Tumblelog by Soup.io
Newer posts are loading.
You are at the newest post.
Click here to check if anything new just came in.

April 15 2013


AndroTotal is basically the Android equivalent of VirusTotal: Given a suspicious APK, it submits it to several unmodified Android antivirus apps running in an unmodified Android OS, and reports back to the caller with detailed information about what the antivirus detected, what network traffic is generated, what information is displayed on the screen and, most importantly, the label of the detected threats (if any).

Differently from VirusTotal, we scan the APKs using the original antivirus mobile apps installed and run on a genuine, unmodified Android OS image.

AndroTotal official blog

AndroTotal - Home

A free service to scan APK (Android apps) for viruses

April 13 2013


A comment on the "hacker attack" on beppegrillo.it

Since some American friends are asking, I thought I'd share a few comments on the purported hack attack on a political movement here in Italy (source in English).

First, a brief reconstruction of the events (and note I'm trying to stay clear of political nuances, which is costing me some effort). In a few days, the Italian parliament is set to vote for the elections of our next President. Italy is a parliamentary democracy, and the President is elected jointly by the houses of parliament and other representatives of the Regions. Since it's a 7-year mandate, this is a particularly important moment in the Italian system.

The political movement in question, Movimento 5 Stelle, launched a poll (not a vote, technically, as the vote takes place only as I mentioned before) among its members (and not an open poll) to indicate "names" of personalities they should propose as next president. This is important, as it deflates the practical value of attacking such a system for any external threats (except politically motivated ones, for demonstration purposes). The names coming out of this poll would just be an "indication", for the MPs of the movement, on how to vote during the actual elections. An indication because, of course, at some point they might have a choice between an agreement other candidates or irrelevance (since there's a qualified majority needed to elect the President).

Now, the facts we know are that:
1) the movement leader decided to stop the poll and start it over, due to a purported "hacker attack" which was "detected" and "solved".
2) the event was discovered by DNV (a certification entity, hired to ensure that the election process was not flawed). The certification body states an anomaly was discovered, namely that there were more votes than registered voters.
3) DNV is not in the business of information security, but of compliance. They discovered the event by analyzing the process and the data, and discovering implausible values.
4) Contrarily to what immediately said in 1), the successive versions of the story talk of a "sophisticated intruder" that "hid their traces" and of a non-identified first moment of access
5) The software is realized in house, is not open source, and the servers which host it are owned and managed by the PR agency which supports the leader of the movement (which is also, we believe, the author of the software, or has contracted the author).
6) A facebook group claimed the "attack" was just a matter of organized trolling, i.e. that they basically accessed the voting system without control due to a flaw in the process and in restricting access.

What is my personal opinion on this, founded on my experience?

I honestly don't know whether or not a willing attacker was behind this event (I take exception, in general, to calling that attacker "hacker", but this is another story). However, since the practical value of a hidden attack against such a system is close to zero (given that this is a poll completely under the control of the movement leadership, which can call it off at any time or mangle the results as they see fit), the only reasonable course for a politically motivated attacker would be to make the system fail visibly (say, a defacement). Since nothing like this happened, my opinion is that an attack from an external entity is very unlikely.

But regardless of this, my opinion is that, most likely, what happened was the result of badly designed and written software, realized by less-than-competent people. Open source software for polling is available, tried and true, and could have been used. Honestly, this is not rocket-science, either. Also, the process of registration for voting should be scrutinized as it is probably part of the issue.

Finally, my opinion is that a poll managed and run by a PR agency working for the leader of a movement, on closed systems and with a software that has been specifically developed for this, has very little to do with any form of voting. The sheer fact that they needed to hire a certification body (DNV) to give some proof that the process was not flawed (resulting in the boomerang of having to admit it was) is a demonstration of a basic flaw.

The movement under discussion hosts a number of technically savy people who could easily form a committee to manage and run a neutral technology platform for this kind of polling, or for internal debate. The fact that this does not happen, alone, casts serious doubts on anything that is done "online" with a closed platform.

The core issue here, and I'm really trying hard to stay clear of any political comment, is that this movement is trying to confuse online polling with real e-voting, and a blog with its comment with e-democracy. E-voting and the transformation of democracy in a more evolved form through the adequate use of technology is difficult, it cannot be realized in-house with closed processes by a bunch of incompetent folks who cannot even realize a functional polling system. 

E-voting, or e-democracy, entails deeply complex research issues such as voter/citizen identification, guarantee of vote secrecy, guarantee of anonymity coupled with ensuring authentication, crowdsourcing of the management of online discussions, possibility of open scrutiny of the process by voters and third parties... This is difficult, friends, more difficult than you can possibly believe. There's only a few handfuls of experts around the world who know how to do this, and surely they don't work for a marginal PR company in Italy.

The obvious snake oil sign here is the classical statement "Well, no system can be 100% secure". That's obviously true. But some system can be immediately identified as incredibly stupid, or at very least terribly boorish.
Reposted byobiwankesoze obiwankesoze

April 07 2013

How true!!!!

April 02 2013

Reposted bybarte9 barte9

March 02 2013


January 27 2013

Reposted byTorZiraelzEveRphd-studies

January 19 2013

Reposted bysucznik sucznik

January 13 2013


Protest against Repubblica news on the death of Aaaron Swartz (In Italian)

I'm sorry for my international readers, but what follows is in Italian - a protest letter against a shameful report on the death of Aaron Swartz (godspeed, man, rest in peace :( ). 

