Wednesday, February 06, 2013

What did DoE ever do to China? (If not China, who?) And why don't they know what happened?
Hackers hit U.S. Department of Energy
The U.S. Department of Energy has confirmed that its computer systems were hacked into last month. According to The New York Times, the federal agency sent around an internal e-mail on Friday telling its employees about the cyberattack.
"The Department of Energy has just confirmed a recent cyber incident that occurred in mid-January which targeted the Headquarters' network and resulted in the unauthorized disclosure of employee and contractor Personally Identifiable Information," the e-mail said.
The agency said that it is working to figure out the "nature and scope of the incident" but that so far it believes "no classified data was compromised." It's unclear which divisions within the Department of Energy were attacked or who was behind the hack.


I guess I missed the Tweets that said “China is the epitome of goodness and ethics!”
Twitter hack may have targeted elected officials, journalists
Although Twitter hasn't revealed who may have been victimized in last week's suspected massive account hack, an analysis suggests that accounts with high levels of influence may have been among those affected.
Within days of accusations that hackers in China were responsible for network breaches at The New York Times and The Wall Street Journal, the microblogging site revealed Friday that about 250,000 accounts might have been compromised.
… "This attack was not the work of amateurs, and we do not believe it was an isolated incident," Twitter said in a company blog post Friday explaining its action.


The start of a CyberWar could take many forms... Escalation to a shooting war could come if they keep playing video games with real warships...
As China and Japan jockey for influence in the Pacific, an unlikely diplomatic fault line has emerged: an archipelago of uninhabited rocks in the East China Sea. Known as the Senkakus in Japan, which controls them, the islands are also claimed by China and Taiwan -- and both are struggling to reassert sovereignty. Tremors have increased in recent months with confrontations between the Japanese and Taiwanese coast guards and rabble-rousing from Chinese media outlets.
… China raised the stakes on Jan. 30, when one of its military frigates aimed weapons-targeting radar at a Japanese warship, prompting Japan to lodge a formal complaint with the Chinese government.


Earlier I said, “In a multi-platform world, we need multi-platform malware.” Apps that run anywhere increase you “network.”
This week the analysis team at Gartner has made it clear that they expect the mobile app market to be more than 50% made up of apps that are cross-platform, aka “hybrid apps”. These apps will be working with a combination of the “portability” of HTML5 Web apps with a native container for each different device, regardless of mobile OS. This means that, as many high-end apps release today already do, so will a much more vast cross-section of brands bring their apps to iOS, Android, Windows Phone, BlackBerry, and more.


Remember, a backlog is just a tool for staying within budget (and an excuse to set priorities.)
By Dissent, February 5, 2013 6:59 pm
To say that I am frequently frustrated by HHS’s “breach tool” would be an understatement. Their reporting form and coding often makes it impossible to know – simply by looking at their entries – what type of breach occurred. Consider this description from one of their entries:
“Theft, Unauthorized Access/Disclosure”,”Laptop, Computer, Network Server, Email”
So what happened there? What was stolen? Everything? And what types of patient information were involved?
Or how about this description:
“Unauthorized Access/Disclosure,Paper”
What happened there? Did a mailing expose SSN in the mailing labels or did an employee obtain and share patients’ information with others for a tax refund fraud scheme? Your guess is as good as mine. And HHS’s breach tool does not include any data type fields that might let us know whether patients’ SSN, Medicare numbers, diagnoses, or other information were involved.
If HHS followed up on these entries in a timely fashion with additional details, it would still be somewhat frustrating, but they don’t. HHS withholds crucial information about breaches that are “under investigation” and they are years behind in investigating incidents.
Yes, years.
If you look at the .csv form of the breach tool, you’ll see that when HHS closes an investigation, it enters a summary of the incident. But if you scroll down their database, you’ll note that some incidents from 2010 and many incidents from 2011 are presumably still open. And not one incident’s investigation from 2012 has been closed. Not one.
It is possible that some investigations that appear open are open because they have been referred to OCR for further action or may involve some enforcement action or pending resolution. But for most of the entries, it is not clear why the breach investigation has not been closed. And until it is closed, HHS will not tell us anything.
Because many entities still do not post notifications on their web sites and I cannot always find substitute notices in local media, the breach tool is often the only information we have about a breach involving more than 500 patients’ protected health information. HHS’s reluctance to discuss a case under investigation is understandable, but not if it takes them years to investigate and close a file. And with the new HITECH breach notification rules, there will likely be an increase in the number of breach notifications to HHS and even more breaches that they will have to investigate.
Something needs to change. Those of us who track and analyze breach trends need more transparency and information, not information that is delayed by more than two years.
I’m not sure who in HHS or Congress might give a damn, but feel free to pass these concerns along.


