CNBC reports on Australia’s Department of Defense prohibiting the popular Chinese chat app WeChat from being used on its network assets:

Messaging and e-payment app WeChat has become the latest Chinese technology to be banned by an overseas military on security grounds, with Australia instructing its armed forces not to use it.

The country’s defence department said the service did not meet its standards, although it did not directly link the ban to security concerns.

“Software and applications that do not meet Defence standards will not be authorised for use on Defence networks and mobile devices,” the country’s defence department said in an email statement. “Defence has a strict policy concerning the use of social media on its networks and mobile devices. Defence allows very few applications on Defence mobile devices. WeChat has not been authorised for use.”

Australia is part of the Five Eyes, so it should come as no surprise to see them banning Chinese internet technology. It simply boils down to a matter of trust, and it is hard to have any when China is wreaking havoc all over the world, even if they have been a bit quiet lately.

For the majority of my life I have been a proverbial power user with computers, primarily in love with speed and specs more than practicality. If a computer was not equipped with the fastest processor, most amount of RAM, or largest storage, then I would not consider it for purchase. After traveling all over Tokyo with a laptop attached to my back for the past few years, I have a newfound appreciation for mobility, and my desires have evolved – dare I say – with both old age and pragmatism.

When Apple released its most recent new laptop design in 2015 – the Retina MacBook, simply called MacBook – I laughed at the single USB-C port and thought there was no way in hell I could ever live with a single port. One port? Seriously? WTF Apple?

Fast forward to a couple months ago when Apple released an update to the MacBook lineup, equipping it with a refreshed set of Intel m3, m5, and m7 chips. Apple opted to stick with the single port and same design, much to the dismay of the power user crowd. Initially I rebuffed the new models until I took a closer look at my more recent usage patterns, as well as long-term computing desires.


Late last year my wife purchased a MacBook Air 11” and she loves its portability. Not only does it have a small footprint but it is lightweight, and packs a fairly decent performance punch. It is, by no means, a MacBook Pro – nor is it meant to compete with one – but it demonstrates essentially no discernable lack of power in everyday tasks like web surfing, email, PowerPoint, Word, and other standard business applications. The MacBook is ultimately meant to replace the Air in the Apple laptop lineup, and this was obviously their goal: make the most mobile yet usable Mac possible.

The noticeable lack of weight, and thus extreme portability, are what attracted me to the idea of the MacBook. My back was tired of carrying around a heavy MacBook Pro on the train and foot to customer meetings all over Tokyo. My desire to be more productive while on-the-go was overcome by the strain the weight added when mobile, so I yearned for something like the MacBook. I had thought of buying an Air but was uninterested in using a non-Retina screen. This was a tough decision, and one I weighed very carefully over the course of a couple weeks, visiting the Apple Store almost daily to play around with the MacBook and the Air.

About the MacBook

Let me get this out of the way upfront: the 2016 MacBook m5, w/8GB RAM and 512GB SSD is my favorite Apple laptop ever. I say this after having used nothing but PowerBook and MacBook Pro models since 2003. I migrated to the MacBook from a Retina MacBook Pro 15” w/16GB RAM and 512GB SSD. The screen and weight alone are the perfect combination for someone like me, who is constantly taking the train, bus, and walking all over Tokyo.

Having moved from a rMBP, which still functions as my mock-desktop replacement, I was only slightly concerned about the USB-C port. I use my rMBP for streaming video to my Apple TV via Plex. The majority of my media is stored on an external 1TB USB3 HDD. I had contemplated retiring the rMBP and using the MacBook for streaming, but then realized my goal with the MacBook was portability. I rarely ever use the external HDD when I am mobile, and quickly dismissed the notion of the single USB-C port being a barrier for my use case.

