Cyberwars: “Bigger than Heartbleed”

Shellshock-bash-header-664x374Just months after the Heartbleed bug made waves across the internet, a new security flaw has emerged which threatens to compromise everything from major servers to connected cameras. It is known as the Bash or Shellshock bug, a quarter-century old vulnerability that could put everything from major internet companies and small-scale web hosts to wi-fi connected devices at risk.

This  flaw allows malicious code execution within the bash shell – commonly accessed through Command Prompt on PC or Mac’s Terminal application – to take over an operating system and access confidential information. According to the open-source software company Red Hat, bash shells are run in the background of many programs, and the bug is triggered when extra code is added within the lines of Bash code.

heartbleed-iconBecause the bug interacts with a large percentage of software currently in use, and does in ways that are unexpected, Robert Graham – an internet security expert – claims that the Bash bug is bigger than Heartbleed. As he explained it:

We’ll never be able to catalogue all the software out there that is vulnerable to the Bash bug. While the known systems (like your Web server) are patched, unknown systems remain unpatched. We see that with the Heartbleed bug: six months later, hundreds of thousands of systems remain vulnerable.

According to a report filed by Ars Technica, the vulnerability could affect Unix and Linux devices, as well as hardware running Max OS X – particularly Mac OS X Mavericks (version 10.9.4). Graham warned that the Bash bug was also particularly dangerous for connected devices because their software is built using Bash scripts, which are less likely to be patched and more likely to expose the vulnerability to the outside world.

shellshock_bashAnd since the bug has existed for some two and a half decades, a great number of older devices will be vulnerable and need to be patched because of it. By contrast, The Heartbleed bug was introduced into OpenSSL more than two years ago, allowing random bits of memory to be retrieved from impacted servers. And according to security researcher Bruce Schneier, roughly half a million websites could be vulnerable.

For the time being, the administrative solution is to apply patches to your operating system. Tod Beardsley, an engineering manager at security firm Rapid7, claims that even though the vulnerability’s complexity is low, the level of danger it poses is severe. In addition, the wide range of devices affected by the bug make it essential that system administrators apply patches immediately.

cyber_virusAs Beardsley explained during an interview with CNET:

This vulnerability is potentially a very big deal. It’s rated a 10 for severity, meaning it has maximum impact, and ‘low’ for complexity of exploitation — meaning it’s pretty easy for attackers to use it… The affected software, Bash, is widely used so attackers can use this vulnerability to remotely execute a huge variety of devices and Web servers. Using this vulnerability, attackers can potentially take over the operating system, access confidential information, make changes etc. Anybody with systems using bash needs to deploy the patch immediately.

Attackers can potentially take over the operating system, access confidential information, and make changes. After conducting a scan of the internet to test for the vulnerability, Graham reported that the bug “can easily worm past firewalls and infect lots of systems” which he says would be “‘game over’ for large networks”. Similar to Beardsley, Graham said the problem needed immediate attention.

cyber-hackIn the meantime, Graham advised people to do the following:

Scan your network for things like Telnet, FTP, and old versions of Apache (masscan is extremely useful for this). Anything that responds is probably an old device needing a Bash patch. And, since most of them can’t be patched, you are likely screwed.

How lovely! But then again, these sorts of exploitable vulnerabilities are likely to continue to pop up until we rethink how the internet is run. As the Heartbleed bug demonstrated, the problem at the heart (no pun!) of it all is that vast swaths of the internet run on open-source software that is created by only a handful of people who are paid very little (and sometimes, not at all) for performing this lucrative job.

In addition, there is a terrible lack of oversight and protection when it comes to the internet’s infrastructure. Rather than problems being addressed in an open-source manner after they emerge, there needs to be a responsible body of committed and qualified individuals who have the ability to predict problems in advance, propose possible solutions, and come up with a set of minimum standards and regulations.

cryptographyEnsuring that it is international body would also be advisable. For as the Snowden leaks demonstrated, so much of the internet is controlled the United States. And as always, people need to maintain a degree of vigilance, and seek out information – which is being updated on a regular basis – on how they might address any possible vulnerabilities in their own software.

