Tag

technology

Browsing

CNBC reports on Australia’s Department of Defense prohibiting the popular Chinese chat app WeChat from being used on its network assets:

Messaging and e-payment app WeChat has become the latest Chinese technology to be banned by an overseas military on security grounds, with Australia instructing its armed forces not to use it.

The country’s defence department said the service did not meet its standards, although it did not directly link the ban to security concerns.

“Software and applications that do not meet Defence standards will not be authorised for use on Defence networks and mobile devices,” the country’s defence department said in an email statement. “Defence has a strict policy concerning the use of social media on its networks and mobile devices. Defence allows very few applications on Defence mobile devices. WeChat has not been authorised for use.”

Australia is part of the Five Eyes, so it should come as no surprise to see them banning Chinese internet technology. It simply boils down to a matter of trust, and it is hard to have any when China is wreaking havoc all over the world, even if they have been a bit quiet lately.

DHS is funding a Boeing project for enhanced biometrics to be used as a means for device self-destruction after identifying it is no longer being used by its owner:

The technology powering the devices potentially could identify the user’s walking style, for example. Officials would be alerted if the gait does not match the authorized user’s walk – a red flag the phone might have fallen into the wrong hands, officials said.

The “secret sauce” of the mobile device is a so-called neuromorphic computer chip that simulates human learning, Vincent Sritapan, the program manager for DHS’ mobile device security program, told Nextgov.

Gait recognition — driven by the phone’s accelerometer, GPS and the chip — is but one of many kinds of continuous ID verification intended to tighten access controls on mobile devices.

Boeing and HRL Laboratories, a software firm jointly owned by Boeing and General Motors, are partnering under a DHS project worth $2.2 million over 2.5 years.

The companies “pretty much are leveraging user behavior information” from data gathered by sensors found on any standard consumer smartphone, Sritapan said. Those feelers could include microphones, cameras and touchpads, he added. The artificial intelligence could help agencies determine, “Are you who you say you are, and do we give you access to enterprise resources like email?” he said.

This sounds quite intriguing.

The shortsighted Federal Bureau of Investigation considered taking Apple to court due to their encryption capabilities built-in to iMessage, Facetime, and iOS devices:

The clash with Cupertino was reportedly sparked by an investigation this summer — “involving guns and drugs” — in which a court order was obtained, demanding that Apple provide real time iMessages exchanged by iPhone-using suspects. Due to the stringent security measures featured on iOS 8, Apple responded that it could not comply due to the advanced encryption used by the company.

Thankfully, the decision was taken not to pursue legal action. However, the case once again demonstrates the opposition that exists within government to Apple’s stance on user privacy.

In a previous open letter, F.B.I. director James Comey argued that the top-notch security on devices like the iPhone have potential to aid terrorist groups like ISIS.

Tim Cook, meanwhile, has argued that Apple is taking a moral stance by not mining user data.

The Pentagon’s new office in Silicon Valley is being headed-up by an engineer and a former Navy SEAL in an attempt to help DoD stay abreast of the latest and greatest technologies (emphasis added):

Their new office, dubbed the Defense Innovation Unit-Experimental — DIUx for short — occupies a building near Moffett Federal Airfield’s massive WWII-era airship hangars. By Pentagon standards, it has materialized at light speed. Still, “The secretary would say that we’re too slow,” Deputy Defense Secretary Robert Work said aboard a westward flight to the new office.

Work and Pentagon acquisition chief Frank Kendall met late Tuesday with the men in charge of the new office. George Duchak, the DIUx director, has worked at the Air Force Research Laboratory, DARPA, and in the private sector, Work said. His military deputy, Rear Adm. Brian Hendrickson, is a Naval Academy graduate with an MBA from Harvard and experience with SEAL teams and U.S. Special Operations Command.

Both have experience in the technology sector and working with startups. Both, Kendall said, were picked in large part for their entrepreneurial mindsets. Their goal is to meet with tech companies in search of commercial technologies the military might find useful, or commercial components to make existing military equipment better.