Cara redazione di Repubblica, 

stamattina vi stavo scrivendo una mail di fuoco riguardo al vergognoso articolo a firma Aquaro pubblicato all'URL: http://www.repubblica.it/tecnologia/2013/01/13/news/aaron_swartz_suicida_a_26_anni_la_famiglia_era_perseguitato-50429490/ 

Ho pensato che aveste realizzato la dimensione apocalittica delle stupidaggini scritte dal vostro inviato, o che foste stati colti dal rimorso per il modo vergognoso di trattare un giovane che ha deciso di togliersi la vita. 

Niente di tutto questo: l'articolo e' tornato in piedi. In tutta la sua vergognosa stupidita'. A cominciare dal definire Swartz come "profeta di Internet, l'apostolo della libertà della Rete", definizioni che - ne sono certo - avrebbe rifiutato da vivo come ridicole. 

Non sto nemmeno a dire quanto ignorante possa essere chi scrive "Etich Center Lab di Harvard". Cosa diavolo sarebbe "Etich"? L'abbreviazione di "etichetta"? Si scrivera' mica ETHICS? E comunque Swartz era stato un fellow all'Edmond J. Safra Center for Ethics di Harvard. 

Non si e' mai laureato, e al contrario di tanti fanfaroni italiani non avrebbe voluto vedersi attribuito un titolo falso. Non serviva conoscerlo, eh, bastava COPIARE DA WIKIPEDIA (http://en.wikipedia.org/wiki/Aaron_Swartz). Bastava dedicare a questo giovane morto suicida piu' di cinque minuti per stendere il pezzo. 

Invece no, lo avete disonorato fino alla fine. "Aaron è morto suicida come un divo del rock: e come tanti, troppi smanettoni depressi come lui": ma dico, non vi vergognate? Non vi colpisce come questa frase dipinga un giovane intelligente, entusiasta, frenetico nella sua creativita' in un modo negativo e disperato?

Non sto nemmeno a dire quanto sia vergognoso questo passaggio: "La curiosità aveva portato Aaron a diventare il guru riluttante che era. Si chiama Rss il codice che ha contribuito a identificare. È una sigla che un giorno sarà universalmente popolare come il Dna e come il Dna riassume infatti informazioni e notizie e le mette in circolo nel corpo senza confini del web" 

Non si puo' far parlare di tecnologia qualcuno che di tecnologia capisca qualcosa? E non venitemi a sventolare la solita scusa della "divulgazione", del "far capire": questo passaggio sopra non serve a far capire, serve a far sembrare temibile e incomprensibile al lettore qualcosa che il giornalista (absit iniuria) stesso non capisce e non vuol capire. Se volete divulgare, vedete alla voce "Piero Angela". E vergognatevi. 

Non commentero' poi il fatto che Reddit non sia il "suo" social network (e' una questione complicata), ne' alla cattiveria gratuita sui "dollaroni della Condé Nast". 

Poi, se l'autore volesse spiegarci questo passaggio, glie ne sarei grato: "Aaron veniva da Chicago, la città di Barack Obama - che durante l'ultima campagna s'è concesso un bagno social proprio su Reddit - e capitale americana degli hacker: tipo quel Jeremy Hammond immortalato da Janet Reitman, la reporter-detective famosissima per il libro-inchiesta più informato su Scientology. La rete era tutto il suo mondo. E per la libertà della rete s'è lanciato nell'ultima grande battaglia, l'anno scorso, contro la legge ammazza-web che il Congresso Usa ha cercato di far passare. Perché dunque crollare proprio adesso?" Cosa c'entrano Aaron, Obama, Reddit, Hammond, Scientology tra di loro? C'entrano perche' sono tutti di Chicago? E perche' non mettere nella stessa frase anche Fermi e Al Capone allora? 

Veramente, un pezzo cosi' vergognoso doveva essere tolto dal sito e lasciato offline. Sono profondamente deluso ed offeso per questo insulto postumo ad un giovane e geniale collega d'oltreoceano.
Reposted bywinerolandredstripedcat

January 08 2013


December 28 2012


Startupper like a Noob | G2GFormation

Must read. Absolutely must read.

December 21 2012

2439 380c 500
2423 d0dd

November 27 2012

Ma, com'era facile prevedere, i siti regionali e di viale Trastevere sono in tilt.

No, perdinci! Intanto, in tilt ci vanno i FLIPPER, pace all'anima loro. E se è "prevedibile" che non funzioni, bisognerebbe prendere a calci i responsabili, non stiamo parlando di sventure ineluttabili. NON E' NORMALE CHE VENGA GIU' TUTTO, CRIBBIO!
Scuola, concorso per i professori pubblicati elenchi, siti e domande - Repubblica.it

October 03 2012


September 23 2012

A startup is a company designed to grow fast. Being newly founded does not in itself make a company a startup. Nor is it necessary for a startup to work on technology, or take venture funding, or have some sort of "exit." The only essential thing is growth. Everything else we associate with startups follows from growth.
Startup = Growth

September 22 2012

The Amazing iOS 6 Maps

September 17 2012

Older posts are this way If this message doesn't go away, click anywhere on the page to continue loading posts.
Could not load more posts
Maybe Soup is currently being updated? I'll try again automatically in a few seconds...
Just a second, loading more posts...
You've reached the end.

Don't be the product, buy the product!