It’s Fact Friday

Did you know . . .

That for Kung Fu Panda, the animators took Kung Fu classes. They wanted to animate the fighting style as accidentally as possible

Your Guide to Affordable Homes for Sale in East Palo Alto

This comprehensive resource highlights a diverse selection of budget-friendly properties in this vibrant community. East Palo Alto is known for its rich cultural diversity, convenient location, and proximity to Silicon Valley, making it an attractive choice for families and professionals alike. Our guide features various homes, from cozy apartments to charming single-family residences, all offering great value. Each listing includes essential details like pricing, neighborhood amenities, and unique features, empowering you to make informed decisions on your path to homeownership in East Palo Alto.

Exploring East Palo Alto: A Growing Community  

East Palo Alto is a thriving community with a rich history and a bright future. Known for its cultural diversity and strong sense of community, this area has become increasingly desirable for homebuyers. With its close proximity to major tech hubs, residents enjoy easy access to employment opportunities, excellent schools, and various recreational facilities. If you’re looking for homes for sale in East Palo Alto, you’ll discover neighborhoods that offer a blend of urban convenience and suburban charm, making it an ideal place for families, young professionals, and retirees alike.  

Types of Homes for Sale in East Palo Alto  

The housing market in East Palo Alto is diverse, featuring various property types to suit different lifestyles and budgets. From cozy condominiums and townhomes to spacious single-family houses, there’s something for everyone. Many homes for sale in East Palo Alto boast modern amenities, updated interiors, and outdoor spaces perfect for entertaining or relaxing. Whether you’re a first-time homebuyer or looking to upgrade, the options in this vibrant community cater to various preferences, ensuring you find a home that meets your needs.  

Affordability in a High-Demand Market  

One of the most appealing aspects of homes for sale in East Palo Alto is their relative affordability compared to neighboring Silicon Valley cities. While prices have been rising, East Palo Alto still offers opportunities for homeownership without breaking the bank. This affordability, combined with the community's amenities and location, makes it an attractive choice for buyers looking to invest in real estate. As demand continues to grow, securing a property in this area can be a smart financial move, potentially leading to substantial long-term equity growth.  

Neighborhoods to Consider  

East Palo Alto is home to several neighborhoods, each with its unique character and charm. From the peaceful atmosphere of Bell Street to the family-friendly vibe of the Ravenswood neighborhood, each area offers distinct features and amenities. When searching for homes for sale in East Palo Alto, it’s essential to explore these neighborhoods to find the perfect fit for your lifestyle. Many communities feature parks, schools, and shopping centers, providing residents with a comfortable living environment and a strong sense of belonging.  

Community Amenities and Lifestyle  

Living in East Palo Alto means enjoying various amenities that enhance the quality of life for its residents. The community boasts parks, recreational facilities, and vibrant local markets that cater to diverse tastes. The nearby Ravenswood Open Space Preserve offers stunning trails and outdoor spaces for hiking and picnicking. With an array of dining, shopping, and entertainment options, there’s always something to do. When considering homes for sale in East Palo Alto, you’re not just investing in property; you’re embracing a lifestyle filled with community engagement and outdoor adventure.  

The Home Buying Process in East Palo Alto 

Navigating the home buying process in East Palo Alto can be straightforward with the right guidance. Understanding the local market trends, financing options, and legal requirements is crucial to making an informed decision. Working with an experienced real estate agent can help streamline the process, ensuring you find the best homes for sale in East Palo Alto that align with your budget and preferences. They can provide insights into the neighborhoods, assist with negotiations, and guide you through inspections and paperwork, making your home-buying journey as smooth as possible.  

Future Developments and Investment Opportunities  

As East Palo Alto continues to grow and develop, numerous projects are in the pipeline, enhancing the area's appeal. Investments in infrastructure, commercial spaces, and community services are on the rise, promising to elevate property values and overall living standards. For those looking at homes for sale in East Palo Alto, this growth represents a significant opportunity for investment. Purchasing property now may yield substantial returns in the future, making it a smart choice for buyers interested in long-term gains. Keep an eye on upcoming developments that could impact your investment positively.

Conclusion

In conclusion, East Palo Alto offers a unique opportunity for homebuyers seeking affordable options in the heart of Silicon Valley. With its diverse community, convenient location, and ongoing development, the area is poised for growth and investment potential. Whether you're a first-time buyer or looking to downsize, exploring the available homes for sale can lead to exciting possibilities. Take the time to research and connect with local real estate agents to find the perfect fit for your needs.

Discover Your Dream Home: East Palo Alto Houses for Sale

Are you searching for your dream home? Look no further than East Palo Alto, a vibrant community with a range of beautiful houses for sale. This area boasts a unique blend of urban convenience and suburban charm, making it an ideal location for families, professionals, and first-time homebuyers. With diverse architectural styles and various price points, there's something for everyone in East Palo Alto. Explore spacious single-family homes, modern condos, and inviting townhouses, all within a welcoming neighborhood. Enjoy proximity to top-rated schools, parks, shopping, and major tech employers in Silicon Valley. Don’t miss the opportunity to find the perfect home in East Palo Alto start your journey to homeownership today.

The Appeal of East Palo Alto House for Sale: Why Buy Here?

East Palo Alto house for sale offers a unique blend of affordability and proximity to Silicon Valley, making it an attractive option for homebuyers. With a variety of houses for sale, the community's charm and accessibility stand out, appealing to families and young professionals alike.

Exploring the East Palo Alto Housing Market: Current Listings

The East Palo Alto housing market is thriving, with diverse listings available. From cozy single-family homes to modern townhouses, prospective buyers can find a range of options that cater to different budgets and lifestyle preferences.

Key Features to Look for in East Palo Alto Houses for Sale

When searching for a house in East Palo Alto, consider essential features like square footage, outdoor space, and nearby amenities. Evaluating these aspects can help you identify the best properties that align with your needs.

Financing Your Dream Home: East Palo Alto Houses for Sale

Understanding financing options is crucial for buying a house in East Palo Alto. Explore various mortgage programs and financial assistance that can make homeownership more accessible in this competitive market.

Neighborhood Insights: What to Expect When Buying in East Palo Alto?

East Palo Alto is characterized by its welcoming community and diverse culture. Buyers should familiarize themselves with local schools, parks, and amenities to fully appreciate what this vibrant area has to offer.

Tips for First-Time Homebuyers: Navigating East Palo Alto Houses for Sale

First-time homebuyers in East Palo Alto can benefit from strategic advice on navigating the competitive housing market. From budgeting to making strong offers, these tips can enhance your buying experience.

The Future of East Palo Alto Real Estate: Trends to Watch

The East Palo Alto real estate market is evolving, with new developments and trends emerging. Keeping an eye on these changes can help buyers make informed decisions and capitalize on investment opportunities.