This ought to be an interest effort, especially if it materializes in such a way to make DoD more technologically advanced and capable.

Commodore, the outstanding computer manufacturer I grew up with, is back and this time with a smartphone using their iconic name – PET:

For those of you too young to remember, Commodore was a hot company in the mid-1980s. It was a leader in personal computers, shipping thousands of Commodore 64 desktops daily. Guinness has named it the single biggest-selling computer ever—the company sold as many as 17 million of them—and the brand name is still widely remembered. Still, the company went bankrupt in 1994, and the brand saw several fuzzy changes of trademark ownership over the years.

Now it’s appearing on a smartphone created by a pair of Italian entrepreneurs. It’s called the PET—sharing its name with Commodore’s other iconic PC—and its custom Android build includes two emulators so owners can enjoy old C64 and Amiga games.

Rumors have swirled around the phone for months, driven in part by design renders published online. With its release imminent, I met with the guys behind it and tried out a prototype. Perhaps the biggest question: how a company that folded two decades ago can release a new product.

That’s a long, strange tale.

Even though its running Android, for the mere fact its Commodore hardware I will have to check it out.

Hardware vendors like Dell, HP, Cisco and others have a potentially bleak future ahead of them as more and more companies move from administering their own suite of servers to using cloud-based solutions like Amazon Web Services. This story about how Yamaha went all-in on AWS should terrify these companies because they stand to lose a lot of revenue (emphasis added):

Every month, the lease for one or two of these servers would come due, and a new server sent to replace it. His infrastructure team had to back up the data, then test and install the apps to get the new server running.

It was tedious work and an expensive use of manpower.

“We said, this is not sustainable,” Thomas said.

He thought about hiring out for that work, but the bids came it at a laughable $1 million a year just for labor, and didn’t include the cost of the new servers.

So he decided to go all-in with the cloud. In November 2013, he approached several cloud computing companies including Amazon and asked for bids.

Amazon, which grew up as an ecommerce retailer, isn’t known for its enterprise sales expertise or support (though it is beefing itself up in that area).

So Amazon turned Yamaha’s request for a bid over to its partner 2nd Watch, who won the bid and then spent a year helping Yamaha move all of its data, servers and apps to AWS. 2nd Watch also provides Yamaha with ongoing cost management tools.

“I can tell on a daily basis how much infrastructure is costing us,” he explains and he and his team can then make sure that they are not overpaying.

In July 2014, all of the company’s IT, supporting some 450 employees in the US, was running on Amazon’s cloud with three exceptions:

  • The corporate accounting app Oracle enterprise resource planning app (ERP)
  • The Cisco telephone system
  • A bunch of employees’ shared files which were set up in personal drives.

He’s now in the process of moving those last items to the cloud, too. He just asked for bids from Box, Dropbox, and other file sharing companies and is working on bids for cloud versions of Cisco’s telecom services, available from Cisco, AT&T and others.

While hardware vendors will still have the opportunity to sell to the likes of Box, Dropbox, Amazon, and other cloud vendors, they will likely not be generating nearly the same amount of revenue as in the past. The number of physical devices being purchased pales in comparison to the previous years.

These companies better get ahead of this trend and start skating to where the puck will be otherwise they will find themselves out of the game altogether.

This little gem of a Raspberry Pi-based tool allows anyone to anonymously access wifi from up to 2.5 miles away from a wireless access-oint:

Proxyham is composed of a WiFi-enabled Raspberry Pi computer and three antennas setup. One of the antennas connects to a source public Wi-Fi network while the other two transmit the Wi-Fi signal at a frequency of 900 MHz.

Therefore, this appliance works very effectively with a radio connection of 900 Megahertz. It is capable of connecting distanced Wi-Fi, at a range of 1 to 2.5 Miles. Though several interference factors are considered.

In case some spying agents manage to track the target’s internet connection they will only be able to disclose the IP address of ProxyHam box which would be transmitting some low-level radio signal thousands of feet away at different direction.