Let me just dive right in the deep-end and breakdown the pros and cons of the MacBook, as I see them:


  • Weight. I can barely even feel the machine in my backpack, therefore it does not bother my back in the least. Unlike the MacBook Pro, which is noticeably heavy, the MacBook is light as a feather.
  • Screen. Having moved from a Retina MacBook Pro, I had to stick with the Retina display. The Air, while a nice laptop, still has old display technology. The MacBook’s screen is simply gorgeous.
  • Battery. I use this thing constantly, for likely 6-8 hours a day, on wifi, streaming music. Never once have I needed to charge it during the day even though I bring the charger just in-case. It is unreal how well this battery holds up. At the end of the day, I usually have approximately 35% battery remaining, even after heavy daily use.
  • Speed. While there are some minor noticeable speed issues, by and large the MacBook launches applications immediately. I have not had issue with lag yet for one exception: Microsoft Office. Launching Word, Excel, and PowerPoint takes a noticeable amount of time, with the icons bouncing on the dock for a couple seconds before the window finally appears. For me, it is a non-issue, however if you are impatient, this could be problematic.


  • Speed. While listed as a Pro, it is also a con. Sometimes you expect and want apps to launch immediately. That Microsoft Office apps take a noticeable amount of time to launch can sometimes be a tad frustrating. As I just mentioned, if you are impatient, this could be a potential deal breaker. I challenge you to reconsider your notion of speed and why it would ever be so necessary to have a bloated Microsoft application appear instantaneously. But I digress …
  • Resolution. I am getting old, and my eyes are not what they used to be, and thus the 12” screen is tough to see at times. Nothing glasses will not solve, but I generally do not want to resort to pulling out my reading glasses just to see my MacBook screen. Call me vain.
  • Cost. At almost $2000 total, you really need to consider the justification for a purchase of this magnitude.
  • Ports. The MacBook only has two ports: a single USB-C port, and a headphone plug. The USB-C port doubles as the charging port, therefore the only way to use USB devices and charge the laptop simultaneously is by using a hub. This is a huge con for a lot of people, although in my practical yet anecdotal use of my own MacBook, this has never been an issue.

MacBook Butterfly KeyboardI hesitate to put the keyboard in either of the above even though it seems to be a huge debate topic. Overall, I am satisfied with the keyboard and the small travel distance of the keys. The only part of the keyboard I can say I utterly hate is the arrow keys. They are so weird, and I have yet to get used to the layout. Otherwise, for me, the keyboard is a non-issue.

Being in the industry I am in, often times I need to run VMware and have a VM or two open at a time. I have done this while keeping Safari open with about 15 tabs, Mail, Slack, Tweetbot, PowerPoint, and Word, and the MacBook hums along without any lag or issues. I often times even have VLC playing a video in the background or I am streaming music, and I have yet to see the machine stutter.

Generally 8GB RAM does not sound like a lot, and the m5 seems like it would be underpowered compared to its i7 cousin in my rMBP, but it performs mostly flawlessly. It is amazing how tight this laptop is compared to its on-paper specs.

Finally, I do not count the single USB-C port a con. The vast majority of people, myself included even though I am techie and geek, rarely need to plug in external peripherals. In the unlikely event it iss necessary, I did pick-up an Anker USB-C hub. It was 2000JPY and has two standard USB-3 ports, HDMI-out, and a USB-C port for either charging the MacBook or for using another USB-C device. All-in-all, I have used it twice in two months.

I consider that hardly a necessity nor a problem.


MacBook 2016As I said at the very beginning, this is a wonderful laptop, and my favorite of all I have ever owned. I have never been so enamored with hardware, Apple or otherwise, until now. I feel much more productive being able to move around Tokyo, barely noticing a laptop is hanging off my back. It is refreshing.

The biggest question on my mind about the MacBook is this: longevity. How long will the machine last? I have a 2009 MacBook Pro that continues to hum along without issues. Will a MacBook last that long? I suspect not, but you never know. As a costly investment, I really hope the MacBook is capable of handling future macOS updates without any noticeable performance degradation. Only time will be able to answer this question.

If you value portability over expandability and raw power, the Retina MacBook is likely just what you need. I find myself falling in love with it all over again, each day I use it, simply because I can use this laptop anywhere and everywhere without ever thinking twice. Even if you value power over portability, this little engine that could will surprise you.

