1. A Modest Proposal

Daylight Saving Time

Allegedly, the purpose of Daylight Saving Time is to save energy by manipulating a unit of measurement.

Mileage Saving Time

I have a similar proposal for how to save on gasoline usage. If we redefine the mile to be 4,800 feet during Summer — when people drive the most. Then everyone will drive 10% more miles per gallon of gas. So for example, during the winter, if your car gets 30MPG, then during Mileage Saving Time, you'd be getting 33MPG!

(Actually, it's more like redefining the distance between San Francisco, and Sacramento from 90 miles to 80 miles. That way the two cities are closer together, reducing the amount of time and energy spent traveling between them.)

2. Something Technical

Simple Hash Function(s)

I occasionally spend time reverse engineering shellcode used in various attacks. And, someday, should you find yourself in a similar situation, the following information might be useful…

The Last Stage of Delerium research group, back in 2002, published a technique for doing Win32 API RVA lookups using only the hash of a string — the name of the API function — rather than storing, and performing a full compare on the very long string. (Which some shellcode still does anyway.)

Black Energy has been in the news again recently (well, it was recent back when I wrote the first draft of this).

I'm not here to talk about Citigroup, I'm here to talk about cryptography, and how to fail at it. That being said, allegedly Citibank was "hacked" using Black Energy, according to the Wall Street Journal. Citigroup flat out denies it, and aside from this assertion from the WSJ, there's no other information. But it doesn't make sense that "Black Energy" itself, or what is commonly referred to by that name, was used for some kind of banking attack; It's a DDoS bot.

Now, it could actually be Black Energy that's responsible, or something different which just looks like Black Energy. But lately, a very Black Energy-like DDoS "module" tends to get installed along with other malware such as Zeus, via the "Yes Exploit System", or via Oficla/Sasfis, and like every bot, it can download and execute arbitrary files upon command. I have no idea what, if anything, happened at Citibank, but I speculate that a Black Energy bot was just along for the ride. An infection of one bot, quickly leads to an infestation of many. [cute metaphor about infestations goes here] It's kinda like a big ball of malware goo.

Analogy

Ok, so you remember how the five robot lions in the show "Voltron" would form a giant robot to battle space monsters? Each lion had its own distinct identity, like one was green, and another one was pink, etc. but they could combine to form a single robot, with a distinct identity apart from each individual lion. Ok, well malware also combines together to form a giant robot.
[I was going to make the same analogy using the Constructicons as examples, they're evil bots you see… but that's just a little too obscure.]

Anyway, so for something less ambiguous… onto the technical part!