Author: Christopher Parsons

Policy wonk. Torontonian. Photographer. Not necessarily in that order.

Categories
Reviews

Review of the Countdown to Zero Day: Stuxnet and the Launch of the World’s First Digital Weapon

Countdown to Zero Day: Stuxnet and the Launch of the World’s First Digital Weapon

Rating: ⭐️⭐️⭐️⭐️⭐️

Zetter’s book engages in a heroic effort to summarize, describe, and explain the significance of the NSA’s and Israel’s first ‘cyber weapon’, named Stuxnet. This piece of malware was used to disrupt the production of nuclear material in Iran as part of broader covert efforts to delimit the country’s ability to construct a nuclear weapon. 

Multiple versions of Stuxnet were created, as were a series of complementary or derivative malware species with names such as Duqu and Flame. In all cases the malware was unusually sophisticated and relied on chains of exploits or novel techniques that advanced certain capabilities from academic theory to implementable practice. The reliance on zero-day vulnerabilities, or those for which no patches are available, combined with deliberate efforts to subvert the Windows Update system as well as use fraudulently signed digital certificates, bear the hallmarks of developers being willing to compromise global security for the sake of a specific American-Israeli malware campaign. In effect, the decision to leave the world’s computers vulnerable to the exploits used in the creation of Stuxnet demonstrate that offence was prioritized over defence by the respective governments and their signals intelligence agencies which authored the malware.

The book regales the reader with any number of politically sensitive tidbits of information: the CIA was responsible for providing some information on Iran’s nuclear ambitions to the IAEA, Russian antivirus researchers were monitored by Israeli (and perhaps other nations’) spies, historically the CIA and renown physicists planted false stories in Nature, the formal recognition as cyberspace as the fifth domain of battle in 2010 was merely formal recognition of work that had been ongoing for a decade prior, the shift to a wildly propagating version of Stuxnet likely followed after close access operations were no longer possible and the flagrancy of the propagation was likely an error, amongst many other bits of information.

Zetter spends a significant amount of time unpacking the ways in which the United States government determines if a vulnerability should be secretly retained for government use as part of a vulnerabilities equities process. Representatives from the Department of Homeland Security who were quoted in the book noted that they had never received information from the National Security Agency of a vulnerability and, moreover, that in cases where the Agency was already exploiting a reported vulnerability it was unlikely that disclosure would happen after entering the vulnerability into the equities process. As noted by any number of people in the course of the book, the failure by the United States (and other Western governments) to clearly explain their vulnerabilities disclosure processes, or the manners in which they would respond to a cyber attack, leaves unsettled the norms of digital security as well as leaves unanswered the norms and policies concerning when (and how) a state will respond to cyber attacks. To date these issues remain as murky as when the book was published in 2014.

The Countdown to Zero Day, in many respects, serves to collate a large volume of information that has otherwise existed in the public sphere. It draws in interviews, past technical and policy reports, and a vast quantity of news reports. But more than just collating materials it also explains the meanings of them, draws links between them that had not previously been made in such clear or straightforward fashions, and explains the broader implications of the United States’ and Israel’s actions. Further, the details of the book render (more) transparent how anti-virus companies and malware researchers conduct their work, as well as the threats to that work in an era when a piece of malware could be used by a criminal enterprise or a major nation-state actor with a habit of proactively working to silence researchers. The book remains an important landmark in the history of security journalism, cybersecurity, and the politics of cybersecurity. I would heartily recommend it to a layperson and expert alike.

Categories
Quotations

2019.1.14

Between 2002 and 2009, the [Industrial Control System Cyber Emergency Response Team] conducted more than 100 site assessments across multiple industries–oil and natural gas, chemical, and water–and found more than 38,000 vulnerabilities. These included critical systems that were accessible over the internet, default vendor passwords that operators had never bothered to change or hard-coded passwords that couldn’t be changed, outdated software patches, and a lack of standard protections such as firewalls and intrusion-detection systems.

But despite the best efforts of the test-bed and site-assessment researchers, they were battling decades of industry intertia–vendors took months and years to patch vulnerabilities that government researchers found in their systems, and owners of crucial infrastructure were only willing to make cosmetic changes to their systems and networks, resisting more extensive ones.