However, if you are unable to get passed the lack of expansion ports, this is decidedly not for you in its current incarnation. Remember, the first two years of the MacBook Air’s life, it had limited expansion ports, and then the third year saw it slightly redesigned into its current form, complete with plenty of expandability.

This is my machine, and the only computer I need on a daily basis. For me, the MacBook is almost the holy grail of computers – the perfect combination of iPad-like portability yet with a full-fledged operating system where I can be, and feel, productive.

Thank you Apple for catering to my needs.

Balmuda is a new $230 toaster from Japan capable of producing the perfect toast:

The toaster costs 24,000 yen ($230), or almost five times the price of a regular device in Japan (the smaller appliances with doors and trays are the norm here, rather than the pop-up variety). With at least a three-month wait in stores, the gadget has become a quiet hit, even though the manufacturer hasn’t bought ads or aired any commercials since it debuted in June—an unusual glimmer of innovation in a country that once wooed consumers with Walkmans, digital cameras and flat-panel TVs.

It was at a company picnic on a rainy day, warming bread on a grill, that company founder Gen Terao and his band of product designers accidentally made great toast. After the showers stopped, they tried to reproduce it in a parking lot and realized that water was the key. Thousands of slices later, they figured out that steam traps moisture inside the bread while it’s being warmed at a low temperature. The heat is cranked up just at the end, giving it a respectable crust.

There is nothing like a couple slices of toast, and nice cappuccino to get the morning started off right.

DHS is funding a Boeing project for enhanced biometrics to be used as a means for device self-destruction after identifying it is no longer being used by its owner:

The technology powering the devices potentially could identify the user’s walking style, for example. Officials would be alerted if the gait does not match the authorized user’s walk – a red flag the phone might have fallen into the wrong hands, officials said.

The “secret sauce” of the mobile device is a so-called neuromorphic computer chip that simulates human learning, Vincent Sritapan, the program manager for DHS’ mobile device security program, told Nextgov.

Gait recognition — driven by the phone’s accelerometer, GPS and the chip — is but one of many kinds of continuous ID verification intended to tighten access controls on mobile devices.

Boeing and HRL Laboratories, a software firm jointly owned by Boeing and General Motors, are partnering under a DHS project worth $2.2 million over 2.5 years.

The companies “pretty much are leveraging user behavior information” from data gathered by sensors found on any standard consumer smartphone, Sritapan said. Those feelers could include microphones, cameras and touchpads, he added. The artificial intelligence could help agencies determine, “Are you who you say you are, and do we give you access to enterprise resources like email?” he said.

This sounds quite intriguing.

The shortsighted Federal Bureau of Investigation considered taking Apple to court due to their encryption capabilities built-in to iMessage, Facetime, and iOS devices:

The clash with Cupertino was reportedly sparked by an investigation this summer — “involving guns and drugs” — in which a court order was obtained, demanding that Apple provide real time iMessages exchanged by iPhone-using suspects. Due to the stringent security measures featured on iOS 8, Apple responded that it could not comply due to the advanced encryption used by the company.

Thankfully, the decision was taken not to pursue legal action. However, the case once again demonstrates the opposition that exists within government to Apple’s stance on user privacy.

In a previous open letter, F.B.I. director James Comey argued that the top-notch security on devices like the iPhone have potential to aid terrorist groups like ISIS.

Tim Cook, meanwhile, has argued that Apple is taking a moral stance by not mining user data.

If you are a penetration tester or just interested in the tools attackers use then chances are you are more than familiar with Kali Linux. The distro was recently updated to Kali Linux 2.0, and here are the top ten post-install tips designed to maximize your experience with this outstanding OS:

There’s several ways you can use Kali – either as a “throw away pentesting machine” or as a “long term use OS“. The “throw away” method entails setting up Kali for a one off engagement or short term use, and then killing off the OS when done (this usually happens in virtual environments). The “long term use” use case describes people who want to use Kali on an ongoing basis for day-to-day use. Both methods are perfectly valid, but require different treatment. If you plan to use Kali on a day-to-day basis, you should avoid manual installs of programs in FSH defined directories, as this would conflict with the existing apt package manager.

