ARGUS Lab Takes An Anthropological Approach to Studying Incident Response Teams

Bruce Schenier’s blog recently brought to my attention the work of the ARGUS Lab at Kansas State and how they intend to bring an anthropological approach toward the studying of incident response groups, hopefully elucidating how and why they work and more importantly where they can be improved. The related field of human factors has done much to allow aviation safety authorities to better understand the human dynamics which occur within an airline and how crew dynamics can either contribute to safer flying or conversely be an incident waiting to happen, so I don’t just want to brush this off as some kind of ‘out there’ project. Their aptly titled paper, An Anthropological Approach to Studying CSIRTs is available as a PDF.


Local Privilege Escalation in gksu under VirtualBox (CVE-2014-2943)

Earlier this week metasploit contributor Brandon Perry discovered a privilege escalation vulnerability in gksu running on the popular virtualization platform VirtualBox. It is important to note that Perry states the vulnerability is entirely the fault of gksu and that VBox does essentially what it is supposed to do. The linked article explains it all more thoroughly. It has now had CVE-2014-2943 assigned.

Another IoT Device Broken


Security firm Context recently reported on a vulnerability they discovered in a LIFX smart globe that resulted in credential disclosure and ultimately the ability to remotely alter the lamp’s state – that is to say, they were able to turn lamps on or off. Their report is an interesting read.

Microsoft Seizes

Krebs reported on a particularly worrying development concerning Microsoft’s recent bid to use the legal system against those who are controlling a large botnet affecting many Windows users, supposedly obtaining an injuction from a Nevada court allowing them to effectively seize domains belonging to no-ip, a dynamic DNS provider. The agreement was that Microsoft would route ‘friendly’ traffic downstream but that is apparently not happening.

This is why we need the judiciary to be well versed in technology before allowing them to adjudicate such matters. The court has effectively given Microsoft permission to MiTM the servers of no-ip for the sake of a few thousand infected machines, and their imperfect implementation has resulted in their services not functioning for legitimate users. Given that no-ip is a business that offers free and paid services it is highly likely they will lose customers over the downtime. With paid services there is often a SLA involved, and this too may result in financial penalties that must be paid to the customer to make good any damage caused by such downtime. Courts meddling with the affairs of the Internet rarely make sensible decisions and it appears that this is yet another case of the law being an ass.


Blackphone, a “secure” cellular phone was launched earlier this week. To be honest, I am a bit disappointed with this device, especially their choice to run an AOSP based ROM. Of course, the very notion of a ‘secure’ cellular phone is a misnomer. No matter how great their platform is, you’re always going to be carrying a portable tracking beacon.