Another: “We don't have the time to do it right, so we'll take the time to do it over.”
Eric Roper reports:
Attorneys for a former police officer whose driver’s license data was repeatedly breached said Tuesday that the state has agreed to conduct better audits and impose more safeguards of the often-misused drivers license database.
The legal settlement between Anne Marie Rasmusson and the Department of Public Safety is one of the last dominos to fall in a lawsuit that has cost local governments across the state more than $1 million. Rasmusson’s success in the case has prompted a slew of class action lawsuits related to other incidents of driver’s license data misuse.
Good for her for trying to leave the system in better shape to protect others from what she experienced. Roper reports:
Among stipulations of Rasmusson’s settlement, according to Miller-Van Oort: The state will perform monthly audits of top search targets, rather than merely most active users, to identify anomalies. [That's not how I would do it... Bob]
They must also audit the top 50 most-active users and perform randomized audits, Miller-Van Oort said. Gordon said the department began monthly auditing of the top 50 users last year and initiated randomized audits in January.
A modified login screen will present new information about permissible uses and require users to confirm that they have a legitimate search purpose. The settlement also requires the state to augment data training.
It’s a shame it took a lawsuit to get them to agree to enhance data protection. What I don’t see listed in the news report, however, is whether/how the state will actually limit access to the database and not just audit access after the fact.
Read more on the Star Tribune


Look for patterns. Look for patterns we did not expect. Determine what causes a data element to fit a particular pattern.. Look for things that should be in those patterns but are not.
What the Intelligence Community Is Doing With Big Data
… Armed with billions of tweets, Google (GOOG) searches, Facebook (FB) posts, and other publicly available social-media and online data, the Office of the Director of National Intelligence is sponsoring research projects involving 14 universities in the United States, Europe, and Israel with the goal of using advanced analytics to predict significant societal events.
“Our focus is to beat the news with greater accuracy and to do it faster by combining [various sets of] data, and we are seeing that it is possible,” said Jason Matheny, program manager of the Open Source Indicators program, which is housed within the Intelligence Advanced Research Projects Activity, or IARPA, the government’s intelligence research incubator. (Think DARPA, but for intelligence.)
… It would also help the organization know what isn’t foreseeable at all. In other words, they are tackling Donald Rumsfeld’s infamous “unknown unknowns” problem. If you know what you can predict, then you can predict it; if you know what you can’t predict, you can make other plans.


The Fourth Amendment does not apply to crops... (I see a business opportunity. Rent drone crop sprayers like they rent harvesters)
Drone Boosters Say Farmers, Not Cops, Are the Biggest U.S. Robot Market
… UVSI intends to publish a study in the next few weeks anticipating the scope of the domestic, non-military market for drones. But there’s already some data to support Mailey’s hypothesis. “Precision farmers” love using data tools to increase crop yields. In 2009, an Idaho farmer homebrewed his own drone, slapped a commercial digital camera on it, and began extracting data on soil patterns to help his business expand. Companies like CropCam build lightweight, modular, GPS-driven gliders to give farmers an aerial view of their fields without requiring pilot training or the expense of buying a small manned plane. Of course, this is all dependent on drone manufacturers pricing their robots inexpensively enough for farmers who also have to buy a lot of other expensive equipment to ply their trade.
Japan also provides some indication of the potential demand for drones by farmers. Yamaha introduced its RMAX unmanned helicopter for crop-spraying in 1990.