A tech industry working group convened and drafted an IoT security and privacy framework for locking down home automation, and consumer health and fitness wearable devices with standard security best practices:

The framework calls for IoT makers to have the ability to fix bugs quickly and reliably via remote updates or other notifications to consumers — or even device replacement, if needed. And that item comes with this caveat: “It is recognized that some embedded devices’ current design may not have this capability and it is recommended such update/upgradability capabilities be clarified to the consumer in advance of purchase.”

Time is another factor with IoT devices. Networked thermostats, garage-door openers, and other in-home devices change hands when the house does, but the former residents could still have access. And what happens after a warranty expires on smart device and there’s a breach, Spiezle says.

“We talk about not just security, privacy, and disclosure of the data that’s collected, but also the lifecycle issues. How do they support [these devices] over time and beyond the warranty,” he says.

The working group plans to finalize a formal IoT framework — which includes some 22 minimum requirements plus a dozen optional additional measures — and program around mid-November, after gathering input from Congress, the White House, Federal Trade Commission, and other entities.

Interestingly, Intel, a company championing IoT, was absent from this working group.

Disclosure: I work for Intel Security.

Commodore, the outstanding computer manufacturer I grew up with, is back and this time with a smartphone using their iconic name – PET:

For those of you too young to remember, Commodore was a hot company in the mid-1980s. It was a leader in personal computers, shipping thousands of Commodore 64 desktops daily. Guinness has named it the single biggest-selling computer ever—the company sold as many as 17 million of them—and the brand name is still widely remembered. Still, the company went bankrupt in 1994, and the brand saw several fuzzy changes of trademark ownership over the years.

Now it’s appearing on a smartphone created by a pair of Italian entrepreneurs. It’s called the PET—sharing its name with Commodore’s other iconic PC—and its custom Android build includes two emulators so owners can enjoy old C64 and Amiga games.

Rumors have swirled around the phone for months, driven in part by design renders published online. With its release imminent, I met with the guys behind it and tried out a prototype. Perhaps the biggest question: how a company that folded two decades ago can release a new product.

That’s a long, strange tale.

Even though its running Android, for the mere fact its Commodore hardware I will have to check it out.

Hardware vendors like Dell, HP, Cisco and others have a potentially bleak future ahead of them as more and more companies move from administering their own suite of servers to using cloud-based solutions like Amazon Web Services. This story about how Yamaha went all-in on AWS should terrify these companies because they stand to lose a lot of revenue (emphasis added):

Every month, the lease for one or two of these servers would come due, and a new server sent to replace it. His infrastructure team had to back up the data, then test and install the apps to get the new server running.

It was tedious work and an expensive use of manpower.

“We said, this is not sustainable,” Thomas said.

He thought about hiring out for that work, but the bids came it at a laughable $1 million a year just for labor, and didn’t include the cost of the new servers.

So he decided to go all-in with the cloud. In November 2013, he approached several cloud computing companies including Amazon and asked for bids.

Amazon, which grew up as an ecommerce retailer, isn’t known for its enterprise sales expertise or support (though it is beefing itself up in that area).

So Amazon turned Yamaha’s request for a bid over to its partner 2nd Watch, who won the bid and then spent a year helping Yamaha move all of its data, servers and apps to AWS. 2nd Watch also provides Yamaha with ongoing cost management tools.

“I can tell on a daily basis how much infrastructure is costing us,” he explains and he and his team can then make sure that they are not overpaying.

In July 2014, all of the company’s IT, supporting some 450 employees in the US, was running on Amazon’s cloud with three exceptions:

  • The corporate accounting app Oracle enterprise resource planning app (ERP)
  • The Cisco telephone system
  • A bunch of employees’ shared files which were set up in personal drives.

He’s now in the process of moving those last items to the cloud, too. He just asked for bids from Box, Dropbox, and other file sharing companies and is working on bids for cloud versions of Cisco’s telecom services, available from Cisco, AT&T and others.

While hardware vendors will still have the opportunity to sell to the likes of Box, Dropbox, Amazon, and other cloud vendors, they will likely not be generating nearly the same amount of revenue as in the past. The number of physical devices being purchased pales in comparison to the previous years.

