Road Work Blues

I’m not sure who in the Michigan Department of Transportation (MDOT) or the Road Commission for Oakland Country (RCOC) decides that late October is a good time for beginning road work. I’m also not sure who decides how they’ll handle lane closures or sign the work.
And I’m not sure who is actually doing the construction as there were no signs, no trucks, and no workers working.
Whomever they are, they need training.
Case in point: the Woodward Ave/Main St./Washington Ave./I-696 work. There are multiple bad decisions and lack of planning mistakes here.

  1. From Washington Ave to southbound Woodward, two left turn lanes immediately become one after the turn with no warning signage.
  2. From Main St./I-696 westbound access to southbound Woodward, the same issue as above in a different spot.
  3. From eastbound I-696 access to northbound Woodward, the same issue.
  4. I suspect that there are other pain points based on the almost 60 minutes it took me to travel 0.25 miles.

Meanwhile we’re expecting our first snowfall, so this week makes a questionable candidate for road resurfacing.
Have you run into this fine bit of road work? Where are your commute pain points?

Facebook Pushes Passwords One Step Closer to Death | Wired Enterprise |

October has always been John Flynn’s favorite time of year, but this year, it’s even better. He gets to spend the month trying to hack into a fleet of Facebook computers equipped with a new kind of security tool — a tool that takes computer security beyond the password.
Since jumping to Facebook from his job at Google a few years ago, Flynn has been part of the Facebook security team that masquerades as bad guys during the month of October, doing their best to bust into the corporate network that underpins the social networking giant. They call it “Hacktober,” and the idea is to find the holes where the real bad guys might attack the company. Last year, Flynn and other Facebook security engineers created a fake news story designed to spread a computer worm around the network.
Flynn — who goes by the nickname “Four” — won’t say what’s in store for Facebook’s employees this October, but one thing seems certain: Hacking them is going to be that much more of a challenge. Over the past year, the company has equipped many employee systems with Yubikeys, a little pieces of hardware that let employees securely log into machines with the tap of a finger. This nifty tool can make it that much harder for hackers to bust into a corporate network and do whatever they want — even if the hacker manages to take command of an authorized network machine.

via Facebook Pushes Passwords One Step Closer to Death | Wired Enterprise |

Hackers target high profile domains – Securelist

During the last days, several high profile domains have been defaced including domains from two prominent security companies. In addition to these, high profile domains such as, and were also defaced. From our quick analysis It does not seem that the actual webserver has been compromised, the most possible attack vector was that the DNS have been hijacked.
When looking into this, there are some quite obvious traces but nothing that really confirms what the hackers did; or what kind of information they were able to obtain. When analyzing previous compromises and defaces it seems that there is a “new” trend within hacking groups and defacers to go for the DNS or domain registrars instead of compromising the actual webserver. When quickly analyzing the domain there were two indicators that stood out.

via Hackers target high profile domains – Securelist.
Read on for the details and the two interesting indicators.

Ad Vulna: A Vulnaggressive (Vulnerable & Aggressive) Adware Threatening Millions | FireEye Blog

FireEye researchers have discovered a rapidly-growing class of mobile threats represented by a popular ad library affecting apps with over 200 million downloads in total. This ad library, anonymized as “Vulna,” is aggressive at collecting sensitive data and is able to perform dangerous operations such as downloading and running new components on demand. Vulna is also plagued with various classes of vulnerabilities that enable attackers to turn Vulna’s aggressive behaviors against users. We coined the term “vulnaggressive” to describe this class of vulnerable and aggressive characteristics. Most vulnaggresive libraries are proprietary and it is hard for app developers to know their underlying security issues. Legitimate apps using vulnaggresive libraries present serious threats for enterprise customers. FireEye has informed both Google and the vendor of Vulna about the security issues and they are actively addressing it.
Recently FireEye discovered a new mobile threat from a popular ad library that no other antivirus or security vendor has reported publicly before. Mobile ad libraries are third-party software included by host apps in order to display ads. Because this library’s functionality and vulnerabilities can be used to conduct large-scale attacks on millions of users, we refer to it anonymously by the code name “Vulna” rather than revealing its identity in this blog.

via Ad Vulna: A Vulnaggressive (Vulnerable & Aggressive) Adware Threatening Millions | FireEye Blog.
I’m just starting to read up on this. Does anyone know of reliable secondary sources?

Securing More Vulnerabilities By Patching Less — Dark Reading

As a penetration tester, Mauricio Velazco frequently looked for information on the latest attacks because corporate information systems were rarely patched against the exploitation of just-reported vulnerabilities.
When he moved over to the other side of the firewall, Velazco — now the head of threat intelligence and vulnerability management at The Blackstone Group, an investment firm — duly implemented a patching process for his company that attempted to keep up with its regulated responsibilities. It quickly became clear, however, that fixing vulnerabilities using the criticality of the bugs to prioritize patching kept the IT staff busy, but it did not make the company much safer.
Thinking back to his time as a penetration tester, Velazco realized that patching the vulnerabilities he chased as an attacker would be a much better use of his time. The strategy paid off: Compromises within the company fell, he says.

via Securing More Vulnerabilities By Patching Less — Dark Reading.
Hmm. This is, to me, a new take on patch management. It oddly falls in with a discussion I had almost two years ago, oddly in that my peers and I came up with the same concept for different but related reasons.
What do you think?

Eat It Detroit: [NEWS BITES] Introducing Ferndale Restaurant Week + FestivALE

Fall is a time for food. We can officially ditch the summer diets and stop worrying about having a “bikini body” (or, for some of us, just continue going on with business as usual but with the relief that comes from knowing we can hide all our rolls under bulky sweaters and snazzy leather jackets) and stuff our faces with the unparalleled bounty of fall foods. Pumpkins and apples and Bambis and Thumpers and doughnuts and pie and all the other rich, fattening, flavorful comfort foods we deny ourselves when it’s 90 degrees outside if for no other reason than the fact that it’s 90 degrees outside.

via Eat It Detroit: [NEWS BITES] Introducing Ferndale Restaurant Week + FestivALE.

Belle Isle leased to state in agreement to turn Detroit island into 102nd state park |

Belle Isle is on its way to becoming a state park, the governor’s office announced Tuesday.
The state released a copy of a signed agreement leasing the Detroit-owned island park to the state for 30 years rent-free with the promise of up $10-20 million in state investment over the next three years.
State officials said the deal would save Detroit at least $4 million a year. City officials last year when the move was first proposed estimated as much as $6 million in annual savings.

via Belle Isle leased to state in agreement to turn Detroit island into 102nd state park |
I think it is a long overdue change. Belle Isle is a gem and the City can’t maintain it any more.

Max Scherzer Named Game 1 Starter For Tigers Against Athletics In ALDS

Max Scherzer will start Detroit’s AL division series opener Friday night at Oakland, with star Justin Verlander following in Game 2.
Scherzer (21-3) was baseball’s lone 20-game winner this year and started for the American League in the All-Star game, but manager Jim Leyland’s choice for the opener had not been clear. Verlander was the 2011 AL MVP and has been one of the top pitchers in the game over the last few seasons.

via Max Scherzer Named Game 1 Starter For Tigers Against Athletics In ALDS.
Of course Scherzer would be the Game 1 starter. He earned it.