Kim Zetter, Countdown to Zero-Day
Categories
Links Photography Roundup Writing

The Roundup for December 24, 2018 – January 13, 2018 Edition

(Rusty Heights by Christopher Parsons)

Welcome to this edition of The Roundup! It’s taken a bit longer to put this together given the holidays, but I’m hoping to get back to scheduling these every other week or so. Enjoy the collection of interesting, informative, and entertaining links. Brew a fresh cup of coffee or grab yourself a drink, find a comfortable place, and relax.

Over the past few weeks, I’ve had the opportunity to take my coffee-game to a whole new level: I was generously gifted a Hario Cold Brew Coffee Pot by my family in December, and a Vietnamese Coffee Filter by a friend earlier this month. It’s been a lot of fun trying to determine which brew methods I prefer more or less and, also, meant that my coffee intake has probably doubled in the past month or so! Expect some thoughts and discussions about using either tool sometime in the future!

Inspiring Quotation

Be louder about the successes of others than your own.

  • Birthday fortune I received

Great Photography Shots

In a bit of a detour from most Roundups, I’m including some of my own preferred shots that I’ve taken over the past few months.

(Ghosts and Galleries by Christopher Parsons)

(Electric Blue by Christopher Parsons)

(Safe Harbour by Christopher Parsons)

(The Deep by Christopher Parsons)

(Eat! by Christopher Parsons)

(Dive by Christopher Parsons)

(School’s In by Christopher Parsons)

(Aquatic Textures)

Music I’m Digging

  • Bird Box (Abridged) (Original Score) // This is Trent Reznor and Atticus Ross at their best. The score is haunting, dystopia, and persistently just a little creepy.
  • Neisha Neshae – Poppin on the Internet (feat. Rocky Badd) (Single) // The power and energy of Neshae’s voice comes through in this single as clearly as in her EP, Queenin’. She remains as fun to listen to, now, as with her earlier work. I’m hoping that whenever she publishes a full album it manages to retain the strength and consistency of all of her work to date!
  • Jean-Michel Blais – Eviction Sessions (EP) // Blais’ work remains evocative and minimalist. This EP came after he was literally evicted from his Montreal apartment, and the work he played was an effort to memorialize and commemorate the space where so much of his music had been produced.
  • Spider-Man: Into the Spider Verse (Soundtrack) // I was absolutely amazed with how good the movie turned out to be, but before I saw it I was captivated by the soundtrack. Sunflower, Familia, Invincible, Memories, and Home were the stars of the album for me, though the entirety of the album held together remarkably well. I was surprised to hear almost all of the songs when I watched the film: these aren’t just songs intended to touch on the mood of the film but, instead, are key audio-emotional components the film itself. That they stand alone as strongly as they do is a remarkable accomplishment to my ear.

Neat Podcast Episodes

  • The Sporkful – When Celery Was More Special Than Caviar // I learned so much about celery in this episode! There are different kinds! There are different tastes! There is red, as well as striped, as well as ‘blanched’ celery!
  • The Current – ‘Don’t do it’: Trump’s criticism of central bank could backfire, warns former vice-chair // I found it most useful to hear about the difficulties in linking politics and a central bank and how, even if Trump does want to effect change quickly, that central banks and economies move so ponderously that he’s absolutely unlikely to adjust rates or the economy in a rapid manner should the current chair be replaced or the Fed totally shift its approach to the economy. Of course, neither of those things are likely and, instead, Trump will just posture for the purposes of satisfying his base.
  • Relationship Advice – What’s Your Fantasy? // The non-stigmatizing approach to thinking through, and engaging with, sexual fantasy in romantic relationships struck me as outlining a useful way of having conversations on the topic. Equally important was how to engage with a partner when they outline a fantasy that would be challenging or uncomfortable to satisfy, and how to find alternate means of expressing it in a manner that is satisfying and comfortable for all partners involved in it.
  • The Documentary – India’s battle with online porn // I went into this episode assuming, by default, that I would oppose all the proposals to ban or censor access to pornography. And while I mostly retain this position, I admit that I was shocked to learn about how common rape videos are being shared and it left me wondering about what approach makes the most sense to inhibit the spread of such violent videos while preserving basic rights. Especially given that many of the videos are shared between peers over encrypted messaging applications I don’t have an immediate response on how to deal with the sharing but, nonetheless, concur that the transmission of such videos does represent a real social ill that needs to be addressed.

