Nordschleife

Posted via email from ramblings of a comsci student

Wall Street – Money Never Sleeps, the sequel to the 1987 film “Wall
Street” will be available from 23 April. I enjoyed watching the
original film, when computers were just begging to be used in the
financial services industry. After over two decades, and in a
fundamentally different Wall St., I’m looking forward to watching the
new film.

Posted via email from ramblings of a comsci student

Posted via email from ramblings of a comsci student

????????????????
?????????????
???????????

????????????????
?????????????
???????????

Posted via email from ramblings of a comsci student

Just added my hermes email account to my Gmail in order to totally abandon Outlook. I’ve been resisting checking email every 15 minutes with some success. Ideally, I’d check and deal with my emails once a day, but in practice, I check email every two hours recently. Since I used Outlook mainly due to the Getting Things Done plugin, I am also looking for a task listing program.

RSS feed is checked and read once a day, things are fine at this moment. I’m aiming to reduce my time spent on social networking and news sites to about half an hour a day. There has not been much success there.

Ideally I should spend more time on my work. I hope that will happen soon.

Posted via web from ramblings of a comsci student

I recreated the Gosper Gun for my tick 3 star submission. I understand the reason that Java is used in so many places for teaching in computer science – drawing images is so easy. In fact, there are so many classes to accomplish so many functions that I'm beginning to be naturally inclined to not solve problems, but seek ready solutions.

Posted via email from ramblings of a comsci student

Not like the brazen giant of Greek fame,
With conquering limbs astride from land to land;
Here at our sea-washed, sunset gates shall stand
A mighty woman with a torch, whose flame
Is the imprisoned lightning, and her name
Mother of Exiles. From her beacon-hand
Glows world-wide welcome; her mild eyes command
The air-bridged harbor that twin cities frame.
“Keep, ancient lands, your storied pomp!” cries she
With silent lips. “Give me your tired, your poor,
Your huddled masses yearning to breathe free,
The wretched refuse of your teeming shore.
Send these, the homeless, tempest-tossed to me,
I lift my lamp beside the golden door!”

?Emma Lazarus, 1883

Posted via email from ramblings of a comsci student

View Larger Map

Posted via email from ramblings of a comsci student

Disconnection from the Internet is often a result of faulty DNS servers. A DNS server is like a map that translates the name of place that you want to visit into its physical location. For example, you tell the map that you want to go to Cambridge University Library, the map should tell you the location 52°12?18.6?N 0°6?29?E? so that you know how to get there. That’s not exactly how we use maps, but you get the idea.

There have been a few disruptions of the Internet in the college since I came, all of those are results of DNS server failure. The problem could be easily solved.

For Windows:
(Windows Vista/7) From control panel, double-click “Network and sharing centre”, click “Change adapter settings”, right click on the icon of your network (it’s Local Area Connection for me), then click “Properties”.

(Windows XP) From control panel, double click “Networking”, right click on the icon of your network, then click “Properties”.

Select “Internet Protocol Version 4 (TCP/IPv4)”, click “Properties”, click “Use the following DNS server addresses:”, and enter the DNS server.

To use Google’s DNS servers, enter
8.8.88 4.4.4.4

To use OpenDNS, enter
208.67.222.222 208.67.220.220

For Linux:
Start terminal, enter
sudo emacs /etc/resolv.conf
Add
nameserver 8.8.8.8 nameserver 8.8.4.4
Close and save file, then
nslookup google.com
It should work.

It’s also easy to change from graphical user interface, details would depend on distribution.

For Mac, the change can be done in Applications->Utilities->Network, with the same procedure. Click “Configure” with the connection selected. In “Domain Name Servers (optional)”, enter 8.8.8.8 8.8.4.4
Then save.