(Related) ...and if you need to surveil your indoor plants...
Tiny, Hackable Quadcopter Drone Launches Pre-Orders
A tiny new open source drone kit made by Bitcraze is buzzing its way to market this spring, targeted at hackers and modders who want to explore droning indoors as well as out.
Marcus Eliasson, Arnaud Taffanel, and Tobias Antonsson are the engineers behind the Swedish startup now accepting pre-orders for a palm-sized quadcopter called the Crazyflie Nano. (Not to be confused with the Norwegian-made nano-copter used by British troops in Afghanistan.)
The trio used only open source material for the project, from mechanics to hardware and code. Not only was it a nod to the open source mantra, it saved them a ton of time; all three have day jobs and have spent the last three years working evenings on the Crazyflie Nano.
The $149 device is controlled by a PC through a 2.4 GHz radio, and an on-board gyroscope and accelerometer keep it steady. (A more advanced, $173 version, with a magnetometer and altimeter will also be available.)


A typical Slashdot question. (Whenever you start something new, assume hundreds of people have done it before you) Note that there are many, many answers.
"I am trying to set up a surveillance system. It is not intended to build a real-time on-line surveillance system to watch a wall of monitors on a 24/7 basis. The main scope is to record video (24/7) from the fixed cameras around our facility and when needed, get back to pre-recorded video and check it for particular event(s). Of course, it is possible to use a human to fast forward through video using a DVR-type FF function for short video sequences. Unfortunately, for long sequences (one week), it is not acceptable solution. I was searching online the whole weekend for the open source software for analysis of pre-recorded video in order to retrieve events and data from recorded video but had no luck. So I ask you, Slashdotters: Can you provide some suggestions for forensic software to analyze/find specific events in pre-recorded video? Some examples of events: 'human entering restricted zone,' 'movement in the restricted zone,' 'light in the restricted zone.'"


Looks more like a “how to” manual...
February 05, 2013
Description of Civil Liberties and Privacy Protections in updated NCTC Guidelines
Description of Civil Liberties and Privacy Protections in the updated NCTC Guidelines, January 2013, Office of the Director of National Intelligence.
  • "In March, 2012, the Director of National Intelligence (DNI), the Attorney General, and the Director of the National Counterterrorism Center (NCTC) approved the updated Guidelines for Access, Retention, Use, and Dissemination by the National Counterterrorism Center and Other Agencies of Information in Datasets Containing Non-Terrorism Information (referred to here as the "NCTC Guidelines" or "Guidelines") (available at www.nctc.gov). The NCTC Guidelines make important updates and modifications to the 2008 version of the Guidelines. The new Guidelines ensure that NCTC has an effective and efficient means of assessing federal agency datasets that are likely to contain significant terrorism information, permit NCTC to use terrorism information for proper purposes subject to multi-layered privacy and civil liberties protections, and establish comprehensive compliance and oversight mechanisms."

(Related) It's a good thing we have privacy guidelines (above) since we're sure gonna need them! (No mention of drones in the guidelines)
February 05, 2013
Integration of Drones into Domestic Airspace: Selected Legal Issues
Integration of Drones into Domestic Airspace: Selected Legal Issues. Alissa M. Dolan, Legislative Attorney - Richard M. Thompson II, Legislative Attorney, January 30, 2013
  • "Under the FAA Modernization and Reform Act of 2012, P.L. 112-95, Congress has tasked the Federal Aviation Administration (FAA) with integrating unmanned aircraft systems (UASs), sometimes referred to as unmanned aerial vehicles (UAVs) or drones, into the national airspace system by September 2015. Although the text of this act places safety as a predominant concern, it fails to establish how the FAA should resolve significant, and up to this point, largely unanswered legal questions... With the ability to house surveillance sensors such as high-powered cameras and thermal-imaging devices, some argue that drone surveillance poses a significant threat to the privacy of American citizens. Because the Fourth Amendment’s prohibition against unreasonable searches and seizures applies only to acts by government officials, surveillance by private actors such as the paparazzi, a commercial enterprise, or one’s neighbor is instead regulated, if at all, by state and federal statutes and judicial decisions. Yet, however strong this interest in privacy may be, there are instances where the public’s First Amendment rights to gather and receive news might outweigh an individual’s interest in being let alone."