Caudill disclosed that he along with some of his colleagues are working over a Motherboard with an additional feature of self-destructing the ProxyHam

So basically, you can be 2.5 miles away from your BFF’s house and still use their wifi without their knowledge. Imagine the impact this will have on court cases relying solely on IP address information to prosecute online criminal activity.

An obviously clueless Japanese Judge orders Google to delete links to a man’s previous under-age sexual solicitation arrests from the search engine in an attempt to hide his embarrassing past from the world:

In 2012, the man was arrested for paying a girl under the age of 18 for sexual favors. He was charged with violating child prostitution laws and fined 500,000 yen. However, his name and news reports regarding the arrest still come up in Google searches.

Claiming that this was an infringement upon his personal rights, the man petitioned to have the information deleted from the search engine. His lawyer told the court his client had been rehabilitated and that it was difficult to get on with his life as long as his arrest record remains online.

In handing down the ruling, the presiding judge said such relatively minor crimes do not hold any particular significance to the public and therefore continuing to display such information three years after the incident does not have much merit for society at large.

Someone needs to learn how Google and the internets work. Deleting links from Google’s search engine will not make the stories go away nor will it make them more difficult to find. In fact, this ruling will likely shed more light on his asshattery.

As an aside, I find it quite interesting how the presiding judge considers underage sexual solicitation to have been a “relatively minor crime” considering how damaging it likely will be to her for the rest of her life. Unbelievably out of touch.

Welcome to the Streisand Effect.

The Next Web has posted what amounts to an advertisement masquerading as an article about how the cyber security industry is a billion dollar scam. The author claims cyber security vendors are purposely selling outdated technology it knows to be ineffective at preventing cyber attacks. First, the author sets the stage by claiming the the current model is broken (emphasis added):

According to Price Waterhouse Coopers, the total number of security incidents has increased 66 percent year-over-year since 2009. In 2014, there were 117,339 incoming attacks a day, an increase of 48 percent over the year before, accompanied by a rise in financial losses. Not only are these attacks more frequent and expensive, but they are also happening on a larger scale – 77 million records stolen from JPMorgan, 80 million records stolen from Anthem, Target, Home Depot, Sony, and the list goes on.

The connection between more cybercrime and more spending is clear. What is not clear is that more spending on security technology has actually done anything to curb the crime. Most of the security products out there use 20th century technology against 21st century foes, and they are obviously failing.

The author follows this by discussing how cyber security vendors are primarily selling products based on antiquated anti-virus technology rather than newer types of unproven solutions possibly more capable of preventing successful attacks (emphasis added):

Tools from mainstream security vendors are primarily based on an outdated, antivirus approach that relies on having prior knowledge of an attack. Threats are detected by comparing a program’s software to known malware in a virus dictionary. If a piece of code matches an entry in the dictionary, this raises the red flag.

Most of the security products available on the market are just a half-step better than old antivirus products. This method fails today because it only works if an attack has been seen before. Modern cybercriminals[sic] are more sophisticated than that. We are no longer looking at kids in a dorm room coming up with annoying little hacks.

While I will not disagree that there is a lot of outdated technology on the market today, that does not mean it is entirely ineffectual. The modern cyber attacker is generally backed by a well funded crime syndicate, or at worst a nation state, and are very good at what they do. Their level of sophistication requires organizations to use advanced cyber defenses to protect their crown jewels. This is well understood by every cyber security professional.

Next, the author rants about how there is this unwritten treaty – whereby treaty he means collusion – between the security vendors and the hackers, leveraging fear, uncertainty, and doubt to force organizations to spend a lot of money on useless technology (emphasis added):

The companies that make these products sell them for millions of dollars, knowing that they won’t work. Then when they fail, the vendors ask for millions more dollars to tell their clients why they failed. It is a racket. Without the “robbers,” the “cops” have no business; the more breaches occur, the more money the cybersecurity companies make.