Posted via email from ramblings of a comsci student

(A reproduction of a blog post from Peteris Krumins http://www.catonmat.net/blog/how-to-steal-a-botnet-video-lecture-review/ )

A group of researchers at UCSB recently managed to take control over a part of Torpig botnet for 10 days. During this time, they observed 180 thousand infections and recorded almost 70GB of data that bots collected. This data included submitted form information from all the websites the infected person had visited, smtp, ftp, pop3, windows, passwords, credit card numbers and passwords from various password managers.

Here are the most interesting facts from the lecture:

Torpig uses a technique called “domain fluxing” to avoid being shut down by simply blocking the IP or the domain name of control center servers. The idea is simple – depending on date and time the algorithm generates a domain name to connect to. If the domain gets shut down, the bots will simply use a different domain after some time.

The researchers were able to take control over a part of the botnet by cracking the domain name generating algorithm and registering some of the domain names to be used for communication in the future.

The bad guys noticed that a part of botnet has been taken over and issued a software update to all bots to use a new domain flux algorithm, which used Twitter’s popular topics for the day to generate domain names. It was no longer possible to predict the domain that would be used tomorrow.

When communicating with command & control server, the bots included a unique id field that was generated from machine’s hardware. This allowed researchers to estimate the real number of unique computers infected. Researchers saw 1.2 million unique IP addresses but only 180k unique machines.

The bots would steal financial data from 410 financial institutions (top 5: PayPal, Poste Italiane, Capital One, E*Trade, Chase), it would log keystrokes to steal credit card information (top 5 cards: Visa, Mastercard, American Express, Maestro, Discover), it would also steal all passwords from browser’s password manager.

In a 2008 study Symantec estimated that credit card information is valued at $.10 to $25 per card in the underground market. The bank account information is valued at $10.00 to $1,000 per account. Using this study, researchers estimated that during 10 day period the amount of financial data bots collected were worth $83k to $8.3 million.

Using various estimations researchers calculated that if the bots are used for denial of service the total bandwidth would be 17Gbps.

Researchers observed that there was a fraction of people who’d fill out the phishing page and then immediately email the company’s security group telling that they may have been victims of identity theft.

Since Torpig was sending all the HTTP POST data and emails to command & control servers, researchers did statistics on emails and found out that 14% of all captured emails were about jobs and resumes, 10% discussed computer security/malware, 7% discussed money, 6% were sports fans, 5% were worried about exams and their grades, 4% were seeking partners online.

Researchers collected 300,000 unique credentials on 370,000 websites. 28% of people reused their password on multiple domains. There were 173,686 unique passwords.

Researchers converted the passwords in Unix format and tried to crack them with John the Ripper. 56,000 were cracked in less than 65 minutes using brute-force. Using a wordlist 14,000 passwords were cracked in the next 10 minutes. And another 30,000 passwords were cracked in the next 24 hours. That’s 58% of all passwords cracked in 24 hours.

Here’s a 75 minutes video presentation by Richard Kemmerer:

• [02:00] Botnet terminology – bot, botnet, command & control server, control channel, botmaster.
• [03:00] Introduction to the Torpig trojan and Mebroot malware platform.
• [05:00] How Torpig works.
• [11:30] Torpig HTML injection.
• [15:00] Domain fluxing.
• [19:15] Taking over Torpig’s c&c server.
• [24:10] Data collection principles.
• [26:00] C&c server protocol.
• [31:10] Botnet’s size estimation.
• [37:00] Botnet’s threats: theft of financial information, denial of service, proxy servers, privacy thefts.
• [37:30] Threat: Theft of financial information.
• [42:00] Threat: Denial of service.
• [43:30] Threat: Proxy servers.
• [44:20] Threat: Privacy theft.
• [47:00] Password analysis.
• [50:40] Criminal retribution.
• [53:00] Law enforcement.
• [58:00] Repatriating the data.
• [01:00:00] Ethics.
• [01:02:00] Conclusions.
• [01:06:00] Questions and answers.

For more information see the publication “Your Botnet is My Botnet: Analaysis of a Botnet Takeover.”

Posted via email from ramblings of a comsci student