Wednesday, June 11, 2014
There are many details in a complete Security plan. I've blogged repeatedly about companies not looking at (or even generating) logs. This is another area where today's “cost” overrides future “risks.” Organizations know they should do it, but it takes skills and dollars.
Database Monitoring Critical to Fighting SQL Injection, Few Do it: Survey
SQL injection attacks are far from new, and the consequences of being vulnerable to them are hardly unknown.
However, a survey of 595 IT security experts indicates that many organizations may not be doing enough to address them. According to a survey by the Ponemon Institute, only 33 percent said their organizations were scanning their active databases either continuously or daily. Forty-seven percent said they did it irregularly or not at all. Despite those numbers, continuous monitoring of databases was cited by 65 percent of respondents as the best way to avoid a breach of databases.
Are we seeing a return to KGB days or something new? Possible a “Global Warming War?” Stay tuned.
Cold War-style spy games return to melting Arctic
In early March, a mysterious ship the size of a large passenger ferry left a Romanian wharf, glided through the narrow strait that separates Europe from Asia and plotted a course toward Scandinavia. After a two-year refitting, the $250 million ship will begin its mission: to snoop on Russia's activities in the Arctic.
"There is a demand from our political leadership to describe what is going on in this region," said Norway's military intelligence chief, Lt. Gen. Kjell Grandhagen.
… Summer sea ice reached a record low in 2012 and scientific projections suggest it could disappear completely this century. New areas of open water already have allowed more shipping through the Northern Sea Route north of Russia. The melt is also opening a new energy frontier — the Arctic is believed to hold 13 percent of the world's undiscovered oil and 30 percent of its untapped gas.
The most accessible resources lie within national boundaries and are undisputed. Security analysts say the risk of conflict lies further ahead, if and when the ice melts enough to uncover resources in areas where ownership is unclear. The U.S., Canada, Denmark, Norway and Russia are expected to have overlapping claims.
(Related) Is China taking off the kid gloves?
Alarm in Hong Kong at Chinese white paper affirming Beijing control
Pro-democracy Hong Kongers have reacted angrily to a Chinese government white paper affirming Beijing's "comprehensive jurisdiction" over the territory, released days after more than 100,000 demonstrators gathered in the city calling for greater rights.
The 14,500-word document, which stresses that Hong Kong does not have "full autonomy" and comes under Beijing's oversight, was released amid fierce debate between residents of the former British colony over impending electoral reform and the nature of the "one country, two systems" concept.
… Hong Kong lawmaker Alan Leong, leader of the pro-democracy Civic Party, said he was "completely taken aback" by the document, which had sent a shiver up (his) spine."
"It is a sea-change to our understanding of what 'one country, two systems' should be," he said.
He argued that the notion that judicial decisions made in Hong Kong should take into account the needs of China was a new concept, and one that was "totally repugnant to our understanding of the rule of law as an institution which we hold very dear to our hearts."
I'm shocked, shocked I tell you!
Three Reasons To Believe Facebook Might Be Used to Spy On You
Microsoft, protector of privacy?
Microsoft Protests Order to Disclose Email Stored Abroad
Microsoft is challenging the authority of federal prosecutors to force the giant technology company to hand over a customer’s email stored in a data center in Ireland.
The objection is believed to be the first time a corporation has challenged a domestic search warrant seeking digital information overseas. The case has attracted the concern of privacy groups and major United States technology companies, which are already under pressure from foreign governments worried that the personal data of their citizens is not adequately protected in the data centers of American companies.
Verizon filed a brief on Tuesday, echoing Microsoft’s objections, and more corporations are expected to join. The Electronic Frontier Foundation is working on a brief supporting Microsoft. European officials have expressed alarm.
In a court filing made public on Monday, Microsoft said that if the judicial order to surrender the email stored abroad is upheld, it “would violate international law and treaties, and reduce the privacy protection of everyone on the planet.”
… In his ruling in April, James C. Francis, a magistrate judge in federal court in New York, wrote, “Microsoft’s argument is simple, perhaps deceptively so.”
Microsoft contends that the rules that apply to a search warrant in the physical world should apply online. The standard of proof for a search warrant is “probable cause” and “particularity” — that is, a person’s name and where the person, evidence or information reside.
A subpoena — the less powerful court-ordered investigation tool — requires only that the information is “relevant to an ongoing investigation.” But a subpoena, unlike a search warrant, requires that the person being investigated be informed.
Judge Francis, in his order, wrote that the Electronic Communications Privacy Act, passed in 1986, created an in-between category intended at the time to protect people from indiscriminate data gathering that subpoenas might allow of online communications. The result, he wrote, is “a hybrid: part search warrant and part subpoena,” and applied to information held in Microsoft’s data center overseas.
I guess you can try any argument, but is “We're completely out of control” the best they can do?
ACLU – NSA Says It’s Too Large, Complex to Comply With Court Order
by Sabrina I. Pacifici on June 10, 2014
Patrick C. Toomey, Staff Attorney, ACLU National Security Project
News release:” “In an era of too-big-to-fail banks, we should have known it was coming: An intelligence agency too big to rein in — and brazen enough to say so. In a remarkable legal filing on Friday afternoon, the NSA told a federal court that its spying operations are too massive and technically complex to comply with an order to preserve evidence. The NSA, in other words, now says that it cannot comply with the rules that apply to any other party before a court — the very rules that ensure legal accountability — because it is too big. The filing came in a long-running lawsuit filed by the Electronic Frontier Foundation challenging the NSA’s warrantless collection of Americans’ private data. Recently, the plaintiffs in that case have fought to ensure that the NSA is preserving relevant evidence — a standard obligation in any lawsuit — and not destroying the very data that would show the agency spied on the plaintiffs’ communications. Yet, as in so many other instances, the NSA appears to believe it is exempt from the normal rules.”
