Profile

Cover photo
Anthony Towns
Worked at Red Hat Software
Attended University of Queensland
Lived in Brisbane, Australia
297 followers|101,353 views
AboutPostsPhotosVideos+1's

Stream

Anthony Towns

Shared publicly  - 
 
So I'm thinking the "ads by dnsunlocker" thing might actually be due to a MITM exploit using mobile data (through Internode/optus), and presumably getting bad dns responses to something, leading to edited web pages being returned over unsecured http?
1
Add a comment...

Anthony Towns

Shared publicly  - 
 
I used to think arguing on Usenet and mailing lists had made me pretty au fait with snark, but playing with https://github.com/jancarlsson/snarkfront is teaching me I have much to learn...
3
Add a comment...

Anthony Towns

Shared publicly  - 
 
 
PWN2OWN Mobile: Daniel Komaromy (@kutyacica) and Nico Golde (@iamnion) pwned the baseband radio in a brand new Samsung S6 Edge that I unsealed from the box and updated to latest software at the conference.

The software radios on the table are pretending to be a cellphone base station - we are doing this in an isolated room deep underground where there is no cellphone coverage to interfere with and I am the only other person in the room. As soon as we power up the new phone in the presence of their attack radio, their signal patches the radio runtime software of the baseband processor (the other cpu in your cellphone that users can't access that takes care of the radio to talk to the network) so that after the patch any phone calls I make are routed to them instead of their intended destination.

I tested this after when we went to where we did have cellphone coverage by trying to dial my Japanese cellphone and it rang on Nico's cellphone instead. The modified radio software also forwarded the original number dialled so in the real world an attacker would then use a VoIP proxy to forward the call imperceptibly and listen in on it.

Ironically enough, this year at PWN2OWN we have had some of the most significant research with the smallest prizes ever, in the true spirit of security research - to reward these guys since I don't have a lavish budget I'm going to fly them and their wives, girlfriends and family to CanSecWest next year to come snowboarding/skiing after they give a technical presentation on doing security research on baseband processors and this vulnerability. (Hat tip to the Blackberry security folks who got us in touch with the right folks to get the vulnerability information to Samsung through a VP they know there.) I would like to get these guys some further reward, beyond the bragging rights for winning PWN2OWN and being the first to show a successful baseband attack, for this significant research, especially since last year we were offering $150,000 rewards for an attack like this.

These guys have been doing this work in their spare time in addition to their day jobs and have put in a significant amount of time into doing this to secure the whole industry. So if you folks know a bounty program that would be interested in these and other significant cellphone baseband radio discoveries please contact me.
3 comments on original post
2
Paul Wayper's profile photo
 
Funny how the "security researchers" that were complaining about LWN's coverage of the recent Washington Post article are the ones saying "we're not going to work on improving security in the Linux kernel unless you pay us lots of money".  And yet here we have security researchers working for minimal prizes to show just how insecure our phones are.
Add a comment...

Anthony Towns

Shared publicly  - 
 
 
Quoth my colleague, Mr. McGreevy, "Your file system's writing chunks that your OS can't cache".
1 comment on original post
3
Add a comment...

Anthony Towns

Shared publicly  - 
 
http://www.themoneyillusion.com/?p=29567

"Nonetheless, when the specifics in Plan A were presented as the Democratic plan and B as the Republican plan, Democrats preferred A by 75 percent to 17 percent, and Republicans favored B by 13 percent to 78 percent. When the exact same elements of A were presented in the exact same words, but as the Republicans’ plan, and with B as the Democrats’ plan, Democrats preferred B by 80 percent to 12 percent, while Republicans preferred “their party’s plan” by 70 percent to 10 percent. Independents split fairly evenly both times. In short, support for an identical education plan shifted by more than 60 points among partisans, depending on which party was said to back it."
I frequently argue that public opinion polls on complex policy issues are almost meaningless. (Although polls can be useful for predicting election outcomes.) It all depends on the framing. Here's another study that reached the same conclusion: We presented respondents with two different ...
3
1
David Pennock's profile photo
 
There's no better evidence that you can't think for yourself than joining a political party. 
Add a comment...

Anthony Towns

Shared publicly  - 
 
Hmm, pixz actually works pretty well -- output size is about half that if gzip -9, while real runtime (with 8 cores running in parallel) is still about the same.
3
Lev Lafayette's profile photo
 
This looks worthy of further investigation.
Add a comment...