Gee, what we need is a lawyer with an Economics degree to evaluate this...
"Two economists at the St. Louis Federal Reserve have published a paper arguing that the American patent system should be abolished. The paper recognizes the harm the current patent system has caused not only to the technology sector but the health sector as well."


Have I missed something or is DHS looking for even more ways to waste money? Do we really think missles will be launched from hundreds of miles away rather than from a ship a few miles away? (Or have they shut down the Potomac?)
"Reuters reports that a pair of bulbous, helium-filled 'aerostats', each 243 feet long, will be moored to the ground and fly as high as 10,000 feet, as part of a high-tech shield designed to protect the Washington D.C. area from an air attack like the one that took place on September 11, 2001. One of the aerostats carries a powerful long-range surveillance radar with a 360-degree look-around capability that can reach out to 340 miles. The other carries a radar used for targeting. [...and connected to what? Bob] Operating for up to 30 days at a time, JLENS is meant to give the military more time to detect and react to threats (PDF), including cruise missiles and manned and unmanned aircraft, compared with ground-based radar and is also designed to defend against tactical ballistic missiles, large caliber rockets and moving vehicles that could be used for attacks, including boats, cars and trucks. 'We're trying to determine how the surveillance radar information from the JLENS platforms can be integrated with existing systems in the National Capital Region,' says Michael Kucharek, a spokesman for the North American Aerospace Defense Command. Washington is currently guarded by an air-defense system that includes Federal Aviation Administration radars and Department of Homeland Security helicopters and fixed-wing aircraft on alert at Reagan National Airport to intercept slow, low-flying aircraft."


I'm sure they are trying to tell me something....
February 05, 2013
Paper - Open Wireless vs. Licensed Spectrum: Evidence from Market Adoption
"The Berkman Center for Internet & Society at Harvard University is pleased to announce the publication of Open Wireless vs. Licensed Spectrum: Evidence from Market Adoption, authored by Yochai Benkler, and published in the latest issue of the Harvard Journal of Law & Technology [download here]. The paper reviews evidence from eight wireless markets: mobile broadband; wireless healthcare; smart grid communications; inventory management; access control; mobile payments; fleet management; and secondary markets in spectrum. Benkler finds that markets are adopting unlicensed wireless strategies in mission-critical applications, in many cases more so than they are building on licensed strategies. If the 1990s saw what was called "the Negroponte Switch" of video from air to wire, and telephony from wire to air, the present and near future are seeing an even more fundamental switch. Where a decade ago most of our wireless capacity was delivered over exclusive control approaches-both command and control and auctioned exclusivity--complemented by special-purpose shared spectrum use, today we are moving to a wireless infrastructure whose core relies on shared, open wireless approaches, complemented by exclusive control approaches for special, latency-intolerant, high-speed mobile applications. The scope of the latter will contract further if regulation catches up to technological reality, and opens up more bands to open wireless innovation, with greater operational flexibility and an emphasis on interoperability."


What's the opposite of “too big to fail?” (Breakup worked really well for Standard Oil)
HP considering company 'breakup,' says report
PC maker Hewlett-Packard is mulling over breaking up the company in a bid to return the maximum value to company shareholders, according to a report.
Citing unnamed sources, blog Quartz said company directors have "discussed the details of a possible breakup scenario," among other options.


Have you ever complained about slow response times?
Nasdaq said to be settling with SEC over Facebook's IPO flop
… One investigation, initiated by the U.S. Securities and Exchange Commission, focused on technical errors in Nasdaq's system that inadvertently delayed trading that first day.
Now, word has it that Nasdaq may be able to settle the debacle with the federal regulators, according to the Wall Street Journal.
Sources familiar with the matter have told the Journal that Nasdaq has been in preliminary settlement talks with the SEC. If the two sides do make a deal, it will most likely include a financial penalty that could be as much as $5 million.


This surprises me. I wonder why?

No comments: