Posts

Three Things: Mas Gas, Las Vegas and Sass

/19 Comments/in , , , /by

I’m not even going to touch the massive stream of news out of Washington over the last 24 hours, from the Washington Post piece featuring ‘leaked’ transcripts of Trump’s whack doodle conversations with Mexico’s and Australia’s presidents to the impaneled grand jury and subpoenas. Plenty of other material not getting adequate air time.

Speaking of air time, hope you have a chance to catch Marcy on Democracy Now. She spoke with Amy Goodman about the confirmation of Chris Wray as FBI Director as well as former Fox News contributor Rod Wheeler’s lawsuit against Fox News.

Onward…

~ 3 ~

Venezuela’s state-run oil producer PDVSA is cutting oil sales to U.S. refining unit Citgo Petroleum. At the same time it is increasing shipments of oil to Russia’s largest oil producer, Rosneft. Venezuela is using its oil to pay down a $1.6 billion loan extended to PDVSA last year. Rosneft has loaned an even larger sum of money in the not-too-distant past, but the terms aren’t known; payments in oil as well as a hefty minority stake in Citgo were believed to be included in negotiations.

The threat to U.S. gasoline supply: though at lower levels than a decade ago, Venezuela is the third largest supplier of oil to the U.S.

Citgo has, however, been shifting its purchasing wider afield than just PDVSA:

Citgo last year started sending gasoline and other fuels to Venezuela in exchange for a portion of its crude supply. But Citgo has increased the volume of U.S. oil it refines, and has also has also expanded its crude import sources.
[…]
U.S. President Donald Trump’s administration has promised strong economic sanctions against Venezuela’s government after a Constituent Assembly was elected last week in what United States called a “sham” vote. The new body will have power to rewrite the constitution and abolish the opposition-led Congress.

If those sanctions were to constrain Venezuela’s oil shipments to the United States, Citgo could be ahead of its competitors in finding new supply sources.

The public will feel at the pump whatever happens to Citgo and other gasoline producers. Gasoline prices are already $0.16-0.24 per gallon higher than they were last year.

Who is profiting from this?

~ 2 ~

I’ve been thinking about the tagline, “What happens in Vegas, stays in Vegas” right about now after the arrest of Marcus Hutchins, a.k.a. MalwareTechBlog following Defcon’s end in Las Vegas. You’ve probably read Marcy’s piece already (catch up if you didn’t); since she published her post the information security community has been digging into Hutchins’ past and stewing about why/what/how.

Some speculate this was an aggressive recruitment effort; this might explain why the U.K. didn’t arrest him before he left for Defcon. Or did the U.K. and the U.S. agree not to spook any Defcon attendees by stopping Hutchins before he arrived in Vegas? Responses by U.K. authorities are annoyingly banal:

A spokesman for the Foreign and Commonwealth Office said: “We are in touch with local authorities in Las Vegas following reports of a British man being arrested.”

The UK’s National Crime Agency said: “We are aware a UK national has been arrested but it’s a matter for the authorities in the US.”

Others speculate he was framed as the target of revenge by someone caught up in Alphabay’s seizure. How does shutting down WannaCry fit into this scenario?

I don’t have a favorite theory right now. All I know is that WannaCry’s heat map sticks in my craw.

One thing which should come out of this situation is a dialog about coding, malware, and intent; the infosec community is having that discussion now, but it needs to be wider. If a white hat codes malware in part or whole to investigate capabilities, they are only separated from criminal malware producers/sellers/distributors by intent. How does law enforcement determine intent?

~ 1 ~

Your opinion is constantly shaped by the media you consume. Some consumers aren’t conscious of this shaping; neither are some producers.

And some producers know it but are just plain jerks.

A very important way in which opinion is shaped is by the perspective presenting a viewpoint. If only the members of one-half of the population ever gets a chance to present a perspective, consumers’ opinions are narrowed by that same factor. This is why gender equity in media is critical; if you’re only hearing men you’re not getting but part of the picture.

WIRED magazine knows that gender equity in content is important, but their last issue contained only male-written content. As a twisted tribute to the women who helped produce the issue, WIRED stuck a colophon listing important females.

Including a dog.

Really? The women of WIRED are on the same footing as a pet?

Somebody/ies at WIRED need a kick in the sass; I don’t give a fig if half the staff is female if the content itself is all-male. I’m going to do my best this next month not to cite WIRED.

Don’t think for a moment this is just WIRED, either. The VIDA Count measures annually gender equity in literary arts. There’s progress though slow.

~ 0 ~

That’s a wrap on this open thread. Let’s hope with Tiny Hands McGolfer on vacation that news slows a bit as we enter this weekend. I’m not holding my breath though. Behave.

Tuesday Morning: I Don’t Want It Good

/18 Comments/in , /by

I don’t want it good. I want it Tuesday.
— Jack Warner

Pretty sure Mr. Warner would get it just the way he wanted it today.

Surprise: Saudis and Russia agree mutual economic destruction = bad
Expect a rocky market today after a hush-hush agreement by Saudi Arabia and Russia to hold oil production levels to January levels. The FTSE and Brent crude have already taken a hit, though why Brent’s price dropped when supply firmed/tightened makes no sense to me. Good thing I’m not a commodities broker.

Predictable outcome: Dropbox account hacked, contents posted, then teacher fired
I feel awful for this poor teacher, whose privacy was violated and his job lost after someone hacked his Dropbox account, then posted a personal sex tape on his school’s website. Unfortunately, this is another painful real-life lesson: Do NOT store content in the cloud if the content hurt you if leaked.

Shaken by a quake? There’s an app for that
UC Berkeley Seismological Lab released an Android app called MyShake. The application detects vibration fitting earth tremor profiles and reports them to the lab for diagnostics. Enough data combined with other seismic monitoring can confirm an earthquake. The Seismological Lab hopes to build a global seismic detection network which can help detect earthquakes before they begin. With enough advance notice, humans may be able to reduce damage and injury. The Lab says the app runs silently in your phone’s background and doesn’t use up the battery, but this seems like an impossibility. Only one way to find out, though, and only one way for the lab to improve the app’s performance. An iOS version is expected in the near future.

Volkswagen fined by Mexico over emissions — but not the defeat device
Looks like VW imported more than 45,000 vehicles into Mexico without dotting all the Is and crossing all the Ts. The automaker has been fined nearly $9 million dollars (168 million pesos) for failing to obtain mandatory emission and noise certifications. Sounds like VW needs to overhaul its management culture.

Air-gapped computers may not be safe from hacking
A team of researchers from Tel Aviv University and Technion identified a means for hacking air-gapped computers in a completely separate room in order to snag data. Their method only required an antenna, amplifiers, a software-defined radio, and a laptop to measure electromagnetic waves created by a target computer as it deciphered a specific message.

There it is: it ain’t good, but you’ve got it on a Tuesday.