While Linux boxes crashing in airlines’ on-board entertainment systems are nothing new, and several photos exist on the Internet depicting these crashes, I’m seeing something different these days…

On my way back from ph-neutral security conference in Berlin, I took a Continental 757 back to the US and observed the passenger entertainment system headrest in the row in front of me was frozen on the the movie selection GUI. The passenger in that seat asked the flight attendant to fix the problem and the headrest PC was rebooted from somewhere up front.

So, the funny (and a bit scary perhaps) bit is the screenshot I took of the reboot process. You can see the very high resolution photo here: http://tinyurl.com/linuxonplane

Observations from the linux crash on a plane photo:

1. 172.17.X.X private IP address range

2. FTP server IP address and transfer of system log tarball to the FTP server…user is “xxxxx” — imagine what the password might be…

Some reasonable concerns:

1. Tilting up the headrest PC and peeking behind it I saw CAT-5 cable. With a small tool or hands, and big cajones, an attacker *could possibly* unplug that cable and attach it to a laptop and hop onto the entertainment network. In addition, with some imagination and the right tools, an attacker could feasibly take over some or all aspects of the headrest PCs, including perhaps the sniffing of credit cards used by patrons, or even adding some specialized content…

2. This aircraft did not have on-board wireless Internet access, but I suspect that some airlines offering this service could have network crossover connectivity to different subnets, or perhaps only relying on VLANs for separation.

In the end, we can only hope that of the several networks likely running on a modern passenger jet, that true air-gapping is taking place and these systems are in no way connected to critical on-board networks. Time will tell if this is indeed the case. In the meantime, keep an eye out for those Linux boxes crashing on planes!

Do you accept the definition of cyber war presented here? How would you define and what would you call the recent exchange between China and Google? Cyber war to me seems a little extreme and hacktivism a little light.

Google attacked

http://www.npr.org/templates/story/story.php?storyId=122703950

Yahoo and others too?

http://www.bloomberg.com/apps/news?pid=20601204&sid=aRCof4o1aj5Y

Law firm a victim

http://www.securityfocus.com/brief/1062

China’s position

http://www.reuters.com/article/idUSTRE60D0CA20100114

Hacktivism

http://www.sophos.com/blogs/gc/g/2010/01/12/baidu-chinas-largest-search-engine-defaced-iranian-cyber-army/

US Cyber Command

http://www.defense.gov/news/newsarticle.aspx?id=54890

It may sound a bit like a storyline from the West Wing, but there actually is a branch of the government called the National Communications System tasked with ensuring that telecommunications related to “national security” remain intact and ready to use. President Kennedy created NCS in 1963, and its mandate has expanded to include high-priority Internet and mobile phone calls too.

While I assumed these agencies and systems were in place, I admit I did not know of their names. Browsing through the NCS website, it’s interesting to see the information that is publicly available. And yes, their advisory about the impending inauguration is probably right on… I imagine that cell phone traffic will just be a wee bit elevated over the next few days down in DC!

Technorati Tags:
ncs, government, obama, wireless

VoIP attacks should increase by 50 percent in 2008. More than twice the number of VoIP-related vulnerabilities were reported in 2007 versus the previous year – several high-profile “vishing” attacks, and a criminal phreaking (or fraud) conviction – so it’s clear that VoIP threats have arrived and there’s no sign of a slowdown.

Apparently, Skype is set to provide a new feature application to it’s customers, the KishKish Lie Detector, which analyzes audio stream data in real-time, supposedly indicating the stress level of the person it’s analyzing. This makes me wonder, what if both parties are analyzing each other? Could mutual suspicions cause an escalating stress readout as each party gets more and more nervous by the indicated stress levels of the other party?

From the KishKish Lie Dectector website:

Voice Stress Analysis (VSA) is a type of lie detector which measures stress in a person’s voice. The use of Voice Stress Analysis (VSA) as a lie detector became popular in the late 1970s and 80s. In the 90s the first Computerized VSA (CVSA) systems came to out to the market. The CVSAT is now the truth verification device of choice in the law enforcement community as the number of law enforcement agencies utilizing the CVSAT continues to grow dramatically, proving the viability of the system for twenty-first century crime detection. The CVSAT is also being utilized by the US Military in the global war on terrorism.

Now KishKish Lie detector offers you a tool to detect the stress level of the person you communicate with over Skype. With the use of KishKish Lie detector you can monitor in real-time the stress level of the person you talked with. This allows you to gage the level of stress and modify your questions in real time. You could also use our KishKish SAM VSA that allows you to record the call and analyze the stress level off-line.

Did I miss the part where law enforcement and Dept. of Homeland Security began interrogating people via Skype? Perhaps the call recording feature could be used by responsible and patriotic citizens when fear-mongered into believing that they could be talking to potential terrorists AT ANY GIVEN MOMENT. Or perhaps I’m giving this way too much thought and people are generally just distrustful of each other and want the data points to back up that gut feeling.

The same issue also has an article about CALEA, if that floats your boat. 

 

This device has two counters integrated into the lock: one is a dummy, and the other counts the number of times that the lock has been opened, allowing you to carefully monitor access to your piles of gold, kidnapped princesses, battle plans, and other precious posessions.

It’s very easy to fall into the conceit of thinking that security is a modern concern, but devices like this have been around for centuries.

 

 

At the time, Windows 3.0 was starting to erode DOS as the OS of choice for PCs, and IBM’s OS/2 was making its attempt for the title too.  It was also the time of word processor wars, spreadsheet wars and development tool wars, all categories where Microsoft was the eventual winner.

TCP/IP had yet to make its mark.  Hard to remember now, but Novell were the kings of the enterprise LAN, with their proprietary IPX protocol.  Banyan Vines and IBM’s Netbios were alternatives, but whichever way you looked, you found companies reluctant to bring in the IP alternative.  One of the news stories in this Byte was the release of an add-on TCP/IP for OS/2.  I remember myself the struggles adding the optional TCP/IP stack to Windows 3.0 instead of the default IPX and Netbios.  Although email was well established within enterprises, the idea of routinely exchanging emails with just anyone was alien.  Some thought that X.400 was going to interconnect the world, before SMTP and POP jumped up to take centre stage. 

In the Byte Summit, they gathered a panel of experts to guess at the future of computer systems.  Names like Bill Gates, Chuck Peddle, Tony Hoare, Grace Hopper, Danny Hillis and Philippe Kahn.  They came out with some great predictions, including flat panel displays and CD-ROMs on all machines.  They underestimated the pace of change, of course, imagining a minimum hard disk requirement of only 100 Mb. 

The significance of networks attracted less comment, but I guess the idea of a universal Internet was too big a step of the imagination at that point.  The Internet idea was too distant, so Voice over IP was inconceivable.  As the saying goes “The past is another country, they do things differently there”, and by the same token, the future is so different we cannot imagine how things will be done there.  Anyone care to make some predictions for the computers of 2020?