Jan. 8th, 2014

maxomai: dog (dog)
By way of background: the George Washington Bridge, which connects Fort Lee, NJ, to Manhattan, is the busiest bridge in the world. On September 9th, the first day of school for Fort Lee, three lanes of the GWB were closed by the New Jersey Port Authority, supposedly as part of a traffic study, creating an epic traffic nightmare that shut down most of Fort Lee. Last month, Rachel Maddow and others started reporting on indications that the closures may have been revenge for Fort Lee Mayor Mark Sokolich's refusal to endorse Christie in his bid last year for re-election. The Governor's office adamantly denied that the closures had anything to do with them. That's where things stood as of yesterday, and can find a timeline of the unfolding of the scandal up to today here.

Today, news site NorthJersey.com, the web presence of The Bergen Record, released emails they obtained (pdf) that tie the closures of those lanes directly to the Governor's Office. Quoting their story on those emails:

The messages are replete with references and insults to Fort Lee’s mayor, who had failed to endorse Christie for re-election and they chronicle how local officials tried to reach the Port Authority in a vain effort to eliminate the paralyzing gridlock that overwhelmed his town of 35,000, which sits in the shadow of the bridge, the world’s busiest.

Needless to say, Mayor Sokolich is pissed, and two Democratic NJ legislators are calling for a Federal investigation into the matter. You can read more about this at CBS, the New York Daily News, or elsewhere.

Why, you ask, does this story have national importance? This poll illustrates why:

CNN/ORC Poll released 26 December 2013:
For President (General, 2016)
Chris Christie (R) 48%
Hillary Clinton (D) 46%
MOE 3%
N=950 registered voters nationwide

Simply put, if Hillary Clinton decides to run for President, Chris Christie is the only Republican who stands a good chance of beating her. She creams everyone else in the field. It's therefore to the Democrats' advantage to paint Christie as a petty, spiteful jerk who's not above abusing his power over relatively minor slights. For this reason, I pretty much ignored the reporting of this story on MSNBC and other talking head outlets as having ulterior motives. These emails change all that, because they give the story real weight. Not to mention legs.
maxomai: dog (dog)
maxomai: dog (dog)
Editorial: Bruce Schneier is one of the most trusted names in computer security. He literally wrote the book on Applied Cryptography. Until recently, he was the Chief Security Officer at British Telecom, and he recently joined as Chief Technology Officer for a startup, Co3Systems. His opinion carries a lot of weight in the security world, which is part of the reason why his critiques of the US National Security effort after 9/11 has been so damning.

Below, we are shown an example of how the NSA has exploited a commonly used firewall appliance.

By the way - if the NSA has this exploit, so does everyone to whom the NSA has divulged the details of this exploit, willingly or unwillingly, officially or unofficially.


Originally posted by [livejournal.com profile] bruce_schneier at HALLUXWATER: NSA Exploit of the Day

Today's implant from the NSA's Tailored Access Operations (TAO) group implant catalog:


(TS//SI//REL) The HALLUXWATER Persistence Back Door implant is installed on a target Huawei Eudemon firewall as a boot ROM upgrade. When the target reboots, the PBD installer software will find the needed patch points and install the back door in the inbound packet processing routine.

Once installed, HALLUXWATER communicates with an NSA operator via the TURBOPANDA Insertion Tool (PIT), giving the operator covert access to read and write memory, execute an address, or execute a packet.

HALLUXWATER provides a persistence capability on the Eudemon 200, 500, and 1000 series firewalls. The HALLUXWATER back door survives OS upgrades and automatic bootROM upgrades.

Status: (U//FOUO) On the shelf, and has been deployed.

Page, with graphics, is here. General information about TAO and the catalog is here.

In the comments, feel free to discuss how the exploit works, how we might detect it, how it has probably been improved since the catalog entry in 2008, and so on.

This one is a big deal politically. For years we have been telling the Chinese not to install hardware back doors into Hauwei switches. Meanwhile, we have been doing exactly that. I wouldn't want to have been the State Department employee to receive that phone call.

maxomai: dog (dog)
New developments have arisen since I posted about the Christie/George Washington Bridge story.

The biggest story IMO is that the closures of the GWB delayed EMS response to four calls from Fort Lee. In one case, the patient, a 91-year-old woman, died later. Keep an eye on this, because the persons responsible for the lane closures are going to get sued, if not arrested.

Not quite as big a story, but still huge, is that Christie has issued a blanket denial of any knowledge of the orders issued from his office:

"What I've seen today for the first time is unacceptable. I am outraged and deeply saddened to learn that not only was I misled by a member of my staff, but this completely inappropriate and unsanctioned conduct was made without my knowledge. One thing is clear: this type of behavior is unacceptable and I will not tolerate it because the people of New Jersey deserve better. This behavior is not representative of me or my Administration in any way, and people will be held responsible for their actions." - source

LA Times columnist Robin Abcarian thinks this affair ends Christie's shot at a Presidential run. Democratic political analyst James Carville appears to agree:

I think Carville's half right. The political damage to Christie is going to get a lot worse. The flip side is that the actual big winner today isn't Jeb Bush, it's Hillary Clinton. I'm still not counting Christie out yet, but he's in a deep hole right now, and it's getting deeper.


maxomai: dog (Default)

September 2017

171819202122 23

Most Popular Tags

Style Credit

Expand Cut Tags

No cut tags
Page generated Oct. 23rd, 2017 03:04 pm
Powered by Dreamwidth Studios