zero day

34 results back to index


pages: 492 words: 153,565

Countdown to Zero Day: Stuxnet and the Launch of the World's First Digital Weapon by Kim Zetter

Amazon: amazon.comamazon.co.ukamazon.deamazon.fr

Ayatollah Khomeini, Brian Krebs, crowdsourcing, data acquisition, Doomsday Clock, Edward Snowden, facts on the ground, Firefox, friendly fire, Google Earth, information retrieval, Julian Assange, Loma Prieta earthquake, Maui Hawaii, pre–internet, RAND corporation, Silicon Valley, skunkworks, smart grid, smart meter, South China Sea, Stuxnet, uranium enrichment, Vladimir Vetrov: Farewell Dossier, WikiLeaks, Y2K, zero day

He handed his findings off to Chien, who continued working on the code until evening. They worked on it some more on Sunday and by the end of the weekend, they’d uncovered an astonishing three zero-day exploits. These, plus the .LNK exploit already discovered, made four zero-day exploits in a single attack.1 This was crazy, they thought. One zero day was bad enough. Two was overkill. But four? Who did that? And why? You were just burning through valuable zero days at that point. A top-notch zero-day bug and exploit could sell for $50,000 or more on the criminal black market, even twice that amount on the closed-door gray market that sold zero-day exploits to government cyber armies and spies. Either the attackers had an unlimited supply of zero days at their disposal and didn’t care if they lost a handful or more, or they were really desperate and had a really good reason to topload their malware with spreading power to make certain it reached its target.

“I’m just an actor. I want to talk about the movie,” he says. But when it comes to the company, he’s equally close-mouthed—he won’t say how many employees he has, just that the company is small, or reveal their last names. VUPEN’s researchers devote all their time to finding zero-day vulnerabilities and developing exploits—both for already-known vulnerabilities as well as for zero days. Bekrar won’t say how many exploits they’ve sold since they began this part of their business, but says they discover hundreds of zero days a year. “We have zero days for everything,” he says. “We have almost everything for every operating system, for every browser, for every application if you want.” How much of Bekrar’s boasting is true and how much is strategic marketing is unclear, but whatever the case, his tactics seem to be working.

The conference is sponsored by the Department of Homeland Security. 39 Author interview, November 2011. 40 Joseph Menn, “Special Report: US Cyberwar Strategy Stokes Fear of Blowback,” Reuters, May 10, 2013, available at reuters.com/article/2013/05/10/us-usa-cyberweapons-specialreport-idUSBRE9490EL20130510. 41 See chapter 6 for previous mention of how these two vulnerabilities had already been discovered by others before Stuxnet’s authors used them in their attack. 42 Summer Lemon, “Average Zero-Day Bug Has 348-Day Lifespan, Exec Says,” IDG News Service, July 9, 2007, available at computerworld.com/s/article/9026598/Average_zero_day_bug_has_348_day_lifespan_exec_says. 43 Robert Lemos, “Zero-Day Attacks Long-Lived, Presage Mass Exploitation,” Dark Reading, October 18, 2012, available at darkreading.com/vulnerabilities—threats/zero-day-attacks-long-lived-presage-mass-exploitation/d/d-id/1138557. The research was conducted by Symantec. 44 Pennington, Industrial Control Systems–Joint Working Group Conference, 2011. 45 Michael Riley, “U.S. Agencies Said to Swap Data with Thousands of Firms,” Bloomberg, June 14, 2013, available at bloomberg.com/news/2013-06-14/u-s-agencies-said-to-swap-data-with-thousands-of-firms.html. 46 Tom Gjelten, “Stuxnet Raises ‘Blowback’ Risk in Cyberwar,” Morning Edition, NPR, November 2, 2011, available at npr.org/2011/11/02/141908180/stuxnet-raises-blowback-risk-in-cyberwar. 47 Author interview, 2012.


pages: 340 words: 96,149

@War: The Rise of the Military-Internet Complex by Shane Harris

Amazon: amazon.comamazon.co.ukamazon.deamazon.fr

Amazon Web Services, barriers to entry, Berlin Wall, Brian Krebs, centralized clearinghouse, clean water, computer age, crowdsourcing, data acquisition, don't be evil, Edward Snowden, failed state, Firefox, Julian Assange, mutually assured destruction, Silicon Valley, Silicon Valley startup, Skype, Stuxnet, uranium enrichment, WikiLeaks, zero day

For the past two decades, NSA analysts have been scouring the world’s software, hardware, and networking equipment looking for vulnerabilities for which it can craft computer attack methods known as zero day exploits, so called because they take advantage of previously unknown flaws for which no defense has been built. (The target has had “zero days” to prepare for the attack.) A zero day is the most effective cyber weapon. It provides the element of surprise, which is the ultimate advantage in battle. The zero day exploit is bespoke, tailor-made to use against a specific vulnerability. And because that defenseless point in a system is likely to be patched as soon as the target realizes he’s been hit with a zero day, it may be used only once. Zero day attacks are especially hard to design because unknown vulnerabilities are hard to find. But the NSA has been stockpiling them for years.

If the NSA is hoarding those vulnerabilities, rather than telling the makers of technology products that they have found flaws in their hardware and software, then the agency is arguably covering up valuable information that could be used to defend against malicious hackers. To be sure, the NSA does use knowledge of zero day exploits to plug holes in technology that it’s using or that might be deployed within the military or intelligence community. But it doesn’t warn the wider world—that would render the zero day exploit less effective, possibly even useless. One of the agency’s eventual targets in China or Iran might be tipped off if the NSA alerted technology companies to flaws in their technology. But in the shadowy zero day market, there are no guarantees that the NSA is always buying exclusive knowledge about zero days. One controversial vendor, the French company Vupen, sells the same zero day vulnerability information and exploits to attack them to multiple clients, including government agencies in different countries.

The only organizations with the means and the motive to buy such a weapon are organized criminal groups and governments. Serious buyers of zero days, such as the NSA, don’t procure them in one-off fashion. They make stockpiles to use in future attacks. The NSA has stored more than two thousand zero day exploits for potential use against Chinese systems alone, according to a former high-ranking government official who was told about the cache in a classified meeting with NSA officials. That is an astonishingly large number of exploits. The Stuxnet computer worm, which the United States built in conjunction with Israel to disable the Iranian nuclear facility, contained four zero day exploits, which is itself a lot for one attack. A collection of two thousand zero day exploits is the cyber equivalent of a nuclear arsenal. It also puts people around the world at risk.


pages: 598 words: 134,339

Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World by Bruce Schneier

Amazon: amazon.comamazon.co.ukamazon.deamazon.fr

23andMe, Airbnb, airport security, AltaVista, Anne Wojcicki, augmented reality, Benjamin Mako Hill, Black Swan, Brewster Kahle, Brian Krebs, call centre, Cass Sunstein, Chelsea Manning, citizen journalism, cloud computing, congestion charging, disintermediation, Edward Snowden, experimental subject, failed state, fault tolerance, Ferguson, Missouri, Filter Bubble, Firefox, friendly fire, Google Chrome, Google Glasses, hindsight bias, informal economy, Internet Archive, Internet of things, Jacob Appelbaum, Jaron Lanier, Julian Assange, Kevin Kelly, license plate recognition, linked data, Lyft, Mark Zuckerberg, Nash equilibrium, Nate Silver, national security letter, Network effects, Occupy movement, payday loans, pre–internet, price discrimination, profit motive, race to the bottom, RAND corporation, recommendation engine, RFID, self-driving car, Silicon Valley, Skype, smart cities, smart grid, Snapchat, social graph, software as a service, South China Sea, stealth mode startup, Steven Levy, Stuxnet, TaskRabbit, telemarketer, Tim Cook: Apple, transaction costs, Uber and Lyft, urban planning, WikiLeaks, zero day

Office of the Secretary of Defense (4 Feb 2014), “Military and security developments involving the Democratic People’s Republic of North Korea 2013,” http://www.defense.gov/pubs/North_Korea_Military_Power_Report_2013-2014.pdf. discoverers can sell to criminals: Dancho Danchev (2 Nov 2008), “Black market for zero day vulnerabilities still thriving,” ZDNet, http://www.zdnet.com/blog/security/black-market-for-zero-day-vulnerabilities-still-thriving/2108. Undiscovered zero-day vulnerabilities: Here is the most important research into that question. Eric Rescorla (7 Feb 2005), “Is finding security holes a good idea?” RTFM, Inc., http://www.rtfm.com/bugrate.pdf. Sandy Clark et al. (6–10 Dec 2010), “Familiarity breeds contempt: The honeymoon effect and the role of legacy code in zero-day vulnerabilities,” 26th Annual Computer Security Applications Conference, Austin, Texas, http://dl.acm.org/citation.cfm?id=1920299. Andy Ozment and Stuart E. Schechter (11 May 2006), “Milk or wine: Does software security improve with age?”

Serge Egelman, Cormac Herley, and Paul C. van Oorschot (9-12 Sep 2013), “Markets for zero-day exploits: Ethics and implications,” New Security Paradigms Workshop, Banff, Alberta, Canada, http://www.nspw.org/papers/2013/nspw2013-egelman.pdf. a robust market in zero-days: Stefan Frei (5 Dec 2013), “The known unknowns: Empirical analysis of publicly-unknown security vulnerabilities,” NSS Labs, https://www.nsslabs.com/system/files/public-report/files/The%20Known%20Unknowns_1.pdf. both governments and: Andy Greenberg (21 Mar 2012), “Meet the hackers who sell spies the tools to crack your PC (and get paid six-figure fees),” Forbes, http://www.forbes.com/sites/andygreenberg/2012/03/21/meet-the-hackers-who-sell-spies-the-tools-to-crack-your-pc-and-get-paid-six-figure-fees. Both Russia and North Korea are big spenders when it comes to zero-days. Nicole Perlroth and David E.

Danielle Kehl et al. (29 Jul 2014), “Surveillance costs: The NSA’s impact on the economy, Internet freedom and cyberspace,” Open Technology Institute, New America Foundation, http://www.newamerica.net/publications/policy/surveillance_costs_the_nsas_impact_on_the_economy_internet_freedom_cybersecurity. the White House tried to clarify: Michael Daniel (28 Apr 2014), “Heartbleed: Understanding when we disclose cyber vulnerabilities,” White House Blog, http://www.whitehouse.gov/blog/2014/04/28/heartbleed-understanding-when-we-disclose-cyber-vulnerabilities. Stuxnet, used four zero-days: Ryan Naraine (14 Sep 2010), “Stuxnet attackers used 4 Windows zero-day exploits,” ZDNet, http://www.zdnet.com/blog/security/stuxnet-attackers-used-4-windows-zero-day-exploits/7347. agency jargon NOBUS: Andrea Peterson (4 Oct 2013), “Why everyone is left less secure when the NSA doesn’t help fix security flaws,” Washington Post, http://www.washingtonpost.com/blogs/the-switch/wp/2013/10/04/why-everyone-is-left-less-secure-when-the-nsa-doesnt-help-fix-security-flaws. it discloses and closes: David E.


pages: 587 words: 117,894

Cybersecurity: What Everyone Needs to Know by P. W. Singer, Allan Friedman

Amazon: amazon.comamazon.co.ukamazon.deamazon.fr

4chan, A Declaration of the Independence of Cyberspace, Apple's 1984 Super Bowl advert, barriers to entry, Berlin Wall, bitcoin, blood diamonds, borderless world, Brian Krebs, business continuity plan, Chelsea Manning, cloud computing, crowdsourcing, cuban missile crisis, data acquisition, Edward Snowden, energy security, failed state, Fall of the Berlin Wall, fault tolerance, global supply chain, Google Earth, Internet of things, invention of the telegraph, Julian Assange, Khan Academy, M-Pesa, mutually assured destruction, Network effects, packet switching, Peace of Westphalia, pre–internet, profit motive, RAND corporation, ransomware, RFC: Request For Comment, risk tolerance, rolodex, Silicon Valley, Skype, smart grid, Steve Jobs, Stuxnet, uranium enrichment, We are Anonymous. We are Legion, web application, WikiLeaks, zero day

Chamber of Commerce Leads Defeat of Cyber-Security Bill,” Los Angeles Times, August 3, 2012, http://articles.latimes.com/2012/aug/03/nation/la-na-cyber-security-20120803. EXERCISE IS GOOD FOR YOU: HOW CAN WE BETTER PREPARE FOR CYBER INCIDENTS? malicious computer code Dan Goodin, “At Facebook, Zero-Day Exploits, Backdoor Code, Bring War Games Drill to Life,” Ars Technica, February 10, 2013, http://arstechnica.com/security/2013/02/at-facebook-zero-day-exploits-backdoor-code-bring-war-games-drill-to-life/. no major damage Sean Gallagher, “Facebook Computers Compromised by Zero-Day Java Exploit,” Ars Technica, February 15, 2013, http://arstechnica.com/security/2013/02/facebook-computers-compromised-by-zero-day-java-exploit/. tried to harm Facebook Dennis Fisher, “How Facebook Prepared to Be Hacked,” Threatpost, March 8, 2013, http://threatpost.com/en_us/blogs/how-facebook-prepared-be-hacked-030813.