I can remember reading not long ago that the growing amount of cyber-attacks would soon cause people to suffer from “alert fatigue”. Well, those words are ringing in my ears, as it seems that a growing awareness of our internet’s flaws is likely to lead to “bug fatique” as well. Hopefully, it will also urge people to action and lead to some significant reforms in how the internet is structured and administered.

Source: cnet.com, arstechnica.com, blog.erratasec.com, securityblog.redhat.com

The Matrix: Revulsions!

The Matrix: Revulsions!

With the final movie hitting theaters, fans believed we were coming to it at last! The explanation as to what it all meant in Reloaded, whether their was a Matrix within a Matrix, how would Zion survive, why Neo was able to destroy those squiddies, and who the hell that Bane guy was now. Most or all of these questions would have been easier to answer if the second movie hadn’t left people befuddled and confused. But at least now, with the third movie, some of that confusion might be dispelled. And I for one was eager to find out who was right in the whole “what’s going on” debate!

The Matrix: Revolutions
As it turned, none of us were! The answers we were waiting for turned out to have nothing to do with any of our theories, and we were quite unhappy about that! Not just because we were wrong but because ultimately, the explanations for why things had happened the way they did in movie two… kinda sucked. The critics felt much the same way, with most reviewers panning the film and it earning roughly half of what the sequel had. When describing it and how it wrapped the series up, words such as “anticlimactic” and “unsatisfying” were often used. Most people I knew just called it dumb! And the reasons were obvious.

1. Weak Opening:
So the movie started with Neo finding himself in limbo which is basically a part of the Matrix. (Note: Mobile station is an anagram for Limbo, which was what Neo – anagram for One – was in. Get used to it, the franchise is full of them!) So in addition to the questions about the squiddies, how he’s supposed to save Zion, and whether or not the Oracle is the enemy, there’s the added question of how the hell he could find himself in the Matrix when he’s not jacked in. Meanwwhile, Morpheus, Trinity and the crew of the Hammer are trying to find him, and the Oracle tells them they got to find YET another program who’s being guarded by the Merovingian in order to get to him. Didn’t they do this plotline already? And reusing one so early in the movie is a bad sign, makes the audience think the whole movie’s going to be a rehash of the last one. And after some needless action sequences in the Merovingian’s night club, which just seemed like an excuse to do the one thing they hadn’t tried yet (fighting upside down!) they find Neo and they are free to pursue all the other plot threads they left open.

2. Weak Explanations:
The movie reached a climax of sorts around the time that Neo reached the Oracle and asked her for explanations. There I was in my seat thinking “Here we go!” Finally, we’d get to see what all that stuff was about. And what the Oracle said was interesting at best, lame at worst, and disappointing somewhere in the middle. So apparently Neo was able to stop those machines because “the power of the One extends to the Source” which is, apparently, where his powers come from… Uh, okay. So Neo has powers that enable him to control machines in the real world as well as in the Matrix… Why? Come to think of it, why does he have powers at all? The way the Architect explained it, his powers were a systemic anomaly, suggesting that they were just exhibited in supposedly gifted individuals that cropped up from time to time. But why the hell would those powers extend to the Source, aka. the machine mainframe? And what the hell did she mean when she said they CAME from the Source? Does that mean the Source willed Neo and all his predecessors into being? Did it do this just so it’d have something to do? Or is he just some kind of super-cyberman who defies all comprehension? Seriously man, this was just weak! Compared to all this, what my friend said (hey Sam!) about Neo being a program actually made sense!

Oh, and the bit about Neo’s mind breaking off and running loose in the Matrix? Also weak! Apparently, he “wasn’t ready” for these abilities, so that’s why he went comatose after killing those squiddies, woke up and found himself in Mobile (Limbo) Station. Yeah, because that’s what happens when you’re the One and you use your abilities prematurely, you go to a train station! I know that the Wachoswki brothers were trying to be cool and mysterious when they wrote this, but this is just inexplicable nonsense! To top it off, we never did get an explanation as to how the Oracle could be on humanity’s side when thus far, all she’s done is lead them into a seemingly hopeless situation. When Morpheus and Trinity confront her, not once do they ask the obvious: “Why did you lie to us, bitch? Why did you say the war would end once Neo went to the Source when in truth, it meant the war would continue and the whole cycle would just repeat itself?” Not asked, not answered. The Oracle just acts like this was all part of the unfolding plan and she’s just telling them what they need to know. Sure, she did tell Neo he’d have to decide between saving Trinity and Zion, which was true, but everything else still felt like lies, or at the very least, convenient half-truths.