Good Reads

  • Managing Burnout // As someone who’s suffered burnout a few times I think it’s really positive that a prominent member of the security community is openly discussing this challenge. Richard’s suggestions — that you build a fund for just burnout — is pretty solid, though admittedly works better in a community with above-average wages. What is missing, however, is an assessment of how to fix the culture which leads to burnout; that has to come from management since employees will take their cues from above. And to my mind management has to focus on combating burnout or else risk losing high-value employees with little opportunity to get an equivalently talented and priced replacement employee in the contemporary job market.
  • The 12 Stages of Burnout, According to Psychologists // Ever wonder if you or a loved one are suffering through severe burnout? This helpful list will showcase the different things that suggest burnout is being experienced with pretty clear indicators that you can use for self-diagnostic purposes.
  • “They Say We’re White Supremacists”: Inside the Strange World of Conservative College Women // Nancy Jo Sales’ long form piece trying to understand and express why young women support Donald Trump is illuminating, insofar as it showcases how these women hold more complex positions on some issues (e.g. abortion, rape) than might be expected while also conforming to stereotypes in other ways. What is hardest to appreciate is perhaps that they genuinely do regard feminism as ‘over’ and no longer needed, at least as they have lived their experiences as young white women. That they do not have a longer set of life experiences, such as in long term employment, nor experiences of minority populations, combined with Fox and similar news sources filling their political news appetite, makes their positions largely unsurprising. However, what also stands out is the automatic dismissal of their values and thoughts by liberal minded persons on campus: while liberalism must be intolerant of deep intolerance — such as white supremacy — that cannot apply to people who are simply holding divergent political opinions or else liberalism will have internally rebuked it’s own reason for acting as an effective and inclusive political theory.
  • Pilot project demos credit cards with shifting CVV codes to stop fraud // The idea that the CVV will change to combat online fraud seems like an interesting idea, though the actual security is going to be based on how effectively protected and randomized the seed for the randomization algorithm happens to be. Since attackers will have access to the actual cards — at least if distributed widely to the public in the future — then we’ll have to assume that any failures that are readable on the chip will certainly be found and exploited, so the math and tamper resistance properties are going to have to be exceptionally well implemented. Perhaps the most notable element of the proposed cards arrives at the end of Megan Guess’ article: whereas a regular card costs $2-4, those with a lithium battery to update the CVV will run closer to $15. In other words, whomever is producing the cards will need to be assured that they will, in aggregate, reduce fraud costs enough to merit the heightened production costs. It’ll be very interesting to see if the cards are suitably effective to lead to mass production or whether economics, as opposed to security, result in the cards being just a short-term trial or experiment.
  • Kengo Kuma’s Architecture of the Future // Kuma-san’s efforts to make architecture disappear, and work in contravention to the fantastic metal and glass structures of modernism and post-modernism, strike me as a kind of attempt to envision wabi-sabi in structures. In effect, his focus on the natural and celebrating the traditional and honouring its (often imperfect) characteristics seem to align with a need to seek peace and simplicity absent overt efforts to establish egoist-driven artefacts devoted to humanity’s triumphs.
  • This is how Canada’s housing correction begins // Kirby does a good job in collecting data to suggest a serious market correction could be coming as the Bank if Canada increases rates, which has had the effect of squeezing a large portion of homeowners who have grown up — and relied upon — cheap credit to buy homes and other consumer goods. Key is that the assessment doesn’t just indicate a forthcoming housing correction but, also, potentially a serious recession. Moreover, just how widely will this ‘correction’ be felt: will it mostly be younger millennials or include aging boomers who have drawn against their homes to support their children’s education and home purchases?
  • Great Expectations // Reflecting on what are non-negotiable traits in relationships is something that I do with some regularity, and this Medium post does a good job of summarizing many of the basic expectations that should be realized in any loving relationship. I particularly liked how the author ends by asserting that it’s critical for partners to engage in kindness in communicating, or work to avoid brashness and hostility in communications and instead focus on communicating our feelings in an open, transparent, and loving manner.
  • The US Military Is Genetically Modifying Microbes to Detect Enemy Ships // That humanity is modifying bacteria to react in the presence of different types fo fuel exhaust and related exhausts from ships, for the purposes of surveillance of maritime environments, is the thing of science fiction. And it’s going to start happening, soon!
  • GE Powered the American Century—Then It Burned Out // In an exceptional long-form piece, Thomas Gryta and Ted Mann document the slow, though hastening, fall of the General Electric. It’s stunning to read just how hard it has been for the company, and its CEOs, to effectively reposition the company in the face of major economic and political hurdles, and without clear evidence that the company will manage to survive in its conglomerated form over the coming decade.
  • Apple Expands AirPlay 2 Video Streaming To TV Sets // Benjamin Mayo’s Assessment that Apple licensing AirPlay 2 is a good thing, because while it might cannibalize Apple TV sales it will increase the joy of using an iPhone and the overall value of Apple services, is dead on.
  • Why Cider Means Something Completely Different in America and Europe // It makes sense, but I hadn’t thought of how important alcoholic cider was for colonial Americans (and the British, more generally) for ensuring that there was a drinkable liquid available that didn’t include harmful contaminants. Nor had I thought of how the temperance and prohibition eras would have transformed the nature of cider production, and led to the destruction of orchards that contained high-tannin apples that were principally grown to make cider. If you’re interested in cider and the broad strokes of its history in the United States of America, this is a good article to read through!