Conclusion

In conclusion, the search for an East Palo Alto house for sale presents numerous opportunities for prospective homeowners. With a variety of listings, diverse neighborhoods, and supportive community resources, finding your dream home in this vibrant area is within reach. By understanding the market dynamics, exploring financing options, and considering key features, you can make informed decisions that lead to successful homeownership. Embrace the journey and discover the perfect house that aligns with your lifestyle in East Palo Alto. Your dream home awaits!

Discover the Charm of East Palo Alto House for Sale: Your Perfect Home Awaits

East Palo Alto holds a special charm, combining the richness of California's natural beauty with the advantages of a suburban lifestyle close to a major urban hub. When considering an East Palo Alto house for sale, you’re not just buying a property; you’re investing in a lifestyle. The neighborhood is peppered with parks, green spaces, and walking trails that offer families and individuals a perfect balance of outdoor recreation and relaxation. The real estate market in East Palo Alto is evolving, with beautifully crafted homes that cater to diverse needs—whether you're looking for a cozy, single-story house or a spacious multi-level residence with a backyard garden. The charm of this area lies in its ability to maintain a close-knit community vibe while being part of the greater Silicon Valley region, where innovation and opportunity are endless.

Affordable Luxury: Find Your Dream East Palo Alto House for Sale

One of the most attractive aspects of the East Palo Alto house for sale is its affordability in comparison to the rest of Silicon Valley. While neighboring cities such as Palo Alto and Menlo Park are known for their exorbitantly priced homes, East Palo Alto offers a more budget-friendly alternative without compromising on quality or lifestyle. Affordable luxury is at the heart of the real estate offerings here, with homes that are spacious, modern, and built to the highest standards. Whether you are searching for a home with multiple bedrooms, large windows that let in natural light, or homes with sleek, modern finishes, East Palo Alto has something for everyone. The houses here provide an excellent entry point for young professionals and families who want to enjoy the benefits of living in Silicon Valley without the steep price tag.

East Palo Alto House for Sale: Your Gateway to Silicon Valley Living

One of the undeniable perks of purchasing an East Palo Alto house for sale is its proximity to Silicon Valley—the world’s leading hub for technology and innovation. Living in East Palo Alto places you just minutes away from major tech companies like Facebook, Google, and Tesla, offering unparalleled access to job opportunities and networking. For tech professionals and entrepreneurs, East Palo Alto provides an ideal living situation where you can enjoy the comfort and serenity of suburban life while being close to the action of the fast-paced tech world. Moreover, the community is connected by an efficient network of public transport systems, including Caltrain and major highways like US-101, ensuring that commuting to and from work is convenient and hassle-free. For those seeking to further their education, the proximity to top-tier institutions like Stanford University also adds significant appeal.

Modern Living Awaits: Explore Spacious East Palo Alto House for Sale Today

Modern living is more than just a buzzword in East Palo Alto house for sale. The houses for sale in this region are designed with contemporary lifestyles in mind, featuring open floor plans, energy-efficient systems, and expansive living spaces that cater to the needs of modern families. Whether you're working from home, managing a busy household, or seeking a peaceful retreat at the end of a long day, the spacious homes in East Palo Alto offer the flexibility to adapt to your lifestyle. Many homes come equipped with state-of-the-art appliances, solar power options, and smart home integrations that allow you to control everything from lighting to security systems with a tap on your phone. Furthermore, outdoor living is a key feature, with many homes offering private yards, decks, or patios perfect for entertaining or relaxing.

Explore Top-Notch Amenities with East Palo Alto House for Sale

When you buy a house in East Palo Alto house for sale, you're not just getting a property; you're gaining access to a wide array of amenities that enhance your quality of life. Many homes in the area are situated near parks, recreational centers, shopping malls, and dining hotspots, offering convenience and variety. Additionally, East Palo Alto is home to several high-ranking schools, making it a great place for families with children. The community places a strong emphasis on providing residents with well-maintained public spaces, including sports fields, community gardens, and playgrounds, which foster a sense of community and well-being. Homes in this region are often located near major shopping centers like the Ravenswood Shopping Center, where residents can find everything from grocery stores to fitness centers.

East Palo Alto House for Sale: Ideal for Families Seeking Comfort and Community

East Palo Alto is a fantastic location for families seeking a safe, welcoming environment where comfort and community are prioritized. The neighborhood is home to a variety of family-friendly amenities, including excellent schools, playgrounds, and sports facilities. Many of the homes for sale in East Palo Alto house for sale come with features that are particularly appealing to families, such as spacious yards, multiple bedrooms, and proximity to parks. The community itself is known for its diversity and inclusiveness, offering a rich cultural environment where families can grow and thrive. Children can benefit from the numerous educational and recreational opportunities available, while parents will appreciate the close-knit feel of the neighborhood, where neighbors look out for one another.

Find Your Future Investment with an East Palo Alto House for Sale

Real estate in East Palo Alto house for sale represents a golden investment opportunity, especially as the region continues to develop and attract more professionals. Purchasing a house in East Palo Alto not only provides a comfortable place to live but also serves as a smart financial investment in an area poised for continued growth. The city’s strategic location within Silicon Valley makes it a prime spot for real estate appreciation, as demand for housing close to tech companies and corporate offices continues to rise. Many investors are drawn to East Palo Alto because of its relative affordability compared to neighboring cities, allowing them to purchase high-quality homes without the prohibitive price tags of other Silicon Valley locales.

Eco-Friendly Living: Discover Sustainable East Palo Alto House for Sale

Sustainability is becoming a key focus for many prospective homeowners, and East Palo Alto house for sale has embraced this trend with a range of eco-friendly homes available for sale. Many houses in the area are designed with energy efficiency and sustainability in mind, featuring solar panels, water-efficient landscaping, and environmentally friendly building materials. For those committed to reducing their carbon footprint, buying an eco-friendly house in East Palo Alto is a perfect choice. Homes with solar energy systems not only reduce environmental impact but also significantly cut down on utility bills, making them a smart financial investment as well. Many new developments in East Palo Alto focus on green building standards, offering homes with features like energy-efficient windows, insulation, and appliances, which contribute to a more sustainable lifestyle.

Conclusion

East Palo Alto presents a dynamic and diverse real estate market with plenty to offer homebuyers from all walks of life. Whether you're searching for a family home, a tech professional looking for proximity to Silicon Valley, or an investor seeking a promising opportunity, the "East Palo Alto house for sale" market has something for everyone. With its mix of affordable luxury, modern amenities, and a focus on sustainable living, East Palo Alto stands out as an attractive location for those seeking to live comfortably while remaining connected to the vibrancy of Silicon Valley. Families, professionals, and eco-conscious individuals will find that buying a home in East Palo Alto is not just a financial investment but an investment in a thriving community that continues to grow and evolve.

East Palo Alto Cummings Park Properties | Sanmateocountyproperties.com

Use SanmateoCountyProperties.com to find your ideal house in East Palo Alto Cummings Park. Locate the ideal property for the future of your family.

