Thursday, June 06, 2013

What can I say? When they're right they're right.
"Huang Chengqing, China's top internet security official, alleged that cyberattacks on China from people in the U.S. are as serious as those from China on the U.S. 'We have mountains of data, if we wanted to accuse the U.S., but it's not helpful in solving the problem.' Huang, however, does not necessarily attribute them to the U.S. government just because they came from U.S. soil, and he thinks Washington should extend the same courtesy. 'They advocated cases that they never let us know about. Some cases can be addressed if they had talked to us, why not let us know? It is not a constructive train of thought to solve problems.' In response to the recent theft of U.S. military designs, he replied with an observation whose obviousness is worthy of Captain Hammer: 'Even following the general principle of secret-keeping, it should not have been linked to the Internet.'"
A few experts think China's more cooperative attitude has come about precisely because the U.S. government has gone public with hacking allegations.

They have got to be kidding, right? What is the 'per PC' cost in the US?
Government £6,000 per year per desktop spend a frightening insight into public sector IT
The government has always faced criticism that its IT is slow, unwieldy, inflexible, unnecessarily complex and overpriced. It’s one thing when you face this criticism from your rivals, the press or members of the public – but you know you’ve reached a dire point when it’s your own chief operating officer (COO) twisting the knife.
At a government spending review attended earlier this week by V3, the government’s new COO Stephen Kelly shed some light into the world of technology at Whitehall and across the public sector.
“I came into the office and I pressed my PC and it took me seven minutes to boot up,” he told attendees. “That’s government in the old world, that’s three days of the year I waste of my time booting up.”
… Aside from the huge waste in productivity outlined by Kelly, the government seems to be throwing huge amounts down the drain maintaining this outdated kit. The COO said he thought the cost of a single desktop PC was around £6,000 per year – for which he could go and buy 10 Apple iPads.
… According to my estimations – verified by a CIO – this figure should be less than £1,000 per year taking into account the cost of the hardware, office suite, and support and server costs over a three-year period, so it looks like the government is getting completely swindled by their PC supplier – or Kelly needs to go back and re-sit his maths GCSE.

What does this help them find? If they are not looking for anything specific, they have to examine every link as possibly hostile.
UK Guardian – Verizon forced to hand over telephone data – full court ruling
“The US government is collecting the phone records of millions of US customers of Verizon under a top secret court order. Read the Foreign Intelligence Surveillance Court order.”
[From the Guardian:
Under the terms of the blanket order, the numbers of both parties on a call are handed over, as is location data, call duration, unique identifiers, and the time and duration of all calls. The contents of the conversation itself are not covered.

(Related) Did anyone think they would say, “Oops, we goofed!” There is a lot you can learn after the event, but detecting threats before they occur is much more difficult.
White House defends collecting phone records
The White House on Thursday defended the National Security Agency's need to collect telephone records of U.S. citizens, calling such information "a critical tool in protecting the nation from terrorist threats."
While defending the practice, a senior Obama administration official did not confirm a newspaper report that the NSA has been collecting the telephone records of millions of U.S. customers of Verizon under a top secret court order.

What exactly does DHS expect to find when they search a device at the boarder? Anyone too stupid to email their files across the boarder probably deserves to be caught.
What records are kept of the results of 'intuition and hunch?' Are the results better than for searches based on psychological “tells?” or random searches for that matter... Does DHS even care what works best?
DHS Watchdog: ‘Intuition and Hunch’ Are Enough to Search Your Gadgets at Border
The Department of Homeland Security’s civil rights watchdog has concluded that “intuition and hunch” are among the primary reasons why it is “inadvisable” to establish constitutional safeguards protecting travelers’ electronics from being searched for any reason along the U.S. border.
The DHS, which secures the nation’s border, on Wednesday released a redacted report of its “Civil Rights/Civil liberties Impact Assessment” (.pdf) pertaining to border searches of electronic devices, including laptops and mobile phones. In February, the DHS disclosed an executive summary of the 21-page report, concluding then that “imposing a requirement that officers have reasonable suspicion in order to conduct a border search of an electronic device would be operationally harmful without concomitant civil rights/civil liberties benefits.”

Perspective Has the next generation (SmarterPhones) become available? And when will we get “Smarter than their owner” phones?
Pew – Smartphone Ownership 2013
Smartphone Ownership 2013, by Aaron Smith, June 5, 2013
“For the first time since the Pew Research Center’s Internet & American Life Project began systematically tracking smartphone adoption, a majority of Americans now own a smartphone of some kind. Our definition of a smartphone owner includes anyone who says “yes” to one—or both—of the following questions:
  • 55% of cell phone owners say that their phone is a smartphone.
  • 58% of cell phone owners say that their phone operates on a smartphone platform common to the U.S. market.”

Worth mentioning to my students?
"Did you buy an Acer laptop with Vista and less than 1 GB of RAM? The company has a thumb drive it would like to send you. Did you get an unwanted text from Papa John's? The company would like to make it up with you with $50 worth of free pizza. These and other little rewards are available as a result of class action lawsuits that have wound their ways through the court systems and now, years later, are paying off for very large groups of tech users."
I wonder how many USB drives the lawyers took as their share.

Some students may find this useful. I seem to recall similar sites for teachers. Perhaps we could get a full Computer Forensics site this way?
"Q. What do Chris Brown and Steve Ballmer have in common? A. They both want you to Beg for It. GeekWire reports that Microsoft is touting its new Chip In program, a crowdfunding platform that allows students to 'beg' for select Windows 8 PCs and tablets that they can't afford on their own. Blair Hanley Frank explains, 'Students go to the Chip In website and choose one of the 20 computers and tablets that have been pre-selected by Microsoft. Microsoft chips in 10% of the price right off the bat, and then students are given a link to a "giving page" to send out to anyone they think might give them money. Once their computer is fully funded, Microsoft ships it to them.' Hey, what could go wrong?"

For my Ethical Hackers looking for that perfect graduation gift.
"The Today Show had a piece this morning showing video of thieves apparently using a small device to open and enter cars equipped with keyless entry. Electronic key fobs, which are supposed to be secure, are replacing keys in more and more new cars, but the evidence suggests that a device has been developed which effortlessly bypasses this security (at least on certain makes and models). 'Adding to the mystery, police say the device works on some cars but not others. Other surveillance videos show thieves trying to open a Ford SUV and a Cadillac, with no luck. But an Acura SUV and sedan pop right open. And they always seem to strike on the passenger side. Investigators don't know why.' Police and security experts say they are 'stumped.'" [Never a good sign Bob]

No comments: