Tag

wtf

Browsing

The Telegraph has some truly WTF news from Japan about a couple being forced to apologize Japanese couple for ignoring unwritten workplace rules by having conceived a child “before their turn”:

A Japanese worker has been reprimanded by her boss for “selfishly breaking the rules” after she became pregnant before it was her “turn”, according to media reports.

The woman was working at a private childcare centre in Aichi prefecture, north Japan, when she found out she was pregnant.

However, the timing reportedly clashed with “shifts” drawn by the childcare centre director, which listed when female staff were allowed to marry and have children.

The plight of the woman, who has not been identified, highlights the unsettling practice of some Japanese companies dictating when female staff are allowed to marry and have children, depending on their level of seniority.

Straight WTF but completely unsurprising for those familiar with Japan and some of its more traditional workplace practices.

Describing how his wife felt “glum and anxious” after finding out she was pregnant, the husband wrote: “The director at the child care center where she works had determined the order in which workers could get married or pregnant, and apparently there was an unspoken rule that one must not take their ‘turn’ before a senior staff member…”

The couple formally met with the director to apologise about the pregnancy in person, but the husband claimed that his wife has since been “chided” for “selfishly” breaking the rules of the child care center.

The Director should be chastised and chided for enacting such selfish, unspoken and unwritten, highly inhumane rules. Traditional Japanese workplaces can already tough enough to begin with, but having to deal with additional peculiarities should be unnecessary. The ojisan managing these operations rarely ever consider the long term effects of their shortsighted policy fetish.

The Guardian is reporting on the father of the Internet, Tim Berners-Lee, who believes technology firms need some form of regulation to attempt to prevent a “weaponised” web:

Berners-Lee, in an open letter to mark the 29th anniversary of his invention, said: “In recent years, we’ve seen conspiracy theories trend on social media platforms, fake Twitter and Facebook accounts stoke social tensions, external actors interfere in elections, and criminals steal troves of personal data.”

These problems have proliferated because of the concentration of power in the hands of a few platforms – including Facebook, Google, and Twitter – which “control which ideas and opinions are seen and shared”.

“What was once a rich selection of blogs and websites has been compressed under the powerful weight of a few dominant platforms,” said the 62-year-old British computer scientist.

These online gatekeepers can lock in their power by acquiring smaller rivals, buying up new innovations and hiring the industry’s top talent, making it harder for others to compete, he said.

Google now accounts for about 87% of online searches worldwide. Facebook has more than 2.2 billion monthly active users – more than 20 times more than MySpace at its peak. Together, the two companies (including their subsidiaries Instagram and YouTube) slurp up more than 60% of digital advertising spend worldwide.

On the one hand, he is absolutely correct. There are too few gatekeepers, and this small concentration of power has allowed these companies to collect far too much data on internet users, and control the web’s capabilities.

But on the other hand, it is too late to stop it. Pandora’s proverbial box has been opened and there is no going back. What central global government is going to regulate the technology firms? Let’s suppose a scenario where the US opts for such legislation. Startups will simply avoid the US, and will go elsewhere, eschewing all the benefits the US has to offer, while not being burdened with the regulation

There is simply no way will all modern nations create laws to regulate technology firms. This is a tough problem to solve, and will require out-the-box thinking. Legal remedies rarely work in technology. This time is no different than the countless previous other attempts.

Gizmodo reports on recent comments made by Microsoft founder Bill Gates, basically amounting to him saying Apple should just put a secret law enforcement-only backdoor in the iPhone rather than fighting the US government:

As lawmakers on both sides of the aisle have started paying more attention to tech’s increasing influence over our lives, Microsoft’s antitrust battle with the US government in the ‘90s has frequently been used as an example of the worst way to deal with the US government. Since it lost that case, Microsoft has become the war-weary veteran of the tech world—highly profitable and not too disruptive. Gates tells Axios that he fears “Apple and other tech giants” are in a precarious position at the moment. “The companies need to be careful that they’re not … advocating things that would prevent government from being able to, under appropriate review, perform the type of functions that we’ve come to count on,” he said.

When pressed for an example of how companies are flouting government oversight, he mentioned the wave of “enthusiasm about making financial transactions anonymous and invisible, and their view that even a clear mass-murdering criminal’s communication should never be available to the government.” Axios pointed out that he appeared to be referring to the FBI’s desire for an ability to break into encrypted iPhones. Gates replied, “There’s no question of ability; it’s the question of willingness.”

