Monday, August 05, 2013
Strategy for my Ethical Hackers: It is better to have hacked something you don't need than to need access to something you haven't hacked. Why would you ignore something that is so easy to control?
Chinese Hacking Team Caught Taking Over Decoy Water Plant
A Chinese hacking group accused this February of being tied to the Chinese army was caught last December infiltrating a decoy water control system for a U.S. municipality, a researcher revealed on Wednesday.
The group, known as APT1, was caught by a research project that provides the most significant proof yet that people are actively trying to exploit the vulnerabilities in industrial control systems. Many of these systems are connected to the Internet to allow remote access (see “Hacking Industrial Systems Turns Out to Be Easy”). APT1, also known as Comment Crew, was lured by a dummy control system set up by Kyle Wilhoit, a researcher with security company Trend Micro, who gave a talk on his findings at the Black Hat conference in Las Vegas.
The attack began in December 2012, says Wilhoit, when a Word document hiding malicious software was used to gain full access to his U.S.-based decoy system, or “honeypot.” [In other words, someone opened a document they should not have opened. Not hard to “hack” when your target cooperates. Bob]
For my Ethical Hackers. TOR still works for anonymous comunications, but you need to check those emails for malware (FBI-ware?). This kind of confirms that the FBI is using hacker tools and techniques to “get their man.” So, will we be able to use the evidence gained from his computers to locate his customers?
Alleged Tor hidden service operator busted for child porn distribution
On Friday, Eric Eoin Marques, a 28 year-old Dublin resident, was arrested on a warrant from the US on charges that he is, in the words of a FBI agent to an Irish court, "the largest facilitator of child porn on the planet." The arrest coincides with the disappearance of a vast number of "hidden services" hosted on Tor, the anonymizing encrypted network.
Marques is alleged to be the founder of Freedom Hosting, a major hidden services hosting provider. While Marques' connection to Freedom Hosting was not brought up in court, he has been widely connected to the service—as well as the Tormail anonymized e-mail service and a Bitcoin exchange and escrow service called Onionbank—in discussions on Tor-based news and Wiki sites. All those services are now offline. And prior to disappearing, the sites hosted by Freedom Hosting were also distributing malware that may have been used to expose the users of those services. [then again, maybe we don't need his computers... Bob]
Tor hidden services are a lesser known part of the Tor "darknet." They are anonymized Web sites, mail hosts, and other services which can only be reached by computers connected to Tor, or through a Tor hidden services proxy website, such as tor2web.org, and they have host names ending in .onion.
Do we even bother to look at what others are doing?
Interesting news from Japan:
The Health, Labor and Welfare Ministry plans to build an Internet-based network that would allow medical institutions nationwide to share patients’ medical treatment and drug prescription records–a move that is also likely to make it easier for patients to switch hospitals or leave one to recover at home, according to ministry officials.
The network will be compiled with so-called receipt computers– PCs equipped with medical receipt-making software used by most medical institutions and pharmacies–allowing hospitals and clinics across the country to view patients’ medical records as needed. The ministry aims to make the network operational by the end of fiscal 2018.
Read more on The Japan News.
Interestingly, the report says that patient consent will be required to share information and that they will track (generate receipts) for data access to prevent wrongful usage.
Will Japan do a better job of this than the US or UK have done so far? And will they have better data security and privacy protections in place? It all remains to be seen.
I could read this as simple prioritization. NSA should be spending resources on national security and not on “can you tell me who grows marijuana in my neighborhood?” On the other hand, this is more likely “damage control” – feeding stories to gullible journalists.
Sean Gallagher reports:
It turns out that the National Security Agency’s wide-ranging surveillance programs could have been much worse, if other federal agencies had had their way. TheNew York Times‘ Eric Lichtblau and Michael S. Schmidt report that the NSA has turned away the majority [51%? Bob] of requests for information sharing from federal law enforcement agencies, on the grounds that the requests have too little to do with national security and could be misused in ways that violate citizens’ privacy.
Read more on Ars Technica.
Someone will have to start indexing all these tools and databases, or is there already an App for that?
International Criminal Court Legal Tools Database
International Criminal Court (ICC): “The Legal Tools are the leading information services on international criminal law. They equip users with legal information, digests and an application to work more effectively with core international crimes cases (involving war crimes, crimes against humanity, genocide or aggression). By being freely available in the public commons, the Tools democratize access to international criminal law information, thus empowering practitioners and levelling preconditions for criminal justice in both richer and materially less resourceful countries. The Legal Tools are a significant contribution to national capacity development in criminal justice for core international crimes. The Tools comprise the online “Legal Tools Database”, together with legal research and reference tools developed by lawyers with expertise in international criminal law and justice: the Case Matrix, the Elements Digest, the Proceedings Digest and the Means of Proof Digest. Text in these tools or in the Legal Tools Database does not necessarily represent views of the ICC, any of its Organs or any participant in proceedings before the ICC or any of the ICC States Parties. The Legal Tools Database is made freely available through this web site. Additionally, criminal jurisdictions, counsel and NGOs that work on core international crimes cases may seek to have access to the Case Matrix – which encompasses the Elements Digest, the Means of Proof Digest and key documents from the Legal Tools Database – by sending an e-mail message with a short statement on the nature of the need to email@example.com. The Co-ordinator of the Legal Tools Project uses the web site of the independent organization Case Matrix Network (CMN) to administer some aspects of the Legal Tools Project, without cost to the ICC.”
Somehow, the “reasons” don't seem to justify the actions...
Veto of Apple Ruling Likely to Upend Big Patent Battles
The Obama administration's decision to overturn an international trade ruling against Apple Inc.—the first such veto in more than 25 years—promises to upend long-running battles over intellectual property in the smartphone market and change the strategies some of the world's biggest technology companies use to defend their inventions.
Increasingly, those companies have been using patents to try to hobble rivals in a mobile-device market expected to top $400 billion this year. In 2012, the number of patent cases filed in the U.S. jumped nearly 30% from a year earlier to 5,189, according to consulting firm PricewaterhouseCoopers.
… In a letter explaining the veto, U.S. Trade Representative Michael Froman, who was charged with overseeing a presidential review of the ITC ruling, said he came to his decision after extensive consultations with government trade bodies "as well as other interested agencies and persons." Mr. Froman said he based the decision on the potential harm the sales ban would cause to consumers and the U.S. economy. He suggested Samsung could still enforce its patents in the courts.
I have Calibre loaded on a large thumb drive. That allows me to run it at home and at school, manage my books and the wife's, and be ready for eTextbooks if that ever happens.
… Before Kindle, I fell in love with Calibre. A bit on the heavy side, but this eBook management suite is incredibly powerful and always easy to use. For those users just getting started with Calibre, but also for proficient users aiming to maximise Calibre’s potentials, check out MakeUseOf’s Guide To Calibre eBook Manager.
… 1. Add Amazon Books To Calibre
MOBI and EPUB files, but also PDF and even TXT files can be easily added to your Calibre library by dragging them to the application window.
… 2. Converting Other Formats
If you have eBooks in EPUB or another format unsupported by Kindle, you can use Calibre to convert the eBooks to a supported format
… 3. Email To Kindle
Instead of connecting over USB, you can have Calibre send books to your Kindle over email.