Anthony Towns

Shared publicly  - 
 
 
There was an XKCD strip last month which compared the relative frequency of days of the month being mentioned in print (as recorded in Google Ngram Viewer). In the alt text, Randall noted that, besides September, the 11th is apparently mentioned substantially less often than any other day, and he was not sure why. Here, David Hagen discovers why.

(Spoiler: It's because Google's OCR is misclassifying "11th" as "nth" in many 20th-century typefaces.)
On November 28th, 2012, Randall Munroe published an xkcd comic that was a calendar in which the size of each date was proportional to how often each date is referenced by its ordinal name (e.g. “October 14th”) in the Google Ngrams database since 2000. Most of the large days are pretty much what ...
View original post
3
Add a comment...

Anthony Towns

Shared publicly  - 
 
Okay, wtf. I have a chrome virus -- it seems to be "InterYield", and takes over clicks from random websites to redirect them to unrelated ad sites (it also sometimes pops up a little "Interstitial information" info box at the bottom right of the web page). It appears on both my phone and my (Linux) desktop (which runs Debian's chromium), presumably propogating via Chrome's cloud-settings feature.

The only info I can find on the web for this is "go into Windows and change the registry settings", "run an anti-virus program", and "reset your chrome settings on all your devices", of which only the latter's applicable (at least, I don't think I've even logged onto my google account on a Windows machine...).

My Chrome plugins (on my linux instance) are just two instances of "Chromium PDF Viewer", one marked as internal-pdf-viewer, the other as "chrome-extension://mhjfbmdgcfjbbpaeojofohoefgiehjai/" (which seems like it's legit, but...). My Chrome extensions are AdBlock, Bookmark Manager 0.1, Chromium PDF Viewer, CryptoTokenExtension, Google Cast, Incognito Filter, and Quick Bookmarks (which is disabled).

Does anyone have any idea wtf chrome thinks it's doing (or how to find out), or should I just switch to firefox/iceweasel and declare a pox on Google?
2
Stuart Young's profile photoAnthony Towns's profile photoJoel Stanley's profile photoJulian Edwards's profile photo
4 comments
 
Deleting browser data/cookies fixed it for me.
Add a comment...

Anthony Towns

Shared publicly  - 
 
https://xkcd.com/1200/ -- something that's bugged me a little is the way Unix has lots of protection from different users spying on each other, but the way I actually use it on my laptop, there's just one user (and sudo and ssh-agent allows that user to easily get additional access to the system or other systems). So if a program misbehaves, or my web browser has a vulnerability, it's game over.

In that vein, I thought it might be interesting to try doing things a bit differently. So on my new laptop, I'm running chromium via "xpra ssh:aj-web@localhost:100" instead of directly -- so even if there are exploits, it can't do anything onboxious my actual data, or get access to sudo, or ssh anyway using my agent keys. Of course, this will probably be annoying when I want to upload/download stuff, but hopefully that'll be mild.

I think xpra gets the right mix of features to optimise for security -- X lets apps peak at other apps' display, input, and clipboard, but detaching the xpra session should block that if you need to do something more sensitive than normal (banking passwords?), and you can just reattach and pick up where you left off afterwards. Having chromium fire up libreoffice or similar to view untrusted documents all as a sub-privileged user seems like it also works about right.

So far xpra seems pretty great; it's working fine for typing this, eg. It seems to play youtube vidoes okay even, though for some reason sound is entirely disabled. I guess I could try changing the "speaker=off" setting in /etc/xpra/xpra.conf at some point though...
3
David Bremner's profile photoJulian Andres Klode's profile photo
4 comments
 
+David Bremner I don't think so, I think you are confusing me with someone else with regards to that discussion.
Add a comment...

Anthony Towns

Shared publicly  - 
 
http://lwn.net/Articles/646061/

"I think that, as experts, we should regularly make mistakes - very public mistakes. That way people don't get lulled into the idea that we can't. Linus has been doing it for years and it seems to be working for him."
4
1
Anthony Towns's profile photo
 
The article that inspied that comment is pretty good too actually -- http://www.ncbi.nlm.nih.gov/pmc/articles/PMC1118019/
Add a comment...
Work
Occupation
Hacker
Employment
  • Red Hat Software
    Release Engineer, 2011 - 2014
Places
Map of the places this user has livedMap of the places this user has livedMap of the places this user has lived
Previously
Brisbane, Australia - Hay, NSW, Australia - Deniliquin, NSW, Australia
Education
  • University of Queensland
    Maths, Computer Science, 1996 - 1999
Basic Information
Gender
Male
Anthony Towns's +1's are the things they like, agree with, or want to recommend.
Altus Metrum
plus.google.com

open hardware and software designs for high powered model rocketry