Curious, Ralph began to dissect the code of “Stuxnet,” as it became known. The more he and his team explored it, the more interested they became. It was a wonderfully complex piece of malware like none the world had ever seen. It had at least four new “zero days” (previously unknown vulnerabilities), utilized digital signatures with the private keys of two certificates stolen from separate well-known companies, and worked on all Windows operating systems down to the decade-old Windows 95 edition. The number of new zero days particularly stood out. Hackers prize zero days and don’t like to reveal them when they don’t have to. To use four at once was unprecedented and almost illogical given that one new open door is enough. It was a pretty good sign that Stuxnet’s makers had enormous resources and wanted to be absolutely certain they would penetrate their target.

Exercise Is Good for You: How Can We Better Prepare for Cyber Incidents? Twice in six months sophisticated attackers were able to gain access to the production code that runs Facebook’s website, used by over a billion people around the world. The first time, a Facebook engineer’s computer was compromised by an unpatched, zero-day exploit. This enabled the attacker to “push” their own malicious computer code into the “live build” that runs the website. The second time, in early 2013, several engineers’ computers were compromised after visiting a website that launched a zero-day exploit on its victims. But this time, the attacker was unable to get inside sensitive systems, and could cause no major damage. The reason these two attacks caused such differing effects lies in their origin. The attackers in the first incident were actually part of a security training exercise in 2012, led by an independent “red team.”


pages: 677 words: 206,548

Future Crimes: Everything Is Connected, Everyone Is Vulnerable and What We Can Do About It by Marc Goodman

Amazon: amazon.comamazon.co.ukamazon.deamazon.fr

23andMe, 3D printing, additive manufacturing, Affordable Care Act / Obamacare, Airbnb, airport security, Albert Einstein, algorithmic trading, artificial general intelligence, augmented reality, autonomous vehicles, Baxter: Rethink Robotics, Bill Joy: nanobots, bitcoin, Black Swan, blockchain, borderless world, Brian Krebs, business process, butterfly effect, call centre, Chelsea Manning, cloud computing, cognitive dissonance, computer vision, connected car, corporate governance, crowdsourcing, cryptocurrency, data acquisition, data is the new oil, Dean Kamen, disintermediation, don't be evil, double helix, Downton Abbey, Edward Snowden, Elon Musk, Erik Brynjolfsson, Filter Bubble, Firefox, Flash crash, future of work, game design, Google Chrome, Google Earth, Google Glasses, Gordon Gekko, high net worth, High speed trading, hive mind, Howard Rheingold, hypertext link, illegal immigration, impulse control, industrial robot, Internet of things, Jaron Lanier, Jeff Bezos, job automation, John Harrison: Longitude, Jony Ive, Julian Assange, Kevin Kelly, Khan Academy, Kickstarter, knowledge worker, Kuwabatake Sanjuro: assassination market, Law of Accelerating Returns, Lean Startup, license plate recognition, litecoin, M-Pesa, Mark Zuckerberg, Marshall McLuhan, Menlo Park, mobile money, more computing power than Apollo, move fast and break things, Nate Silver, national security letter, natural language processing, obamacare, Occupy movement, Oculus Rift, offshore financial centre, optical character recognition, pattern recognition, personalized medicine, Peter H. Diamandis: Planetary Resources, Peter Thiel, pre–internet, RAND corporation, ransomware, Ray Kurzweil, refrigerator car, RFID, ride hailing / ride sharing, Rodney Brooks, Satoshi Nakamoto, Second Machine Age, security theater, self-driving car, shareholder value, Silicon Valley, Silicon Valley startup, Skype, smart cities, smart grid, smart meter, Snapchat, social graph, software as a service, speech recognition, stealth mode startup, Stephen Hawking, Steve Jobs, Steve Wozniak, strong AI, Stuxnet, supply-chain management, technological singularity, telepresence, telepresence robot, Tesla Model S, The Wisdom of Crowds, Tim Cook: Apple, trade route, uranium enrichment, Wall-E, Watson beat the top human players on Jeopardy!, Wave and Pay, We are Anonymous. We are Legion, web application, WikiLeaks, Y Combinator, zero day

One of the reasons it is proving difficult to counter the wide variety of technological threats in our lives today is that there has been a burgeoning increase in the number of so-called zero-day attacks. A zero-day exploit takes advantage of a previously unknown vulnerability in a computer application that developers and security staff have not had time to address. Rather than proactively looking for these vulnerabilities themselves, antivirus software companies generally only consider known data points. They’ll block a malicious bit of code if it’s just like the other malicious bits of code they have seen previously. It’s essentially like putting up a wanted poster for Bonnie and Clyde because we know they have robbed banks previously. Bank tellers would know to be on the lookout for the couple, but as long as no one fitting that description materialized, they might let their guard down—until a different bank robber struck, that is. These zero days are increasingly being generated for a wide variety of techno-products commonly used in our lives, affecting everything from Microsoft Windows to Linksys routers to Adobe’s ubiquitous PDF Reader and Flash Player.

MIKKO HYPPONEN In order for criminals, spies, militaries, and terrorists to carry out their offensive cyber attacks, they must first figure out how to exploit the information system they wish to target. As we saw with the Stuxnet attack against the Iranian nuclear enrichment site at Natanz, such operations can take years of planning and cost millions of dollars. Fortunately for those without the time and budget to devise their own cyber weapons, there is a vast shadowy black market where spies, soldiers, thieves, and hacktivists can shop for so-called zero-day exploits. As mentioned previously, these zero-day bugs have not yet been discovered by software and antivirus companies and thus handily defeat common security and firewall measures without sounding an alarm. In the old days, hackers used to hold on to these exploits for their personal use or attempt to sell them to software giants such as Microsoft, Yahoo!, and Google via company-established “bug bounty” programs. The rewards, however, were paltry—a mere $500 for uncovering major security holes.

A number of professional firms have emerged whose sole business model is the trafficking in computer malware exploits to governments. Companies such as Vupen in France, Netragard in Massachusetts, Endgame of Georgia, Exodus Intelligence in Texas, and ReVuln in Malta are all heavily involved in selling offensive exploits to customers around the world. While some zero-day trafficking firms vet their clients, others will sell to anybody, from Crime, Inc. to notorious dictators, no questions asked. The result, as pointed out by the noted security researcher Tom Kellermann, is that now anybody can download a cyber Kalashnikov or cyber grenade from a myriad of sites. Many zero-day exploits enable particularly stealthy and sophisticated attacks against specific targets, giving rise to what security researchers have termed the advanced persistent threat, or APT. APTs use extensive targeting research combined with a high degree of covertness to maintain command and control of a marked system for months or years at a time, and their use is growing.


pages: 326 words: 103,170

The Seventh Sense: Power, Fortune, and Survival in the Age of Networks by Joshua Cooper Ramo

Amazon: amazon.comamazon.co.ukamazon.deamazon.fr

Airbnb, Albert Einstein, algorithmic trading, barriers to entry, Berlin Wall, bitcoin, British Empire, cloud computing, crowdsourcing, Danny Hillis, defense in depth, Deng Xiaoping, Edward Snowden, Fall of the Berlin Wall, Firefox, Google Chrome, income inequality, Isaac Newton, Jeff Bezos, job automation, market bubble, Menlo Park, natural language processing, Network effects, Norbert Wiener, Oculus Rift, packet switching, Paul Graham, price stability, quantitative easing, RAND corporation, recommendation engine, Republic of Letters, Richard Feynman, Richard Feynman, road to serfdom, Sand Hill Road, secular stagnation, self-driving car, Silicon Valley, Skype, Snapchat, social web, sovereign wealth fund, Steve Jobs, Steve Wozniak, Stewart Brand, Stuxnet, superintelligent machines, technological singularity, The Coming Technological Singularity, The Wealth of Nations by Adam Smith, too big to fail, Vernor Vinge, zero day

Software and hardware manufacturers usually struggle to keep such exploits secret until they can deliver a fix, but this doesn’t always work. Secrets get out. And even once a patch is developed, it can take weeks or months before it’s widely installed. It’s not uncommon, therefore, that within hours of the announcement of a newly found zero day hole, attacks using that method explode around the net. Thousands of hackers try to take advantage of the vulnerability, to kick at the defensive walls of systems while they are down for repair or restart—or simply left vulnerable by slower-witted system administrators who don’t yet know that it is now open hunting season on a particular bit of code. Heartbleed, a zero day that permitted hackers to slip into your computer through holes in your Web browser, was disclosed to the world on April 7, 2014—more than two years after it had apparently been put in place because of a programming error.

Well, for Seaborn and Dullien, the drive was part of a “discover and publish” effort to keep the overall system clean. It is better to hack, discover, and patch than to be hacked and have the hack remain undiscovered. But the good guys are racing against equivalently sophisticated teams with indecent motives. The development and sale of zero-day bugs is, after all, a business. Modern versions of Cap’n Crunch whistles can crack open some of the most essential financial, political, and security data stores on the planet. As the value of hacking targets has increased, so has the price of the exploits. Public “zero-day markets” pay hundreds of thousands of dollars to researchers who discover holes in their systems. Better to find them ourselves, the thinking goes, though that does not always make the embarrassment less acute. At one of the most carefully watched public hacking competitions in early 2015, for instance, a skinny, smiling South Korean named Jung Hoon Lee took home $225,000 in prize money by pwning a series of some of the most important programs on the planet, including Apple’s Safari and Google’s Chrome Web browsers.

Mastery of the heart of a system means control over all the information it sees and how it makes decisions. Such a hack would be like having a foreign spy win the presidency, turning the whole U.S. government into a weird machine. That prize of immediate, high-level, and totally trusted access is the warez dude gold standard. The most dangerous—and therefore the most alluringly valuable—of these sorts of attacks are known as zero-day exploits. The danger they represent becomes apparent only at some awful instant, “day zero,” when they are revealed to have been running wild inside some hapless network or machine. That first moment of awareness of the bug is like day zero in a cancer diagnosis, and it begins an immediate race to find and deliver a cure. Such vulnerabilities represent fissures in the walls of computers that their manufacturers, system engineers, and security experts usually don’t realize are there.


pages: 282 words: 92,998

Cyber War: The Next Threat to National Security and What to Do About It by Richard A. Clarke, Robert Knake

Amazon: amazon.comamazon.co.ukamazon.deamazon.fr

barriers to entry, complexity theory, data acquisition, Just-in-time delivery, nuclear winter, packet switching, RAND corporation, Robert Hanssen: Double agent, Ronald Reagan, Silicon Valley, smart grid, South China Sea, Steve Jobs, trade route, Y2K, zero day

The black box inspectors would have to be connected to each other on a closed network, what is called “out-of-band communications” (not on the Internet), so that they could be updated quickly and reliably even if the Internet were experiencing difficulties. Imagine that a new piece of attack software enters into cyberspace, one that no one has ever seen before. This “Zero Day” malware begins to cause a problem by attacking some sites. The deep-packet inspection system would be tied into Internet security companies, research centers, and government agencies that are looking for Zero Day attacks. Within minutes of the malware being seen, its signature would be flashed out to the scanners, which would start blocking it and would contain the attack. A precursor to this kind of deep-packet inspection system is already being deployed. Verizon and AT&T can, at some locations, scan for signatures that they have identified, but they have been reluctant to “black hole” (or kill) malicious traffic because of the risk that they might be sued by customers whose service is interrupted.