Cool Things

Categories
Aside

2019.1.13

It’s taken me way longer than it should have, but I finally put up a list of all of my favourite/most commonly listened to podcasts! They’re currently loosely ordered by topic; the next step will be to put together short explanation of why I like each of those given podcasts. Hopefully the process of putting together descriptions will take a lot less time than the initial compilation of the list itself!

Categories
Reviews Writing

Review of Happy City: Transforming Our Lives Through Urban Design

Rating: ⭐️⭐️⭐️⭐️⭐️

Mongomery’s book, Happy City: Transforming Our Lives Through Urban Design, explores how decades of urban design are destructive to human happiness, human life, and the life of the planet itself. He tours the world — focused mostly on Vancouver, Portland, Bogotá, Atlanta, and Hong Kong — to understand the different choices that urban designers historically adopted and why communities are railing against those decisions, now.

The book represents a tour de force, insofar as it carefully and clearly explains that urban sprawl — which presumed that we would all have cars and that we all wanted or needed isolated homes — is incredibly harmful. The focus of the book is, really, on how designing for cars leads to designing for things instead of people, and how efforts to facilitate car traffic has been antithetical to human life and flourishing. His call for happy cities really constitutes calls to, first and foremost, invest in urbanization and densification. Common social utilities, like transit and parks and community spaces, are essential for cities to become happy because these utilities both reduce commutes, increase socialization, and the presence of nature relieves the human mind of urban stresses.

While the book is rife with proposals for how to make things better, Montgomery doesn’t go so far as to argue that such changes are easy or that they can be universally applied everywhere. The infrastructure that exists, now, cannot simply be torn up and replaced. As a result he identifies practical ways that even suburban areas can reinvigorate their community spaces: key, in almost all cases, are finding ways to facilitate human contact by way of re-thinking the structures of urban design itself. These changes depend not only on — indeed, they may barely depend at all upon! — city planners and, instead, demand that citizens advocate for their own interests. Such advocacy needn’t entail using the language of architects and urban designers and can, instead, focus on words or themes such as ‘community’ or ‘safe for children to bike’ or ‘closer to community resources’ or ‘slower streets’ or ‘more green space’. After robustly, and regularly, issuing such calls then the landscape may begin to change to facilitate both human happiness and smaller environmental food prints.

If there is a flaw to this book, it is that many of the examples presume that small scale experiments necessarily are scalable to broad communities. I don’t know that these examples do not scale but, because of the relatively small sample-set and regularity at which Montgomery leverages them, it’s not clear how common or effective the interventions he proposes genuinely are. Nevertheless, this is a though-provoking books that challenges the reader to reflect on how cities are, and should be, built to facilitate and enable the citizens who reside within and beyond their boundaries.

