Analysis of the Gauss Malware

Posted on 2013-03-18 by jcs

Over at Ars Technica Dan Goodin has a nice article analyzing the Gauss malware. Gauss appears to be related to Stuxnet and internal code signatures suggest that its provenance is the same1. Although Gauss was discovered last year, very little is known about its purpose or capabilities.

That’s because its payload—or more accurately, its warhead—is encrypted. Gauss appears to be looking for computers used for a specific application. It concatenates PATH and program directory names, adds a salt and hashes the results. If the resulting (key stretched) hash matches a compiled-in constant, Gauss has found the program it’s looking for. Then it hashes the same PATH and program name with a new salt and uses the result as a key to unencrypt the payload. Despite significant and sustained effort, researchers have not been able to find the key and thus have no idea what the payload is intended to do.

Goodin’s article is interesting and informative. If you have an interest in security, or just want to see how someone might go about protecting a piece of software from prying eyes, you’ll enjoy it.

Footnotes:

1 Said to be the United States and Israel.

Posted in General | Tagged | Leave a comment

Tilting At Windmills

Posted on 2013-03-17 by jcs

If you enjoy charging windmills and otherwise taking on semi-hopeless causes, you might consider signing the petition to save Google Reader. So far there have been over 100,000 signers. In all honesty, it probably won’t do much good but at least your voice will be heard and perhaps Google will come to understand, if only vaguely, what happens when they lose the trust of the so called “influencers” on the Internet.

Posted in General | 5 Comments

Secure Communications Apps

Posted on 2013-03-16 by jcs

Over at A Few Thoughts on Cryptographic Engineering, Matthew Green has a useful review of some secure communications apps. He looks at

  • Cryptocat
  • Silent Circle
  • RedPhone
  • Wickr

from the standpoint of code quality, encryption protocols, and ease of use.

Interestingly, Green examines the apps from the point of view of “should I use this application to fight an oppressive regime?” It’s not a frivolous question. Citizens fighting and journalists covering those oppressive regimes need to communicate and if their communications are not secure, their lives and the lives of others could be at risk. It also explains his emphasis on ease of use. Most revolutionists and journalists are not technically sophisticated and are especially prone to using crypto applications in a non-secure way.

If you’re looking for a way to keep your communications private—even if you’re not trying to overthrow a government—you should take a look at Green’s post. In addition to providing a review of some of the leading applications in the field, it shows you what sort of things to look for and what sort of questions to ask.

If you like his post, you might also enjoy this video of Green delivering a talk on the current state of cryptography. If you depend on cryptography in your day-to-day activities you will doubtless find it enlightening (and disturbing).

Posted in General | Tagged | Leave a comment

Git-Gutter

Posted on 2013-03-15 by jcs

If you liked the functionality I described in vc-annotate, you might also like Syohei Yoshida’s git-gutter. It’s a port to Emacs of the Sublime Text plugin of the same name. The idea is that it marks changes to your files in the fringe so that you can see at a glance how the file is evolving. As the same suggests, it works only with git.

There are a lot of options that determine how the changes are marked so if you want fancy symbols instead of the traditional + or -, you can have them. Of course, you don’t get as much information as vc-annotate gives you but you can see what parts of the file have changed (and how) anytime you have git-gutter toggled on. In that sense, it seems like a nice adjunct to vc-annotate. There are screen shots at the link so you can get a sense of what it looks like in action.

Posted in General | Tagged | 2 Comments

Google To Kill Google Reader

Posted on 2013-03-14 by jcs

Google has announced that they are shutting down Google Reader in July. I spend a lot of time in Reeder, which depends on Google Reader as a backend. I’ve seen some suggestions for alternatives—NewsBlur seems to be an early favorite—but I haven’t decided on a course of action yet.

If any of you have experience with other readers and are willing to offer your wisdom, please leave a comment. Maybe it’s only us nerds who care about RSS these days but I don’t know how I can live without it so I definitely need a replacement. One thing for sure, I don’t want to go back to using Safari and never having the feeds in sync between my Macs and iOS devices.

Again, if you have any advice, leave a comment.

Update: (Via Charlie Stross) Even Hitler is upset.

Posted in General | 1 Comment

Big Media and the User Experience

Posted on 2013-03-13 by jcs

Those of you who have been around Irreal for a while know that one of my favorite comics from The Oatmeal deals with what happens when an otherwise honest person tries to buy a video of Game of Thrones. It perfectly captures what a typical session of dealing with Hollywood and other big media conglomerates is like.