Why hasn’t this Unholy Alliance between hackers and cybersecurity vendors received more attention? And why do organizations keep buying their products? One factor is secrecy – the security industry is not transparent in an alleged effort to protect security, and this means that these inadequate products continue to sell and continue to fail. Marketing is another factor. It’s not the best product that wins, but the best marketed product.

So now we are starting to get to the heart of the authors issue: organizations continue to spend money with the same vendors who previously sold them products that were ostensibly inadequate in preventing a breach. What the author fails to even remotely address is the complex nature of the problem, and more importantly, that buying expensive technology is not going to be one hundred percent effective in preventing every cyber attack. There will never be a time when this will be true.

Preventing successful cyber attacks requires a multi-faceted approach, combining technology, highly trained cyber security personnel, and an educated workforce, among other things. If an organization believes buying a security tool will solve all their security needs then they are sadly mistaken, and likely did not ask the right questions.

The author seems to take issue with marketing as well, and I can sympathize with this position. There are two particular security vendors – Palo Alto Network and FireEye – who spend a lot of time, money, and effort on marketing their known inferior products. There are plenty better technologies being sold today but as a result of their marketing campaigns, organizations believe they need to buy tools from these companies to stay protected.

Nothing could be further from the truth.

But here is the kicker – the part where we finally understand the context for this essentially pointless, baseless rant of an advertisement purporting to be an actual well researched, well written article (emphasis added):

In order to be effective, security software can’t rely on prior knowledge. It has to somehow figure out what is happening without looking at a list, because that list is inevitably going to be stale and incomplete. A better approach is to use Big Data and machine learning, which make it possible to identify patterns and predict discrepancies in real-time based on actual circumstances, not old or useless information.

The major security vendors are not taking this approach because it is in their best interest to keep the breaches happening. For this, they are just as culpable as the hackers themselves. In addition to developing new, better approaches for preventing attacks, startups also have an opportunity to realign the goals of the security industry to put customers’ best interest at the core.

I do not even have to address the sheer stupidity of the baseless claim that the major security vendors are not taking the approach the author outlines because there is some ostensible conspiracy to keep the industry status quo so the old guard can continue to generate revenue. Saying the vendors are the problem is to claim handgun manufacturers are at fault when an adversary shows up to a fight with a tank. The author seems to have no problem telling lies of his own so long as they suit his narrative.

Finally, the big data and machine learning comment is really the crux of this advertisement: at the bottom of the article, the author is listed as John Prisco, the CEO of Triumfant Security. Guess what types of cyber security products Triumfant makes? From their very own about page (emphasis added):

Our advanced analytics and intelligent, precision-based technology enable us to detect, analyze and immediately resolve attacks that bypass traditional, signature-based defenses.

Self-learning and continuously evolving, Triumfant’s endpoint protection technologies pick up where others leave off – effectively closing the gaps left by firewall, antivirus, sandbox technologies and Intrusion Prevention Systems. Triumfant not only captures data and detects malicious activity in real time, but it also verifies, contains, investigates, remediates and prevents future attacks.

So basically, this entire article was one big tear-down of the existing cyber security industry to make some claim that his company produces superior technology. The author basically calls into question both the ethics of those in the cyber security industry, and then claims there is a big conspiracy between the actors and vendors. His solution is for the world to stop using the technology from his competitors and to start using the very technology his company is known for creating. But because his company does not have a large marketing budget, they are losing out to the likes of PAN, FireEye, Fortinet, and other cyber security vendors who are knowingly selling ineffective tools.

Shame on The Next Web for publishing this in such a way it looks like an actual article rather than framing it for what it is: a well written advertisement purporting to be an actual well researched article on the state of overspending in the cyber security industry.

Shame on the author, CEO John Prisco of Triumfant, for his claims of collusion, and claiming the cyber security industry knowingly selling defective products, when I guarantee he knows otherwise. Rather, he uses this ruse as a red herring to better position his company’s technology.