3. Obvious Biblical References: In this movie, the mythological references were not only way over the top, but obvious as well! In movie one, much of the mythology was biblical in nature. In movie two, it was more classical. Third time around, it seems like the wheel came back around and returned to biblical. But holy shit was it obvious here! First, there’s the part where Neo is blinded during the fight between him and Bane/Smith. Not only is this an obvious allusion to the biblical Samson, Bane even comes right out and says “A blind messiah!” Are you kidding me? Did the art of subtlety die somewhere between movie’s two and three? No, I can’t defend that. Movie two was never subtle! And the part at the end where Neo decides to sacrifice himself to save Zion? Of course, this particular biblical allusion was building up all throughout the whole of movie three. Scarcely a person in the audience expected Neo to live, especially after Trinity died. But by the end, when Neo’s dead body was being ferried off by the machines, all splayed out Jesus-style? C’mon, Wachowskis!

4. That Lame-ass Death Scene: Trinity survived movie two, which I believe I mentioned was kind of hokey, only to die here. And it took place after she delivered Neo to the machine city, which basically meant she died as soon as she was no longer of use! As if that wasn’t enough, her final farewells dragged on foreeeeever. Seriously, I heard people snickering in the theater, it had gotten so cheesy! Yes, I’m sure there were plenty of people who might have found it touching as well, but I refuse to believe Carrie Ann Moss actually cried when she first read this part of the script! More like she confronted the Wachowskis and said, “You can type this shit, but you sure as hell can’t say it!”

5. Smith Gets Comical: I’ve already mentioned how Smith had most of the best lines in the first movie, right after Morpheus. Part of what made his dialogue so cool was the fact that it was cryptic and delivered in a real cool, badass way. Aside from his incredibly even tone, which made him sound all the more menacing, Weaving showed himself to be an expert at catching the right look. That hard stare, those arched eyebrows, that cruel mouth – he was bad reborn! Then the second movie came out, in which he was still pretty bad. He even had some decent lines, even if they were a little monosyllabic. Remember “Me too…”, or “More!” Or how about “The best part about being me is there are so many of me”. Those were pretty good and captured the essence of Smith’s growing megalomania. But by this movie, he so overdid the evil madman routine that it just got creepy, even laughable. For example, that drawn out scene where he smashes the Oracle’s dish and then does that evil laugh as soon as he assimilates her… That was painful to watch. Oh, and lets not forget that long, hammed-up lecture he gave Neo when they were fighting at the end: “Why Mr. Anderson?! Why do you persist?!” Seriously, he was yelling through clenched teeth! I seriously hope for his sake he was choosing to have fun because he found the dialogue so crappy!

6. Final Fight!: At this point, the movie already had outdone itself in weird, over the top special effects. But that big-time, burly brawl at the end of the movie? That was just plain overdone! Sure, Smith and Neo are both superhuman by this point in things, but did their fight have to resemble a battle between two Supermen? Did you not rip off that franchise enough already with all Neo’s flying? Hell, Link even said it in movie two: “He’s doing his Superman thing!” In any case, the action itself was terribly over the top, and was made worse by Smith’s antics which, as already noted, had gone from cryptic to comical! That, plus all the CGI – which always makes a scene look fake – made this entire scene feel totally superfluous. Mainly I just waiting for it to end so we could see how Neo was going to die and whether or not he would take Smith with him!