While most phishing scams cast a wide net and try to catch a few peope who are gullible enough to fall for Nigerian scammer e-mails, spear-phishing specifically targets an individual, figures out who their acquaintances are on Facebook or Linked-in, and then tailors a message to look like it is from someone they would trust. If you were a senior research scientist at Google, you might have received an e-mail containing a link to a website that looked like it was from a colleague. The message might have said, “Hey, Chuck, I think this story will interest you…” and then provided a link to fairly innocuous site. When the target clicked on the link and visited the site, the hackers used a zero-day flaw in Internet Explorer, one that was not publicly known and had yet to be patched, to download the malware silently and in such a fashion that no antivirus software or other measures would detect it. The malware created a back door to the computer so the hackers could maintain their access and used the first compromised computer to work their way across the corporate network until they reached the servers containing the source code, the crown jewel of a software company.

Obviously, we have not had a full-scale cyber war yet, but we have a good idea what it would look like if we were on the receiving end. Imagine a day in the near future. You are the Assistant to the President for Homeland Security and you get a call from the White House Situation Room as you are packing up to leave the office for the day, at eight p.m. NSA has issued a “CRITIC” message, a rare alert that something important has just happened. The one-line message says only: “large scale movement of several different zero day malware programs moving on Internet in the US, affecting critical infrastructure.” The Situation Room’s Senior Duty Officer suggests that you come down and help him figure out what is going on. By the time you get to the Situation Room, the Director of the Defense Information Systems Agency is waiting on the secure phone for you. He has just briefed the Secretary of Defense, who suggested he call you.


pages: 457 words: 126,996

Hacker, Hoaxer, Whistleblower, Spy: The Story of Anonymous by Gabriella Coleman

Amazon: amazon.comamazon.co.ukamazon.deamazon.fr

1960s counterculture, 4chan, Amazon Web Services, Bay Area Rapid Transit, bitcoin, Chelsea Manning, citizen journalism, cloud computing, collective bargaining, corporate governance, crowdsourcing, David Graeber, Debian, East Village, Edward Snowden, feminist movement, hive mind, impulse control, Jacob Appelbaum, jimmy wales, Julian Assange, Mohammed Bouazizi, Network effects, Occupy movement, pirate software, Richard Stallman, SETI@home, side project, Silicon Valley, Skype, Steven Levy, WikiLeaks, zero day

Real hackers find exploits. People who just run LOIC are considered beneath the “hacker” moniker, mere “script kiddies,” or “skiddies” for short. gibnut announces that he has an “0day,” which is much more powerful. A “zero day” exploit, or “oh day” as people sometimes jokingly call it, is a previously unknown security vulnerability in a piece of software. It is called a zero-day because it is unknown by the public—or the software authors who could fix it—for zero days and counting. A zero day is gold; anyone who knows the zero day can exploit it over and over until it is patched. The most coveted zero days provide access to a computer or network, which is why they are sold for high profit in a thriving black market. Many, many governments participate in this ethically problematic market, including the US government, who, according to technology reporter Joseph Menn, “has become the biggest buyer in a burgeoning gray market where hackers and security firms sell tools for breaking into computers.”16 The US government largely purchases 0days from private firms that “spend at least tens of millions of dollars a year just on exploits,” which are so valuable for granting direct access to wherever the exploit exists.17 Which is to say, gibnuts’s news was received with excitement: gibnut: lets see fuck loic, we’ll hurt them a different way p-ground: oh yes please gibnut: I have 0day local root exploit against openwebmail and Tunisia’s NIC servers run it gibnut: https://risala.ati.tn/cgi-bin/openwebmail/openwebmail.pl gibnut: if we can get into that server we can root tunisias .tn tld nameservers and control its entire internet space p-ground: oshit gibnut: redirect it all to wikileaks ;) p-ground: shit just got real due to gibnut With this zero day, gibnut is suggesting that they can compromise the domain name registrar in Tunisia (the NIC) and control the entire Tunisian top-level domain (TLD) name space.

Many, many governments participate in this ethically problematic market, including the US government, who, according to technology reporter Joseph Menn, “has become the biggest buyer in a burgeoning gray market where hackers and security firms sell tools for breaking into computers.”16 The US government largely purchases 0days from private firms that “spend at least tens of millions of dollars a year just on exploits,” which are so valuable for granting direct access to wherever the exploit exists.17 Which is to say, gibnuts’s news was received with excitement: gibnut: lets see fuck loic, we’ll hurt them a different way p-ground: oh yes please gibnut: I have 0day local root exploit against openwebmail and Tunisia’s NIC servers run it gibnut: https://risala.ati.tn/cgi-bin/openwebmail/openwebmail.pl gibnut: if we can get into that server we can root tunisias .tn tld nameservers and control its entire internet space p-ground: oshit gibnut: redirect it all to wikileaks ;) p-ground: shit just got real due to gibnut With this zero day, gibnut is suggesting that they can compromise the domain name registrar in Tunisia (the NIC) and control the entire Tunisian top-level domain (TLD) name space. An example of a TLD is .com or .org. Each country has its own TLD; Tunisia’s is “.tn”. If the Anons can compromise this Tunisian registrar, they can redirect everyone who tries to navigate to a website that ends in .tn to any server they wish. gibnut suggests WikiLeaks.

The chat logs in particular go a long way towards confirming, as Cameron wrote, “longstanding accusations that federal investigators allowed an informant to repeatedly break computer-crime laws while in pursuit of Hammond and other Anonymous figures.”27 Allegations that Sabu aided and abetted illegal activity (recall that it was Sabu who brought the Stratfor vulnerability to Hammond in the first place) were not limited to the Stratfor hack. During Hammond’s sentencing hearing in November 2014, he read a statement that included another explosive accusation: After Stratfor, I continued to break into other targets, using a powerful “zero day exploit” allowing me administrator access to systems running the popular Plesk webhosting platform. Sabu asked me many times for access to this exploit, which I refused to give him. Without his own independent access, Sabu continued to supply me with lists of vulnerable targets. I broke into numerous websites he supplied, uploaded the stolen email accounts and databases onto Sabu’s FBI server, and handed over passwords and backdoors that enabled Sabu (and, by extension, his FBI handlers) to control these targets.


pages: 294 words: 81,292

Our Final Invention: Artificial Intelligence and the End of the Human Era by James Barrat

Amazon: amazon.comamazon.co.ukamazon.deamazon.fr

3D printing, AI winter, Amazon Web Services, artificial general intelligence, Automated Insights, Bernie Madoff, Bill Joy: nanobots, brain emulation, cellular automata, cloud computing, cognitive bias, computer vision, cuban missile crisis, Daniel Kahneman / Amos Tversky, Danny Hillis, data acquisition, don't be evil, Extropian, finite state, Flash crash, friendly AI, friendly fire, Google Glasses, Google X / Alphabet X, Isaac Newton, Jaron Lanier, John von Neumann, Kevin Kelly, Law of Accelerating Returns, life extension, Loebner Prize, lone genius, mutually assured destruction, natural language processing, Nicholas Carr, optical character recognition, PageRank, pattern recognition, Peter Thiel, prisoner's dilemma, Ray Kurzweil, Rodney Brooks, Search for Extraterrestrial Intelligence, self-driving car, semantic web, Silicon Valley, Singularitarianism, Skype, smart grid, speech recognition, statistical model, stealth mode startup, stem cell, Stephen Hawking, Steve Jobs, Steve Wozniak, strong AI, Stuxnet, superintelligent machines, technological singularity, The Coming Technological Singularity, traveling salesman, Turing machine, Turing test, Vernor Vinge, Watson beat the top human players on Jeopardy!, zero day

But one flash drive could infect multiple PCs, or infest an entire local area network (LAN) by plugging into one node. At the Natanz plant PCs were running software that permits users to visualize, monitor, and control plant operations from their computers. Once Stuxnet got access to one computer, phase one of its invasion began. It used four zero day vulnerabilities in the Microsoft Windows operating system to take control of that computer and search for others. Zero day vulnerabilities are holes in the computer’s operating software that no one has discovered yet, holes that permit unauthorized access to the computer. Hackers covet zero day vulnerabilities—their specs can sell for as much as $500,000 on the open market. Using four at the same time was extravagant, but it greatly enhanced the virus’s chances of success. That’s because in between Stuxnet’s deployment and when the attacks took place, one or more of the exploits could have been discovered and patched.

Three Mile Island tightly coupled systems Thrun, Sebastian transhumans transistors Traveller Trillion Credit Squadron Turing, Alan Turing machine Turing test Tversky, Amos two-minute problem 2001: A Space Odyssey Ulam, Stanislaw utility function Vassar, Michael Vicarious Systems Vinge, Vernor violence Virginia Tech Massacre Virtually You (Aboujaoude) voice recognition von Neumann, John Voss, Peter Wallach, Wendall Wall Street Warwick, Kevin Washington Post Watson weapons, see military Whitby, Blay “Why the Future Doesn’t Need Us” (Joy) Wired for Thought (Stibel) Wissner-Gross, Alexander D. Wolfram, Stephen Wozniak, Steve You Are Not a Gadget: A Manifesto (Lanier) Yudkowsky, Eliezer Yudkowsky, Yehuda Zeitgist ’06 zero day vulnerabilities Zeroth Law Zeus malware About the Author James Barrat is a documentary filmmaker who’s written and produced films for National Geographic, Discovery, PBS, and many other broadcasters in the United States and Europe. He lives near Washington, D.C., with his wife and two children. Learn more at www.JamesBarrat.com. OUR FINAL INVENTION. Copyright © 2013 by James Barrat.


pages: 315 words: 93,522

How Music Got Free: The End of an Industry, the Turn of the Century, and the Patient Zero of Piracy by Stephen Witt

Amazon: amazon.comamazon.co.ukamazon.deamazon.fr

4chan, barriers to entry, Berlin Wall, big-box store, cloud computing, collaborative economy, crowdsourcing, game design, Internet Archive, invention of movable type, inventory management, iterative process, Jason Scott: textfiles.com, job automation, late fees, mental accounting, packet switching, pattern recognition, pirate software, Ronald Reagan, security theater, sharing economy, side project, Silicon Valley, software patent, Steve Jobs, zero day

Scene members organized themselves into loosely affiliated digital crews, and those crews raced one another to be the first to release newly pirated material. Often this material was available the same day it was officially released. Sometimes it was even possible, by hacking company servers, or by accessing unscrupulous employees or vendors, to pirate a piece of software before it was available in stores. These prerelease leaks were called “zero-day” warez, and the ability to regularly source them earned one the ultimate accolade in digital piracy: to be among the “elite.” Now the Scene was moving from software to music, and it was their enthusiasm for the technology that sparked the mp3 craze. The first industrial-scale mp3 pirate was a Scene player by the screen name “NetFraCk,” who, in September 1996, offered an interview to Affinity, an underground Scene newsletter, which like the earliest cracked software, was distributed through snail mail on a 3.5-inch floppy disk.

This was the Scene, and Dockery, on IRC, had joined one of its most elite groups: Rabid Neurosis. They called it RNS for short. The group had formed a few weeks after Compress ’Da Audio, the pioneering mp3 releasing group. Within months they had eclipsed the originals, and quickly competed them out of existence. Instead of pirating individual songs, RNS was pirating whole albums, and bringing the same elite “zero-day” mentality from software to music. The goal was to beat the official release date wherever possible, and that meant a campaign of infiltration against the music majors. The founders of RNS had gone by the handles “NOFX” and “Bonethug,” although Dockery never interacted with these two. They dated back to the distant mists of 1996, as might be inferred by the musical acts their screen names referred to.

