thebaldgeek

I am doing a series of blogs over at Opto 22 on network security, passwords and Wifi.
In a very timely manner this popped up in my RSS feed a few days back.

http://arstechnica.com/security/2015/06/how-best-buys-computer-wiping-error-turned-me-into-an-amateur-blackhat/

It’s a story of how this guy brought what was supposed to be an ‘as new’ returned laptop…..

So it surprised me when I booted up and saw someone else’s name and Hotmail address at the login prompt. So much for like-new!

As I stared at the full name and e-mail address of the previous owner—let’s call him David—I wondered. Could I get into this computer another way? It was mine after all. And how much more could I learn about him? How bad of a mistake had the store made?

The guy then talks about how he boots into Linux via a USB flash drive, gets the guys hashed password, downloads some open source software and reverses the hash, ends up with the clear text password and logs into his computer, but with the identity of the previous owner.
It took him all of about 20 minutes of a few web searches and 1 bit of software (if you don’t count the Linux USB stick he already had).

The illusion of security. It was a Windows 8 laptop, you would think it would take a bit more than that to break into the latest operating system….

However, this is not the point of my blog…… Its this;

I packed everything back into the box to return it to the store. The least I could do was to tell Best Buy about their mistake so it hopefully wouldn’t happen again.

As I packed up the paperwork, my eyes were drawn to the slip of paper with the ID of the person who inspected the machine. I wanted to make special note of who it was so I could report it to the manager.

[As he was packing it up, he found the original receipt, on the back of that was written the password he had just cracked] It was in the box the entire time. Not only did they sell me a computer with someone else’s data still on it, they gave me the password as well. No hacking required.

I may not be the world’s worst blackhat-wannabe, but discovering this didn’t help my ego much.

My embarrassment quickly became anger. Mistakes happen, but this was too much. The password is clearly printed on Best Buy receipt paper, so it had to be written in the store. Why would they need David’s password to reset the computer? I could understand if they were working on the machine to return it to him, but they were doing a factory reset. And how did that password and machine get taped up and put back on the floor for resale?

Humans. Humans are almost always the weak link. We write software that is too easily compromised, or has a back door, we are tricked into giving out our passwords.

So yeah, we are humans, we have the illusion of security and we are the weak link.

Had to laugh…. I don’t use the Instagram PC website. I do everything through my phone, but my Dad is a big user of it. It’s the main way he looks at my posts on that platform.

Talking with him on the phone the other night and he asks ‘What did you do to Instagram?’
Of course I’m all like…’Huh?’.

Next day, this pops up in my RSS feed:
http://www.engadget.com/2015/06/09/instagram-web-redesign

It may be a tad late for spring cleaning, but Instagram redesigned profile pages on the web to cut down on the clutter. Desktop profiles, for example, nix the rotating image header up top and display larger images in rows of three instead of five. The changes get rid of the added boarders, button styles and more that the mobile app’s redesign already updated in favor of a cleaner, flatter look. Not seeing the new design yet? Don’t worry, it’s rolling out now and you should be seeing it by the end of the week.

So why the chuckle?
Dad said he liked the old look better…….

Really great think piece on AI and what it is to be human.

http://radar.oreilly.com/2015/06/artificial-intelligence.html

What do we mean by “artificial intelligence”? We like to point to the Turing test; but the Turing test includes an all-important Easter Egg: when someone asks Turing’s hypothetical computer to do some arithmetic, the answer it returns is incorrect. An AI might be a cold calculating engine, but if it’s going to imitate human intelligence, it has to make mistakes. Not only can it make mistakes, it can (indeed, must be) be deceptive, misleading, evasive, and arrogant if the situation calls for it.

That’s a problem in itself. Turing’s test doesn’t really get us anywhere. It holds up a mirror: if a machine looks like us (including mistakes and misdirections), we can call it artificially intelligent. That begs the question of what “intelligence” is. We still don’t really know. Is it the ability to perform well on Jeopardy? Is it the ability to win chess matches? These accomplishments help us to define what intelligence isn’t: it’s certainly not the ability to win at chess or Jeopardy, or even to recognize faces or make recommendations. But they don’t help us to determine what intelligence actually is. And if we don’t know what constitutes human intelligence, why are we even talking about artificial intelligence?

A chunk of text, but pretty much sums it up.

Bottom line, AI is going to take some time to really develop. I suspect that it may not be a black and white case of ‘There it is’. It could well be a case of each time we have some software come close, we simply raise the bar.
I can’t put my finger on it just now, but I recall someone saying the Turing test is about the level of a 4 year old child. Sure, 4 year olds are smart, but really, if that’s the standard for saying AI is here, I’m not sure a bunch of geeks are going to rest there.

Added to the search for AI is the task of simply getting a computer to be a little more flexible in its rule set.
Rather than a simple ‘if the room is empty, turn off the light’, we need something like ‘if someone leaves the room, but another person is walking to the room, leave the light on’. (Weak example, but you (hopefully) get my point).
In other words, most computer code reacts, not predicts.
Even this sort of AI is out of my grasp at the moment.

Oh, how cool is this!

http://www.electronicproducts.com/Lighting/Research/Bug_zapper_tracks_and_kills_bugs_using_infrared_and_laser_beams.aspx

It tracks the bugs and then zaps them with a laser beam! For real!

They talk about using it to keep mozzies out of an area, but there are two problems (at the moment), firstly, its range is only 25 to 100 meters, so you will need a whole bunch of them to cover any sort of real area (but perfect for my back patio).
Secondly, they use just a little too much power to go full solar – but they almost have a solution for that, higher power shorter burst of laser.

Anyway, I just thought it super cool. Loads of people have talked about such a device, me included, it’s great to see it come to life.

Now, if we just had bugs in Southern California……