These companies better get ahead of this trend and start skating to where the puck will be otherwise they will find themselves out of the game altogether.

This little gem of a Raspberry Pi-based tool allows anyone to anonymously access wifi from up to 2.5 miles away from a wireless access-oint:

Proxyham is composed of a WiFi-enabled Raspberry Pi computer and three antennas setup. One of the antennas connects to a source public Wi-Fi network while the other two transmit the Wi-Fi signal at a frequency of 900 MHz.

Therefore, this appliance works very effectively with a radio connection of 900 Megahertz. It is capable of connecting distanced Wi-Fi, at a range of 1 to 2.5 Miles. Though several interference factors are considered.

In case some spying agents manage to track the target’s internet connection they will only be able to disclose the IP address of ProxyHam box which would be transmitting some low-level radio signal thousands of feet away at different direction.

Caudill disclosed that he along with some of his colleagues are working over a Motherboard with an additional feature of self-destructing the ProxyHam

So basically, you can be 2.5 miles away from your BFF’s house and still use their wifi without their knowledge. Imagine the impact this will have on court cases relying solely on IP address information to prosecute online criminal activity.

An obviously clueless Japanese Judge orders Google to delete links to a man’s previous under-age sexual solicitation arrests from the search engine in an attempt to hide his embarrassing past from the world:

In 2012, the man was arrested for paying a girl under the age of 18 for sexual favors. He was charged with violating child prostitution laws and fined 500,000 yen. However, his name and news reports regarding the arrest still come up in Google searches.

Claiming that this was an infringement upon his personal rights, the man petitioned to have the information deleted from the search engine. His lawyer told the court his client had been rehabilitated and that it was difficult to get on with his life as long as his arrest record remains online.

In handing down the ruling, the presiding judge said such relatively minor crimes do not hold any particular significance to the public and therefore continuing to display such information three years after the incident does not have much merit for society at large.

Someone needs to learn how Google and the internets work. Deleting links from Google’s search engine will not make the stories go away nor will it make them more difficult to find. In fact, this ruling will likely shed more light on his asshattery.

As an aside, I find it quite interesting how the presiding judge considers underage sexual solicitation to have been a “relatively minor crime” considering how damaging it likely will be to her for the rest of her life. Unbelievably out of touch.

Welcome to the Streisand Effect.

The Next Web has posted what amounts to an advertisement masquerading as an article about how the cyber security industry is a billion dollar scam. The author claims cyber security vendors are purposely selling outdated technology it knows to be ineffective at preventing cyber attacks. First, the author sets the stage by claiming the the current model is broken (emphasis added):

According to Price Waterhouse Coopers, the total number of security incidents has increased 66 percent year-over-year since 2009. In 2014, there were 117,339 incoming attacks a day, an increase of 48 percent over the year before, accompanied by a rise in financial losses. Not only are these attacks more frequent and expensive, but they are also happening on a larger scale – 77 million records stolen from JPMorgan, 80 million records stolen from Anthem, Target, Home Depot, Sony, and the list goes on.

The connection between more cybercrime and more spending is clear. What is not clear is that more spending on security technology has actually done anything to curb the crime. Most of the security products out there use 20th century technology against 21st century foes, and they are obviously failing.

The author follows this by discussing how cyber security vendors are primarily selling products based on antiquated anti-virus technology rather than newer types of unproven solutions possibly more capable of preventing successful attacks (emphasis added):

Tools from mainstream security vendors are primarily based on an outdated, antivirus approach that relies on having prior knowledge of an attack. Threats are detected by comparing a program’s software to known malware in a virus dictionary. If a piece of code matches an entry in the dictionary, this raises the red flag.

Most of the security products available on the market are just a half-step better than old antivirus products. This method fails today because it only works if an attack has been seen before. Modern cybercriminals[sic] are more sophisticated than that. We are no longer looking at kids in a dorm room coming up with annoying little hacks.