Bill Gates is highly intelligent, but this position is just downright dumbfounding.

The financial industry has shown time and time again they cannot be trusted, and hiding cyber attacks seem to be par for the course. This time the Federal Deposit Insurance Corporation was hacked by China and covered up by the CIO:

The FDIC failed at the time of the “advanced persistent threat” attacks to report the incidents. Then-Inspector General at FDIC, Jon Rymer, lambasted FDIC officials for failing to follow their own policies on breach reporting. Further investigation into those breaches led the committee to conclude that former FDIC CIO Russ Pittman misled auditors about the extent of those breaches, and told employees not to talk about the breaches by a foreign government so as not to ruin FDIC Chairman Martin Gruenberg’s chances of confirmation.

The cascade of bad news began with an FDIC Office of the Inspector General (OIG) investigation into the October “Florida incident.” On October 23, 2015, a member of the Federal Deposit Insurance Corporation’s Information Security and Privacy Staff (ISPS) discovered evidence in the FDIC’s data loss prevention system of a significant breach of sensitive data—over 1,200 documents, including Social Security numbers from bank data for over 44,000 individuals and 30,715 banks, were copied to a USB drive by a former employee of FDIC’s Risk Management Supervision field office in Gainesville, Florida. The employee had copied the files prior to leaving his position at FDIC. Despite intercepting the employee, the actual data was not recovered from him until March 25, 2016. The former employee provided a sworn statement that he had not disseminated the information, and the matter was dropped.

Sure, successful breaches are embarrassing, but it is always better to get out ahead of these incidents rather than allowing them to drive the story themselves.

The Daily Beast has a very interesting article on an ostensible religious cult running Japan:

Japan’s leading constitutional expert, Setsu Kobayashi, who is also a former member of Nippon Kaigi, says of the group, “They have trouble accepting the reality that Japan lost the war” and that they wish to restore the Meiji era constitution.

Some members are descendants of the people who started the war, he notes.

Kobayashi is so vexed with his former brethren, that in May he created a new political party to promote and protect constitutional rights called, somewhat amusingly, Kokumin Ikari-no Koe aka The Angry Voice of the People. For Nippon Kaigi, he is a traitor and a nightmare. For Prime Minister Abe, he is an angry loud-mouthed headache.

And Abe is having other headaches before the election. Seicho No Ie, the spiritual forebear of Nippon Kaigi, has turned its back on the LDP and the ruling coalition as well–its first overt political action in decades.

The organization told the Weekly Post last month, “The Abe government thinks lightly of the constitution and we are opposed to their attempts to change Article 9 (the peace clause). In addition, we feel distrust in their failure to uphold policy determined by law.”

Despite Nippon Kaigi’s small numbers overall, half of the Abe Cabinet belongs to the Nippon Kaigi National Lawmakers Friendship Association, the group’s political offshoot. Prime Minister Abe himself is the special advisor.

The whole idea sounds sneakily similar to the many stories of esoteric organizations filled with rich white men who are supposedly running the world.

According to a closely watched case, the Ninth Circuit Court of Appeals just ruled sharing passwords is considered a federal offense:

In the majority opinion, Judge Margaret McKeown wrote that “Nosal and various amici spin hypotheticals about the dire consequences of criminalizing password sharing. But these warnings miss the mark in this case. This appeal is not about password sharing.” She then went on to describe a thoroughly run-of-the-mill password sharing scenario—her argument focuses on the idea that Nosal wasn’t authorized by the company to access the database anymore, so he got a password from a friend—that happens millions of times daily in the United States, leaving little doubt about the thrust of the case.

The argument McKeown made is that the employee who shared the password with Nosal “had no authority from Korn/Ferry to provide her password to former employees.”

At issue is language in the CFAA that makes it illegal to access a computer system “without authorization.” McKeown said that “without authorization” is “an unambiguous, non-technical term that, given its plain and ordinary meaning, means accessing a protected computer without permission.” The question that legal scholars, groups such as the Electronic Frontier Foundation, and dissenting judge Stephen Reinhardt ask is an important one: Authorization from who?

If the account holder authorized someone to access their account using their credentials, then does that not constitute authorization, as written in the CFAA? The law does not define which party is required to provide authorization in order to prevent triggering a violation of the CFAA.

  • Is the account holder allowed to authorize access?
  • Is authorization required from the system owner?

Imagine all the scenarios that could play out based on either of those authorization requirements. As the article rightly discusses, if the latter is needed, everyone sharing Facebook, Spotify, Apple, Netflix, and other similar account types are considered in violation of the CFAA and therefore should be prosecuted.

As with most US laws around the idea of hacking, the CFAA is in desperate need of updating.

This is just unbelievable and completely unjustified no matter what the Santa Monica Police Department would like everyone to believe:

I said it was only me and, hands still raised, slowly descended the stairs, focused on one officer’s eyes and on his pistol. I had never looked down the barrel of a gun or at the face of a man with a loaded weapon pointed at me. In his eyes, I saw fear and anger. I had no idea what was happening, but I saw how it would end: I would be dead in the stairwell outside my apartment, because something about me — a 5-foot-7, 125-pound black woman — frightened this man with a gun. I sat down, trying to look even less threatening, trying to de-escalate. I again asked what was going on. I confirmed there were no pets or people inside.

I told the officers I didn’t want them in my apartment. I said they had no right to be there. They entered anyway. One pulled me, hands behind my back, out to the street. The neighbors were watching. Only then did I notice the ocean of officers. I counted 16. They still hadn’t told me why they’d come.

It is unfortunate America has become so afraid these days that so many people are willing to sacrifice their humanity in the name of perceived safety.

In case you missed it, the Oracle CSO went on a rant about why security researchers and their own customers digging through their applications to locate vulnerabilities should just stop doing so and pay more attention to securing their own house. Well, as with anything on the internet, it has been making the rounds because of how tone deaf it was. Here are some of the reactions from the security industry to her missive:

To say that the post resulted in a strong industry backlash would be an understatement. Oracle distanced itself from Davidson’s opinions in its statement distributed to the press. “The security of our products and services has always been critically important to Oracle. Oracle has a robust program of product security assurance and works with third party researchers and customers to jointly ensure that applications built with Oracle technology are secure. We removed the post as it does not reflect our beliefs or our relationship with our customers,” Oracle executive vice president and chief corporate architect Edward Screven said in the statement.

”It’s incredibly arrogant for Oracle to suppose that they have all the answers and that their IP protections are sufficient and proper to guard against bad guys hacking your organization,” said ‪Jonathan Feldman‪, CIO at the city of Asheville, N.C. “We know it’s stupid. It’s not like we have one year of data. Or five. We have at least 20 years of experience saying that the bad guys do deep, debugger-level code dives, and to ignore that with a Pollyanna ‘everybody had better be nice, now, because the Big O has Everything Under Control’ is crazy and irresponsible and ignorant,” Feldman said.

The United States is a country made up of laws, and laws that are accessible and readable by every citizen…until recently, where the government has decided to take the unusual steps of having classified interpretations of unclassified laws. So what exactly is inside the Justice Department’s secret cyber security memo detailing its interpretation of certain federal statutes?

“I remain very concerned that a secret Justice Department opinion that is of clear relevance to this debate continues to be withheld from the public,” Wyden said in his written dissent against CISA, which cleared the Senate Intelligence Committee 14-1 in March. “This opinion, which interprets common commercial service agreements, is inconsistent with the public’s understanding of the law, and I believe it will be difficult for Congress to have a fully informed debate on cybersecurity legislation if it does not understand how these agreements have been interpreted by the Executive Branch.”

Last month, when McConnell tried and failed to pass CISA by attaching it to a defense authorization bill—a procedural trick that limited amendments and prompted a Democratic backlash, Wyden urged his colleagues to read the memo in question. Any senator that voted for the bill, he said, “is voting without a full understanding of the relevant legal landscape.”

The Justice Department would not comment on the contents of the opinion other than to say that it is “aware of the senator’s concerns and [has] provided a response.” That response is classified, Wyden’s office confirmed, adding that DOJ officials indicated they had no plans to release the legal memo publicly.

Ron Wyden is the only Senator who seems to truly get it when it comes to privacy and security issues. Without his aggressive push to get the Obama Administration to release more information about these secretive memos, the public would be in a much darker spot than it is today.

