DECISION STATS

Using Cloud Computing for Hacking

This is not about hacking the cloud. Instead this is about using the cloud to hack

Some articles last year wrote on how hackers used Amazon Ec2 for hacking/ddos attacks.

http://www.pcworld.com/businesscenter/article/216434/cloud_computing_used_to_hack_wireless_passwords.html

Roth claims that a typical wireless password can be guessed by EC2 and his software in about six minutes. He proved this by hacking networks in the area where he lives. The type of EC2 computers used in the attack costs 28 cents per minute, so $1.68 is all it could take to lay open a wireless network.

and

http://www.bloomberg.com/news/2011-05-15/sony-attack-shows-amazon-s-cloud-service-lures-hackers-at-pennies-an-hour.html

Cloud services are also attractive for hackers because the use of multiple servers can facilitate tasks such as cracking passwords, said Ray Valdes, an analyst at Gartner Inc. Amazon could improve measures to weed out bogus accounts, he said.

and this article by Anti-Sec pointed out how one can obtain a debit card anonymously

https://www.facebook.com/notes/lulzsec/want-to-be-a-ghost-on-the-internet/230293097062823

VPN Account without paper trail

Purchase prepaid visa card with cash
Purchase Bitcoins with Money Order
Donate Bitcoins to different account

Masking your IP address to log on is done by TOR

https://www.torproject.org/download/download.html.en

and the actual flooding is done by tools like LOIC or HOIC

http://sourceforge.net/projects/loic/

and

http://www.4shared.com/rar/UmCu0ds1/hoic.html

So what safeguards can be expected from the next wave of Teenage Mutant Ninjas..?

Go Deep

Stanford free online courses are now online

Atleast two of the online courses which were offered for free by Stanford, delayed , are now live! yeah!

Check out

1)
http://crypto-class.org/

Even though you’ve already signed up, you need to register and choose a password in the left side of the login box the first time you go to the site.

The class will last for six weeks and officially starts on March 12. We will be covering two topics per week. Each topic will consist of a series of lectures with some embedded questions. There will be a weekly programming assignment plus a weekly problem set. The first week’s assignments are posted and are due on March 26th.

2)

or those of you who want to get started sooner, we’ve already pre-posted the first week of lectures, as well as information about the course requirements, and the first problem set and programming assignment, both of which will be due on Sunday March 25th. You can check it all out now at:

http://algo-class.org/

Using Google Adwords to target Vic Gundotra and Matt Cutts stochastically

Over the Christmas break, I created a Google Adwords campaign using the $100 credit generously given by Google. I did it using my alumni id, even though I have a perfectly normal gmail id. I guess if Google allows me to use the credit on any account- well I will take it. and so a free experiment was borne.

But whom to target -with Google- but Google itself. It seemed logical

So I created a campaign for the names of prominent Googlers (from a list of Google + at https://plus.google.com/103399926392582289066/posts/LX4g7577DqD ) and limited the ad location to Mountain View, California.

NULL HYPOTHESIS- People who are googled a lot from within the office are either popular or just checking themselves.

Since Google’s privacy policy is great, has been now shown billions of times, well I guess what’s a little ad targetting between brother geeks. Right?

My ad was-

Hire Ajay Ohri
He is
Awesome
linkedin.com/in/ajayohri

or see screenshot below.

Here are the results-88 clicks and 43000 impressions (and 83$ of Google’s own money)

clearly Vic Gundotra is googled a lot within Mountain View, California. Does He Google himself.

so is Matt Cutts. Does HE Google himself or does he get elves to help him.

to my disappointment not many people clicked my LI offer, I am still blogging

and there were few clicks on Marissa Myers. Why Google her when she is right down the corridor.

The null hypothesis is thus rejected. Also most clicks were from display and not from search.

I need to do something better to do with Christmas break this year. I still got a credit of 16$ left.

Why the West needs China to start moving towards cyber conflict

Hypothesis-

Western countries are running out of people to fight their wars. This is even more acute given the traditional and current demographic trends in both armed forces and general populations.

A shift to cyber conflict can help the West maintain parity over Eastern methods of assymetrical warfare (by human attrition /cyber conflict).

Declining resources will lead to converging conflicts of interest and dynamics in balance of power in the 21 st century.

Assumed Facts–

The launch of Sputnik by USSR led to the moon shot rush by the US.1960s

The proposed announcement of StarWars by USA led to unsustainable defence expenditure by USSR.1980s

The threat of cyber conflict and espionage by China (and Russian cyber actions in war with Georgia) has led to increasing budgets for cyber conflict research and defense in USA. -2010s

Assumptions–

If we do not learn from history, we are condemned to repeat it.

Declining Populations in the West and Rising Populations in the East in the 21 st century. The difference in military age personnel would be even more severe, due to more rapid aging in the west.

Economic output will be proportional to number of people employed as economies reach similar stages of maturity (Factor-Manufacturing-Services-Innovation)

Data-

http://esa.un.org/unpd/wpp/unpp/panel_population.htm

http://www.census.gov/population/international/

GDP projections to 2050:

http://www.guardian.co.uk/news/datablog/2011/jan/07/gdp-projections-china-us-uk-brazil

Summary-

Western defence forces would not be able to afford a human attrition intensive war by 2030 given current demographic trends (both growth and aging). Existing balance of power could be maintained if resources are either shared or warfare is moved to cyber space. Technological advances can help augment resources reducing case for conflict scenarios.