He knew its history and culture and could rhyme along with his favorite rappers. He knew all the beefs, all the disses, and all the details of the internecine label feuds. And he also knew that, in the aftermath of the murders of Biggie and Tupac, those feuds were dying down and the labels were consolidating. Death Row, Bad Boy, Cash Money, and Aftermath were all going corporate. In his relentless quest for zero-day leaks, Kali tracked these pressing and distribution deals carefully, and his research kept bringing him back to Universal. But without consistent access inside that company, rival release crews had been beating him. Glover was his ticket in. The two hashed out the details of their partnership. Kali would track release dates of upcoming albums online and alert Glover to the material he was interested in.


pages: 322 words: 84,752

Pax Technica: How the Internet of Things May Set Us Free or Lock Us Up by Philip N. Howard

Amazon: amazon.comamazon.co.ukamazon.deamazon.fr

Affordable Care Act / Obamacare, Berlin Wall, bitcoin, blood diamonds, Bretton Woods, Brian Krebs, British Empire, call centre, Chelsea Manning, citizen journalism, clean water, cloud computing, corporate social responsibility, crowdsourcing, Edward Snowden, en.wikipedia.org, failed state, Fall of the Berlin Wall, feminist movement, Filter Bubble, Firefox, Francis Fukuyama: the end of history, Google Earth, Howard Rheingold, income inequality, informal economy, Internet of things, Julian Assange, Kibera, Kickstarter, land reform, M-Pesa, Marshall McLuhan, megacity, Mikhail Gorbachev, mobile money, Mohammed Bouazizi, national security letter, Network effects, obamacare, Occupy movement, packet switching, pension reform, prediction markets, sentiment analysis, Silicon Valley, Skype, spectrum auction, statistical model, Stuxnet, trade route, uranium enrichment, WikiLeaks, zero day

Rebecca MacKinnon, “Keynote Speech on Surveillance,” in Opening Ceremony of the Freedom Online Conference, 2013, accessed September 30, 2014, http://consentofthenetworked.com/2013/06/17/freedom-online-keynote/. 10. “Aaron Swartz,” Wikipedia, accessed June 29, 2014, http://en.wikipedia.org/wiki/Aaron_Swartz. 11. “Russian Business Network,” Wikipedia, accessed June 19, 2014, http://en.wikipedia.org/wiki/Russian_Business_Network. 12. “Zero-Day Attack,” Wikipedia, accessed June 21, 2014, http://en.wikipedia.org/wiki/Zero-day_attack. 13. “U.S.-Style Personal Data Gathering Is Spreading Worldwide,” Forbes, accessed June 29, 2014, http://www.forbes.com/sites/adamtanner/2013/10/16/u-s-style-personal-data-gathering-spreading-worldwide/; Paul Schwartz, Managing Global Privacy (Berkeley: ThePrivacyProjects.org, January 2009), accessed September 30, 2014, http://theprivacyprojects.org/wp-content/uploads/2009/08/The-Privacy-Projects-Paul-Schwartz-Global-Data-Flows-20093.pdf. 14.

The Russian Business Network has become a service that essentially provides IT support for criminal networks.11 For a while it was openly selling a key-logging software for $150. The organization is probably behind the Storm botnet described earlier, and it actually specializes in identity theft services. The Russian government taps it for work projects. It contributes to the international market for zero-day exploits, trading in software flaws that a buyer can only use once against a device.12 For such dubious businesses and criminal actors, the internet of things will serve as a vast array for gathering data and a means of providing illegal information services. Coupled with the largely unregulated but not illegal markets in data about people from around the world, much of what is collected over the inter net of things will be valuable—and valued—by lobbyists every where.13 Denial-of-service attacks can be ordered online for between five and one hundred dollars, depending on the size of the target.14 Hacktivists and whistle blowers will continue to teach us the most about political actors’ use of inconspicuous devices to manipulate public opinion and manage political life.

See also Assange, Julian; Manning, Chelsea; Snowden, Edward; WikiLeaks wicked problems, 112 WikiLeaks, 13, 43–44, 201, 216 Wilson, Chris, 121 Witness Project, 20 World Bank, 55, 56, 251 World Social Forum, 49–50 Xi Jinping, 192 Xinhua news agency, 191 Yahoo!, 248 Yang, Guobin, 186 Yeltsin, Boris, 37 youth, attraction of, to digital media, 239–40 YouTube, 8–9, 45; in Turkey, 116; white supremacist videos on, 217 Zapatistas (Zapatista Liberation Army), 38, 47–53, 135, 229 zero-day exploits, 236 Zhang, Haiyan, 177a Zimbabwe, 92; anarchy in, 94; infrastructure deals with China, 114; receiving Chinese training on networks, 215 ZTE, 113–14 Zuckerman, Ethan, 138


pages: 302 words: 82,233

Beautiful security by Andy Oram, John Viega

Amazon: amazon.comamazon.co.ukamazon.deamazon.fr

Albert Einstein, Amazon Web Services, business intelligence, business process, call centre, cloud computing, corporate governance, credit crunch, crowdsourcing, defense in depth, en.wikipedia.org, fault tolerance, Firefox, loose coupling, market design, Monroe Doctrine, new economy, Nicholas Carr, Nick Leeson, Norbert Wiener, optical character recognition, packet switching, performance metric, pirate software, Search for Extraterrestrial Intelligence, security theater, SETI@home, Silicon Valley, Skype, software as a service, statistical model, Steven Levy, The Wisdom of Crowds, Upton Sinclair, web application, web of trust, x509 certificate, zero day, Zimmermann PGP

Office workers roll their eyes and curse as they read the password off the notepad next to their desk (lying on top of the budget printout that an office administrator told them should be in a locked drawer). If this is security, who would want to make a career of it? Or buy a book from O’Reilly about it? Or think about it for more than 30 seconds at a time? To people tasked with creating secure systems, the effort seems hopeless. Nobody at their site cooperates with their procedures, and the business managers refuse to allocate more than a pittance to security. Jaded from the endless instances of zero-day exploits and unpatched vulnerabilities in the tools and languages they have to work with, programmers and system administrators become lax. This is why books on security sell poorly (although in the last year or two, sales have picked up a bit). Books on hacking into systems sell much better than books about how to protect systems, a trend that really scares me. Well, this book should change that.

The problem is that the researcher can isolate and view the sample only after the malware has been released, sometimes months or even years previously. Rustock.C, one of the most dangerous Windows-based rootkits found to date, is a good example of this, having been in the wild for over a year before it was discovered, analyzed, and added to detection signatures. Even daily updates would not give manufacturers enough time to find, analyze, and distribute defenses against new malware, so users are vulnerable to yet unknown attacks (zero-day exploits). From this description, it would be legitimate to assume that a researcher is seeing an old version of the malware and that it has had time to make the rounds with other malware developers and “users.” Each malicious attack quickly changes into something completely new or incorporates some of its capabilities into something else. Furthermore, although anti-virus companies maintain research teams that can number in the hundreds, they are facing an ever-growing backlog of malware identification and signature production.

He served on the Roundtable on Scientific Communication and National Security, a collaborative project of the National Research Council and the Center for Strategic and International Studies. 268 CONTRIBUTORS INDEX Numbers 3-D Secure protocol account holder domain, 76 acquirer domain, 76 e-commerce security and, 76–78 evaluation of, 77 issuer domain, 76 transaction process, 76 802.11b standard, 51, 52 802.11i standard, 51 A ABA (American Bar Association), 203 Access Control Server (ACS), 77 accountability, 213, 214 ACS (Access Control Server), 77 ActionScript, 93 ad banners (see banner ads) Adams, Douglas, 158 Advanced Monitor System (AMS), 254, 256 advertising (see online advertising) adware (see spyware) Aegenis Group, 66 Agriculture, Department of, 196 AHS (Authentication History Server), 77 AI (artificial intelligence), 254, 257 AllowScriptAccess tag, 94 Amazon Web Services platform, 152 Amazon.com, 102 American Bar Association (ABA), 203 AMS (Advanced Monitor System), 254, 256 analyst confirmation traps, 12 Anderson, Chris, 165 Andreessen, Marc, 165, 166 Anna Carroll (barge), 206 anti-executables, 253 anti-spyware software evolution of, 251 initial implementation, 251 intrusive performance, 254 strict scrutiny, 252 anti-virus software diminished effectiveness, 249 functional fixation, 15 functionality, 232 historical review, 248–249 honeyclients and, 141 intrusive performance, 254 malware signature recognition, 251 need for new strategies, 248 strict scrutiny, 252 zero-day exploits and, 252 Apgar score, 37 Apgar, Virginia, 37 Apple Computer, 8 artificial intelligence (AI), 254, 257 Ascom-Tech AG, 117 Ashenfelter, Orley, 164 Aspect Security, 188 Atkins, Derek, 119 ATMs, early security flaws, 36 attacks (see malicious attacks) attribute certificates, 111 Attrition.org, 55 authentication 3-D Secure protocol, 77 auto-update and, 15 CV2 security code, 76 e-commerce security, 83, 84 federated programs, 210 NTLM, 6 password security, 7 PGP Global Directory and, 127 portability of, 85 security pitfall in, 71 SET protocol, 78 WEP support, 52 Authentication History Server (AHS), 77 authoritative keys, 123 authorization We’d like to hear your suggestions for improving our indexes.


pages: 264 words: 79,589

Kingpin: How One Hacker Took Over the Billion-Dollar Cybercrime Underground by Kevin Poulsen

Amazon: amazon.comamazon.co.ukamazon.deamazon.fr

Apple II, Brian Krebs, Burning Man, corporate governance, dumpster diving, Exxon Valdez, Hacker Ethic, hive mind, index card, McMansion, Mercator projection, offshore financial centre, packet switching, pirate software, Ponzi scheme, Robert Hanssen: Double agent, Saturday Night Live, Silicon Valley, Steve Jobs, Steve Wozniak, Steven Levy, traffic fines, web application, WikiLeaks, zero day, Zipcar

Just looking at the Web page would yield control of the victim’s computer, without any outward sign of infection. Even if the bugs were not made public, the bad guys could figure them out by reverse-engineering the vulnerability from Microsoft’s patches. Security experts had been watching with dismay as the time between a vulnerability’s announcement and its exploitation by black hats shrank from months to days. In the worst-case scenario, the black hats found a bug first: a “zero day” vulnerability that left the good guys playing catch-up. With new Microsoft patches coming out nearly every week, even vigilant corporations tended to lag in installing them, and average users often didn’t patch at all. A global survey of one hundred thousand Internet Explorer users conducted around the time of Max’s effort found that 45 percent suffered from unpatched remote access vulnerabilities; narrowing the field to American users cooled the number only slightly, to 36 percent.

He’d delivered on his end—from the very start of their partnership, back when he was working from Chris’s garage, he’d been breaching small banks and savings and loans. He was in hundreds of them now and could transfer money out of customers’ accounts at will. But the scheme was hung up on Chris’s end. Chris had to find a safe harbor for the money Max would steal—an offshore repository where they could park the cash without it being recalled by the victim bank. So far, he’d failed. So when, in September, Max got his hands on a deadly new Internet Explorer zero day, he shared the news not with Chris but with a different partner, one who had more knowledge of international finance, the Carders Market admin called NightFox. The security hole was a monster: another buffer overflow, this time in the Internet Explorer code designed to let websites draw vector graphics on a visitor’s screen. Sadly for Max, Eastern European hackers had found the bug first, and they’d been using it.

