a quickstart book on how to write ant scripts.

Ant Installer In Brief
This is a quickstart book on how to write an installer using the antinstaller. The antinstaller is an extension to ant. It's pretty slick.

You can find them at:

http://www.kengpl.com/ebooks/

Black Hat: Hotel Locks

This year at the Black Hat convention, Mozilla software developer Cody Brocious demonstrated a homebrewed device made for $50 that unlocks hotel rooms. The schematics for the device are open source and available on the Web. The company's locks are found on between four and five million hotel room doors worldwide. Brocious' device plugs into the DC port that is found on the bottom of the outside portion of the lock.

"[It] looks like a standard DC power port you'd see on something like a router," Brocious says. The hack simulates a device used by hotel room operators to program locks to accept certain master keys. The hacking device reads the lock's memory, obtains the cryptographic key information, and then sends that information to the door lock, allowing the hacker to gain entry to the room.

Brocious explains that the key information is easily accessible and not protected, thus allowing his device to obtain it so easily.

Testing a standard Onity lock Brocious ordered online, he was able to easily bypass the card reader and trigger the opening mechanism every time. But on three Onity locks installed on real hotel doors he and Andy Greenberg (from Forbes Magazine) tested, only one of the three opened. The third door took a second try, with Brocious taking a break to tweak his software between tests. But he believes that with more experimentation and tweaking, someone could easily access a significant fraction of hotel rooms around the country without leaving a trace.

Password breaches

You would THINK that people in charge of large companies would do the following:

1) Prevent SQL injection. This is an old and easy method used by hackers to bypass a login screen and log in as admin. This attack has been known for YEARS.

2) SALT their passwords. Salt is a way to encrypt passwords so that if two people have the same password, they look different when encrypted.

3) Encrypt their passwords. This is password 101. I mean, we've been doing this since UNIX has been out.

… or so I thought …

Gamigo was hacked four months ago when over eight million (8,000,000) user names, email addresses, and passwords were lost. This particular account breach has been dubbed the largest so far for 2012.

Twitter was hacked about a month ago. And apparently Twitter didn't salt their password. So all a newbie hacker had to do is sort the encrypted passwords and whichever ones showed up the most, work on those.

And then there's Yahoo (more specifically Yahoo Voices). The hackers bypassed security using SQL injection and the passwords weren't even encrypted. SERIOUSLY????

Hopefully the other website owners will take this as a wake up call.

So, some of you may be wondering what's SQL Injection and what is salt?

Let's start with salt. There are a handful of ways to encrypt data. So, lets say I have a database system and I store user logins and passwords for my website. Bob uses "sunny" as a password and for arguments sake, let's say it encrypts to a3Gh4281=+. Sue also uses the same password and it encrypts to the same value. That's an issue because now you can crack Bob's password and know that Sue's password is the same.

So, on to salting a password. Salt is a random set of bits creating a one-way input to the password encryption function. The other input is the password itself. This "salted" is saved to the database. On subsequent logins, the salt is retrieved and the password and salt goes through the encryption algorithm again. Then the "salted" password that was generated is compared to the "salted" password in the database. If they match, the user can log in. Since every user has a unique salt, Bob's and Sue's will look different in the database.

So, on to SQL injection. When you want to log into a website (i.e.: Yahoo Mail), you normally type your username and your password. The system uses that information and generates a database fetch command (select * from userTable where user = x). To avoid SQL injection, smart DBAs use stored procedures. In other words, the procedure is stored into the database and the program passes in the variables (username and password). DBAs that have had no experience with security might just have the command created on the fly and run on the database.

So, how can someone do a SQL injection? Instead of entering a username, the hacker will do the following:

username: whatever; select * from userTable where user='admin';//

What this does is returns the admin data from the database (everything after the double slash is ignored). So the "on the fly" command now looks like this:

select * from whatever; select * from userTable where user='admin'; // where user = x

And now the hacker has the record for the admin and logs in as the admin. From there, they can do whatever an admin can do. Again, this is one of the oldest ways to hack a website and most web admins should be aware of this and come up with a solution to protect their database from SQL injections. Most web admins, except the ones over at Yahoo…