East Palo Alto Cummings Park Properties

Four Seasons Hotel Silicon Valley at East Palo Alto The hotel provides front desk services such as concierge service, express check-in or check-out, luggage storage and safety deposit boxes for guests' convenience. If you need, the ticket service and tours can even help you book tickets and reservations at all the best shows and programs nearby. Staying for a long time, or just need clean clothes? dry cleaning service and laundry service offered at the hotel will keep your favorite travel outfits clean and available. For lazy days and nights, in-room conveniences like 24-hour room service, room service and daily housekeeping let you make the most of your room. Please be advised that smoking is not allowed in the hotel to allow cleaner air for all guests. Smoking is limited to designated areas only, for the health and well-being of all guests and staff. Feel right at home during your stay at It's good to know that a hair dryer, toiletries, bathrobes and towels are provided in some...

the ultimate girl blogger guide

disclaimer: these are my own personal preferences. this “guide” is supposed to be a fun little board where I recollect all my favourite little things and connect them all together. this could be used for inspiration to anyone who wishes to understand the life of a rotting girl blogger with daddy issues who’s addicted to cinema and music (aka me). this is actually just an excuse to introduce myself.

୨୧ movies: the virgin suicides, girl interrupted, buffalo 66, marie antoinette, palo alto, priscilla, malena, kids (1995), waves, gone girl, pearl, the love witch, black swan, prozac nation, white oleander, sharing the secret, valley of the dolls, christiane f, helter skelter, vivre sa vie, a woman is a woman, to the bone, sixteen candles, lolita, melancholia, billy elliot, speak

୨୧ music artists: lana del rey (lizzy grant), amy winehouse, radiohead, air, jeff buckley, mazzy star, fleetwood mac, slowdive, cocteau twins, sade, hole, the cure, pink floyd, led zeppelin, sex pistols, nirvana, massive attack, lalleshwari, black box recorder, autumn’s grey solace, oasis, beach house, nicole dollanganger, heart, boris, you’ll never get to heaven

୨୧ albums: ultraviolence, blue banisters, did you know that there’s a tunnel under ocean blvd (lana del rey), in rainbows, amnesiac (radiohead), grace (jeff buckley), moon safari (air), bare trees, kiln house (fleetwood mac), after hours (sarah vaughan), so tonight that I might see, among my swan (mazzy star), within the depths of a darkened forest (autumn’s grey solace), live through this, celebrity skin (hole), mezzanine (massive attack), surrealistic pillow (jefferson airplane), tell mama (etta james), seventeen seconds (the cure), the wall, wish you were here (pink floyd), mothership (led zeppelin), how does that grab you? (nancy sinatra), planet waves (bob dylan), blonde (frank ocean)

୨୧ books: the bell jar (sylvia plath), the perks of being a wallflower (stephen chbosky), lolita (vladimir nabokov), white nights (fyodor dostoevsky), the virgin suicides (jeffrey eugenides), girl interrupted (susanna kaysen), speak (laurie halse anderson), metamorphosis (franz kafka), of human freedom (epictetus), elvis and me (priscilla beaulieu), a room of one’s own (virginia woolf), madame bovary (charles flaubert), devotions (mary oliver), east of eden (john steinbeck), the stranger (albert camus), i malavoglia (giovanni verga), i who have never known men (jacqueline harpman)

୨୧ girl blogger icons: lana del rey (lizzy grant!!), sofia coppola, kirsten dunst, lily rose-depp, alana champion, nina sayers, effy stonem, amy dunne, lux lisbon, layla (buffalo 66), karissa love, nicole dollanganger, snejana onopka, vlada roslyakova, alida simone

thank you for reading, xoxo

Hi! where did you get the name Mazel from for your dog? my great-grandmother's name was Masel and we've been desperately trying to figure out where the hell it comes from for decades. thank you!

Mazel (Pronounced Mah-zell) is Hebrew for "Blessing" as in "Mazel tov!" and it was the name that was given to her by the Magician who used her as an animal in his magic show before he left her pregnant at the East Palo Alto animal shelter so who knows what he was thinking.

"Maisel" is a Jewish surname, which some modern people have considered as a given name but it's sorta weird, like naming your kid "Mendez Smith". "Masie" is a pretty common given name in the US, and sometimes first names get spelled a bit sideways, especially if it's the parents want to honor Grandma Mabel AND Grandma Hazel, which is how my friend's mom got named after her grandmothers Bella and Janet by being named "Janella". Which is possibly better than "Benet", but I'm not sure.

Shamir Secret Sharing

It’s 3am. Paul, the head of PayPal database administration carefully enters his elaborate passphrase at a keyboard in a darkened cubicle of 1840 Embarcadero Road in East Palo Alto, for the fifth time. He hits Return. The green-on-black console window instantly displays one line of text: “Sorry, one or more wrong passphrases. Can’t reconstruct the key. Goodbye.” 

There is nerd pandemonium all around us. James, our recently promoted VP of Engineering, just climbed the desk at a nearby cubicle, screaming: “Guys, if we can’t get this key the right way, we gotta start brute-forcing it ASAP!” It’s gallows humor – he knows very well that brute-forcing such a key will take millions of years, and it’s already 6am on the East Coast – the first of many “Why is PayPal down today?” articles is undoubtedly going to hit CNET shortly. Our single-story cubicle-maze office is buzzing with nervous activity of PayPalians who know they can’t help but want to do something anyway. I poke my head up above the cubicle wall to catch a glimpse of someone trying to stay inside a giant otherwise empty recycling bin on wheels while a couple of Senior Software Engineers are attempting to accelerate the bin up to dangerous speeds in the front lobby. I lower my head and try to stay focused. “Let’s try it again, this time with three different people” is the best idea I can come up with, even though I am quite sure it will not work. 

It doesn’t. 

The key in question decrypts PayPal’s master payment credential table – also known as the giant store of credit card and bank account numbers. Without access to payment credentials, PayPal doesn’t really have a business per se, seeing how we are supposed to facilitate payments, and that’s really hard to do if we no longer have access to the 100+ million credit card numbers our users added over the last year of insane growth. 

This is the story of a catastrophic software bug I briefly introduced into the PayPal codebase that almost cost us the company (or so it seemed, in the moment.) I’ve told this story a handful of times, always swearing the listeners to secrecy, and surprisingly it does not appear to have ever been written down before. 20+ years since the incident, it now appears instructive and a little funny, rather than merely extremely embarrassing. 

Before we get back to that fateful night, we have to go back another decade. In the summer of 1991, my family and I moved to Chicago from Kyiv, Ukraine. While we had just a few hundred dollars between the five of us, we did have one secret advantage: science fiction fans. 

My dad was a highly active member of Zoryaniy Shlyah – Kyiv’s possibly first (and possibly only, at the time) sci-fi fan club – the name means “Star Trek” in Ukrainian, unsurprisingly. He translated some Stansilaw Lem (of Solaris and Futurological Congress fame) from Polish to Russian in the early 80s and was generally considered a coryphaeus at ZSh. 