The Next Web has posted what amounts to an advertisement masquerading as an article about how the cyber security industry is a billion dollar scam. The author claims cyber security vendors are purposely selling outdated technology it knows to be ineffective at preventing cyber attacks. First, the author sets the stage by claiming the the current model is broken (emphasis added):

According to Price Waterhouse Coopers, the total number of security incidents has increased 66 percent year-over-year since 2009. In 2014, there were 117,339 incoming attacks a day, an increase of 48 percent over the year before, accompanied by a rise in financial losses. Not only are these attacks more frequent and expensive, but they are also happening on a larger scale – 77 million records stolen from JPMorgan, 80 million records stolen from Anthem, Target, Home Depot, Sony, and the list goes on.

The connection between more cybercrime and more spending is clear. What is not clear is that more spending on security technology has actually done anything to curb the crime. Most of the security products out there use 20th century technology against 21st century foes, and they are obviously failing.

The author follows this by discussing how cyber security vendors are primarily selling products based on antiquated anti-virus technology rather than newer types of unproven solutions possibly more capable of preventing successful attacks (emphasis added):

Tools from mainstream security vendors are primarily based on an outdated, antivirus approach that relies on having prior knowledge of an attack. Threats are detected by comparing a program’s software to known malware in a virus dictionary. If a piece of code matches an entry in the dictionary, this raises the red flag.

Most of the security products available on the market are just a half-step better than old antivirus products. This method fails today because it only works if an attack has been seen before. Modern cybercriminals[sic] are more sophisticated than that. We are no longer looking at kids in a dorm room coming up with annoying little hacks.

While I will not disagree that there is a lot of outdated technology on the market today, that does not mean it is entirely ineffectual. The modern cyber attacker is generally backed by a well funded crime syndicate, or at worst a nation state, and are very good at what they do. Their level of sophistication requires organizations to use advanced cyber defenses to protect their crown jewels. This is well understood by every cyber security professional.

Next, the author rants about how there is this unwritten treaty – whereby treaty he means collusion – between the security vendors and the hackers, leveraging fear, uncertainty, and doubt to force organizations to spend a lot of money on useless technology (emphasis added):

The companies that make these products sell them for millions of dollars, knowing that they won’t work. Then when they fail, the vendors ask for millions more dollars to tell their clients why they failed. It is a racket. Without the “robbers,” the “cops” have no business; the more breaches occur, the more money the cybersecurity companies make.

Why hasn’t this Unholy Alliance between hackers and cybersecurity vendors received more attention? And why do organizations keep buying their products? One factor is secrecy – the security industry is not transparent in an alleged effort to protect security, and this means that these inadequate products continue to sell and continue to fail. Marketing is another factor. It’s not the best product that wins, but the best marketed product.

So now we are starting to get to the heart of the authors issue: organizations continue to spend money with the same vendors who previously sold them products that were ostensibly inadequate in preventing a breach. What the author fails to even remotely address is the complex nature of the problem, and more importantly, that buying expensive technology is not going to be one hundred percent effective in preventing every cyber attack. There will never be a time when this will be true.

Preventing successful cyber attacks requires a multi-faceted approach, combining technology, highly trained cyber security personnel, and an educated workforce, among other things. If an organization believes buying a security tool will solve all their security needs then they are sadly mistaken, and likely did not ask the right questions.

The author seems to take issue with marketing as well, and I can sympathize with this position. There are two particular security vendors – Palo Alto Network and FireEye – who spend a lot of time, money, and effort on marketing their known inferior products. There are plenty better technologies being sold today but as a result of their marketing campaigns, organizations believe they need to buy tools from these companies to stay protected.

Nothing could be further from the truth.

But here is the kicker – the part where we finally understand the context for this essentially pointless, baseless rant of an advertisement purporting to be an actual well researched, well written article (emphasis added):

In order to be effective, security software can’t rely on prior knowledge. It has to somehow figure out what is happening without looking at a list, because that list is inevitably going to be stale and incomplete. A better approach is to use Big Data and machine learning, which make it possible to identify patterns and predict discrepancies in real-time based on actual circumstances, not old or useless information.