While I will not disagree that there is a lot of outdated technology on the market today, that does not mean it is entirely ineffectual. The modern cyber attacker is generally backed by a well funded crime syndicate, or at worst a nation state, and are very good at what they do. Their level of sophistication requires organizations to use advanced cyber defenses to protect their crown jewels. This is well understood by every cyber security professional.

Next, the author rants about how there is this unwritten treaty – whereby treaty he means collusion – between the security vendors and the hackers, leveraging fear, uncertainty, and doubt to force organizations to spend a lot of money on useless technology (emphasis added):

The companies that make these products sell them for millions of dollars, knowing that they won’t work. Then when they fail, the vendors ask for millions more dollars to tell their clients why they failed. It is a racket. Without the “robbers,” the “cops” have no business; the more breaches occur, the more money the cybersecurity companies make.

Why hasn’t this Unholy Alliance between hackers and cybersecurity vendors received more attention? And why do organizations keep buying their products? One factor is secrecy – the security industry is not transparent in an alleged effort to protect security, and this means that these inadequate products continue to sell and continue to fail. Marketing is another factor. It’s not the best product that wins, but the best marketed product.

So now we are starting to get to the heart of the authors issue: organizations continue to spend money with the same vendors who previously sold them products that were ostensibly inadequate in preventing a breach. What the author fails to even remotely address is the complex nature of the problem, and more importantly, that buying expensive technology is not going to be one hundred percent effective in preventing every cyber attack. There will never be a time when this will be true.

Preventing successful cyber attacks requires a multi-faceted approach, combining technology, highly trained cyber security personnel, and an educated workforce, among other things. If an organization believes buying a security tool will solve all their security needs then they are sadly mistaken, and likely did not ask the right questions.

The author seems to take issue with marketing as well, and I can sympathize with this position. There are two particular security vendors – Palo Alto Network and FireEye – who spend a lot of time, money, and effort on marketing their known inferior products. There are plenty better technologies being sold today but as a result of their marketing campaigns, organizations believe they need to buy tools from these companies to stay protected.

Nothing could be further from the truth.

But here is the kicker – the part where we finally understand the context for this essentially pointless, baseless rant of an advertisement purporting to be an actual well researched, well written article (emphasis added):

In order to be effective, security software can’t rely on prior knowledge. It has to somehow figure out what is happening without looking at a list, because that list is inevitably going to be stale and incomplete. A better approach is to use Big Data and machine learning, which make it possible to identify patterns and predict discrepancies in real-time based on actual circumstances, not old or useless information.

The major security vendors are not taking this approach because it is in their best interest to keep the breaches happening. For this, they are just as culpable as the hackers themselves. In addition to developing new, better approaches for preventing attacks, startups also have an opportunity to realign the goals of the security industry to put customers’ best interest at the core.

I do not even have to address the sheer stupidity of the baseless claim that the major security vendors are not taking the approach the author outlines because there is some ostensible conspiracy to keep the industry status quo so the old guard can continue to generate revenue. Saying the vendors are the problem is to claim handgun manufacturers are at fault when an adversary shows up to a fight with a tank. The author seems to have no problem telling lies of his own so long as they suit his narrative.

Finally, the big data and machine learning comment is really the crux of this advertisement: at the bottom of the article, the author is listed as John Prisco, the CEO of Triumfant Security. Guess what types of cyber security products Triumfant makes? From their very own about page (emphasis added):

Our advanced analytics and intelligent, precision-based technology enable us to detect, analyze and immediately resolve attacks that bypass traditional, signature-based defenses.

Self-learning and continuously evolving, Triumfant’s endpoint protection technologies pick up where others leave off – effectively closing the gaps left by firewall, antivirus, sandbox technologies and Intrusion Prevention Systems. Triumfant not only captures data and detects malicious activity in real time, but it also verifies, contains, investigates, remediates and prevents future attacks.

So basically, this entire article was one big tear-down of the existing cyber security industry to make some claim that his company produces superior technology. The author basically calls into question both the ethics of those in the cyber security industry, and then claims there is a big conspiracy between the actors and vendors. His solution is for the world to stop using the technology from his competitors and to start using the very technology his company is known for creating. But because his company does not have a large marketing budget, they are losing out to the likes of PAN, FireEye, Fortinet, and other cyber security vendors who are knowingly selling ineffective tools.