She was fiercely independent, but she couldn’t argue that he hadn’t given her space. It was time, he decided, for Max Vision, white hat, to return. It would be official. He visited the San Francisco courthouse and filled out the necessary paperwork. On August 14, a judge approved his legal name change from Max Butler to Max Ray Vision. He already had an idea for a new website that could catapult him back into the white-hat scene: a system for disclosing and managing zero-day vulnerabilities. He could seed it with the security holes he was privy to in the underground, bringing the exploits into the white-hat world like a defector crossing Checkpoint Charlie with a suitcase full of state secrets. But after all his work making Carders Market the top crime forum in the English-speaking world, he couldn’t bring himself to just abandon it. Max returned to his safe house.


pages: 464 words: 127,283

Smart Cities: Big Data, Civic Hackers, and the Quest for a New Utopia by Anthony M. Townsend

Amazon: amazon.comamazon.co.ukamazon.deamazon.fr

1960s counterculture, 4chan, A Pattern Language, Airbnb, Amazon Web Services, anti-communist, Apple II, Bay Area Rapid Transit, Burning Man, business process, call centre, carbon footprint, charter city, chief data officer, clean water, cleantech, cloud computing, computer age, congestion charging, connected car, crack epidemic, crowdsourcing, DARPA: Urban Challenge, data acquisition, Deng Xiaoping, East Village, Edward Glaeser, game design, garden city movement, Geoffrey West, Santa Fe Institute, George Gilder, ghettoisation, global supply chain, Grace Hopper, Haight Ashbury, Hedy Lamarr / George Antheil, hive mind, Howard Rheingold, interchangeable parts, Internet Archive, Internet of things, Jacquard loom, Jacquard loom, Jane Jacobs, jitney, John Snow's cholera map, Khan Academy, Kibera, knowledge worker, load shedding, M-Pesa, Mark Zuckerberg, megacity, mobile money, mutually assured destruction, new economy, New Urbanism, Norbert Wiener, Occupy movement, openstreetmap, packet switching, patent troll, place-making, planetary scale, popular electronics, RFC: Request For Comment, RFID, ride hailing / ride sharing, Robert Gordon, self-driving car, sharing economy, Silicon Valley, Skype, smart cities, Smart Cities: Big Data, Civic Hackers, and the Quest for a New Utopia, smart grid, smart meter, social graph, social software, social web, special economic zone, Steve Jobs, Steve Wozniak, Stuxnet, supply-chain management, technoutopianism, Ted Kaczynski, telepresence, The Death and Life of Great American Cities, too big to fail, trade route, Tyler Cowen: Great Stagnation, Upton Sinclair, uranium enrichment, urban decay, urban planning, urban renewal, Vannevar Bush, working poor, working-age population, X Prize, Y2K, zero day, Zipcar

So you will find the same products in a power plant, even in elevators.”42 Skeptics argue that the threat of Stuxnet is overblown. Stuxnet’s payload was highly targeted. It was programmed to only attack the Natanz centrifuges, and do so in a very specific way. Most importantly, it expended a highly valuable arsenal of “zero-day” attacks, undocumented vulnerabilities that can only be exploited once, after which a simple update will be issued by the software’s supplier. In its report on the virus, security software firm Symantec wrote “Incredibly, Stuxnet exploits four zero-day vulnerabilities, which is unprecedented.”43 Stuxnet’s unique attributes aside, most embedded systems aren’t located in bunkers, and they are increasingly vulnerable to much simpler attacks on their human operators. Little more than a year after Stuxnet was uncovered, a lone hacker known only as “pr0f” attacked the water utility of South Houston, a small town of seventeen thousand people just outside Texas’s most populous city.

That summer Dillon Beresford, a security researcher at (oddly coincidentally) Houston-based network security outfit NSS Labs, had demonstrated several flaws in SIMATIC and ways to exploit them. Siemens managed to dodge the collateral damage of Stuxnet, but the holes in SIMATIC are indicative of far more serious risks it must address. Another troubling development is the growing number of “forever day” vulnerabilities being discovered in older control systems. Unlike zero-day exploits, for which vendors and security firms can quickly deploy countermeasures and patches, forever-day exploits target holes in legacy embedded systems that manufacturers no longer support—and therefore will never be patched. The problem affects industrial-control equipment sold in the past by both Siemens and GE, as well as a host of smaller firms.45 It has drawn increased interest from the Cyber Emergency Response Team, the government agency that coordinates American cyber-security efforts.

., 62 “Web 2.0,” 237 Web start-ups, 240 Weinberger, David, 297 Welter, Volker, 96 West, Geoffrey, 160, 250, 312–15 Western Union, 5 White Oak Plantation, 21 Wiener, Norbert, 75, 77, 277–78 Wi-Fi, 28, 55, 68, 126–34, 154, 195 limitations of, 196 public network for, 217–18 Wikipedia, 200 Wilde, Oscar, 282 Wilson, Fred, 152, 154 wireless networks, 52, 178, 195, 198–99 local area networks of (WLAN), 128 RFID barcode technology in, 318–19 U.S. investment in, 3 Wire, The, 211 Wireless Web, 122 World Bank, 12, 169–71, 178, 189 Apps for Development contest, 201 estimate of global GDP, 30 Worldnet, 36–37 World War I, U.S. postwar period of, 99–100 World War II, 51, 128 World Wildlife Foundation, 30 Wrestling with Moses (Flint), 103–4 Wright, Frank Lloyd, 26 X.25, 109 Y2K bug, 257 Yackinach, Mark, 302 Yahoo, 157 Yale University, 69 YouTube, 115 in Arab Spring, 12 Zakaria, Fareed, 107 Zaragoza, 217–23 Center for Art and Technology in, 219–20, 222–23 “citizen card” for, 221–22 Digital Diamond in, 220 Digital Mile in, 218–22 Digital Water Pavilion in, 220 as “open source city,” 218 Zehnder, Joe, 83–85 “zero-day” attacks, 267–68 Zipcar, 162–63 Zoellick, Robert, 169–70 Copyright Copyright © 2013 by Anthony M. Townsend All rights reserved Printed in the United States of America First Edition For information about permission to reproduce selections from this book, write to Permissions, W. W. Norton & Company, Inc., 500 Fifth Avenue, New York, NY 10110 For information about special discounts for bulk purchases, please contact W.


pages: 349 words: 114,038

Culture & Empire: Digital Revolution by Pieter Hintjens

Amazon: amazon.comamazon.co.ukamazon.deamazon.fr

4chan, airport security, anti-communist, anti-pattern, barriers to entry, Bill Duvall, bitcoin, blockchain, business climate, business intelligence, business process, Chelsea Manning, clean water, congestion charging, Corn Laws, correlation does not imply causation, cryptocurrency, Debian, Edward Snowden, failed state, financial independence, Firefox, full text search, German hyperinflation, global village, GnuPG, Google Chrome, greed is good, Hernando de Soto, hiring and firing, informal economy, invisible hand, James Watt: steam engine, Jeff Rulifson, Julian Assange, Kickstarter, M-Pesa, mutually assured destruction, Naomi Klein, national security letter, new economy, New Urbanism, Occupy movement, offshore financial centre, packet switching, patent troll, peak oil, pre–internet, private military company, race to the bottom, rent-seeking, reserve currency, RFC: Request For Comment, Richard Feynman, Richard Feynman, Richard Stallman, Satoshi Nakamoto, security theater, Skype, slashdot, software patent, spectrum auction, Steve Crocker, Steve Jobs, Steven Pinker, Stuxnet, The Wealth of Nations by Adam Smith, The Wisdom of Crowds, trade route, transaction costs, union organizing, web application, WikiLeaks, Y2K, zero day, Zipf's Law

It's estimated that 40-90% of Windows PCs are infected by some kind of rogue software -- viruses, trojans, worms, and so on. The measured level is 42%, for known vulnerabilities. What about unknown holes in Windows, a so-called "zero-day attack"? In June 2010, the Stuxnet worm was found to be sabotaging Iran's nuclear program in a very sophisticated attack that looked for specific Siemens industrial control hardware, and interfered with it when it found it. Stuxnet is significant for several reasons, two of which are worth paying particular attention to. It was built by the NSA's hackers, and it used no less than four Windows zero-days. Zero-days are very rare in theory. For a group of hackers to use four, in a single worm, hints that there are many more we know nothing about. So that 42% figure is low. It seems logical to assume that the NSA has worked to be able to access any Windows PC anywhere, at any time.


pages: 246 words: 16,997

Financial Modelling in Python by Shayne Fletcher, Christopher Gardner

Amazon: amazon.comamazon.co.ukamazon.deamazon.fr

Brownian motion, discrete time, interest rate derivative, London Interbank Offered Rate, stochastic volatility, yield curve, zero day, zero-coupon bond

Accordingly the ppf.core.generate observables module offers the function generate libor observables() for this purpose. def generate libor observables( start , end , roll period = 6 , roll duration = ppf.date time.months , reset period = 6 , reset duration = ppf.date time.months , tenor period = 6 , tenor duration = ppf.date time.months , reset currency = "USD" , reset basis = ppf.date time.basis act 360 , reset holiday centres = None , reset shift method = ppf.date time.modified following , reset lag = 0 , *arguments , **keywords): from ppf.date time import days shift = ppf.date time.shift if reset lag > 0: raise RuntimeError, "index lag expected less or equal to zero" day, flow id, all observables = 0, 0, [] while day < end: roll start = start + roll duration(flow id*roll period) roll end = start + roll duration((flow id+1)*roll period) Data Model reset id = 0 proj roll = roll start observables = [] while proj roll < roll end: proj start = shift( proj roll , reset shift method, reset holiday centres) proj end = shift( proj roll+tenor duration(tenor period) , reset shift method, reset holiday centres) reset date = shift( proj start+days(reset lag) , reset shift method, reset holiday centres) observables.append( libor rate(None, flow id, reset id, reset date , reset currency, proj start, proj end , reset basis, fixing(False))) reset id += 1 proj roll = roll start+reset duration(reset id*reset period) day = roll end all observables.append(observables) flow id += 1 return all observables Here is an example of generate libor observables() in use. >>> observables = generate libor observables( ... start = date(2007, Jun, 29) ... , end = date(2012, Jun, 29) ... , roll period = 6 ... , roll duration = ppf.date time.months ... , reset period = 3 ... , reset duration = ppf.date time.months ... , tenor period = 3 ... , tenor duration = ppf.date time.months ... , reset currency = "JPY" ... , reset basis = basis act 360 ... , reset shift method = shift convention.modified following) >>> for obs per flow in observables: ... for obs in obs per flow: ... print obs 0, 0, JPY, [2007-Jun-29, 2007-Sep-28], basis act 360, 0, 1, JPY, [2007-Sep-28, 2007-Dec-31], basis act 360, 1, 0, JPY, [2007-Dec-31, 2008-Mar-31], basis act 360, 1, 1, JPY, [2008-Mar-31, 2008-Jun-30], basis act 360, 2, 0, JPY, [2008-Jun-30, 2008-Sep-29], basis act 360, 2, 1, JPY, [2008-Sep-29, 2008-Dec-29], basis act 360, 3, 0, JPY, [2008-Dec-29, 2009-Mar-30], basis act 360, 3, 1, JPY, [2009-Mar-30, 2009-Jun-29], basis act 360, 73 74 Financial Modelling in Python 4, 4, 5, 5, 6, 6, 7, 7, 8, 8, 9, 9, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, JPY, JPY, JPY, JPY, JPY, JPY, JPY, JPY, JPY, JPY, JPY, JPY, [2009-Jun-29, [2009-Sep-29, [2009-Dec-29, [2010-Mar-29, [2010-Jun-29, [2010-Sep-29, [2010-Dec-29, [2011-Mar-29, [2011-Jun-29, [2011-Sep-29, [2011-Dec-29, [2012-Mar-29, 2009-Sep-29], 2009-Dec-29], 2010-Mar-29], 2010-Jun-29], 2010-Sep-29], 2010-Dec-29], 2011-Mar-29], 2011-Jun-29], 2011-Sep-29], 2011-Dec-29], 2012-Mar-29], 2012-Jun-29], basis basis basis basis basis basis basis basis basis basis basis basis act act act act act act act act act act act act 360, 360, 360, 360, 360, 360, 360, 360, 360, 360, 360, 360, The sample invocation above has generated a sequence of LIBOR rate observables.

