Tuesday, June 24, 2014

The Samsung Galaxy S5 has been rooted. Now what?

Samsung released the latest edition of their flagship Galaxy smartphone to great fanfare in April. Tinkerers immediately set about looking for ways to gain root privileges (in other words, full control over their device, rather than the limited control that Samsung and the various cellular providers wish you to have). A seasoned developer known as Chainfire quickly found ways to gain root on international versions, and shortly afterward on US versions running on T-Mobile and Sprint networks. Alas Verizon and AT&T models proved more difficult to exploit. So difficult in fact that a crowd-funded bounty reached over $18,000, to be claimed by the first person that published a reliable way to root these models.

Monday, June 16, 2014

Godzilla, zombies, and more thanks to highway sign security flaws

One Friday in May, drivers in several North Carolina cities saw something unexpected on their morning commute. Electronic signs above several highways – which normally displayed traffic alerts or safety reminders – instead read “HACK BY SUN HACKER.” In one case the sign also included an invitation to connect with the hacker on Twitter.

This isn’t the first case of “unofficial alerts” showing up on street signs. Earlier in May, a sign in San Francisco warned of a Godzilla Attack. In this case, the sign was owned by an equipment rental business that had rented the sign to the city for the annual Bay to Breakers race, and was apparently not Internet-connected. Rather, it was a matter of obtaining the combination to or physically breaking the lock, and reprogramming the message in person. Five years ago, signs in Austin warned of an impending zombie attack, while signs in Indiana alerted motorists to dinosaurs. Again, the signs were reprogrammed in person – a trivial activity as long as one can get past the (often flimsy) lock and follow.

Tuesday, June 10, 2014

Reflections on Awana

In my professional life I research security threats and network vulnerabilities. I have an additional passion though, a passion for children's ministry. I have served in Awana for 8 years, the last 5 of which I have been the club Commander. In that time, this year has been the most challenging personally.

The challenge was not the kids. I love the children we serve. Some I have known since preschool or before, others are new friends, but my heart is for each one. I have often said that I can begin a club night exhausted and end the night on a high - that is a true sign one is serving where their passion is!

Tuesday, June 3, 2014

Gameover ZeuS, Cryptolocker, Operation Tovar, Oh My...

The big news this week is the U.S. Department of Justice disclosing "Operation Tovar," an international sting operation that this weekend seized control of command and control servers directing the "Gameover ZeuS" criminal botnet. This botnet involved somewhere between a half million and a million computers, and was largely used to distribute a piece of malware known as CryptoLocker. The operation and its implications have been heavily covered in the news (at least among technology news sources). My intent is not to rehash the news, but rather to describe some steps to minimize the damage such malware can cause.

Whois David?

My photo

I have spent the better part of two decades in information technology and security, with roots in application developer support, system administration, and network security. My specialty is cyber threat intelligence - software vulnerabilities and patching, malware, social networking risks, etc. In particular, I strive to write about complex cyber topics in a way that can be understood by those outside the infosec industry.

Why do I do this? A common comment I get from friends and family is that complex security topics give them headaches. They want to know in simple terms how to stay safe in a connected world. Folks like me and my peers have chosen to make a profession out of hacking and defending. I've been doing this for the better part of two decades, and so have a high degree of knowledge in the field. Others have chosen different paths - paths where I would be lost. This is my effort to share my knowledge with those that are experts in something else.

When not in front of a digital screen, I spend my time raising five rambunctious teens and pre-teens - including two sets of twins. Our family enjoys archery, raising show and meat rabbits, and simply enjoying life in the Texas hill country.

For a decade I served as either Commander or a division leader for the Awana Club in Dripping Springs, Texas; while I have retired from that role I continue to have a passion for children's ministry. At the moment I teach 1st through 3rd grade Sunday School. Follow FBC Dripping Springs Kids to see what is going on in our children's ministries.