What did DoE ever do to China? (If not
China, who?) And why don't they know what happened?
Hackers
hit U.S. Department of Energy
The U.S. Department of Energy has
confirmed that its computer systems were hacked into last month.
According to The
New York Times, the federal agency sent around an
internal e-mail on Friday telling its employees about the
cyberattack.
"The Department of Energy has just
confirmed a recent cyber incident that occurred in
mid-January which targeted the
Headquarters' network and resulted in the unauthorized
disclosure of employee and contractor Personally Identifiable
Information," the e-mail said.
The agency said that it is working
to figure out the "nature and scope of the incident"
but that so far it believes "no classified data was
compromised." It's unclear which divisions
within the Department of Energy were attacked or who was behind the
hack.
I guess I missed the Tweets that said
“China is the epitome of goodness and ethics!”
Twitter
hack may have targeted elected officials, journalists
Although Twitter hasn't revealed who
may have been victimized in last week's suspected massive account
hack, an analysis suggests that accounts with high levels of
influence may have been among those affected.
Within days of accusations that hackers
in China were responsible for network breaches at The New York Times
and The Wall Street Journal, the microblogging site revealed Friday
that about
250,000 accounts might have been compromised.
… "This attack was not the
work of amateurs, and we do not believe it was an isolated incident,"
Twitter said in a company blog post Friday explaining its action.
The start of a CyberWar could take many
forms... Escalation to a shooting war could come if they keep
playing video games with real warships...
As China and Japan jockey for influence
in the Pacific, an unlikely diplomatic fault line has emerged: an
archipelago of uninhabited rocks in the East China Sea. Known as the
Senkakus in Japan, which controls them, the islands are also claimed
by China and Taiwan -- and both are struggling to reassert
sovereignty. Tremors have increased in recent months with
confrontations between the Japanese and Taiwanese coast guards and
rabble-rousing from Chinese media outlets.
… China raised the stakes on Jan.
30, when one of its military frigates aimed
weapons-targeting radar at a Japanese warship, prompting
Japan to lodge a formal complaint with the Chinese government.
Earlier I said, “In a multi-platform
world, we need multi-platform malware.” Apps that run anywhere
increase you “network.”
This week the
analysis team at Gartner has made it clear that they expect the
mobile app market to be more than 50% made up of apps that are
cross-platform, aka “hybrid apps”. These apps will be working
with a combination of the “portability” of HTML5 Web apps with a
native container for each different device, regardless of mobile OS.
This means that, as many high-end apps release today already do, so
will a much more vast cross-section of brands bring their apps to
iOS, Android, Windows Phone, BlackBerry, and more.
Remember, a backlog is just a tool for
staying within budget (and an excuse to set priorities.)
By Dissent,
February 5, 2013 6:59 pm
To say that I am frequently frustrated
by HHS’s “breach
tool” would be an understatement. Their reporting form and
coding often makes it impossible to know – simply by looking at
their entries – what type of breach occurred. Consider this
description from one of their entries:
“Theft,
Unauthorized Access/Disclosure”,”Laptop, Computer, Network
Server, Email”
So what happened there? What was
stolen? Everything? And what types of patient information were
involved?
Or how about this description:
“Unauthorized
Access/Disclosure,Paper”
What happened there? Did a mailing
expose SSN in the mailing labels or did an employee obtain and share
patients’ information with others for a tax refund fraud scheme?
Your guess is as good as mine. And HHS’s breach tool does not
include any data type fields that might let us know whether patients’
SSN, Medicare numbers, diagnoses, or other information were involved.
If HHS followed up on these entries in
a timely fashion with additional details, it would still be somewhat
frustrating, but they don’t. HHS withholds crucial information
about breaches that are “under investigation” and they
are years behind in investigating incidents.
Yes, years.
If you look at
the .csv
form of the breach tool, you’ll see that when HHS closes an
investigation, it enters a summary of the incident. But if you
scroll down their database, you’ll note that some incidents from
2010 and many incidents from 2011 are presumably still open. And not
one incident’s investigation from 2012 has been closed. Not one.
It is possible that some investigations
that appear open are open because they have been referred to OCR for
further action or may involve some enforcement action or pending
resolution. But for most of the entries, it is not clear why the
breach investigation has not been closed. And until it is closed,
HHS will not tell us anything.
Because many entities still do not post
notifications on their web sites and I cannot always find substitute
notices in local media, the breach tool is often the only information
we have about a breach involving more than 500 patients’ protected
health information. HHS’s reluctance to discuss a case under
investigation is understandable, but not if it takes them years to
investigate and close a file. And with the new
HITECH breach notification rules, there will likely be an increase in
the number of breach notifications to HHS and even more breaches that
they will have to investigate.