Perspective. Is this how we will find lawyers, maids and golf pros?
Amazon Chases Local Services, The New E-Commerce Battleground
Amazon has found a new place to sell and it doesn’t have anything to do with books, DVDs or physical products.
Later this year, the Seattle company will dive into local services, launching a marketplace that will connect regional professionals and businesses to consumers who could need anything from vocal lessons to a kitchen remodel. The company will unveil the new development, which was first reported by Reuters, on a city-by-city basis, similar to what is being done for its grocery delivery service, Amazon Fresh.
… Similar to Amazon, eBay has been testing a new product called eBay Hire, which will place the profiles of service professionals next to associated products that consumers may be shopping for on its website. For example, a person buying golf clubs on eBay may see ads or links referring them to a local golf teacher who’s signed up with the eBay Hire platform.
… Expertise may also keep Amazon from mastering the market, says Zappacosta, who says that selling a professionals’ services are much different than peddling commodities like shoes or electronics.
“You can’t go after a few distributors and get all the titles,” he says, making the comparison to books. “There’s is no wholesaler than you can hook into that gives you access to the market. You have to go professional to professional to find them.”
Perspective. Any way you slice it, that's a lot of data. Is “pay for preferred routing” on existing networks the answer or is it higher overall network speed?
Videos may make up 84 percent of internet traffic by 2018: Cisco
Video consumption of the World Cup alone will generate nearly as much Internet traffic as occurred in all of Australia in 2013, according to a new Cisco Systems Inc report that shows growth in Internet traffic is fueled by video.
The report, which says video is expected to grow to 84 percent of Internet traffic in the United States by 2018 from 78 percent currently, raises questions about whether Internet service providers should prioritize traffic, which has become a controversial issue.
[I think they refer to this white paper: http://www.cisco.com/c/en/us/solutions/collateral/service-provider/ip-ngn-ip-next-generation-network/white_paper_c11-481360.html
Annual global IP traffic will surpass the zettabyte (1000 exabytes) threshold in 2016. Global IP traffic willreach 1.1zettabytes per year or 91.3 exabytes (one billion gigabytes) per month in 2016. By 2018, global IPtrafficwill reach 1.6 zettabytes per year, or 131.6 exabytes per month.
This raises a lot of questions. Did they test the judges before allowing them to ask questions? The test is for sentience, not humanity.
Computer program tricks judges into thinking it’s human
For the first time, a computer program has officially passed the Turing Test, which measures a machine’s ability to think for itself — at least under the standards set by a competition in Britain.
The achievement, being hailed as a milestone for the field of artificial intelligence, came Saturday in London at a competition organized by the University of Reading involving five computer programs. Each was tasked with persuading at least 30 percent of judges into mistaking it for a human. The winner, a program named Eugene Goostman, tricked 33 percent of the judges into believing it was a 13-year-old, non-native-English-speaking Ukrainian boy.
… The Turing Test was originally proposed by British computer scientist Alan Turing in a paper written in 1950, in which he wrote, “I propose to consider the question, ‘Can machines think?’”
… The winning entrant’s accomplishments suggest that people may soon be able to hold conversations with computers that feel real.
“Siri is just awful. You can’t have a conversation with Siri,” Denning said, referring to the voice assistant for Apple’s iPhone and iPad. “People should be able to expect more. This shows it’s possible.”
An interesting Security/Privacy development.
Lee Hutchinson writes:
Quartz is reporting a change to how iOS 8-equipped devices search out Wi-Fi networks with which to connect. The new mobile operating system, which is on track for a release in the fall, gives iOS 8 devices the ability to identify themselves not with their unique burned-in hardware MAC address but rather with a random, software-supplied address instead.
This is a big deal.
Read more on Ars Technica
For my Android packing students.
SwiftKey, Android's best keyboard, is now free with new theme packs
Since it debuted on Android several years ago, SwiftKey has been one of the best paid apps available on the platform thanks to its gesture-based typing and smart word prediction. Now the app has dropped its $4 price tag and gone completely free to use, but it will still cost if you want to style the keyboard into something more to your liking.
Mostly for my International students. (Us 'mericans know that ain't football!)
Follow the Brazil World Cup From Anywhere With These Six Android Apps
… A staggering 3.2 billion people are expected to watch at least one match, with more than 1 billion expected to tune in to watch the tournament’s final. We’ve already looked at some innovative ways you can follow the tournament yourself, but if you’re one of those 3.2 billion and you also own an Android phone, what apps do you have available to keep abreast of the latest news and scores from the 64-game event?
For my students.
The Ultimate Netflix Guide: Everything You Wanted To Know About Netflix But Were Afraid To Ask
For y students.
Videos and Guides to Copyright & Creative Commons
In my previous post I shared the copyright flowchart created by Silvia Rosenthal Tolisano and Meryl Zeidenberg. I am planning to share that chart along with the following videos and guides in a video creation workshop that I am facilitating on Wednesday morning.
An infographic for ALL my students.
How To Use Punctuation Marks Correctly
… Don’t just depend on spelling and grammar checkers in Word. If you do, you’re probably making dumb grammar mistakes that can otherwise be avoided. By learning the proper use of punctuation marks, you’re not only improving your knowledge, but also causing less confusing for your readers.