While USSR was more or less informationally isolated behind the digital Iron Curtain until the late ‘80s, by 1990 or so, things like FidoNet wriggled their way into the Soviet computing world, and some members of ZSh were now exchanging electronic mail with sci-fi fans of the free world.

The vaguely exotic news of two Soviet refugee sci-fi fans arriving in Chicago was transmitted to the local fandom before we had even boarded the PanAm flight that took us across the Atlantic [1]. My dad (and I, by extension) was soon adopted by some kind Chicago science fiction geeks, a few of whom became close friends over the years, though that’s a story for another time. 

A year or so after the move to Chicago, our new sci-fi friends invited my dad to a birthday party for a rising star of the local fandom, one Bruce Schneier. We certainly did not know Bruce or really anyone at the party, but it promised good food, friendly people, and probably filk. My role was to translate, as my dad spoke limited English at the time. 

I had fallen desperately in love with secret codes and cryptography about a year before we left Ukraine. Walking into Bruce’s library during the house tour (this was a couple years before Applied Cryptography was published and he must have been deep in research) felt like walking into Narnia. 

I promptly abandoned my dad to fend for himself as far as small talk and canapés were concerned, and proceeded to make a complete ass out of myself by brazenly asking the host for a few sheets of paper and a pencil. Having been obliged, I pulled a half dozen cryptography books from the shelves and went to work trying to copy down some answers to a few long-held questions on the library floor. After about two hours of scribbling alone like a man possessed, I ran out of paper and decided to temporarily rejoin the party. 

On the living room table, Bruce had stacks of copies of his fanzine Ramblings. Thinking I could use the blank sides of the pages to take more notes, I grabbed a printout and was about to quietly return to copying the original S-box values for DES when my dad spotted me from across the room and demanded I help him socialize. The party wrapped soon, and our friends drove us home. 

The printout I grabbed was not a Ramblings issue. It was a short essay by Bruce titled Sharing Secrets Among Friends, essentially a humorous explanation of Shamir Secret Sharing. 

Say you want to make sure that something really really important and secret (a nuclear weapon launch code, a database encryption key, etc) cannot be known or used by a single (friendly) actor, but becomes available, if at least n people from a group of m choose to do it. Think two on-duty officers (from a cadre of say 5) turning keys together to get ready for a nuke launch. 

The idea (proposed by Adi Shamir – the S of RSA! – in 1979) is as simple as it is beautiful. 

Let’s call the secret we are trying to split among m people K. 

First, create a totally random polynomial that looks like: y(x) = C0 * x^(n-1) + C1 * x^(n-2) + C2 * x^(n-3) ….+ K. “Create” here just means generate random coefficients C. Now, for every person in your trusted group of m, evaluate the polynomial for some randomly chosen Xm and hand them their corresponding (Xm,Ym) each. 

If we have n of these points together, we can use Lagrange interpolating polynomial to reconstruct the coefficients – and evaluate the original polynomial at x=0, which conveniently gives us y(0) = K, the secret. Beautiful. I still had the printout with me, years later, in Palo Alto. 

It should come as no surprise that during my time as CTO PayPal engineering had an absolute obsession with security. No firewall was one too many, no multi-factor authentication scheme too onerous, etc. Anything that was worth anything at all was encrypted at rest. 

To decrypt, a service would get the needed data from its database table, transmit it to a special service named cryptoserv (an original SUN hardware running Solaris sitting on its own, especially tightly locked-down network) and a special service running only there would perform the decryption and send back the result. 

Decryption request rate was monitored externally and on cryptoserv, and if there were too many requests, the whole thing was to shut down and purge any sensitive data and keys from its memory until manually restarted. 

It was this manual restart that gnawed at me. At launch, a bunch of configuration files containing various critical decryption keys were read (decrypted by another key derived from one manually-entered passphrase) and loaded into the memory to perform future cryptographic services.

Four or five of us on the engineering team knew the passphrase and could restart cryptoserv if it crashed or simply had to have an upgrade. What if someone performed a little old-fashioned rubber-hose cryptanalysis and literally beat the passphrase out of one of us? The attacker could theoretically get access to these all-important master keys. Then stealing the encrypted-at-rest database of all our users’ secrets could prove useful – they could decrypt them in the comfort of their underground supervillain lair. 

I needed to eliminate this threat.

Shamir Secret Sharing was the obvious choice – beautiful, simple, perfect (you can in fact prove that if done right, it offers perfect secrecy.) I decided on a 3-of-8 scheme and implemented it in pure POSIX C for portability over a few days, and tested it for several weeks on my Linux desktop with other engineers. 

Step 1: generate the polynomial coefficients for 8 shard-holders.

Step 2: compute the key shards (x0, y0)  through (x7, y7)

Step 3: get each shard-holder to enter a long, secure passphrase to encrypt the shard

Step 4: write out the 8 shard files, encrypted with their respective passphrases.

And to reconstruct: 

Step 1: pick any 3 shard files. 

Step 2: ask each of the respective owners to enter their passphrases. 

Step 3: decrypt the shard files.

Step 4: reconstruct the polynomial, evaluate it for x=0 to get the key.

Step 5: launch cryptoserv with the key. 

One design detail here is that each shard file also stored a message authentication code (a keyed hash) of its passphrase to make sure we could identify when someone mistyped their passphrase. These tests ran hundreds and hundreds of times, on both Linux and Solaris, to make sure I did not screw up some big/little-endianness issue, etc. It all worked perfectly. 

A month or so later, the night of the key splitting party was upon us. We were finally going to close out the last vulnerability and be secure. Feeling as if I was about to turn my fellow shard-holders into cymeks, I gathered them around my desktop as PayPal’s front page began sporting the “We are down for maintenance and will be back soon” message around midnight.

The night before, I solemnly generated the new master key and securely copied it to cryptoserv. Now, while “Push It” by Salt-n-Pepa blared from someone’s desktop speakers, the automated deployment script copied shard files to their destination. 

While each of us took turns carefully entering our elaborate passphrases at a specially selected keyboard, Paul shut down the main database and decrypted the payment credentials table, then ran the script to re-encrypt with the new key. Some minutes later, the database was running smoothly again, with the newly encrypted table, without incident. 

All that was left was to restore the master key from its shards and launch the new, even more secure cryptographic service. 

The three of us entered our passphrases… to be met with the error message I haven’t seen in weeks: “Sorry, one or more wrong passphrases. Can’t reconstruct the key. Goodbye.” Surely one of us screwed up typing, no big deal, we’ll do it again. No dice. No dice – again and again, even after we tried numerous combinations of the three people necessary to decrypt. 

Minutes passed, confusion grew, tension rose rapidly. 

There was nothing to do, except to hit rewind – to grab the master key from the file still sitting on cryptoserv, split it again, generate new shards, choose passphrases, and get it done. Not a great feeling to have your first launch go wrong, but not a huge deal either. It will all be OK in a minute or two.