Categories
Quotations

2019.1.7

We are now learning that the effect of density is nuanced. For one thing, wealthier people do better in apartment towers than poor people. Not only do they have the money to pay for concierges, maintenance, gardening, decoration, and child care, but, having chosen their residences, they tend to attach greater status to them. Home feels better when it carries a different message about who you are. (A building’s status can be altered without any physical change at all. When they were sold on the open market, once-despised social housing blocks in central London became objects of desire for middle-class buyers who fetishizes their retro modernism.)

Charles Montgomery, Happy City: Transforming Our Lives Through Urban Design
Categories
Quotations

2019.1.4

We need the nourishing, helping warmth of other people, but we also need the healing touch of nature. We need to connect, but we also need to retreat. We benefit from the conveniences of proximity, but these conveniences can come with he price of overstimulation and crowding. We will not solve the conundrum of sustainable city living unless we understand these contradictory forces and resolve the tension between them. How much space, privacy, and distance from other people do we need? How much nature do we need? Are there designs that combine the benefits of dispersal with the dividends of proximity?

Charles Montgomery, Happy City: Transforming Our Lives Through Urban Design
Categories
Aside

Apple, Handoff, and the Apple Ecosystem

I listen to a lot of podcasts and music throughout the day. It drives me nuts that there isn’t a consistent and reliable way to start listening to something on my Apple TV when having breakfast, shift to my iPhone while heading out to walk to a coffee shop, shift to listening on my iPad while reading/dealing with email, back to my iPhone for a walk to my office, and then finish listening to a playlist of my Mac without having to open the music app on each device, each time, and navigate to my place in a given playlist and start listening. Yes this is very much a first world problem but it’s the precise kind of problem that Apple’s famed integration is supposed to solve for me!

Categories
Quotations

2019.1.3

… the meeting place, the agora, the village square are not trivial. They are not civic decoration or merely recreational. The life of a community is incomplete without them, just as the life of the individual is weaker and sicker without face-to-face encounters with other people.

Charles Montgomery, Happy City: Transforming Our Lives Through Urban Design
Categories
Links Roundup

The Roundup for December 1-23, 2018 Edition

(Choices by Christopher Parsons)

Welcome to this edition of The Roundup! Enjoy the collection of interesting, informative, and entertaining links. Brew a fresh cup of coffee or grab yourself a drink, find a comfortable place, and relax.

Inspiring Quotation

“The Heart that gives, gathers.”

  • Tao Te Ching

Great Photography Shots

I really appreciated the simplicity of the smartphone shots, below, which were initially curated by Mobiography. I think it’s so important that to focus on the images that are being produced, as opposed to what produced them, to realize that almost all cameras are amply sufficient to get aesthetically pleasing images these days.

(‘Imagine a lonesome Pink balloon in a Pink room with no one to cheer up‘ by @arashrimus)

(‘Untitled‘ by @lucdigital)

(‘City boii‘ by @pixels.for.life)

Music I’m Digging

  • Bush – Deconstructed // I’ve been listening to Bush since they were Bush X. While I’ve never been a fan of all of their songs, Deconstructed manages to collect most of my favourite ones and remix them in particularly enjoyable ways. The album maintains the grittiness of the original tracks while mixing them with a healthy dose of electronica, thus transforming the tracks into something entirely new and different.
  • Ta-Ku – 50 Days For Dilla, Vol. 1 and Ta-Ku – 25 Nights for Nujabes // Both albums have a kind of trip-hop vibe and are almost entirely instrumental. I’ve been finding them to be nice background music while cooking, reading, or doing light writing. They’re definitely pretty solid chill out albums.
  • Sean Paul – Mad Love: The Prequel // I’m not typically a fan of Sean Paul, but any number of tracks on this album are great to listen to while going on a long walk, long bike, or other activity where you just want a fun beat to your step.

Neat Podcast Episodes

  • Wolverine: The Long Night // This twelve episode drama takes us to Alaska, where the FBI has come looking into whether Logan is hiding out in the area while also trying to solve the mysteries of a secret cult, a well established drug trade, magical ley lines, and a ‘protective’ town father. It’s the one podcast I’ve listened to over the past few weeks that gripped me and had me listen to almost all of it in a single, long, listen.

