Airport Runways And Hashtags — How To Become A Social Engineer

Of the $11.7 million companies lose to cyber attacks each year, an estimated 90% begin with a phone call or a chat with support, showing that the human factor is clearly an important facet of security and that security training is seriously lacking in most companies. Between open-source intelligence (OSINT) — the data the leaks out to public sources just waiting to be collected — and social engineering — manipulating people into telling you what you want to know — there’s much about information security that nothing to do with a strong login credentials or VPNs.

There’s great training available if you know where to look. The first time I heard about WISP (Women in Security and Privacy) was last June on Twitter when they announced their first-ever DEFCON Scholarship. As one of 57 lucky participants, I had the chance to attend my first DEFCON and Black Hat, and learn about their organization.

Apart from awarding scholarships to security conferences, WISP also runs regional workshops in lockpicking, security research, cryptography, and other security-related topics. They recently hosted an OSINT and Social Engineering talk in San Francisco, where Rachel Tobac (three-time DEFCON Social Engineering CTF winner and WISP Board Member) spoke about Robert Cialdini’s principles of persuasion and their relevance in social engineering.

Cialdini is a psychologist known for his writings on how persuasion works — one of the core skills of social engineering. It is important to note that while Cialdini’s principles are being applied in the context of social engineering, they are also useful for other means of persuasion, such as bartering for a better price at an open market or convincing a child to finish their vegetables. It is recommended that they are used for legal purposes and that they result in positive consequences for targets. Let’s work through the major points from Tobac’s talk and see if we can learn a little bit about this craft.

Continue reading “Airport Runways And Hashtags — How To Become A Social Engineer”

Echos Of The Cold War: Nuclear-Powered Missiles Have Been Tried Before

On August 8th, an experimental nuclear device exploded at a military test facility in Nyonoksa, Russia. Thirty kilometers away, radiation levels in the city of Severodvinsk reportedly peaked at twenty times normal levels for the span of a few hours. Rumors began circulating about the severity of the event, and conflicting reports regarding forced evacuations of residents from nearby villages had some media outlets drawing comparisons with the Soviet Union’s handling of the Chernobyl disaster.

Today, there remain more questions than answers surrounding what happened at the Nyonoksa facility. It’s still unclear how many people were killed or injured in the explosion, or what the next steps are for the Russian government in terms of environmental cleanup at the coastal site. The exceptionally vague explanation given by state nuclear agency Rosatom saying that the explosion “occurred during the period of work related to the engineering and technical support of isotopic power sources in a liquid propulsion system”, has done little to assuage concerns.

The consensus of global intelligence agencies is that the test was likely part of Russia’s program to develop the 9M730 Burevestnik nuclear-powered cruise missile. Better known by its NATO designation SSC-X-9 Skyfall, the missile is said to offer virtually unlimited flight range and endurance. In theory the missile could remain airborne indefinitely, ready to divert to its intended target at a moment’s notice. An effectively unlimited range also means it could take whatever unpredictable or circuitous route necessary to best avoid the air defenses of the target nation. All while traveling at near-hypersonic speeds that make interception exceptionally difficult.

Such incredible claims might sound like saber rattling, or perhaps even something out of science fiction. But in reality, the basic technology for a nuclear-powered missile was developed and successfully tested nearly sixty years ago. Let’s take a look at this relic of the Cold War, and find out how Russia may be working to resolve some of the issues that lead to it being abandoned. Continue reading “Echos Of The Cold War: Nuclear-Powered Missiles Have Been Tried Before”

Holey Moley: Fixing The Mars InSight Mole

In the early 1990s, NASA experienced a sea change in the way it approached space exploration. Gone were the days when all their programs would be massive projects with audacious goals. The bulk of NASA’s projects would fall under the Discovery Project and hew to the mantra “faster, better, cheaper,” with narrowly focused goals and smaller budgets, with as much reuse of equipment as possible.

The idea for what would become the Mars InSight mission first appeared in 2010 and was designed to explore Mars in ways no prior mission had. Where Viking had scratched the surface in the 1970s looking for chemical signs of life and the rovers of the Explorer program had wandered about exploring surface geology, InSight was tasked with looking much, much deeper into the Red Planet.

Sadly, InSight’s primary means of looking at what lies beneath the regolith of Mars is currently stuck a few centimeters below the surface. NASA and JPL engineers are working on a fix, and while it’s far from certain that that they’ll succeed, things have started to look up for InSight lately. Here’s a quick look at what the problem is, and a potential solution that might get the mission back on track.

Continue reading “Holey Moley: Fixing The Mars InSight Mole”

Why Spacecraft Of The Future Will Be Extruded

It’s been fifty years since man first landed on the Moon, but despite all the incredible advancements in technology since Armstrong made that iconic first small step, we’ve yet to reach any farther into deep space than we did during the Apollo program. The giant leap that many assumed would naturally follow the Moon landing, such as a manned flyby of Venus, never came. We’ve been stuck in low Earth orbit (LEO) ever since, with a return to deep space perpetually promised to be just a few years away.