The major security vendors are not taking this approach because it is in their best interest to keep the breaches happening. For this, they are just as culpable as the hackers themselves. In addition to developing new, better approaches for preventing attacks, startups also have an opportunity to realign the goals of the security industry to put customers’ best interest at the core.

I do not even have to address the sheer stupidity of the baseless claim that the major security vendors are not taking the approach the author outlines because there is some ostensible conspiracy to keep the industry status quo so the old guard can continue to generate revenue. Saying the vendors are the problem is to claim handgun manufacturers are at fault when an adversary shows up to a fight with a tank. The author seems to have no problem telling lies of his own so long as they suit his narrative.

Finally, the big data and machine learning comment is really the crux of this advertisement: at the bottom of the article, the author is listed as John Prisco, the CEO of Triumfant Security. Guess what types of cyber security products Triumfant makes? From their very own about page (emphasis added):

Our advanced analytics and intelligent, precision-based technology enable us to detect, analyze and immediately resolve attacks that bypass traditional, signature-based defenses.

Self-learning and continuously evolving, Triumfant’s endpoint protection technologies pick up where others leave off – effectively closing the gaps left by firewall, antivirus, sandbox technologies and Intrusion Prevention Systems. Triumfant not only captures data and detects malicious activity in real time, but it also verifies, contains, investigates, remediates and prevents future attacks.

So basically, this entire article was one big tear-down of the existing cyber security industry to make some claim that his company produces superior technology. The author basically calls into question both the ethics of those in the cyber security industry, and then claims there is a big conspiracy between the actors and vendors. His solution is for the world to stop using the technology from his competitors and to start using the very technology his company is known for creating. But because his company does not have a large marketing budget, they are losing out to the likes of PAN, FireEye, Fortinet, and other cyber security vendors who are knowingly selling ineffective tools.

Shame on The Next Web for publishing this in such a way it looks like an actual article rather than framing it for what it is: a well written advertisement purporting to be an actual well researched article on the state of overspending in the cyber security industry.

Shame on the author, CEO John Prisco of Triumfant, for his claims of collusion, and claiming the cyber security industry knowingly selling defective products, when I guarantee he knows otherwise. Rather, he uses this ruse as a red herring to better position his company’s technology.

Here’s a protip for John: if your machine learning, data analytics, and predictive analysis are that good then why dont you actually demonstrate how well these tools are at detecting and preventing cyber attacks? Do not use TNW to bash the very industry your company is apart of only to try and sell the next best security product. Let your technology speak for itself and show its effectiveness and reliability. Once you do that, then the industry will take you seriously.

I should point out that I agree – machine learning and predictive analysis is where the industry needs to go and where it is currently headed. However, no company has yet to realize the potential of these ideas and produce usable, reliable technology truly capable of meeting the marketing rhetoric. We need better AI for this to happen, and we are close, but it is still a few years out before we will really have an effective tool of this nature.

Until then, companies like Triumfant should work on improving and perfecting their imperfect technology rather than penning pointless drivel like this article. The industry respects results not rhetoric.

Disclaimer: I work for Intel Security, one of those companies John Prisco claims to be knowingly selling defective tools, and one in that conspiracy circle of hackers and cyber security vendors he accuses exists.

Foxtrot Alpha has some major fleecing of America news, explaining a newly released report detailing how the F-35 is incapable of beating the F-16 – the plane its meant to replace – in a dogfight:

Which is why the candid report described in the War Is Boring article finally gives us a good first hand account as to how capable – or incapable as it may be – the F-35 is in the within-visual-range fight.

The test pilot flying the F-35 makes it very clear that the new jet, even in its ideal configuration without any external stores, was no match against a Block-40 F-16C in a less-than-ideal configuration with a pair of under-wing fuel tanks,

In dogfighting, energy is everything, and if your enemy has more kinetic and potential energy for maneuvers than you do, then you’re toast.

The report even goes into what is akin to a fairly desperate move usually only used in one-on-one air combat maneuvers, known as a rudder reversal, that the F-35 is apparently decent at performing at slow speeds. The fact that this was even detailed in the report as a useful tactic is telling. In reality, using such maneuvers means you are probably going to die if any other bad guys are in the area as it rapidly depletes the aircraft’s energy state, leaving it vulnerable to attack.