Here’s a protip for John: if your machine learning, data analytics, and predictive analysis are that good then why dont you actually demonstrate how well these tools are at detecting and preventing cyber attacks? Do not use TNW to bash the very industry your company is apart of only to try and sell the next best security product. Let your technology speak for itself and show its effectiveness and reliability. Once you do that, then the industry will take you seriously.

I should point out that I agree – machine learning and predictive analysis is where the industry needs to go and where it is currently headed. However, no company has yet to realize the potential of these ideas and produce usable, reliable technology truly capable of meeting the marketing rhetoric. We need better AI for this to happen, and we are close, but it is still a few years out before we will really have an effective tool of this nature.

Until then, companies like Triumfant should work on improving and perfecting their imperfect technology rather than penning pointless drivel like this article. The industry respects results not rhetoric.

Disclaimer: I work for Intel Security, one of those companies John Prisco claims to be knowingly selling defective tools, and one in that conspiracy circle of hackers and cyber security vendors he accuses exists.

Engadget on the FBI hunting for suspects in California internet backbone cable-severing attack (emphasis added):

The severed cables belonged to backbone-internet companies Level 3 and Zayo. In order to access these cables, the vandals had to remove manholes and enter underground vaults. While the cut lines were fixed within a day, it does highlight how easy it is to disrupt the internet within the physical world. In a statement, the FBI asked for the public to contact it if anyone saw anything suspicious at one of the sites and added that, “the individuals may appear to be normal telecommunications maintenance workers or possess tools consistent with that job role.”

So instead of the internet being brought down by a virus or super hackers, it turns out that someone with a set of bolt cutters could severely disrupt how we get our news and do business.

I could not have said it any better. Malware is not required to disrupt our precious internets.

IBT on how MIT invented a new system capable of automated security vulnerability fixes by borrowing code from other software:

The CodePhage system is able to detect dangerous bugs in software, and then repair it by importing security checks from software with similar specifications, even if the software is written in a completely different programming language.

Even better, the system doesn’t need to access the source code of other programs in order to borrow functionality so it can fix the bugs, so all source code is kept safe.

“We have tons of source code available in open-source repositories, millions of projects, and a lot of these projects implement similar specifications,” said Stelios Sidiroglou-Douskos, a research scientist at MIT’s Computer Science and Artificial Intelligence Laboratory (CSAIL) who led the development of CodePhage.

“Even though that might not be the core functionality of the program, they frequently have subcomponents that share functionality across a large number of projects.”

MIT researchers’ tests found that CodePhage was able to repair serious security vulnerabilities on seven common open-source programs, taking between two to 10 minutes per repair and importing functionality from between two to four donor programs each.

CNN Money with some unreal news about how the Navy pays Microsoft $9 million a year for continued Windows XP support even after the product end-of-life:

In a statement, the Navy said it has a plan in place to upgrade its systems to a newer version of Windows. It expects to complete its upgrades by July 12, 2016.

But there’s a chance that it could take even longer. That’s why theNavy’s contract with Microsoft contains options to extend the deal through June 8, 2017. That would raise the amount the Navy will pay for Windows XP support to nearly $31 million.

“The Navy relies on a number of legacy applications and programs that are reliant on legacy Windows products,” said Steven Davis, spokesman for Space and Naval Warfare Systems Command. “Until those applications and programs are modernized or phased out, this continuity of services is required to maintain operational effectiveness.”

The most modern military in history continues to use Windows XP, an operating system unveiled in 2001 and one that never really took security seriously.

Forbes has done some outstanding writing on their article about inside China’s iphone jailbreaking industrial complex:

It was a bizarre trip hosted by an equally bizarre and secretive entity called TaiG (pronounced “tie-gee”), which flew the hackers to China to share techniques and tricks to slice through the defences of Apple’s mobile operating system in front of an eager conference-hall crowd. Why such interest and why such aggrandisement of iOS researchers? In the last two years, jailbreaking an iPhone – the act of removing iOS’ restrictions against installing unauthorized apps, app stores and other features by exploiting Apple security – has become serious business in China. From Alibaba to Baidu, China’s biggest companies are supporting and even funding the practice, unfazed at the prospect of peeving Apple, which has sought to stamp out jailbreaking ever since it became a craze in the late 2000s.