The constructor invokes the generate() method which uses the information contained in that dictionary together with the projection start and end dates to generate the underlying legs of the swap. from from from from fixing import * observable import * generate flows import * generate observables import * class swap rate(observable): def init (self , attributes , flow id , reset id , reset date , reset ccy , proj start date , proj end date , fix , spread=None): observable. init (self , attributes Data Model , flow id , reset id , reset ccy , reset date , proj end date , fix , spread) self. proj start date = proj start date self. proj end date = proj end date self. generate() def def def def def def def proj start date(self): return self. proj start date proj end date(self): return self. proj end date fixed pay basis(self) : return self. fixed pay basis float pay basis(self) : return self. float pay basis proj basis(self): return self. proj basis fixed flows(self): return self. fixed flows float flows(self): return self. float flows def generate(self): start = self. proj start date until = self. proj end date attributes = self.attributes() fixed fixed fixed fixed fixed float float float float float period = attributes["fixed-pay-period"] period duration = attributes["fixed-pay-period-duration"] pay basis = attributes["fixed-pay-basis"] pay holiday centres = attributes["fixed-pay-holiday-" "centres"] shift convention = attributes["fixed-shift-convention"] period = attributes["float-pay-period"] period duration = attributes["float-pay-period-duration"] pay basis = attributes["float-pay-basis"] pay holiday centres = attributes["float-pay-holiday-" "centres"] shift convention = attributes["float-shift-convention"] libor basis = attributes["index-basis"] libor holiday centres = attributes["index-holiday-centres"] libor shift convention = attributes["index-shift-convention"] self. fixed flows = \ generate flows(start , until , period = fixed period , duration = fixed period duration , pay shift method = fixed shift convention , pay currency = self.reset currency() , pay basis = fixed pay basis , pay holiday centres = fixed pay holiday centres , accrual shift method = fixed shift convention 75 76 Financial Modelling in Python , accrual holiday centres = \ fixed pay holiday centres) libor observables = \ generate libor observables( start , until , roll period = float period , roll duration = float period duration , reset period = float period , reset duration = float period duration , tenor period = float period , tenor duration = float period duration , reset currency = self.reset currency() , reset basis = libor basis , reset holiday centres = libor holiday centres , reset shift method = libor shift convention) self. float flows = \ generate flows(start , until , period = float period , duration = float period duration , pay shift method = float shift convention , pay currency = self.reset currency() , pay basis = float pay basis , pay holiday centres = float pay holiday centres , accrual shift method = float shift convention , accrual holiday centres = \ float pay holiday centres , observables = libor observables) def str (self): s = "%d, " % self.flow id() s += "%d, " % self.reset id() s += "%s, " % self.reset currency() s += "[%s, %s], " % (self. proj start date, self. proj end date) return s Once again for completeness the swap rate class provides a method forward for determining the value of the swap rate at a particular point in time. class swap rate(observable): def forward(self, t, curve): fund pv = 0 for f in self. float flows: obs = f.observables()[0] proj start, proj end, reset accrual dcf = \ (obs.proj start date(), obs.proj end date(), obs.year fraction()) dfs, dfe = \ curve(int(proj start - t)/365.0), curve(int(proj end - t)/365.0) Data Model 77 libor = (dfs/dfe - 1.0)/reset accrual dcf pay date, accrual dcf = (f.pay date(), f.year fraction()) dfp = curve(int(pay date - t)/365.0) fund pv += dfp*libor*accrual dcf fixed pv = 0 for f in self. fixed flows: pay date, accrual dcf = (f.pay date(), f.year fraction()) dfp = curve(int(pay date - t)/365.0) fixed pv += dfp*accrual dcf return fund pv/fixed pv Like the generate libor observables() function of section 6.1.1, a function for generating a sequence of swap rate observables, generate swap observables(), can be found in the ppf.core.generate observables module. def generate swap observables( start , end , attributes , spread = 0 , roll period = 6 , roll duration = ppf.date time.months , tenor period = 10 , tenor duration = ppf.date time.years , reset currency = "USD" , reset basis = ppf.date time.basis act 360 , reset holiday centres = None , reset shift method = ppf.date time.modified following , reset lag = 0 , *arguments , **keywords): from ppf.date time import days shift = ppf.date time.shift if reset lag > 0: raise RuntimeError, "index lag expected less or equal to zero" day, flow id, all observables = 0, 0, [] while day < end: roll start = start + roll duration(flow id*roll period) roll end = start + roll duration((flow id+1)*roll period) reset id = 0 proj roll = roll start proj start = \ shift( proj roll , reset shift method , reset holiday centres ) 78 Financial Modelling in Python proj end = \ shift( proj roll+tenor duration(tenor period) , reset shift method, reset holiday centres ) reset date = \ shift( proj start+days(reset lag) , reset shift method, reset holiday centres ) all observables.append( swap rate( attributes , flow id , reset id , reset date , reset currency , proj start , proj end , fixing(False) , spread) ) flow id += 1; reset id += 1; day = roll end return all observables The following is an example session demonstrating the generation of a sequence of swap rate observables. >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> ... ... ... ... ... ... ... >>> props = {} props["fixed-pay-period"] = 1 props["fixed-pay-period-duration"] = years props["fixed-pay-basis"] = basis act 360 props["fixed-pay-holiday-centres"] = None props["fixed-shift-convention"] = modified following props["float-pay-period"] = 6 props["float-pay-period-duration"] = months props["float-pay-basis"] = basis act 365 props["float-pay-holiday-centres"] = None props["float-shift-convention"] = modified following props["index-basis"] = basis act 365 props["index-holiday-centres"] = None props["index-shift-convention"] = modified following observables = generate swap observables( start = date(2007, Jun, 29) , end = date(2017, Jun, 29) , attributes = props , roll period = 1 , roll duration = years , tenor period = 10 , tenor duration = years) for o in observables: print o Data Model 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, USD, USD, USD, USD, USD, USD, USD, USD, USD, USD, [2007-Jun-29, [2008-Jun-30, [2009-Jun-29, [2010-Jun-29, [2011-Jun-29, [2012-Jun-29, [2013-Jun-28, [2014-Jun-30, [2015-Jun-29, [2016-Jun-29, 79 2017-Jun-29], 2018-Jun-29], 2019-Jun-28], 2020-Jun-29], 2021-Jun-29], 2022-Jun-29], 2023-Jun-29], 2024-Jun-28], 2025-Jun-30], 2026-Jun-29], 6.2 FLOWS A fl w describes a cash fl w to be made at some point in time.


pages: 525 words: 116,295

The New Digital Age: Transforming Nations, Businesses, and Our Lives by Eric Schmidt, Jared Cohen

Amazon: amazon.comamazon.co.ukamazon.deamazon.fr

3D printing, access to a mobile phone, additive manufacturing, airport security, Amazon Mechanical Turk, Amazon Web Services, anti-communist, augmented reality, Ayatollah Khomeini, barriers to entry, bitcoin, borderless world, call centre, Chelsea Manning, citizen journalism, clean water, cloud computing, crowdsourcing, data acquisition, Dean Kamen, Elon Musk, failed state, fear of failure, Filter Bubble, Google Earth, Google Glasses, hive mind, income inequality, information trail, invention of the printing press, job automation, Julian Assange, Khan Academy, Kickstarter, knowledge economy, Law of Accelerating Returns, market fundamentalism, means of production, mobile money, mutually assured destruction, Naomi Klein, offshore financial centre, peer-to-peer lending, personalized medicine, Peter Singer: altruism, Ray Kurzweil, RFID, self-driving car, sentiment analysis, Silicon Valley, Skype, Snapchat, social graph, speech recognition, Steve Jobs, Steven Pinker, Stewart Brand, Stuxnet, The Wisdom of Crowds, upwardly mobile, Whole Earth Catalog, WikiLeaks, young professional, zero day

(Others argued that the indicators were far too obvious, and thus false flags.) The resources involved also suggested government production: Experts thought the worm was written by as many as thirty people over several months. And it used an unprecedented number of “zero-day” exploits, malicious computer attacks exposing vulnerabilities (security holes) in computer programs that were unknown to the program’s creator (in this case, the Windows operating system) before the day of the attack, thus leaving zero days to prepare for it. The discovery of one zero-day exploit is considered a rare event—and exploited information can be sold for hundreds of thousands of dollars on the black market—so security analysts were stunned to discover that an early variant of Stuxnet took advantage of five. Sure enough, it was revealed in June 2012 that not one but two governments were behind the deployment of the Stuxnet worm.


pages: 437 words: 113,173

Age of Discovery: Navigating the Risks and Rewards of Our New Renaissance by Ian Goldin, Chris Kutarna

Amazon: amazon.comamazon.co.ukamazon.deamazon.fr

2013 Report for America's Infrastructure - American Society of Civil Engineers - 19 March 2013, 3D printing, Airbnb, Albert Einstein, AltaVista, Asian financial crisis, asset-backed security, autonomous vehicles, banking crisis, barriers to entry, battle of ideas, Berlin Wall, bioinformatics, bitcoin, Bonfire of the Vanities, clean water, collective bargaining, Colonization of Mars, Credit Default Swap, crowdsourcing, cryptocurrency, Dava Sobel, demographic dividend, Deng Xiaoping, Doha Development Round, double helix, Edward Snowden, Elon Musk, en.wikipedia.org, epigenetics, experimental economics, failed state, Fall of the Berlin Wall, financial innovation, full employment, Galaxy Zoo, global supply chain, Hyperloop, immigration reform, income inequality, indoor plumbing, industrial robot, information retrieval, intermodal, Internet of things, invention of the printing press, Isaac Newton, Islamic Golden Age, Khan Academy, Kickstarter, labour market flexibility, low cost carrier, low skilled workers, Lyft, Malacca Straits, megacity, Mikhail Gorbachev, moral hazard, Network effects, New Urbanism, non-tariff barriers, Occupy movement, On the Revolutions of the Heavenly Spheres, open economy, Panamax, personalized medicine, Peter Thiel, post-Panamax, profit motive, rent-seeking, reshoring, Robert Gordon, Search for Extraterrestrial Intelligence, Second Machine Age, self-driving car, Shenzhen was a fishing village, Silicon Valley, Silicon Valley startup, Skype, smart grid, Snapchat, special economic zone, spice trade, statistical model, Stephen Hawking, Steve Jobs, Stuxnet, TaskRabbit, too big to fail, trade liberalization, trade route, transaction costs, transatlantic slave trade, uranium enrichment, We are the 99%, We wanted flying cars, instead we got 140 characters, working poor, working-age population, zero day

Unexpected data loss and downtime cost businesses as much as $1.7 trillion in 2014, according to one global industry survey.78 As we become more dependent on the Internet, for example through wider adoption of cloud services, those costs will escalate.79 And the exploitation of so-called zero-day vulnerabilities—unknown bugs buried deep inside the code of widely distributed software or operating systems—threatens to interrupt services deliberately. Often these bugs are fixed only after hackers have made use of them. In September 2014, a wave of attacks known as ShellShock exploited a core vulnerability in Mac and Linux operating systems to run malicious code on millions of computers. The bug had gone unnoticed for 20 years. Another zero-day vulnerability uncovered in November 2014, called Unicorn, had been present in every release of Microsoft Internet Explorer going back to 1995.80 The complexity of Internet networks allows attacks like zero-day exploits to be performed with near-perfect anonymity. The most frequent kind of attack, distributed denial of service (DDoS), arranges to send dummy data requests to a victim’s server from thousands of hijacked computers simultaneously, so that legitimate users can’t get their own requests through.


pages: 362 words: 86,195

Fatal System Error: The Hunt for the New Crime Lords Who Are Bringing Down the Internet by Joseph Menn

Amazon: amazon.comamazon.co.ukamazon.deamazon.fr

Brian Krebs, dumpster diving, fault tolerance, Firefox, Menlo Park, offshore financial centre, pirate software, Plutocrats, plutocrats, popular electronics, profit motive, RFID, Silicon Valley, zero day

Only after several years of pro-China activities did a profit motive emerge to such an extent that it splintered some of the most important organizations. Again like the Russians, the Chinese have used cyberattacks to harass and silence civilian foes based outside the country’s borders. Proponents of the Falun Gang and Tibetan independence movements have been targeted, and at least one small Tibetan alliance disbanded rather than risk further electronic communications. Chinese hackers have hit virtually all the groups with “zero-day exploits,” those that use a vulnerability that has not been openly identified and patched. One especially clever email used a previously unknown flaw in Microsoft Word to try to infiltrate a pro-Taiwan group. Two weeks later, the same gambit was used against a big defense contractor in the U.K., according to Finnish expert Mikko Hypponen, strongly suggesting the hand of Chinese government. Groups such as Students for a Free Tibet long ago switched to Macs, which are less vulnerable to viruses, stopped opening attachments, and barred sensitive topics from email.