A cursory look at the master key file date told me that no, it wouldn’t be OK at all. The file sitting on cryptoserv wasn’t from last night, it was created just a few minutes ago. During the Salt-n-Pepa-themed push from stage, we overwrote the master key file with the stage version. Whatever key that was, it wasn’t the one I generated the day before: only one copy existed, the one I copied to cryptoserv from my computer the night before. Zero copies existed now. Not only that, the push script appears to have also wiped out the backup of the old key, so the database backups we have encrypted with the old key are likely useless. 

Sitrep: we have 8 shard files that we apparently cannot use to restore the master key and zero master key backups. The database is running but its secret data cannot be accessed. 

I will leave it to your imagination to conjure up what was going through my head that night as I stared into the black screen willing the shards to work. After half a decade of trying to make something of myself (instead of just going to work for Microsoft or IBM after graduation) I had just destroyed my first successful startup in the most spectacular fashion. 

Still, the idea of “what if we all just continuously screwed up our passphrases” swirled around my brain. It was an easy check to perform, thanks to the included MACs. I added a single printf() debug statement into the shard reconstruction code and instead of printing out a summary error of “one or more…” the code now showed if the passphrase entered matched the authentication code stored in the shard file. 

I compiled the new code directly on cryptoserv in direct contravention of all reasonable security practices – what did I have to lose? Entering my own passphrase, I promptly got “bad passphrase” error I just added to the code. Well, that’s just great – I knew my passphrase was correct, I had it written down on a post-it note I had planned to rip up hours ago. 

Another person, same error. Finally, the last person, JK, entered his passphrase. No error. The key still did not reconstruct correctly, I got the “Goodbye”, but something worked. I turned to the engineer and said, “what did you just type in that worked?”

After a second of embarrassed mumbling, he admitted to choosing “a$$word” as his passphrase. The gall! I asked everyone entrusted with the grave task of relaunching crytposerv to pick really hard to guess passphrases, and this guy…?! Still, this was something -- it worked. But why?!

I sprinted around the half-lit office grabbing the rest of the shard-holders demanding they tell me their passphrases. Everyone else had picked much lengthier passages of text and numbers. I manually tested each and none decrypted correctly. Except for the a$$word. What was it…

A lightning bolt hit me and I sprinted back to my own cubicle in the far corner, unlocked the screen and typed in “man getpass” on the command line, while logging into cryptoserv in another window and doing exactly the same thing there. I saw exactly what I needed to see. 

Today, should you try to read up the programmer’s manual (AKA the man page) on getpass, you will find it has been long declared obsolete and replaced with a more intelligent alternative in nearly all flavors of modern Unix.  

But back then, if you wanted to collect some information from the keyboard without printing what is being typed in onto the screen and remain POSIX-compliant, getpass did the trick. Other than a few standard file manipulation system calls, getpass was the only operating system service call I used, to ensure clean portability between Linux and Solaris. 

Except it wasn’t completely clean. 

Plain as day, there it was: the manual pages were identical, except Solaris had a “special feature”: any passphrase entered that was longer than 8 characters long was automatically reduced to that length anyway. (Who needs long passwords, amiright?!)

I screamed like a wounded animal. We generated the key on my Linux desktop and entered our novel-length passphrases right here. Attempting to restore them on a Solaris machine where they were being clipped down to 8 characters long would never work. Except, of course, for a$$word. That one was fine.

The rest was an exercise in high-speed coding and some entirely off-protocol file moving. We reconstructed the master key on my machine (all of our passphrases worked fine), copied the file to the Solaris-running cryptoserv, re-split it there (with very short passphrases), reconstructed it successfully, and PayPal was up and running again like nothing ever happened. 

By the time our unsuspecting colleagues rolled back into the office I was starting to doze on the floor of my cubicle and that was that. When someone asked me later that day why we took so long to bring the site back up, I’d simply respond with “eh, shoulda RTFM.” 

RTFM indeed. 

P.S. A few hours later, John, our General Counsel, stopped by my cubicle to ask me something. The day before I apparently gave him a sealed envelope and asked him to store it in his safe for 24 hours without explaining myself. He wanted to know what to do with it now that 24 hours have passed. 

Ha. I forgot all about it, but in a bout of “what if it doesn’t work” paranoia, I printed out the base64-encoded master key when we had generated it the night before, stuffed it into an envelope, and gave it to John for safekeeping. We shredded it together without opening and laughed about what would have never actually been a company-ending event. 

P.P.S. If you are thinking of all the ways this whole SSS design is horribly insecure (it had some real flaws for sure) and plan to poke around PayPal to see if it might still be there, don’t. While it served us well for a few years, this was the very first thing eBay required us to turn off after the acquisition. Pretty sure it’s back to a single passphrase now. 

Notes:

1: a member of Chicagoland sci-fi fan community let me know that the original news of our move to the US was delivered to them via a posted letter, snail mail, not FidoNet email! 

"rock stars and their parents" (1970-1) by john olson, featured in life

david crosby with his father floyd, together in the father's house.

frank zappa in his los angeles home with his dad, francis, his mom, rosemarie, and his cat.

jefferson airplane's grace slick posed with her mother, virginia wing, in the living room of the home where she grew up in palo alto, california. the baby is grace's daughter, china.

elton john laughing with his mom sheila fairebrother and sheila's husband fred (whom elton affectionately called "derf," fred spelled backwards) in their suburban london apartment.

with their parents standing by, the jackson 5 straddle their motorbikes by the pool.

donovan and his parents, donald and winifred leitch.

richie havens with his parents richard and mildred, in bedford-stuyvesant, brooklyn, but he bought them this home in nearby east flatbush when his music career took off.

San Jose just recorded COVID in the wastewater at 99.99% of its peak - Published July 5, 2024

If you thought COVID was a thing of the past, this summer’s surge should make you think twice. The whole Bay Area seems to be coming down with the virus these days.

Local data indicates the virus is spreading at high levels in San Jose and most communities around the Bay Area and California. But despite near record-high COVID levels in wastewater and spiking positivity rates, other metrics show a lot has changed and confirm the virus is not nearly as deadly as it once was before vaccines and treatments became widely available.

Wastewater data for San Jose shows the virus nearly reached record high levels in the city’s sewer shed this week. It was short by less than one tenth of a percent. The previous record high was set during the first Omicron surge in January of 2022. Santa Clara County’s three other sewer sheds — Palo Alto, Sunnyvale and Gilroy — all have high levels of COVID, too, as of the first few days of July.

In the East Bay, COVID levels are also rising as more people contract the virus. Alameda County public health officials said this week that wastewater showed an uptick in the virus and urged people to take precautions.

Statewide, the COVID positivity rate, meaning the portion of COVID tests that come back positive, began spiking in June. On June 1, the positivity rate was 4.1%. It had more than doubled to 10.6% as of July 1, according to data released Friday. The state is now less than one percentage point from the level it was during this winter’s COVID spike, when it reached just over 11%.

Read the whole story on our archive

It's time for Trivia Tuesday!

Q: Heath Ledger played the Joker in which Batman movie?