Falcon Heavy Payload Fairing

But why? The short answer is, of course, that space travel is monstrously expensive. It’s also dangerous and complex, but those issues pale in comparison to the mind-boggling bill that would be incurred by any nation that dares to send humans more than a few hundred kilometers above the surface of the Earth. If we’re going to have any chance of getting off this rock, the cost of putting a kilogram into orbit needs to get dramatically cheaper.

Luckily, we’re finally starting to see some positive development on that front. Commercial launch providers are currently slashing the cost of putting a payload into space. In its heyday, the Space Shuttle could carry 27,500 kg (60,600 lb) to LEO, at a cost of approximately $500 million per launch. Today, SpaceX’s Falcon Heavy can put 63,800 kg (140,700 lb) into the same orbit for less than $100 million. It’s still not pocket change, but you wouldn’t be completely out of line to call it revolutionary, either.

Unfortunately there’s a catch. The rockets being produced by SpaceX and other commercial companies are relatively small. The Falcon Heavy might be able to lift more than twice the mass as the Space Shuttle, but it has considerably less internal volume. That wouldn’t be a problem if we were trying to hurl lead blocks into space, but any spacecraft designed for human occupants will by necessity be fairly large and contain a considerable amount of empty space. As an example, the largest module of the International Space Station would be too long to physically fit inside the Falcon Heavy fairing, and yet it had a mass of only 15,900 kg (35,100 lb) at liftoff.

To maximize the capabilities of volume constrained boosters, there needs to be a paradigm shift in how we approach the design and construction of crewed spacecraft. Especially ones intended for long-duration missions. As it so happens, exciting research is being conducted to do exactly that. Rather than sending an assembled spacecraft into orbit, the hope is that we can eventually just send the raw materials and print it in space.

Continue reading “Why Spacecraft Of The Future Will Be Extruded”

A Trillion Trees – How Hard Can It Be?

Data from 2016 pegs it as the hottest year since recording began way back in 1880. Carbon dioxide levels continue to sit at historical highs, and last year the UN Intergovernmental Panel on Climate Change warned that humanity has just 12 years to limit warming to 1.5 C.

Reducing emissions is the gold standard, but it’s not the only way to go about solving the problem. There has been much research into the field of carbon sequestration — the practice of capturing atmospheric carbon and locking it away. Often times, this consists of grand plans of pumping old oil wells and aquifers full of captured CO2, but there’s another method of carbon capture that’s as old as nature itself.

As is taught in most primary school science courses, the trees around us are responsible for capturing carbon dioxide, in the process releasing breathable oxygen. The carbon becomes part of the biomass of the tree, no longer out in the atmosphere trapping heat on our precious Earth. It follows that planting more trees could help manage carbon levels and stave off global temperature rises. But just how many trees are we talking? The figure recently floated was 1,000,000,000,000 trees, which boggles the mind and has us wondering what it would take to succeed in such an ambitious program.

Continue reading “A Trillion Trees – How Hard Can It Be?”

Automate The Freight: When The Freight Is People

Before I got a license and a car, getting to and from high school was an ordeal. The hour-long bus ride was awful, as one would expect when sixty adolescents are crammed together with minimal supervision. Avoiding the realities going on around me was a constant chore, aided by frequent mental excursions. One such wandering led me to the conclusion that we high schoolers were nothing but cargo on a delivery truck designed for people. That was a cheery fact to face at the beginning of a school day.

What’s true for a bus full of students is equally true for every city bus, trolley, subway, or long-haul motorcoach you see. People can be freight just as much as pallets of groceries in a semi or a bunch of smiling boxes and envelopes in a brown panel truck. And the same economic factors that we’ve been insisting will make it far more likely that autonomous vehicles will penetrate the freight delivery market before we see self-driving passenger vehicles are at work with people moving. This time on Automate the Freight: what happens when the freight is people?

Continue reading “Automate The Freight: When The Freight Is People”

USB-C: One Plug To Connect Them All, And In Confusion Bind Them

USB stands for Universal Serial Bus and ever since its formation, the USB Implementers Forum have been working hard on the “Universal” part of the equation. USB Type-C, which is commonly called USB-C, is a connector standard that signals a significant new chapter in their epic quest to unify all wired connectivity in a single specification.

Many of us were introduced to this wonder plug in 2015 when Apple launched the 12-inch Retina MacBook. Apple’s decision to put everything on a single precious type-C port had its critics, but it was an effective showcase for a connector that could handle it all: from charging, to data transfer, to video output. Since then, it has gradually spread to more devices. But as the recent story on the Raspberry Pi 4’s flawed implementation of USB-C showed, the quest for a universal connector is a journey with frequent setbacks.

Continue reading “USB-C: One Plug To Connect Them All, And In Confusion Bind Them”