. ,” he wrote: According to a copy of the email. 109 the Bagle family of viruses: Joe Stewart’s “Who Wrote Bagle.” 112 as they became available: Sources include Frank Eissmann, U.S. agents, and court filings against Gembe, Walker, Ashley, and Echouafni. 114 with more than 35 million identities at risk just that year: Identity Theft Resource Center report, www.idtheftcenter.org/artman2/publish/m_press/2008_Data_Breach_Totals_Soar.shtml. 115 actually earned money from many instances of fraud: Interviews with banking and retailing executives, among others. See the author’s LATimes article “Industry at Odds Over ID Theft Liability,” available at http://articles.latimes.com/2005/mar/07/business/fi-idtheft7. The most comprehensive analysis of the culpability of the financial industry in identity theft is by USAToday reporters Byron Acohido and Jon Swartz, in their insightful book Zero Day Threat. 115 harassed by debt collectors after such fraud: According to the 2003 FTC report, available at www.josephmenn.com/FatalSystemError. 116 advisors on the 2005 report: The author covered the Javelin report’s problems in “Data Brokers Press for U.S. Law” at http://articles.latimes.com/2005/dec/26/business/fi-idlobby26. 117 the Waff StreetJournal,and elsewhere: See, for example, “Net Fraud Study,” http://query.nytimes.com/gst/fullpage.html?


pages: 547 words: 160,071

Underground by Suelette Dreyfus

Amazon: amazon.comamazon.co.ukamazon.deamazon.fr

airport security, invisible hand, Julian Assange, Loma Prieta earthquake, packet switching, pirate software, profit motive, publish or perish, RFC: Request For Comment, Ronald Reagan, Stephen Hawking, Steven Levy, Stuxnet, uranium enrichment, urban decay, WikiLeaks, zero day

See: http://www.cbsnews.com/stories/2010/11/29/world/main7100197.shtml 10. William J. Broad, John Markoff and David E. Sanger, ‘Israeli Test on Worm Called Crucial in Iran Nuclear Delay’, New York Times online, 15 January, 2011. See: http://www.nytimes.com/2011/01/16/world/middleeast/16stuxnet.html?pagewanted=3&_r=1 11. Ibid. 12. Ryan Naraine, ‘Stuxnet attackers used 4 Windows zero-day exploits’, Zdnet, 14 September, 2010. See: http://www.zdnet.com/blog/security/stuxnet-attackers-used-4-windows-zero-day-exploits/7347 13. Thomas Erdbrink, ‘Iranian nuclear scientist killed, another injured in Tehran bombings’, The Washington Post, 29 November, 2010. See: http://www.washingtonpost.com/wp-dyn/content/article/2010/11/29/AR2010112901560.html 14. BBC News, ‘Iranian nuclear scientist killed in motorbike attack,’ 29 November, 2010. See: http://www.bbc.co.uk/news/world-middle-east-11860928 15.


pages: 200 words: 54,897

Flash Boys: Not So Fast: An Insider's Perspective on High-Frequency Trading by Peter Kovac

Amazon: amazon.comamazon.co.ukamazon.deamazon.fr

bank run, barriers to entry, bash_history, Bernie Madoff, Flash crash, housing crisis, index fund, locking in a profit, London Whale, market microstructure, merger arbitrage, prediction markets, price discovery process, Sergey Aleynikov, Spread Networks laid a new fibre optics cable between New York and Chicago, transaction costs, zero day

But it is clear that these are cherry-picked statistics: Why 2004 to 2006? Why not include 2003? And why compare to 2010, 2011, and 2012, with the European debt crisis threatening to blow apart Europe in a way that the U.S. housing crisis couldn’t?[57] The answer is that the data fits his argument best when you slice it this way. The period from 2004 to 2006 comprises the quietest years on record – there were absolutely zero days where the market dropped by 2% or more, and only two days in those three years where the market rose by 2%. For contrast, in 2003 alone the market had 15 days where it rose or fell more than 2%. In 2002, there were more than 50 such days. So it’s no surprise that Lewis excluded 2002 and 2003 from his “quiet” years. In case you are wondering, market swings of 2% or more happened a whopping total of three days in 2013.


pages: 200 words: 72,182

Nickel and Dimed: On (Not) Getting by in America by Barbara Ehrenreich

Amazon: amazon.comamazon.co.ukamazon.deamazon.fr

business process, full employment, housing crisis, income inequality, McMansion, place-making, telemarketer, union organizing, wage slave, women in the workforce, working poor, zero day

What is this business of letting someone in off the street to run a nursing home, or at least a vital chunk of a nursing home, for a day?[21] True, this is the one job where my references were actually checked, but what if I were one of those angel-of-death type health workers, who decided to free my charges from their foggy half-lives? More to the point, I am wondering what the two-job way of life would do to a person after a few months with zero days off. In my writing life I normally work seven days a week, but writing is ego food, totally self-supervised and intermittently productive of praise. Here, no one will notice my heroism on that Saturday's shift. (I will later make a point of telling Linda about it and receive only a distracted nod.) If you hump away at menial jobs 360-plus days a year, does some kind of repetitive injury of the spirit set in?


pages: 283 words: 73,093

Social Democratic America by Lane Kenworthy

Amazon: amazon.comamazon.co.ukamazon.deamazon.fr

affirmative action, Affordable Care Act / Obamacare, barriers to entry, Celtic Tiger, centre right, clean water, collective bargaining, corporate governance, David Brooks, desegregation, Edward Glaeser, full employment, Gini coefficient, hiring and firing, Home mortgage interest deduction, illegal immigration, income inequality, invisible hand, labor-force participation, manufacturing employment, market bubble, minimum wage unemployment, new economy, postindustrial economy, purchasing power parity, race to the bottom, rent-seeking, rising living standards, Robert Gordon, Robert Shiller, Robert Shiller, Ronald Reagan, school choice, shareholder value, sharing economy, Skype, Steve Jobs, too big to fail, Tyler Cowen: Great Stagnation, union organizing, universal basic income, War on Poverty, working poor, zero day

This is a big challenge, but it’s a manageable one. Next, large involuntary declines in income. Here, four changes are needed. One is sickness insurance. We are the only rich nation without a public sickness insurance program.6 Though many large private-sector firms offer employees some paid sickness days, and a few cities and states have a public program, one in three employed Americans gets zero days of paid sick leave.7 FIGURE 3.1 Health expenditures and life expectancy, 1960–2010 The data points are years. The lines are loess curves. Life expectancy: years at birth. Health expenditures: public plus private, as percent of GDP. The other countries are Australia, Austria, Belgium, Canada, Denmark, Finland, France, Germany, Ireland, Italy, Japan, the Netherlands, New Zealand, Norway, Portugal, Spain, Sweden, Switzerland, and the United Kingdom.


pages: 678 words: 159,840

The Debian Administrator's Handbook, Debian Wheezy From Discovery to Mastery by Raphaal Hertzog, Roland Mas

Amazon: amazon.comamazon.co.ukamazon.deamazon.fr

bash_history, Debian, distributed generation, en.wikipedia.org, failed state, Firefox, GnuPG, Google Chrome, Jono Bacon, NP-complete, QWERTY keyboard, RFC: Request For Comment, Richard Stallman, Skype, SpamAssassin, Valgrind, web application, x509 certificate, zero day, Zimmermann PGP

In the Free Software world, there is generally ample room for choice, and choosing one piece of software over another should be a decision based on the criteria that apply locally. More features imply an increased risk of a vulnerability hiding in the code; picking the most advanced program for a task may actually be counter-productive, and a better approach is usually to pick the simplest program that meets the requirements. VOCABULARY Zero-day exploit A zero-day exploit attack is hard to prevent; the term covers a vulnerability that is not yet known to the authors of the program. 14.5.4. Managing a Machine as a Whole Most Linux distributions install by default a number of Unix services and many tools. In many cases, these services and tools are not required for the actual purposes for which the administrator set up the machine.


pages: 350 words: 107,834

Halting State by Charles Stross

Amazon: amazon.comamazon.co.ukamazon.deamazon.fr

augmented reality, call centre, forensic accounting, game design, Google Earth, hiring and firing, illegal immigration, impulse control, indoor plumbing, invention of the steam engine, Necker cube, Potemkin village, RFID, Schrödinger's Cat, Vernor Vinge, zero day

“The question isn’t where Team Red got the keys to the realm from: Hayek Associates have a copy of the one-time pad, because they’re sniffing on everything. The question is, Who inside Hayek Associates leaked the pad, via the blacknet? Barry’s gotten through to the disaster planning people. They’ve generated fresh master pads, and they’re pushing copies out to the main switches by courier—they’re implementing the national zero-day exploit plan. The goal is to throw the switch at noon, at which point all Team Red’s careful work goes down the toilet. Then they’ll reboot CopSpace completely and load freshly signed certificates for the dot-sco domain by hand on the root servers, and a bunch more fiddly stuff. But the main thing is, once they change the one-time pads for admin access to the national backbone routers, Team Red will be unable to tap traffic at will.


pages: 398 words: 120,801

Little Brother by Cory Doctorow

Amazon: amazon.comamazon.co.ukamazon.deamazon.fr

airport security, Berlin Wall, citizen journalism, Firefox, game design, Golden Gate Park, Haight Ashbury, Internet Archive, Isaac Newton, Jane Jacobs, Jeff Bezos, mail merge, RFID, Sand Hill Road, Silicon Valley, slashdot, Steve Jobs, Steve Wozniak, web of trust, zero day

They continue to turn people, to compromise them. They mine the social network sites and use threats to turn kids into informants. There are hundreds of people working for the DHS on Xnet right now. I have their names, handles and keys. Private and public. > Within days of the Xnet launch, we went to work on exploiting ParanoidLinux. The exploits so far have been small and insubstantial, but a break is inevitable. Once we have a zero-day break, you're dead. > I think it's safe to say that if my handlers knew that I was typing this, my ass would be stuck in Gitmo-by-the-Bay until I was an old woman. > Even if they don't break ParanoidLinux, there are poisoned ParanoidXbox distros floating around. They don't match the checksums, but how many people look at the checksums? Besides me and you? Plenty of kids are already dead, though they don't know it


pages: 478 words: 149,810

We Are Anonymous: Inside the Hacker World of LulzSec, Anonymous, and the Global Cyber Insurgency by Parmy Olson

Amazon: amazon.comamazon.co.ukamazon.deamazon.fr

4chan, Asperger Syndrome, bitcoin, call centre, Chelsea Manning, corporate governance, crowdsourcing, Firefox, hive mind, Julian Assange, Minecraft, Occupy movement, pirate software, side project, Skype, speech recognition, Stephen Hawking, Stuxnet, We are Anonymous. We are Legion, We are the 99%, web application, WikiLeaks, zero day

I know you guys don’t know me, but you probably know people that do. Xero, venuism, e, insidious, nigg, etc etc.” Then he added, “Kayla.” Joepie reported all of this verbatim back to the crew in #pure-elite. Those nicknames were very well known, pointed out a secondary-crew member called Trollpoll. Another laughed. “He’s just name dropping,” said Sabu. Neuron, a friendly and analytical Anon, suggested asking Egeste to provide a zero-day as proof of his skills. Also known as a 0day, this referred to an as-yet-unknown server vulnerability, and finding one meant big kudos for any hacker, white hat or black hat. Sabu asked Kayla if she’d heard of Egeste, and it turned out the new guy had also been in the #Gnosis channel when she had coordinated the hack on Gawker, but “he did not do shit,” she said. For all the names he had mentioned, Egeste was just another distraction.