A. Batman Begins

B. The Dark Knight Rises

C. The Dark Knight

D. Batman Forever

The answer is in the comments

Why You Should Consider The East Palo Alto House For Sale?

Choosing to invest in a house for sale in East Palo Alto is an opportunity that comes with numerous benefits. Furthermore, East Palo Alto has seen significant urban development over the past few years, leading to improved infrastructure and amenities that cater to residents' needs. From shopping centers and parks to restaurants and recreational facilities, everything you need is just a stone's throw away. The community is known for its friendly and inclusive atmosphere, where diverse cultures converge, making it an enriching environment for families and individuals. The East Palo Alto house for sale is more than just a structure; it represents a lifestyle that balances convenience and community. With a steady increase in property values and ongoing development projects, investing in a house here also promises potential appreciation over time, making it a wise financial decision.

Explore Modern Living: East Palo Alto House For Sale With Contemporary Features

When you explore the East Palo Alto house for sale, you’ll find a variety of modern living options that cater to today’s lifestyle. Many homes in the area boast contemporary designs featuring open floor plans, large windows, and energy-efficient appliances, ensuring a blend of style and sustainability. Whether you’re drawn to newly built homes or those that have been tastefully remodeled, East Palo Alto's real estate market offers a range of choices to meet your needs. Living in one of these modern houses not only provides comfort but also allows you to enjoy the latest in home technology, such as smart home systems for security and energy management, creating a seamless living experience. As the city continues to evolve, the availability of homes with contemporary features ensures that you can enjoy modern conveniences while being part of a community rich in culture and innovation.

Your Perfect Retreat: East Palo Alto House For Sale Offers Comfort And Style

Imagine coming home to a sanctuary that encapsulates both comfort and style—this is what you’ll find in an East Palo Alto house for sale. The design of these homes is tailored to create inviting spaces that foster relaxation and well-being. Many properties feature cozy living areas with hardwood floors, abundant natural light, and fireplaces that add a touch of warmth and charm. Spacious bedrooms offer a peaceful retreat for rest and rejuvenation, often equipped with walk-in closets and en-suite bathrooms that enhance the overall living experience. Outdoor spaces further extend your living area, with many homes featuring private yards, gardens, or balconies that provide an oasis of tranquility amid the hustle and bustle of city life. Families will appreciate the thoughtful layouts that promote togetherness while allowing for personal space. Whether it’s enjoying family game nights in the living room or hosting barbecues on the patio, these homes are designed to accommodate your lifestyle.

Invest In Your Future: East Palo Alto House For Sale With Great Roi Potential

Investing in an East Palo Alto house for sale presents an incredible opportunity for financial growth and stability. The city has experienced a remarkable transformation in recent years, making it a desirable location for both homebuyers and investors. As a homeowner, you stand to benefit not only from appreciating property values but also from potential rental income should you choose to lease your home in the future. The combination of a strong local economy, a diverse community, and attractive housing options makes East Palo Alto a wise choice for real estate investment. Whether you’re a seasoned investor or a first-time homebuyer, the potential for growth in East Palo Alto is compelling, allowing you to secure a property that will contribute to your financial future while providing a quality living experience.

Luxury Awaits: Stunning East Palo Alto House For Sale In A Prime Location

Luxury living is within reach with the stunning East Palo Alto house for sale, located in one of the most sought-after areas of Silicon Valley. These homes offer an array of high-end features and finishes that cater to those with discerning tastes. The prime location of East Palo Alto means you’re just minutes away from world-class dining, shopping, and cultural experiences, adding to the appeal of luxury living in this vibrant community. Living in one of these exquisite homes not only provides comfort but also places you in a position to enjoy the best of Silicon Valley life. Investing in a luxury house for sale in East Palo Alto means securing a property that exemplifies both elegance and sophistication, making it a perfect retreat for those who seek an elevated lifestyle.

Family-Friendly Living: East Palo Alto House For Sale Near Top Schools

For families seeking a supportive and nurturing environment, an East Palo Alto house for sale is an excellent choice, especially given its proximity to top-rated schools. Education is a key priority for many families, and East Palo Alto does not disappoint in this regard. The area is home to several highly regarded public and private schools known for their academic excellence, diverse extracurricular activities, and strong community involvement. Living near these schools provides children with access to quality education, enriching their learning experiences and fostering personal growth. Furthermore, the family-friendly neighborhoods offer parks, playgrounds, and recreational facilities that encourage outdoor play and community engagement, making it easy for families to connect and build lasting relationships. East Palo Alto is a community that celebrates diversity and inclusivity, creating an environment where families can thrive and children can grow up with a sense of belonging. The houses for sale in this area often come with spacious yards, perfect for children and pets to play.

Conclusion

In conclusion, an East Palo Alto house for sale represents an incredible opportunity for homebuyers and investors alike. With its ideal location in the heart of Silicon Valley, modern living options, luxurious features, and family-friendly amenities, East Palo Alto is a community that caters to diverse lifestyles and preferences. The benefits of living in this vibrant city are manifold, from the potential for significant returns on investment to the chance to be part of a dynamic, growing neighborhood. Whether you’re seeking a stylish modern home, a comfortable retreat, or a family-friendly environment near top schools, East Palo Alto has something for everyone. By investing in a property here.

Luxury Living: High-End East Palo Alto Homes for Sale

Experience luxury living in East Palo Alto with our exquisite selection of high-end homes for sale. Nestled in a vibrant community, these properties offer sophisticated designs, spacious layouts, and state-of-the-art amenities that cater to a refined lifestyle. Enjoy stunning interiors featuring modern finishes, gourmet kitchens, and expansive living areas, perfect for entertaining guests or relaxing in style. Many homes boast breathtaking outdoor spaces, ideal for soaking up the California sun or hosting memorable gatherings. Located just minutes from Silicon Valley, residents benefit from proximity to top tech companies, fine dining, and exceptional schools. Explore the finest in East Palo Alto real estate and elevate your living experience in one of the Bay Area's most desirable neighborhoods. 

Exploring East Palo Alto Homes for Sale: A Neighborhood Overview

East Palo Alto is a community rich in diversity and opportunity. With a variety of homes for sale, potential buyers can find properties that cater to their lifestyle and budget. This neighborhood offers a unique blend of urban convenience and suburban tranquility, making it a desirable location for families and professionals alike.

The Benefits of Living in East Palo Alto: Homes for Sale Worth Considering

Choosing to purchase a home in East Palo Alto comes with numerous benefits. Residents enjoy access to parks, schools, and a thriving community atmosphere. The area's strategic location near Silicon Valley tech hubs makes it an attractive option for those working in the industry, providing both convenience and comfort.

East Palo Alto Homes for Sale: A Guide for First-Time Buyers

First-time homebuyers will find East Palo Alto an inviting market. With various financing options and programs available, navigating the home-buying process becomes more accessible. This guide highlights essential steps to help first-time buyers confidently explore the available homes in the area.