Good Reads

  • Inside Chronicle, Alphabet’s cybersecurity moonshot // Engadget’s long-form article does a really good job in working through the origins, and intentions, behind Alphabet’s newest threat-intelligence organization. The decision to leverage Google’s core strengths — search and machine learning — and then use them to track or identify threats in smaller organizations’ systems and networks seems like it could work, especially when Virus Total data can be used as a basis for teaching machines. Like all Alphabet/former X projects, however, it remains debatable whether the new organization will truly bloom or wither on the vine like some of Alphabet’s other moonshot projects.
  • Coffee roasting acoustics // This is, quite simply, an awesome paper that immediately appealed to me as a coffee nerd. The crux of the paper: ”The sounds of first crack are qualitatively similar to the sound of popcorn popping while second crack sounds more like the breakfast cereal Rice Krispies® in milk. Additional qualitative audible differences between first and second crack are: first crack is louder, first crack is lower in frequency, and individual second cracks occur more frequently within the chorus than first cracks. The purpose of the present work is to quantify these effects as a preliminary step toward the development of an automated acoustical roast monitoring technique.”
  • The Hidden Struggle to Save the Coffee Industry From Disaster // Coffee is in danger: it lacks significant genetic diversity and, as such, is threatened by increasing prevalence of rust leaf. Gunn’s article examines how geneticists are trying to diversity coffee trees’ DNA so that the trees adopt more resilient properties in the face of a changing climate. Any of their results are going to have to wait until 2025, however, which raises the question of whether a solution will be found in time to save/maintain/expand existing coffee plantations.
  • The Humble Brilliance of Italy’s Moka Coffee Pot // I learned so much about the Moka Coffee Pot in this article! Both in terms of the history of espresso and using steam in the brewing of coffee, as well as that the Moka Pot has serious design chops behind its creation. It’s painful to read, however, that coffee pods are significantly responsible for the threats facing Bialetti, especially given how the relatively affordable Moka Pot means that anyone can potentially create a nice cup of coffee compared to the travesties that emerge from the pod-based coffee systems.
  • Illusion of control: Why the world is full of buttons that don’t work // A combination of lack of repairs and belief that automated systems are safer have combined to mean that the beg buttons — those we press to get the walk signal to appear more quickly — just don’t do anything. Worse, the properties of these buttons meant to provide assistance to those hard of hearing don’t really function well because they’re largely inaudible. But the sense of pressing a button, in and of itself, is comforting and makes us less likely to just walk across a line of traffic.
  • The Amazing Psychology of Japanese Train Stations // The efforts to both try to mitigate suicides, while also drive youth from stations and prevent loitering, is pretty impressive. As is the rationale for different 7-second jingles in each station that indicate the closing of a door. Japan’s obsession with building things to perfectly suit the challenges at hand remain incredibly impressive.
  • Flying in airplanes exposes people to more radiation than standing next to a nuclear reactor — here’s why // As someone who probably flies too often I’m always worried about things like radiation exposure. This article from Business Insider does a good job in explaining the actual radiological dangers linked with air travel, though the only way to really avoid the harms is to not fly in the first place…
  • Inside China’s audacious global propaganda campaign // This longform article by the Guardian details how the Chinese government has been actively attempting to shape the world’s perception of the country’s and government’s ambitions, rationales, and motivations by way of taking control of the providers of information. From training journalists around the world to acquiring the media themselves, China is actively involved in a global information campaign that is different from any other type of information campaign in the world.
  • excerpts from my Sent Folder: to someone who wants to be a writer // I really like a lot of the editing advice here. It’s blunt and to the point and, if followed, will help someone start writing for the ‘right’ reasons and with an appropriate level of humbleness.
  • The Physical and Spiritual Art of Capoeira // I’d never come across a popular article that speaks to the totality of a capoeira practice. Some of it is, in hindsight, unsurprising: I don’t know of any martial art format that isn’t beautiful, deadly, and philosophical. What was particularly noteworthy was how capoeira is seen as linked with resistance and politics; though perhaps true of certain martial arts, it’s certainly not generally case and, as such, seems to make capoeira relatively novel.

Cool Things