Any hacker who can provide the full code for an untethered jailbreak, where the hack continues to work after the phone reboots, can expect a big pay check for their efforts. “Many experts agree the price for an untethered jailbreak is around $1 million,” says Nikias Bassen, aka Pimskeks, a lanky 33-year-old iOS hacker who is part of the evad3rshacker collective. More often, sellers of iOS zero-day vulnerabilities – the previously-unknown and unpatched flaws required for jailbreaks – make thousands if not hundreds of thousands of dollars from Chinese firms, private buyers or governments, in particular three-letter agencies from the US.

Such big sums are on offer due to the explosion of the third-party app store industry in China. There are at least 362 million monthly active mobile app users in China, according to data provided by iResearch. Whilst smartphone owners in Western nations are content within the walled gardens of Apple and Google app stores for their games, media and work tools, the Chinese are fanatical about apps and want the broadest possible choice from non-Apple app stores. Jailbreaks, which do away with Apple’s chains and allow other markets on the device, are thus vital to meeting that demand.

I had no idea jailbreaking was such big money in China, however somehow I am not surprised at all by this development.

PC World on an almost completed Google-backed project for a 60Tbps undersea cable between Oregon and Japan exponentially increasing networking capacity between the two countries:

The 9,000-kilometer FASTER cable will have a peak capacity of 60 terabytes per second (Tbps) when it enters operation next year, joining Japan with Oregon on the West Coast of the U.S.

Apart from Google, the project is backed by telecom carriers KDDI of Japan, SingTel of Singapore, Global Transit of Malaysia, China Mobile International and China Telecom Global.

At the landing site in Shima, Mie Prefecture, east of Osaka, a machine pulled the cable onto the beach from an offshore cable-laying ship while stacks of armored pipes, which shield the link from anchors near the shore, were piled nearby.

A Shinto ritual was held to pray for the success of the project, which will cost roughly US$300 million. The cable was routed into a landing station building that houses optical equipment.

The FASTER cable will also be connected to existing infrastructure offshore at Chikura, Chiba Prefecture, southeast of Tokyo, next month. With six fiber pairs and 100 wavelengths, it will have a peak capacity 300 million times greater than the TAT-1 transatlantic cable of 1956, which could handle 36 telephone calls, or roughly 200kbps, Google said.

KDDI said it was 3000 times faster than the 20Gbps TPC-5 cable system, which began service in 1995.

Consumers on either side of the Pacific, however, won’t have the option of choosing which of the several undersea cables their data goes through.

It will be interesting to see how this affects internet speeds for the average home and mobile user.

This is more as a reminder for myself than anything, but if you want to know howto opt-out of Tynt, a crappy piece of advertising and tracking technology, then this is how you can turn that shit off. If you use multiple browsers, you will have to hit the site in each one to turn tracking off.

Not sure what Tynt is? Chances are you have run across it in your travels on the internets but just never realized or recognized Tynt. If you have ever copy-and-pasted content from the web and seen the “if you would like to read the full article, visit {link}”, that is Tynt. It is a method for publishers to track visitors, and simultaneously annoy the hell out of people by adding unnecessary poop to the clipboard.

Tent looks something like this when you copy-and-paste from a web-based publisher using their crappy Javascript application:

Tynt is the worst piece of web software on the market today.

Read more: http://jark.us/1BzTXIt/#abcde01234

Another simple, system-wide method to turn off tracking is to modify your hosts file so the important Tynt host is no longer reachable. You can do that by adding this simple line:

127.0.0.1 tcr.tynt.com

Theoretically, this should prevent Tynt from working on your system no matter which browser you use. It is probably a good idea to add this hosts file entry and use the aforementioned opt-out method.

I had been meaning to turn Tynt off for quite some time but was just plain lazy until recently. Now that I know how, I wanted to both put this here as a reminder for myself for the future, as well as help anyone else in need of this information.