Friday, April 26, 2013

Security Attacks: From the Lab to the Streets: Automobiles

I dated a guy in high school that drove a Ford Escort.  I know, not that amazing. It gets more interesting, I promise. His father drove a Mercury Lynx. For those of you familiar with the American Automotive industry will know that those were essentially the same car, but with different badges on them.

I know, you're getting jealous of the exclusive circles I hung out in [1], but the point was, these cars came from different dealers and were purchased at different times.  What's interesting is that the keys for the Escort could unlock the Lynx.  The keys for the Lynx could unlock and start the Escort.  No, this family hadn't paid outrageous sums of money to get their cars rekeyed so this would work.  It just did.  These were 1980s model cars, and at the time, the American automotive industry just didn't make that many key combinations.

This became well known and break-ins would happen at the mall where I worked where there would be no evidence of forced entry.

Well, car manufacturers learned their lesson and came up with secure electronic keys.

At USENIX Security 2011, I attended a great set of talks on Analysis of Deployed Systems.  One talk, Comprehensive Experimental Analysis of Automotive Attack Surfaces (scroll down in my previous post, it was the 3rd talk), covered how it was possible, with some effort - to not only remotely unlock someone else's car, but also to start them and control them while in motion.  They found a car that had a live IRC channel on it.  You know, in case you need to chat with your car.  Heck, the researchers even reprogrammed the dashboard to display their website URL.

Really, the problem here is trying to cut costs and use as much vanilla software as possible.

Now, ABC is reporting how police are perplexed that there is a rash of automobile break-ins where the perpetrators are not physically attacking the machine.  Clearly, neither ABC nor the police attended the same USENIX Security talk that I did.

What do you think about modern cars and physical security?

[1] They did have an immaculate '57 Chevy in the garage. Yeah, but still.

Tuesday, April 23, 2013

NerdFun: Basic internals for a Tricorder?

I read this article on an "electronic nose" in the Mountain View voice today with glee!  This is basically the essential building block to an actual tricorder.  C'mon, admit it, you're a Star Trek fan, too.  How awesome will it be, when we can all carry around a device to see if the air is fit for human respiration? Check ourselves for toxins?  Very neat!

Meeting PCIDSS Compliance Using Oracle Solaris 11

There's a great new whitepaper, by Matt Getzelman of Coalfire, up on today on how Oracle Solaris 11 can be used to comply with Payment Card Industry regulations.  These types of regulations and guidance can be difficult to parse. This whitepaper takes you through the various Solaris 11 features that you can leverage to make sure you are in compliance with PCI DSS.

Sunday, April 14, 2013

Flash Mob: My walk for Multiple Myeloma

Cancer sucks. Period. The older I get, the more people I know personally that are battling this horrible disease.  It comes in some many forms.  Last weekend I walked for my friend Laura, who had just lost her seven year battle with Multiple Myeloma, a rare blood cancer, on March 25, 2013. She was just 57 years old.

Laura, though, never lost her joy of living and her appreciation of dance. She asked for one thing as the end approached: she wanted a flash mob to greet her in Heaven.  Her daughter, Jillian, arranged for just that. Here's the dance we did just before the walk - growing to over 100 dancers!

Thanks to everyone's incredibly generous support of my walk, I raised over $3500 towards Multiple Myeloma research.

Monday, April 8, 2013

Stein's Beer Garden: Mountain View Gastro Pub

We dined at this new gastro pub, Stein's Beer Garden, last night, very excited to see them finally open! Those of you that follow me on twitter will remember when I went to bat for the owners at the Mountain View City Council meeting last July.

It's a good start, but there's still room for improvement.

When we arrived and checked in with the hostess, we were told it would be a 10-15 minute wait. No problem. Another party of 2 came in about 5 minutes after us... and were seated before us.  Then another hostess asked if we'd been helped, yet (10 minutes into our wait). Apparently my name wasn't on the wait list.  Thus, we restarted our wait of 10-15 minutes. I wish they would just take reservations, or hand out pagers or something. Some places in SF (21st Amendment comes to mind) take your mobile number and page you. That would work, too.

There is an extensive beer menu, which is awesome, but too heavy a lean on some great breweries like the Bruery who only specialize in strong beers. If you're an IPA, amber or lager fan, you'll be hard pressed to find anything under 7.5% ABV (many more over 8 or 9% and even 11%!). The fruit beers were closer to 5%, but if you don't like fruit  flavor in your beer you'll be at a loss. There were also a few porter and stouts at the lower ABV, but not much overall choice (and there are 31 taps, so there should be a wider range  of styles/ABV). I had the Saison Extra, and it was excellent. The menu described it as the saisoniest saison - and they were right. Delicious. As it was a strong beer, I didn't have a second.

I ordered the grilled cheese sandwich and tomato soup - very yummy, though the bread was a bit greasy.  I can manage to make non greasy grilled cheese at home, so this should be possible to do here, too.  The bread itself was wonderful (made in house) so should be left to shine!

My husband got the homemade pastrami. The pastrami itself was very fatty, so it probably didn't need the cheese. The menu also said the sandwich would be served on toasted rye bread, but for unknown reasons, this sandwich was also grilled. The last thing you need on a sandwich with fatty meat is butter! It was too greasy for my husband to finish.

This makes me think that in general, the cooks should be trained to use less butter/grease. Reading other reviews, I see other similar comments. Great menu ideas, but not quite executed correctly.

Service was great, though like some other Yelp! reviews, we noted that the acoustics were terrible.  The ambiance is simply gorgeous, but something needs to be done about the noise.  In Paris, we saw a few restaurants and bars that put acoustic foam on the ceilings to deaden the noise. I'd highly recommend something similar.

I will be back. I hope the beer menu gets more balance soon - yes, do stock some "heavy hitters", but have some more 4-6%  ABV beers for those of us that like to have more than one beer with dinner.

Update:  I went again on Friday night. The beer list had changed quite a bit in those 5 days, and there were quite a few lower ABV beers than on Sunday, and a better mix - though I loved that Saison Extra so much, I had it again.  This time, the hostess took my cell phone number and name when we checked it in and wrote it on a clipboard.  Still an outrageous wait (1 hour 45 minutes), but good to know we were on the list.

My husband and I both ordered the "Pork and Beans" dinner, and it was just delicious.  Our other 3 friends ordered burgers. One ordered his rare with blue cheese. Another ordered his plain and well done.  The well done burger had the blue cheese on it. We also had to ask multiple people for cutlery after our food was delivered so that we could actually eat it.  Ketchup for the fries was slow coming as well.  So, still some service glitches but I'm happy to report improvements all around.