Of course, it’s just a cartoon so maybe this was The Oatmeal taking a little creative license and exaggerating a bit. Actually, it turns out it wasn’t. In a case of life imitating art, Martin Belam recounts what happened when he tried to redeem a certificate for a digital download that he got when he purchased a Doctor Who DVD. It’s an almost perfect recapitulation of the Oatmeal cartoon right down to the ending where Belam gives up and Googles the torrent. Be sure to take a look at the comments too. One commenter reports that he did make it through the ordeal only to discover that the video was of exceptionally poor quality.

I don’t understand all this user hostility on the part of big media. Hanlon’s Razor councils that this is probably just stupidity but, really, it’s not as if these people don’t understand technology—they have, after all, helped invent some of it. Here, by way of a caution for them, is some more Oatmeal that can serve as a prophetic warning.

Posted in General | Tagged | Leave a comment

Emacs 24.3

Posted on 2013-03-12 by jcs

By now you all probably know that Emacs 24.3 is out. This is a substantial release with lots of new goodies. I could write a long blog post about them but fortunately Mickey has has already done the work so I can be lazy.

As usual there was no problem compiling and installing Emacs. For OS X it’s just

./configure --with-ns
make install
cp -R nextstep/Emacs.app /Applications

If you’re on a different platform, just follow the directions in the INSTALL file.

This time I did have configuration problems. The first thing that happened was that Emacs couldn’t activate org2blog during initialization because it couldn’t find org. Of course, org was there but it wasn’t being managed by ELPA so I set it to be loaded by ELPA. That didn’t bother me because I’d been meaning to move the rest of my packages over to ELPA anyway. After that, everything loaded without problem. I started happily writing this post but when I went to insert the above link to Mickey, I got an error complaining that org-no-popups was not a valid function. After a little investigation I discovered that the Org folks are recommending against loading org with ELPA because of this error—they claim it’s a problem with ELPA. Now I was back to org2blog not loading. I moved that out of ELPA too and everything starting working fine.

I’d rather have everything in ELPA but I can live with the current situation. At least everything is working again. The takeaway is that if you’re an Org user (and are loading the latest version rather than the builtin) you may want to move it out of ELPA.

Once I got past the initialization problems, everything ran fine. As I said, this is a substantial release so it’s worth getting it installed as soon as you can find the time.

Posted in General | Tagged | Leave a comment

Help From Phil

Posted on 2013-03-11 by jcs

Regular reader Phil offers some help on help in the comments to the vc-annotate post. The first suggestion is something I think he’s mentioned before but that I promptly forgot. I often want to look at the source code that implements an Emacs command. Sometimes it’s just curiosity, other times I want to extend or modify the command or implement something similar. My normal procedure for this is to bring up the help page for the command with 【Ctrl+h f】 and then click on the link to the source code. Actually, there’s a function that does that for you: find-function. Phil assigns the key sequence 【Ctrl+h Ctrl+f】 for this. I do this operation often enough that this is a real time saver for me and I’ve added it to my init.el.

The second two commands are built in but virtually unknown. The sequence 【Ctrl+h F】 is just like 【Ctrl+h f】 except that it brings up the info page for the command. Similarly 【Ctrl+h K】 brings up the info page given the key sequence for the command.

These are really useful things to know so we all owe Phil thanks for (once again) pointing them out. Maybe now that I’ve blogged about them I’ll actually remember them.

Posted in General | Tagged | 1 Comment

Git as a Function Data Structure

Posted on 2013-03-10 by jcs

Philip Nilsson over at Jayway has an illuminating post about git. His idea is that git is best understood as a purely functional immutable data structure (like a CL list). That probably doesn’t seem very promising but he makes a good case and the approach does reveal the essential things you have to understand about git.

The post is well written and starts with a quick explanation of what he means by “purely functional” so even if you’re not a Lisper it will all make sense. I won’t step on Nilsson’s post by reiterating the details here so you’ll have to go on over to see them. Don’t worry, it’s worth the trip.

Posted in General | Tagged | Leave a comment

More on Quickdocs

Posted on 2013-03-09 by jcs

Recently I mentioned the Quicklisp indexing site Quickdocs. Since then, Fukamachi has continued to improve the site. He’s added categories so that you can browse the list of all libraries concerned with, say, Graphics. That gives you an idea of what’s available and, of course, you can drill down into any package that looks promising.

The site is generated automatically whenever a new Quicklisp distribution is released so it’s always up to date. This is promising to be a really great resource. If you haven’t taken a look at it yet or haven’t seen it since it was upgraded, it’s well worth your while to pay it a visit.

Posted in General | Tagged , | Leave a comment