pages: 458 words: 135,206

CTOs at Work by Scott Donaldson, Stanley Siegel, Gary Donaldson

Amazon: amazon.comamazon.co.ukamazon.deamazon.fr

Amazon Web Services, bioinformatics, business intelligence, business process, call centre, centre right, cloud computing, computer vision, connected car, crowdsourcing, data acquisition, distributed generation, domain-specific language, glass ceiling, pattern recognition, Pluto: dwarf planet, Richard Feynman, Richard Feynman, shareholder value, Silicon Valley, Skype, smart grid, smart meter, software patent, thinkpad, web application, zero day

There are not a lot of standards yet how to handle these petabytes of data, how to access it in an optimal, cost effective way. There are some open source applications to manage big data, and some very well-known large companies are starting to support those standards. S. Donaldson: How about cyber security? Cherches: Cyber security—well, that's a big subject. I always talk about one day walking into the office and everything is wiped out. A new, unknown threat, often called zero-day attack, may come out and computers will be wiped out. So, you need to have a good data recovery strategy in cyber security. Hire a good expert. Hire a company that can do penetration testing for you and can just come from outside and the inside and then report you their concerns. S. Donaldson: How do you handle technology investments for your own company? Cherches: What we try to do is to find at least three different vendors to try to present their solution.


pages: 368 words: 145,841

Financial Independence by John J. Vento

Amazon: amazon.comamazon.co.ukamazon.deamazon.fr

Affordable Care Act / Obamacare, Albert Einstein, asset allocation, diversification, diversified portfolio, estate planning, financial independence, fixed income, high net worth, Home mortgage interest deduction, mortgage debt, mortgage tax deduction, oil shock, Own Your Own Home, passive income, risk tolerance, time value of money, transaction costs, young professional, zero day

Most policies have an elimination period (sometimes called a deductible or a waiting period). That means benefits can start 0, 20, 30, 60, 90, or 100 days after you start using long-term care or become disabled. How many days you have to wait for benefits to start will depend on the elimination period you pick when you buy your policy. You might be c05.indd 117 26/02/13 11:09 AM 118 Financial Independence (Getting to Point X ) able to choose a policy with a zero-day elimination period but expect it to cost significantly more. Protecting against inflation can be one of the most important additions you can make to a long-term care insurance policy, although it will increase the premium you pay. If your benefits do not increase over time, years from now, you may find that they have not kept up with the rising cost of long-term care. The younger you are when you buy a policy, the more important it is for you to think about adding inflation protection; otherwise, you will be only partially covered when the need arises.


pages: 537 words: 149,628

Ghost Fleet: A Novel of the Next World War by P. W. Singer, August Cole

Amazon: amazon.comamazon.co.ukamazon.deamazon.fr

3D printing, Admiral Zheng, augmented reality, British Empire, energy security, Firefox, glass ceiling, global reserve currency, Google Earth, Google Glasses, IFF: identification friend or foe, Just-in-time delivery, Maui Hawaii, new economy, RAND corporation, reserve currency, RFID, Silicon Valley, Silicon Valley startup, South China Sea, sovereign wealth fund, stealth mode startup, trade route, Wall-E, We are Anonymous. We are Legion, zero day

“It might look like camouflage, but the reality is that all the scaffolding and tarps are really necessary. We ended up having to do a top-to-bottom overhaul here,” said Simmons. As they approached a knot of crewmen — some in their teens, others decades older — clambering over a scaffold, the admiral said, “Tell me about the crew. How is the new mix going?” “The mix of generations has its strengths and weaknesses. We have the remnants of the pre–Zero Day fleet. I was given my choice of the best of my old crew, which I understand I have you to thank for. Then there are the draftees, some of whom have never seen the real ocean, let alone been out on it,” said Simmons. “But what they do know are computers; they’ve been with viz in one form or another since birth. They see problems differently than regular sailors, even sailors who were in the Navy when the war started.”


pages: 497 words: 144,283

Connectography: Mapping the Future of Global Civilization by Parag Khanna

Amazon: amazon.comamazon.co.ukamazon.deamazon.fr

1919 Motor Transport Corps convoy, 2013 Report for America's Infrastructure - American Society of Civil Engineers - 19 March 2013, 3D printing, 9 dash line, additive manufacturing, Admiral Zheng, affirmative action, agricultural Revolution, Airbnb, Albert Einstein, amateurs talk tactics, professionals talk logistics, Amazon Mechanical Turk, Asian financial crisis, asset allocation, autonomous vehicles, banking crisis, Basel III, Berlin Wall, bitcoin, Black Swan, blockchain, borderless world, Boycotts of Israel, Branko Milanovic, BRICs, British Empire, business intelligence, call centre, capital controls, charter city, clean water, cloud computing, collateralized debt obligation, complexity theory, corporate governance, corporate social responsibility, credit crunch, crony capitalism, crowdsourcing, cryptocurrency, cuban missile crisis, data is the new oil, David Ricardo: comparative advantage, deglobalization, deindustrialization, dematerialisation, Deng Xiaoping, Detroit bankruptcy, diversification, Doha Development Round, edge city, Edward Snowden, Elon Musk, energy security, ethereum blockchain, European colonialism, eurozone crisis, failed state, Fall of the Berlin Wall, family office, Ferguson, Missouri, financial innovation, financial repression, forward guidance, global supply chain, global value chain, global village, Google Earth, Hernando de Soto, high net worth, Hyperloop, ice-free Arctic, if you build it, they will come, illegal immigration, income inequality, income per capita, industrial robot, informal economy, Infrastructure as a Service, interest rate swap, Internet of things, Isaac Newton, Jane Jacobs, Jaron Lanier, John von Neumann, Julian Assange, Just-in-time delivery, Kevin Kelly, Khyber Pass, Kibera, Kickstarter, labour market flexibility, labour mobility, LNG terminal, low cost carrier, manufacturing employment, mass affluent, megacity, Mercator projection, microcredit, mittelstand, Monroe Doctrine, mutually assured destruction, New Economic Geography, new economy, New Urbanism, offshore financial centre, oil rush, oil shale / tar sands, oil shock, openstreetmap, out of africa, Panamax, Peace of Westphalia, peak oil, Peter Thiel, Plutocrats, plutocrats, post-oil, post-Panamax, private military company, purchasing power parity, QWERTY keyboard, race to the bottom, Rana Plaza, rent-seeking, reserve currency, Robert Gordon, Robert Shiller, Robert Shiller, Ronald Coase, Scramble for Africa, Second Machine Age, sharing economy, Shenzhen was a fishing village, Silicon Valley, Silicon Valley startup, six sigma, Skype, smart cities, Smart Cities: Big Data, Civic Hackers, and the Quest for a New Utopia, South China Sea, South Sea Bubble, sovereign wealth fund, special economic zone, spice trade, Stuxnet, supply-chain management, sustainable-tourism, TaskRabbit, telepresence, the built environment, Tim Cook: Apple, trade route, transaction costs, UNCLOS, uranium enrichment, urban planning, urban sprawl, WikiLeaks, young professional, zero day

World Input-Output Database. http://www.​wiod.​org/​new_site/​home.​htm. Writson, Walter B. The Twilight of Sovereignty: How the Information Revolution Is Transforming Our World. Scribner, 1992. Zakaria, Fareed. The Future of Freedom: Illiberal Democracy at Home and Abroad. W. W. Norton, 2007. Zeihan, Peter. The Accidental Superpower: The Next Generation of American Preeminence and the Coming Global Disorder. Twelve, 2015. Zetter, Kim. Countdown to Zero Day: Stuxnet and the Launch of the World’s First Digital Weapon. Penguin Random House, 2014. Zhang Weiwei. The China Wave: Rise of a Civilizational State. World Century, 2012. Zheng, Y. De Facto Federalism in China: Reforms and Dynamics of Central-Local Relations. World Scientific, 2007. ———. “Institutional Economics and Central-Local Relations in China: Evolving Research.” China: An International Journal 3, no. 2 (2005): 240–69.


pages: 571 words: 162,958

Rewired: The Post-Cyberpunk Anthology by James Patrick Kelly, John Kessel

Amazon: amazon.comamazon.co.ukamazon.deamazon.fr

back-to-the-land, Columbine, dark matter, Extropian, Firefox, gravity well, haute couture, Internet Archive, pattern recognition, phenotype, post-industrial society, price stability, Silicon Valley, slashdot, Stephen Hawking, technological singularity, telepresence, the scientific method, Turing test, urban renewal, Vernor Vinge, wage slave, Y2K, zero day

“No need for both of us to be wrecked tomorrow.” “What? Oh. My personal box is over there. It went down around 1:30 and I got woken up by my process-monitor. I should have called you and told you I was coming down—spared you the trip.” Felix’s own server — a box he shared with five other friends — was in a rack one floor down. He wondered if it was offline too. “What’s the story?” “Massive flashworm attack. Some jackass with a zero-day exploit has got every Windows box on the net running Monte Carlo probes on every IP block, including IPv6. The big Ciscos all run administrative interfaces over v6, and they all fall over if they get more than ten simultaneous probes, which means that just about every interchange has gone down. DNS is screwy, too—like maybe someone poisoned the zone transfer last night. Oh, and there’s an email and IM component that sends pretty lifelike messages to everyone in your address book, barfing up Eliza-dialog that keys off of your logged email and messages to get you to open a Trojan.”


pages: 926 words: 312,419

Working: People Talk About What They Do All Day and How They Feel About What They Do by Studs Terkel

Amazon: amazon.comamazon.co.ukamazon.deamazon.fr

call centre, card file, cuban missile crisis, Ford paid five dollars a day, half of the world's population has never made a phone call, job satisfaction, Ralph Nader, strikebreaker, traveling salesman, urban renewal, War on Poverty, working poor, Yogi Berra, zero day

Going up, it’s bad enough carrying something on your back. Coming down with two hundred pounds on your back, it gets heavier. It has never bothered me. I have a real bad back, by the way. I’ve been in the hospital last year with a bad back. Shoveling coal and mopping is bad. If you have a lot of mopping, you’re throwing your hips around. I tire out very easy because of my back. But I’m better in my job now. A janitor on zero days, when the wind is blowin’ and he has to go up those stairs in ice cold weather—a lot of janitors are up in age. You’re talking about men fifty years old, fifty-five, up into there. He has to clean those porches off, he has to shovel the snow, and the ticker only takes so much. Now I have a jeep. I plow the whole sidewalk. Instead of shoveling, I just push it off now. Almost all the janitors . . .


pages: 945 words: 292,893

Seveneves by Neal Stephenson

Amazon: amazon.comamazon.co.ukamazon.deamazon.fr

clean water, Colonization of Mars, Danny Hillis, double helix, epigenetics, fault tolerance, Fellow of the Royal Society, Filipino sailors, gravity well, Isaac Newton, Jeff Bezos, kremlinology, Kuiper Belt, microbiome, phenotype, Potemkin village, pre–internet, random walk, remote working, side project, Silicon Valley, Skype, statistical model, Stewart Brand, supervolcano, the scientific method, Tunguska event, zero day, éminence grise

New arrivals tended to expect that anything placed elsewhere on the table would roll and slide down toward them. The walls were pale yellow. The usual collection of malfunctioning audiovisual equipment purported to show live video streams of people on the ground, in theory enabling them to teleconference with colleagues in Houston, Baikonur, or Washington. When the meeting began at A+0.0.4 (zero years, zero days, and four hours since the Agent had acted upon the moon), nothing was working, and so the occupants of Izzy had a few minutes to talk among themselves while Frank Casper and Jibran Haroun wiggled connectors, typed commands into computers, and rebooted everything. Relatively new arrivals to Izzy, Frank and Jibran had made the mistake of letting on that they were good at that sort of thing, so they always got saddled with it.