Understanding the East Palo Alto Real Estate Market: Trends and Insights

The East Palo Alto real estate market is dynamic and constantly evolving. Understanding the current trends, such as price fluctuations and demand for homes, can empower buyers to make informed decisions. This section provides insights into market conditions, helping you stay ahead of the competition.

Types of East Palo Alto Homes for Sale: Finding Your Perfect Fit

Whether you're seeking a charming single-family home, a modern condo, or a cozy townhouse, East Palo Alto has a wide array of options. This section details the various types of homes available for sale, catering to different preferences and needs, ensuring that you find the perfect fit for your lifestyle.

Home Buying Process: Tips for East Palo Alto Homes for Sale

Navigating the home buying process can be overwhelming, but with the right tips and guidance, it becomes manageable. This section provides practical advice on working with real estate agents, obtaining financing, and negotiating offers specific to East Palo Alto homes for sale.

Happy Homeowners in East Palo Alto

Hear from individuals and families who have successfully purchased their dream homes in East Palo Alto. These success stories highlight the positive experiences of buyers, showcasing the community's welcoming atmosphere and the joy of finding the perfect home.

Conclusion

In conclusion, East Palo Alto homes for sale present a fantastic opportunity for potential buyers looking to settle in a vibrant community. With a diverse selection of properties, a supportive neighborhood, and a thriving real estate market, East Palo Alto is the perfect place to call home. By understanding the market, exploring various housing options, and seeking guidance throughout the buying process, you can confidently embark on your journey to homeownership. Start your search today, and discover the many possibilities waiting for you in East Palo Alto!

For years, it's been an inconvenient truth within the cybersecurity industry that the network security devices sold to protect customers from spies and cybercriminals are, themselves, often the machines those intruders hack to gain access to their targets. Again and again, vulnerabilities in “perimeter” devices like firewalls and VPN appliances have become footholds for sophisticated hackers trying to break into the very systems those appliances were designed to safeguard.

Now one cybersecurity vendor is revealing how intensely—and for how long—it has battled with one group of hackers that have sought to exploit its products to their own advantage. For more than five years, the UK cybersecurity firm Sophos engaged in a cat-and-mouse game with one loosely connected team of adversaries who targeted its firewalls. The company went so far as to track down and monitor the specific devices on which the hackers were testing their intrusion techniques, surveil the hackers at work, and ultimately trace that focused, years-long exploitation effort to a single network of vulnerability researchers in Chengdu, China.

On Thursday, Sophos chronicled that half-decade-long war with those Chinese hackers in a report that details its escalating tit-for-tat. The company went as far as discreetly installing its own “implants” on the Chinese hackers' Sophos devices to monitor and preempt their attempts at exploiting its firewalls. Sophos researchers even eventually obtained from the hackers' test machines a specimen of “bootkit” malware designed to hide undetectably in the firewalls' low-level code used to boot up the devices, a trick that has never been seen in the wild.

In the process, Sophos analysts identified a series of hacking campaigns that had started with indiscriminate mass exploitation of its products but eventually became more stealthy and targeted, hitting nuclear energy suppliers and regulators, military targets including a military hospital, telecoms, government and intelligence agencies, and the airport of one national capital. While most of the targets—which Sophos declined to identify in greater detail—were in South and Southeast Asia, a smaller number were in Europe, the Middle East, and the United States.

Sophos' report ties those multiple hacking campaigns—with varying levels of confidence—to Chinese state-sponsored hacking groups including those known as APT41, APT31, and Volt Typhoon, the latter of which is a particularly aggressive team that has sought the ability to disrupt critical infrastructure in the US, including power grids. But the common thread throughout those efforts to hack Sophos' devices, the company says, is not one of those previously identified hackers groups but instead a broader network of researchers that appears to have developed hacking techniques and supplied them to the Chinese government. Sophos' analysts tie that exploit development to an academic institute and a contractor, both around Chengdu: Sichuan Silence Information Technology—a firm previously tied by Meta to Chinese state-run disinformation efforts—and the University of Electronic Science and Technology of China.

Sophos says it’s telling that story now not just to share a glimpse of China's pipeline of hacking research and development, but also to break the cybersecurity industry's awkward silence around the larger issue of vulnerabilities in security appliances serving as entry points for hackers. In just the past year, for instance, flaws in security products from other vendors including Ivanti, Fortinet, Cisco, and Palo Alto have all been exploited in mass hacking or targeted intrusion campaigns. “This is becoming a bit of an open secret. People understand this is happening, but unfortunately everyone is zip,” says Sophos chief information security officer Ross McKerchar, miming pulling a zipper across his lips. “We're taking a different approach, trying to be very transparent, to address this head-on and meet our adversary on the battlefield.”

From One Hacked Display to Waves of Mass Intrusion

As Sophos tells it, the company's long-running battle with the Chinese hackers began in 2018 with a breach of Sophos itself. The company discovered a malware infection on a computer running a display screen in the Ahmedabad office of its India-based subsidiary Cyberoam. The malware had gotten Sophos' attention due to its noisy scanning of the network. But when the company's analysts looked more closely, they found that the hackers behind it had already compromised other machines on the Cyberoam network with a more sophisticated rootkit they identified as CloudSnooper. In retrospect, the company believes that initial intrusion was designed to gain intelligence about Sophos products that would enable follow-on attacks on its customers.

Then in the spring of 2020, Sophos began to learn about a broad campaign of indiscriminate infections of tens of thousands of firewalls around the world in an apparent attempt to install a trojan called Asnarök and create what it calls “operational relay boxes” or ORBs—essentially a botnet of compromised machines the hackers could use as launching points for other operations. The campaign was surprisingly well resourced, exploiting multiple zero-day vulnerabilities the hackers appeared to have discovered in Sophos appliances. Only a bug in the malware's cleanup attempts on a small fraction of the affected machines allowed Sophos to analyze the intrusions and begin to study the hackers targeting its products.

As Sophos pushed out patches to its firewalls, its team responsible for threat intelligence and incident response, which it calls X-Ops, also began an effort to track its adversary: Sophos included in its “hotfix" for the hackers' intrusions additional code that would collect more data from customers' devices. That new data collection revealed that a single Sophos device registered in February of 2020 in Chengdu showed signs of early alterations similar to the Asnarök malware. “We started to find tiny little indicators of the attack that predated any other activity,” McKerchar says.

Using registration data and records of downloads of code Sophos made available to its customers, the X-Ops team eventually identified a handful of machines it believed were being used as guinea pig devices for Chinese hackers as they sought to find vulnerabilities and test their intrusion techniques prior to deployment. Some of them seemed to have been obtained by a Chengdu-based company called Sichuan Silence Information Technology. Others were tied to an individual who used the handle TStark, whom X-Ops analysts then found had held a position at the University of Electronic Science and Technology of China, also in Chengdu.

X-Ops analysts could even observe individuals using computers and IP addresses tied to the test devices reading Sophos' online materials that detailed the firewalls' architecture. “We could see them researching us,” McKerchar says.

