Monday, November 12, 2012

Probably more hype, since “Cyber War” looks like the easiest way to get a larger Defense budget. However, in a globally connected world, a well funded (state sponsored?) hacker could shut down the economy of one or several countries by disabling infrastructure. Think not? Look at New Jersey.
"Blake Clayton with an excellent piece on the cyber threat to the global oil supply. His description of the August attack on Saudi Aramco, which rendered thirty thousand of its computers useless, helps make his point. From the article: 'The future of energy insecurity has arrived. In August, a devastating cyber attack rocked one of the world’s most powerful oil companies, Saudi Aramco, Riyadh’s state-owned giant, rendering thirty thousand of its computers useless. This was no garden-variety breach. In the eyes of U.S. defense secretary Leon Panetta, it was “probably the most destructive attack that the private sector has seen to date.”'"

(Related) If you want to own/destroy infrastructure, you should be practicing... A real concern would be evidence that an actor could control the attack well enough to select specific targets.
"We hear a lot about vulnerabilities in industrial control system (ICS) software. But what about real evidence of compromised SCADA and industrial control systems? According to security researcher Michael Toecker, a consultant at the firm Digital Bond, the evidence for infected systems with links to industrial automation and control systems is right under our eyes: buried in public support forums. Toecker audited support sites like bleepingcomputer.com, picking through data dumps from free malware scanning tools like HijackThis and DDS. He found scans of infected systems that were running specialized ICS software like Schweitzer Engineering Labs (SEL) AcSELerator Software and GE Power's EnerVista Software (used to configure GE electric power protection products). The infected end user systems could be the pathway to compromising critical infrastructure, including electrical infrastructure. 'With access to a protection relay through a laptop, a malicious program could alter settings in the configuration file, inject bad data designed to halt the relay, or even send commands directly to the relay when a connection was made,' Toecker wrote."


Is DHS the best place for this? Granted there is a possibility that terrorists could use a bio weapon, but would TSA-like screeners every detect it? More likely, this is a foot in the door of “Ubiquitous Social Media Monitoring”
"Nextgov reports 'The Homeland Security Department has commissioned Accenture to test technology that mines open social networks for indications of pandemics, according to the vendor.' This will kick off a year-long biosurveillance program, costing $3 million, that will log trends in public health by looking through public posts. This ties back to White House guidelines released in July that ask federal agencies to 'Consider social media as a force multiplier that can empower individuals and communities to provide early warning and global situational awareness.'"
[From the article:
The business case for the new DHS program has not been proved yet, Accenture officials acknowledged. “Our pilot program seeks to prove this case,” said John Matchette, Accenture managing director for U.S. public safety. “In theory, social media analytics would have shown timely indicators for multiple past biological and health-related events.”
In July, President Obama issued a national strategy for biosurveillance that directs federal agencies to think outside the box in detecting incidents.


How the world sees Privacy?
Global survey on Internet privacy and freedom of expression
… The publication also supplies additional sources of reference for interested readers to use to further investigate each of the subjects highlighted.
The publication explores a range of issues, such as:
  • threats to privacy that have developed through the Internet,
  • international legal standards on privacy and responses to these emerging issues,
  • complex intersections between the rights to privacy and freedom of expression,
  • UNESCO recommendations to states and corporations for better practice,
  • overview of literature, background material and tools on international and national policy and practice on privacy and freedom of expression on the Internet.
Download (English): Full version Executive summary


An interesting ethical question to kick around. At what age should we stop holding Mon and Dad accountable? Isn't this all “Public” and therefore open to a public reply?
… as a reflection of society too, it wasn't surprising (sadly) that there was a significant uptick in hate speech on Twitter as people reacted to President Obama’s re-election.
… The “geography of information” website FloatingSheep.org aggregated some 400 racist tweets from Tuesday night, mapped them, and compared states’ racist tweeting patterns. (Details on the methodology are here.)
Rather than looking in aggregate at the Twitter patterns, the Gawker Media-owned website Jezebel called out by name and Twitter handle many of the individuals who had tweeted racist reactions to the President’s re-election, first with a gallery highlighting some of the tweets and then with a follow-up story, tracking down some of these users’ identities.
Specifically, Jezebel re-published the tweets, tracked down teens' locations and their schools, called those schools and then published the schools’ responses (or lack thereof).
… Responding to Jezebel's story, GigaOm’s Mathew Ingram questioned the decision to publish the teens’ names, asking when and if it’s okay to publicize this sort of “bad behavior” from teens:


Is New Zealand that mad at the US for this bungled attempt to “enforce Copyright law?”
Kim DotCom: New Zealand will be home to new MegaUpload site
New Zealand appears to be embracing Kim DotCom and the service he's creating to replace MegaUpload.
DotCom announced on Twitter that his new cloud-storage service will use a New Zealand-based domain: Mega.co.nz. DotCom attempted to use a domain name from the West African country of Gabon, but that country's administration last week ordered that the domain, Me.ga, be suspended.
DotCom didn't waste anytime finding a new domain name.


Tools for serious writers... (Mac or Windows)
'Scapple': Very Interesting New Software From the Creator of Scrivener
I'll spare you my whole speech about the inklings of another at-least-mini golden age of Interesting Software, especially though not only for the Mac. I consider Scrivener the single most useful writing program I've ever come across; I'm fascinated by Tinderbox and TheBrain; I have come to trust and rely on both Evernote and DevonThink; and so on
… I'll spare you that speech (and you can see links to some past articles about Scrivener here) so as to get right to the new program I want to mention. It is called Scapple; it is from Literature and Latte, the small English company that produces Scrivener; it's still in open beta; and it is so easy to use and understand that you can very quickly grasp what it might and might not do for you.
An explanation of the program is here; it includes the link to download the beta version, which I'm not giving you directly because I think it's worth reading the background.


For my Computer Security geeks
Our infographic today is from Fixmo and it shows the various “threats, vulnerabilities and risks with mobile devices in enterprise”.


Not that my students would ever get bored in class, but...

No comments: