Saturday, April 27, 2013

Is Bitcoin Mining a scam?

Looking at the offerings by BFL (Butterfly Labs) and Avalon I am highly skeptical.

The use ASICs to process hashes for the Bitcoin system seems to be based mainly around the amount of money that you can make by winning the lottery in coming up with the fastest machine to do so.

It is not that I think ASIC's are not useful in processing large amounts of data and generating hash codes for use in a system such as Bitcoin. Quite the contrary, ASIC devices and the cores in computer GPUs are very capable of doing such work.

I am more concerned that there is little discussion that can be found on how ASIC chips are actually used to generate the hash codes and more than that how the codes are then used by the Bitcoin system. There is far more emphasis on the generation of hash codes than there is on the effectiveness of a P2P payment system that does not depend on a specific countries balance of payments and is virtually a "vitual currency", that should be immune to regional fluctuations and the health of any particular economy.

I have yet to see a business plan that describes the logic behind participation in this project. I seems to be taken as read that all you need to do is throw money at hardware, that has not been fully explained, plug it in, connect it to the Internet and then wait for the Bitcoins to roll in! If there is any discsussion about the financial side of things this revolves round the cost of the equipment, the number of hashes per second that it can generate and the cost of the electricity that the "Bitforce" box takes to run. A ROI, Return on Investment, is then calculated from those figures. The fact that viability of being the fastest, or being part of a pool that is the fastest, is a sound business propsition is NOT mentioned. It this "lottery" was abandoned then the whole scheme is then a nonsence.

Returning to a discussion about the hardware. There has been a lot of talk centered around the fact that the vendors of equipment to process these vast numbers of Hashes at ever increasing speeds have failed to deliver product. There seems to be a race to make the fastest box. There is no discussion around that if an owner of such a box, if they exist, will only be one of possibly many that have the same box and the lottery "pool" will be diluted. There is no discussion that describes the business model that a lottery can further the operation of the Bitcoin currency, only that there is a lottery and you are supposed to be able to earn Bitcoins by producing hashes. To me this is generating revenue out of thin air! At the end of the day the  money has got to come from somewhere and this is little more than a High-Tech pyramid scheme, the top of which is inhabited with those with the fastest machines. Those at the base are those that fund the scheme by purchasing the equipment to get higher up the pyramid.

Tuesday, April 16, 2013

Installing Ubuntu 12.04 on a Surface Pro

As the Microsoft Surface Pro is an x86 based tablet it is an excellent choice to install Ubuntu 12.04.

Once installed as a dual boot,  all the Linux based penetration tools can be hassle-freely installed and the unit used as a security testing tool.

At a price that is slightly more than a similarly configured Google Nexus 7 tablet it is bigger, faster and has a "proper" keyboard. All the software that you need to run tools such as aircrack-ng are free open-source and will receive regular updates. As far as I know, according to the Canonical website, the Ubuntu Touch project is still in the experimental stage.

The other issue with installing the Ubuntu Touch software (Ubuntu 12.04) on an Android device is that it comes with no warranty. If you purchase a device with this installed it will likely to have no warranty from Google or anyone else.

Monday, April 15, 2013

How to fake running Ubuntu on an Android tablet

It is easy to fake the running of Ubuntu Linux on an Android device. In fact it is easy to fake the operation of Windows (any version), OSX and any other operating system that there is a VNC Viewer available.

I found this out when I was investigating the use of a tablet as a web administration tool. I was also interested to see how I could run Microsoft Office from an Android device as I was a little disappointed with the Polaris Office that came on the device that I purchased.

Below is a screenshot of an Ubuntu webserver log as seen on an Asus Transformer:

This technique would be particularly useful if you had a particular application running on a Linux box and you wanted to demonstrate the operation of that app on an Android device. As far as the viewer of a demonstration is concerned it would appear that the program is running on the Android device when in truth it is running remotely on the desktop device that VNC is connected.
Running an application remotely would be a great way to demonstrate the concept of an Android App that you had designed a front end (GUI) for and you have not yet managed to port natively to Linux running on an Android device. For example: if you had aircrack-ng running on a Linux machine you could demonstrate it running on an Android tablet and you could show the penetration of a WiFi network. You could also demonstrate the operation of more complex programs, even the highjacking of an aircraft and show that you are sending false telemetry to the aircraft control systems.

Of course, I am not saying that this is what the potential vendors of Android apps do at hacker conventions, I am merely suggesting that it could be done. The concept of whether something is possible given enough time seems to be a popular ruse.

I have detailed the use of using VNC to remotely control other computing devices on my website:

Thursday, April 11, 2013

If you are looking for a Security Professional

I have compiled a list of companies that are involved in such ventures.

These companies are among a ever growing number of enterprises that have sprung up in response to the growing fears of how you at risk these days in light of increased hacking efforts.

Monday, April 8, 2013

Being told that you need to ugrade your Flash Player

.... when you are attempting to download a torrent.

This is not a dialog generated by a process that determines that your Flash Player is out-of-date, it will appear even if you are not trying to play anything. The "fake" dialog appears on a pop-up webpage that loads when you access a page on and the page has a URL

Don't fall for this and do not click on the OK button.

Friday, April 5, 2013

Linux shell on an Android device

There seem to be two options:

  1. Install a Linux image on your Android device such as Ubuntu Touch
  2. Run a Linux toolkit" such as "BusyBox and run Linux commands from there.
However, there seems to be an over-emphasis on the User Interface, not an uncommon activity when it comes to "touch" devices, and the fact that there is an "app" option for a particular feature it is assumed that the reason it doesn't yet work is that it coming with the next release. There is always the "old chestnut" that the app will not be fully operational with your particular hardware. This excuse is compounded by the notion that all you need to do is to find the right driver or possibly use an external piece of hardware (such as a wireless adapter that will allow "monitoring" and injection)

Tuesday, April 2, 2013

I am going to can the Wordpress blog

All it seems to garner is spam comments.

I thought I could use it as a means to allow visitors to a way of contacting me. It has not worked out.

Monday, April 1, 2013

Freedom of speech

In response to a BBC Radio 4 program about the dangers faced when using the Internet I can only say that there is another side of the coin when it comes to the reporting mechanisms setup by Social Media sites such as Facebook.

Wayne McAlpine Saskatoon

It amuses me that after all this time that there are still visits to my website and blog from this person.

As I have said before: "The elephant never forgets"