In late April of 2020, Dutch police worked with Sophos to seize a Netherlands-based server that Sophos had identified as being used in the Asnarök infection wave. In June of that year, however, the hackers launched another round of their mass intrusions, and Sophos found they had significantly reduced the complexity and “noise” of their malware in an attempt to evade detection. Yet through the increased data collection from its devices and the intelligence it had assembled on the Chengdu exploit development group, Sophos was able to spot the malware and push out patches for the vulnerabilities the hackers had used within a week, and even identify a “patient zero” machine where the new malware had first been tested two months earlier.

The next month, X-Ops took its most aggressive step yet in countering the effort to exploit its devices, deploying its own spy implants to the Sophos devices in Chengdu they were testing on—essentially hacking the hackers, albeit only through code added to a few installations of its own products the hackers had obtained. Sophos says that preemptive surveillance allowed the company to obtain key portions of the hackers' code and head off a third wave of their intrusions, catching it after only two customers had been compromised and pushing out a patch designed to block the attacks, while obfuscating that fix to avoid tipping off the hackers to Sophos' full knowledge of their techniques.

“In the first wave, we were on the back foot. In the second wave, it was an even match,” says McKerchar. “The third attack, we preempted.”

A New Phase of the Game

Starting in 2021, Sophos says it began to see far more targeted attacks from Chinese hacker groups exploiting its products, many of which it was able to uncover due to its efforts to surveil the research of the Chengdu-based exploit development network. Over the next two years, the hackers continued hijack vulnerabilities in Sophos appliances in a wide variety of targeted attacks hitting dozens of targets in Asia and the West.

In September of 2022, for instance, Sophos found a campaign exploiting a vulnerability in its products that had breached military and intelligence agencies in a Southeast Asian country, as well as other targets including water utilities and electric generation facilities in the same region. Later, Sophos says, a different Chinese state-sponsored group appears to have exploited a bypass for its patch for that vulnerability to target government agencies outside of Asia, in one instance hacking an embassy shortly before it was set to host officials from China's ruling Communist Party. It also found intrusions at another country's nuclear energy regulatory agency, then a military facility in the same country and the airport of the country's capital city, as well as other hacking incidents that targeted Tibetan exiles.

“We just opened the door on a huge amount of high-end targeted activity, a Pandora's Box of threat intelligence," McKerchar says.

As the hackers' tooling continued to evolve in response to Sophos' attempts to head them off, the company's X-Ops researchers at one point pulled from a test device they were surveilling a unique new specimen of malware: The hackers had built a “bootkit,” an early attempt at malware designed to infect a Sophos firewall's low-level code that's used to boot up the device before its operating system is loaded, which would make the malware far harder to detect—the first time Sophos believes that sort of firewall bootkit has ever been seen.

X-Ops never found that bootkit deployed on an actual victim's machine, but Sophos CISO McKerchar says he can't rule out that it was in fact used somewhere and evaded detection. “We certainly tried to hunt for it, and we have some capability to do that,” says McKerchar. “But I would be brash to say it's never been used in the wild.”

As Sophos has tried to understand the motives of the Chengdu-based network of hackers digging up vulnerabilities and providing them to the Chinese state, that picture has been complicated by the strange fact that the researchers finding those flaws may have on two occasions also reported them to Sophos itself through its “bug bounty” program. On one occasion, for instance, the exact vulnerability used in a hacking campaign was reported to Sophos by a researcher with a Chinese IP address just after it was first used in an exploitation campaign—Sophos paid the researcher $20,000 for their findings.

That bizarre incongruity with the Chengdu-based researchers' apparent role as suppliers of intrusion techniques for Chinese state hacking groups and its bug bounty reports to Sophos, McKerchar argues, show perhaps how loose the connections are between the researchers finding these vulnerabilities and the state hackers exploiting those bugs. “I think this is a security research community which is patriotically aligned with PRC objectives,” he says, referencing the People's Republic of China. “But they're not averse to making a bit of money on the side.”

Contacts at the University of Electronic Science and Technology China didn't respond to WIRED's request for comment on Sophos' report. Sichuan Silence Information Technology couldn't be reached for comment, and appears to have no working website.

Sophos' timeline of its struggle against a highly adaptive adversaries sussing out its products' hackable flaws points to the success of China's efforts to corral its security research community and funnel its discoveries of vulnerabilities to the government, says Dakota Cary, a researcher at the Atlantic Council, a nonpartisan think tank, who has focused on that Chinese exploit development pipeline. He points to China's efforts, for instance, to foster hacking competitions as a source of intrusion techniques for its offensive hacking efforts, as well as 2021 legislation that requires researchers and companies based in China to report to the government any hackable bug they find in a product.

“In Sophos' document, you see the interconnectedness of that system kind of shine through,” says Cary. “The culture of these organizations working together or competing for work, and the way that the government is trying to centralize collection of vulnerabilities and then distribute those tools to offensive teams—you see all of that reflected.”

Sophos' report also warns, however, that in the most recent phase of its long-running conflict with the Chinese hackers, they appear more than ever before to have shifted from finding new vulnerabilities in firewalls to exploiting outdated, years-old installations of its products that are no longer receiving updates. That means, company CEO Joe Levy writes in an accompanying document, that device owners need to get rid of unsupported “end-of-life” devices, and security vendors need to be clear with customers about the end-of-life dates of those machines to avoid letting them become unpatched points of entry onto their network. Sophos says it's seen more than a thousand end-of-life devices targeted in just the past 18 months.

“The only problem now isn't the zero-day vulnerability,” says Levy, using the term “zero-day” to mean a newly discovered hackable flaw in software that has no patch. “The problem is the 365-day vulnerability, or the 1,500-day vulnerability, where you've got devices that are on the internet that have lapsed into a state of neglect.”

That warning was echoed by Cybersecurity and Infrastructure Security Agency assistant director for cybersecurity Jeff Greene, who stresses the risk of Chinese hackers exploiting older, unpatched systems, as well as the broader, ironic threat of network perimeter appliances serving as entry points for hackers. “These edge devices often have inherent insecurities, they’re often not managed once they’re put out, they're not patched," says Greene. “We’ll leave a trail of these devices for a long time that attackers will be looking to compromise.”

Sophos CISO McKerchar says the company is revealing its five-year fight with the Chengdu-based hacking network to amplify those warnings, but also to end a kind of cybersecurity industry omertà around the growing issue of security companies' own products creating vulnerabilities for their customers. “Trust in the industry has been massively eroded in the past few years. There's a huge amount of skepticism across about the way that vendors are handling these risks, but we've relied on silence instead,” says McKerchar. “We want to show a bit of vulnerability ourselves, recognize that we've had problems, then tell the story about how we stepped up.”

Cummings Park East Palo Alto Condos | Sanmateocountyproperties.com

Discover your dream home at Cummings Park East Palo Alto Condos. Explore Sanmateocountyproperties.com for the best selection of luxury condos in East Palo Alto. Start living your best life now.

Cummings Park East Palo Alto Condos