Something needs to change. Those of us
who track and analyze breach trends need more transparency and
information, not information that is delayed by more than two years.
I’m not sure who in HHS or Congress
might give a damn, but feel free to pass these concerns along.
Another: “We don't have the time to
do it right, so we'll take the time to do it over.”
Eric Roper reports:
Attorneys for a
former police officer whose driver’s license data was repeatedly
breached said Tuesday that the state has agreed to
conduct better audits and impose more safeguards of the
often-misused drivers license database.
The legal
settlement between Anne Marie Rasmusson and the Department of Public
Safety is one of the last dominos to fall in a lawsuit that has
cost local governments across the state more than $1 million.
Rasmusson’s success in the case has prompted a slew of class action
lawsuits related to other incidents of driver’s license data
misuse.
Good for her for trying to leave the
system in better shape to protect others from what she experienced.
Roper reports:
Among stipulations
of Rasmusson’s settlement, according to Miller-Van Oort: The
state will perform monthly audits of top search targets, rather than
merely most active users, to identify anomalies. [That's not how I
would do it... Bob]
They must also
audit the top 50 most-active users and perform randomized audits,
Miller-Van Oort said. Gordon said the department began monthly
auditing of the top 50 users last year and initiated randomized
audits in January.
A modified login
screen will present new information about permissible uses and
require users to confirm that they have a legitimate search purpose.
The settlement also requires the state to augment data training.
It’s a shame it took a lawsuit to get
them to agree to enhance data protection. What I don’t see listed
in the news report, however, is whether/how the state will actually
limit access to the database and not just audit access after the
fact.
Read more on the Star
Tribune
Look for patterns. Look for patterns
we did not expect. Determine what causes a data element to fit a
particular pattern.. Look for things that should be in those
patterns but are not.
… Armed with billions of tweets,
Google (GOOG)
searches, Facebook (FB)
posts, and other publicly available social-media and online data, the
Office of the Director of National Intelligence is sponsoring
research projects involving 14 universities in the United States,
Europe, and Israel with the goal of using advanced analytics to
predict significant societal events.
“Our focus is to beat the news with
greater accuracy and to do it faster by combining [various sets of]
data, and we are seeing that it is possible,” said Jason Matheny,
program manager of the Open Source Indicators program, which is
housed within the Intelligence Advanced Research Projects Activity,
or IARPA, the government’s intelligence research incubator. (Think
DARPA, but for intelligence.)
… It would also help the
organization know what isn’t foreseeable at all. In other words,
they are tackling Donald Rumsfeld’s infamous “unknown unknowns”
problem. If you know what you can predict, then you can predict it;
if you know what you can’t predict, you can make other plans.
The Fourth Amendment does not apply to
crops... (I see a business opportunity. Rent drone crop sprayers
like they rent harvesters)
Drone
Boosters Say Farmers, Not Cops, Are the Biggest U.S. Robot Market
… UVSI intends to publish a study
in the next few weeks anticipating the scope of the domestic,
non-military market for drones. But there’s already some data to
support Mailey’s hypothesis. “Precision
farmers” love using data tools to increase crop yields. In
2009, an Idaho farmer homebrewed
his own drone, slapped a commercial digital camera on it, and
began extracting data on soil patterns to help his business expand.
Companies like CropCam
build lightweight, modular, GPS-driven gliders to give farmers an
aerial view of their fields without requiring pilot training or the
expense of buying a small manned plane. Of course, this is all
dependent on drone manufacturers pricing their robots inexpensively
enough for farmers who also have to buy a lot of other
expensive equipment to ply their trade.
Japan also provides some indication of
the potential demand for drones by farmers. Yamaha introduced its
RMAX
unmanned helicopter for crop-spraying in 1990.
(Related) ...and if you need to
surveil your indoor plants...
Tiny,
Hackable Quadcopter Drone Launches Pre-Orders
A tiny new open source drone kit made
by Bitcraze is buzzing its way to market this spring, targeted at
hackers and modders who want to explore droning indoors as well as
out.
Marcus Eliasson, Arnaud Taffanel, and
Tobias Antonsson are the engineers behind the Swedish startup now
accepting pre-orders for a palm-sized quadcopter called the Crazyflie
Nano. (Not to be confused with the Norwegian-made
nano-copter used by British troops in Afghanistan.)
The trio used only open source material
for the project, from mechanics to hardware and code. Not only was
it a nod to the open source mantra, it saved them a ton of time; all
three have day jobs and have spent the last three years working
evenings on the Crazyflie Nano.