Shame on The Next Web for publishing this in such a way it looks like an actual article rather than framing it for what it is: a well written advertisement purporting to be an actual well researched article on the state of overspending in the cyber security industry.

Shame on the author, CEO John Prisco of Triumfant, for his claims of collusion, and claiming the cyber security industry knowingly selling defective products, when I guarantee he knows otherwise. Rather, he uses this ruse as a red herring to better position his company’s technology.

Here’s a protip for John: if your machine learning, data analytics, and predictive analysis are that good then why dont you actually demonstrate how well these tools are at detecting and preventing cyber attacks? Do not use TNW to bash the very industry your company is apart of only to try and sell the next best security product. Let your technology speak for itself and show its effectiveness and reliability. Once you do that, then the industry will take you seriously.

I should point out that I agree – machine learning and predictive analysis is where the industry needs to go and where it is currently headed. However, no company has yet to realize the potential of these ideas and produce usable, reliable technology truly capable of meeting the marketing rhetoric. We need better AI for this to happen, and we are close, but it is still a few years out before we will really have an effective tool of this nature.

Until then, companies like Triumfant should work on improving and perfecting their imperfect technology rather than penning pointless drivel like this article. The industry respects results not rhetoric.

Disclaimer: I work for Intel Security, one of those companies John Prisco claims to be knowingly selling defective tools, and one in that conspiracy circle of hackers and cyber security vendors he accuses exists.

Engadget on the FBI hunting for suspects in California internet backbone cable-severing attack (emphasis added):

The severed cables belonged to backbone-internet companies Level 3 and Zayo. In order to access these cables, the vandals had to remove manholes and enter underground vaults. While the cut lines were fixed within a day, it does highlight how easy it is to disrupt the internet within the physical world. In a statement, the FBI asked for the public to contact it if anyone saw anything suspicious at one of the sites and added that, “the individuals may appear to be normal telecommunications maintenance workers or possess tools consistent with that job role.”

So instead of the internet being brought down by a virus or super hackers, it turns out that someone with a set of bolt cutters could severely disrupt how we get our news and do business.

I could not have said it any better. Malware is not required to disrupt our precious internets.

IBT on how MIT invented a new system capable of automated security vulnerability fixes by borrowing code from other software:

The CodePhage system is able to detect dangerous bugs in software, and then repair it by importing security checks from software with similar specifications, even if the software is written in a completely different programming language.

Even better, the system doesn’t need to access the source code of other programs in order to borrow functionality so it can fix the bugs, so all source code is kept safe.

“We have tons of source code available in open-source repositories, millions of projects, and a lot of these projects implement similar specifications,” said Stelios Sidiroglou-Douskos, a research scientist at MIT’s Computer Science and Artificial Intelligence Laboratory (CSAIL) who led the development of CodePhage.

“Even though that might not be the core functionality of the program, they frequently have subcomponents that share functionality across a large number of projects.”

MIT researchers’ tests found that CodePhage was able to repair serious security vulnerabilities on seven common open-source programs, taking between two to 10 minutes per repair and importing functionality from between two to four donor programs each.

CNN Money with some unreal news about how the Navy pays Microsoft $9 million a year for continued Windows XP support even after the product end-of-life:

In a statement, the Navy said it has a plan in place to upgrade its systems to a newer version of Windows. It expects to complete its upgrades by July 12, 2016.

But there’s a chance that it could take even longer. That’s why theNavy’s contract with Microsoft contains options to extend the deal through June 8, 2017. That would raise the amount the Navy will pay for Windows XP support to nearly $31 million.

“The Navy relies on a number of legacy applications and programs that are reliant on legacy Windows products,” said Steven Davis, spokesman for Space and Naval Warfare Systems Command. “Until those applications and programs are modernized or phased out, this continuity of services is required to maintain operational effectiveness.”

The most modern military in history continues to use Windows XP, an operating system unveiled in 2001 and one that never really took security seriously.