Okay, some stuff was good in this film. That battle scene where the machines reached Zion, that had some good parts to it! The action was pretty intense and it did have the right feel. Sure, there was the part where Kid (that’s his name, no fooling!) commandeers a mech and shoots the doors to Zion open, saying “Neo, I believe!” right before he shoots. Oh, and of course the part where Link’s wife and some militia women are popping off rockets and taking down the big drilling machine, but then start to get cut to pieces by squiddies shortly thereafter. Those were pretty cheesy, not to mention a pretty cheap attempt at making the audience care about some tertiary characters. But hey, the action was cool so I can forgive. I can even forgive the Aliens rip-off with the mec suits (known here as APU’s) since they are cool in ANY context AND were put to good use! Oh, and and that whole squiddy/hovercraft chase scene? Also not bad! It was fun and tense, and as opposed to the lesser characters dying in Zion, the audience actually seemed to care about what happened to Morpheus and Naobi (as always, played by Jada Pinkett Smith). Her badass delivery and sharp wit also made the scene believable, but dammit did they have to repeat that crappy “There are some things that do not change… and some things do” line?

And you might even venture to say that part of why this last movie seemed so disappointing was because they did a pretty good job of making things seem hopeless in Reloaded. In addition to being confused, I seriously went away wondering how the good guys could possibly win at this point. Yes, the plot was underdeveloped because of pacing problems and too many action scenes being piled on, but the whole concept of the Matrix being centuries old and there being several predecessors to Neo was still borderline genius! After movie one, with what seems to be an open and shut plot, they had their work cut out for them making it seem like everything was about to take a turn for the worst. And yet, they managed to pull it off! From movie one to two we went from thinking Neo was invincible and humanity would win to believing Neo was helpless and humanity screwed. So you might say there was little inspiration left for when it came time to brighten things up again, to find a way to make the good guys win that was plausible and consistent with the whole theme of prophecy and “this has all been foretold”.

But alas, the weak ending where Neo dies and the machines for some reason decide to leave Zion alone cannot be so easily forgiven! That, on top of all the other flaws in this movie meant that this franchise was ending on a groan and not a hurrah. Seriously, why did the machines leave Zion when they were an inch away from wiping it out? And why, for that matter, did the Architect promise the Oracle the “red pills” would be set free from now on? That was never part of the agreement! Neo said he wanted peace, not that all humans who couldn’t accept the program should henceforth be set free so there would be no reason to go to war. Makes sense, but why would the machines accept it? Because they felt honor bound to acknowledge Neo’s sacrifice? Because they promised they wouldn’t? What kind of machines are these? Honor, promises, solemn oaths; these are HUMAN things! They are based in emotion and ethical insight, not mathematics or cold calculation! And you call yourselves machines! Pah! I spit on your machineness!

And let’s not forget what kind of moral this all amounted to: that humanity and robots need to live in peace. Sure, the whole concept of human-machine interdependency came up repeatedly. It came up first in the original when Morpheus explained how humans power the Matrix, and how this was ironic given humanity’s historical dependence on machinery. It was resurrected in that needless scene where Councillor Hamann (that old dude from Zion) takes Neo tot he bowels of the city to look at the machines and reflect on the irony of THAT. But to take that to the point where they must learn to live in peace and harmony, Kumbaya-style, just seemed lame! And as the Architect said to the Oracle: “How long do you expect this peace treaty of yours to last?” Good question! As it stood, the only thing protecting Zion from exterminations was this treaty; but in time, humanity was likely to recover and expand, at which point they’d be wanting to shove a great big EMP up the Matrix’s ass! Any calculating machine would know this, hence why they would have finished the job when they had the chance! But at this point, no one was looking for practical. They were looking for over…

The Matrix: Revolutions, people. A disappointing but not terrible ending to a very promising franchise. Perhaps, like with Highlander, there really should have only been one. Or perhaps they shouldn’t have tried so hard to top everything from the first. In truth, I think that if they had just taken their time and gone with those rather genius ideas – the ones about rogue sentient programs and how the Matrix and the whole One thing were a lot more complicated than originally foretold – the sequels would have been much better. But, as I said, greater people than the Wachowskis have tried to make lighting strike twice. Who can blame them for not succeeding?

The Matrix: Revolutions:
Entertainment Value: 7/10
Plot: 5/10
Direction: 6/10
Total: 6/10