Another area that the test pilot highlights on is the F-35’s abysmal rearward visibility.

What a monumental waste of American tax dollars. That this jet has been in development for over a decade should be telling enough.

The Air Force has been pushing this aircraft as its fighter of the future. It sounds like its going to be their loser of the future if this report is accurate, and I have no reason to doubt its veracity. If this is our best then I really am afraid for the future of our military.

Huffington Post on a hunky gorilla at a Nagoya zoo that has Japanese female fans flocking and falling in love:

Shabani is reportedly a devoted father to his two children. He was born in the Netherlands and raised in Australia before settling with two female mates in Japan.

CNN reports that Shabani’s enclosure at the zoo is surrounded by fans, who shout “Look at me, Shabani!” and “This way, Shabani!” when he comes out.

They reportedly post pictures of the sexy primate, calling him “too handsome” or “ikemen,” a word that normally describes an attractive young man.

When the Daily Mail asked zookeeper Allan Schmidt if Shabani’s popularity surprised him, he replied: “No, because the Japanese are crazy … The Japanese love their fads.”

This story is both a bit creepy while at the same time quite believable. Japan most definitely loves its fads, however I would not go so far as to call Japanese people crazy.

The Japanese are no crazier than their American counterparts when it comes to fads. After all, is was America who turned Honey Boo Boo into a television sensation, among other peculiar trends.

Forbes in an older article explaining a new trend in Japan where people are flipping out over old-style flip-phones, interestingly called ガラケイ(garakei) and the origin of this peculiar name:

Unfortunately, even up until the release of the iPhone in 2007, Japan’s advanced cell phones never really picked up outside of the country, which led people to refer to them as “garakei”—a combination of the words “Galapagos” and “keitai”, the Japanese word for mobile phone. Softbank , at the time a struggling mobile phone and internet service provider staked their fortune on the new “hard to type on” “will never succeed in Japan” iPhone and made out like bandits. Gradually, the iPhone became “The Phone” in Japan.

The old style Japanese phones are now referred to as ガラケイ(garakei)—a compound word from Galapagos and 携帯電話 (keitai denwa) aka mobile phone. They were dubbed Galapagos phones because of how comparable they were to life on the isolated Galapagos Islands. Like garakei in Japan, the animals and the flora on the Galapagos were unique to the island and couldn’t be found anywhere else.

The Los Angeles Times on how the LAPD shot an unarmed man who had his hand wrapped in a towel while waiving down the police for help:

Los Angeles police shot and critically wounded a man after he raised his arm, wrapped in a towel, toward officers Friday in Los Feliz, police said.

Police said officers thought the man had a gun, but he turned out to be unarmed.

The man flagged down officers about 6:35 p.m. at Los Feliz Boulevard and Tica Drive south of Griffith Park, according to a police account.

“This person extended an arm wrapped in a towel. The officer exited the vehicle and said, ‘Drop the gun, drop the gun,'” LAPD Lt. John Jenal said.

Then at least one officer shot the man, officials say. He was taken to a hospital where he was listed in critical condition.

After being shot in the head by the LAPD, while the victim lay motionless on the ground, literally with his brains falling out of his head (caution: graphic video), these two smart cops thought it necessary to place him in handcuffs as if he were going to escape Terminator-style.

Unbelievable.

Here is random “WTF Japan?” for you: a Japanese court has indirectly endorsed adultery for business purposes if the sex is predicated on securing future club patronage by the customer:

Some experts said the ruling effectively endorsed adultery, as long as the third party – in this case the hostess – was motivated by financial gain.

The judge, Masamitsu Shiseki, said the hostess had slept with the customer only to secure his continued patronage of the club she runs in the capital’s Ginza shopping and entertainment district.

High-class hostess clubs charge customers large sums to spend time drinking, chatting and singing karaoke in the company of female staff, but they do not offer sexual services.

Shiseki said the hostess’s actions were more akin to prostitution than an affair, and dismissed the wife’s ¥4m (£20,860) claim for emotional distress.

The wife was asking for ¥4m, which is merely $33,000. There are no million-dollar judgments in Japan, unlike the crazy US, where people try to use the court system as some mock “get rich quick” scheme.

This type of legal opinion is likely only to be found in Japan. The rest of the world has already caught up with modern societal norms around adultery.