Will the Internet be used by US against China in the 21 st century as Opium was used by GB in the 19th? Time will tell 🙂

Cloud Computing – can be evil

Cloud Computing can be evil because-

1) Most browsers are owned by for profit corporations . Corporations can be evil, sometimes

And corporations can go bankrupt. You can back up data locally, but try backing up a corporation.

2) The content on your web page can be changed using translator extensions . This has interesting ramifications as in George Orwell. You may not be even aware of subtle changes introduced in your browser in the way it renders the html or some words using keywords from a browser extension app.

Imagine a new form of language called Politically Correct Truthspeak, and that can be in English but using machine learning learn to substitute politically sensitive words with Govt sanctioned words.

3) Your DNS and IP settings can be redirected using extensions. This means if a Govt passes a law- you can be denied the websites using just the browser not even the ISP.

Thats an extreme scenario for a authoritative govt creating its own version of Mafiaafire Redirector.

So how to keep the cloud computer honest?Move some stuff to the desktop

How to keep desktop computing efficient?Use some more cloud computing

It is not an OR but an AND function in which some computing can be local, some shared and some in the cloud.

Si?

How to use Bit Torrents

I really liked the software Qbittorent available from http://www.qbittorrent.org/ I think bit torrents should be the default way of sharing huge content especially software downloads. For protecting intellectual property there should be much better codes and software keys than presently available.

The qBittorrent project aims to provide a Free Software alternative to µtorrent. Additionally, qBittorrent runs and provides the same features on all major platforms (Linux, Mac OS X, Windows, OS/2, FreeBSD).

qBittorrent is based on Qt4 toolkit and libtorrent-rasterbar.

qBittorrent v2 Features

Polished µTorrent-like User Interface

Well-integrated and extensible Search Engine

Simultaneous search in most famous BitTorrent search sites

Per-category-specific search requests (e.g. Books, Music, Movies)

All Bittorrent extensions

DHT, Peer Exchange, Full encryption, Magnet/BitComet URIs, …

Remote control through a Web user interface

Nearly identical to the regular UI, all in Ajax

Advanced control over trackers, peers and torrents

Torrents queueing and prioritizing

Torrent content selection and prioritizing

UPnP / NAT-PMP port forwarding support

Available in ~25 languages (Unicode support)

Torrent creation tool

Advanced RSS support with download filters (inc. regex)

Bandwidth scheduler

IP Filtering (eMule and PeerGuardian compatible)

IPv6 compliant

Sequential downloading (aka “Download in order”)

Available on most platforms: Linux, Mac OS X, Windows, OS/2, FreeBSD

So if you are new to Bit Torrents- here is a brief tutorial

Some terminology from

http://en.wikipedia.org/wiki/Glossary_of_BitTorrent_terms

Tracker

A tracker is a server that keeps track of which seeds and peers are in the swarm.

Seed

A Seed is used to refer to a peer who has 100% of the data. When a leech obtains 100% of the data, that peer automatically becomes a Seed.

Peer

A peer is one instance of a BitTorrent client running on a computer on the Internet to which other clients connect and transfer data.

Leech

A leech is a term with two meanings. Primarily leech (or leeches) refer to a peer (or peers) who has a negative effect on the swarm by having a very poor share ratio (downloading much more than they upload, creating a ratio less than 1.0)

1) Download and install the software from http://www.qbittorrent.org/

2) If you want to search for new files, you can use the nice search features in here

3) If you want to CREATE new bit torrents- go to Tools -Torrent Creator

4) For sharing content- just seed the torrent you just created. What is seeding – hey did you read the terminology in the beginning?

5) Additionally –

From

http://wiki.answers.com/Q/How_you_can_convert_a_file_into_a_torrent

Trackers: Below are some popular public trackers. They are servers which help peers to communicate.

Here are some good trackers you can use:

http://open.tracker.thepiratebay.org/announce
http://www.torrent-downloads.to:2710/announce
http://denis.stalker.h3q.com:6969/announce
udp://denis.stalker.h3q.com:6969/announce
http://www.sumotracker.com/announce

and

http://en.wikipedia.org/wiki/Glossary_of_BitTorrent_terms#Super-seeding

Super-seeding

When a file is new, much time can be wasted because the seeding client might send the same file piece to many different peers, while other pieces have not yet been downloaded at all. Some clients, like ABC, Vuze, BitTornado, TorrentStorm, and µTorrent have a “super-seed” mode, where they try to only send out pieces that have never been sent out before, theoretically making the initial propagation of the file much faster. However the super-seeding becomes less effective and may even reduce performance compared to the normal “rarest first” model in cases where some peers have poor or limited connectivity. This mode is generally used only for a new torrent, or one which must be re-seeded because no other seeds are available.

Note- you use this tutorial and any or all steps at your own risk. I am not legally responsible for any mishaps you get into. Please be responsible while being an efficient bit tor renter. That means respecting individual property rights.