… The
$149 device is controlled by a PC through a 2.4 GHz radio, and an
on-board gyroscope and accelerometer keep it steady. (A more
advanced, $173 version, with a magnetometer and altimeter will
also be available.)
A typical Slashdot question. (Whenever
you start something new, assume hundreds of people have done it
before you) Note that there are many, many answers.
"I am trying to set up a
surveillance system. It is not intended to
build a real-time on-line surveillance system to watch a wall of
monitors on a 24/7 basis. The main scope is to record video (24/7)
from the fixed cameras around our facility and when needed, get back
to pre-recorded video and check it for particular event(s). Of
course, it is possible to use a human to fast forward through video
using a DVR-type FF function for short video sequences.
Unfortunately, for long sequences (one week), it is not acceptable
solution. I was searching online the whole weekend for the open
source software for analysis of pre-recorded video in order to
retrieve events and data from recorded video but had no luck. So I
ask you, Slashdotters: Can you provide some suggestions for forensic
software to analyze/find specific events in pre-recorded video? Some
examples of events: 'human entering restricted zone,' 'movement in
the restricted zone,' 'light in the restricted zone.'"
Looks more like a “how to”
manual...
February 05, 2013
Description
of Civil Liberties and Privacy Protections in updated NCTC Guidelines
Description
of Civil Liberties and Privacy Protections in the updated NCTC
Guidelines, January 2013, Office of the Director of National
Intelligence.
- "In March, 2012, the Director of National Intelligence (DNI), the Attorney General, and the Director of the National Counterterrorism Center (NCTC) approved the updated Guidelines for Access, Retention, Use, and Dissemination by the National Counterterrorism Center and Other Agencies of Information in Datasets Containing Non-Terrorism Information (referred to here as the "NCTC Guidelines" or "Guidelines") (available at www.nctc.gov). The NCTC Guidelines make important updates and modifications to the 2008 version of the Guidelines. The new Guidelines ensure that NCTC has an effective and efficient means of assessing federal agency datasets that are likely to contain significant terrorism information, permit NCTC to use terrorism information for proper purposes subject to multi-layered privacy and civil liberties protections, and establish comprehensive compliance and oversight mechanisms."
(Related) It's a good thing we have
privacy guidelines (above) since we're sure gonna need them! (No
mention of drones in the guidelines)
February 05, 2013
Integration
of Drones into Domestic Airspace: Selected Legal Issues
Integration
of Drones into Domestic Airspace: Selected Legal Issues. Alissa
M. Dolan, Legislative Attorney - Richard M. Thompson II, Legislative
Attorney, January 30, 2013
- "Under the FAA Modernization and Reform Act of 2012, P.L. 112-95, Congress has tasked the Federal Aviation Administration (FAA) with integrating unmanned aircraft systems (UASs), sometimes referred to as unmanned aerial vehicles (UAVs) or drones, into the national airspace system by September 2015. Although the text of this act places safety as a predominant concern, it fails to establish how the FAA should resolve significant, and up to this point, largely unanswered legal questions... With the ability to house surveillance sensors such as high-powered cameras and thermal-imaging devices, some argue that drone surveillance poses a significant threat to the privacy of American citizens. Because the Fourth Amendment’s prohibition against unreasonable searches and seizures applies only to acts by government officials, surveillance by private actors such as the paparazzi, a commercial enterprise, or one’s neighbor is instead regulated, if at all, by state and federal statutes and judicial decisions. Yet, however strong this interest in privacy may be, there are instances where the public’s First Amendment rights to gather and receive news might outweigh an individual’s interest in being let alone."
Gee, what we need is a lawyer with an
Economics degree to evaluate this...
"Two
economists at the St. Louis Federal Reserve have published a
paper
arguing that the American patent system should be abolished. The
paper recognizes the harm the current patent system has caused not
only to the technology sector but the health sector as well."
Have I missed something or is DHS
looking for even more ways to waste money? Do we really think
missles will be launched from hundreds of miles away rather than from
a ship a few miles away? (Or have they shut down the Potomac?)
"Reuters reports that a pair of
bulbous, helium-filled 'aerostats', each 243 feet long, will be
moored to the ground and fly as high as 10,000 feet, as part of a
high-tech
shield designed to protect the Washington D.C. area from an air
attack like the one that took place on September 11, 2001. One
of the aerostats carries a powerful long-range surveillance radar
with a 360-degree look-around capability that can reach out to 340
miles. The other carries a radar used for
targeting. [...and
connected to what? Bob] Operating for up to 30
days at a time, JLENS
is meant to give the military more time to detect and react to
threats (PDF), including cruise missiles
and manned and unmanned aircraft, compared with
ground-based radar and is also designed to defend against tactical
ballistic missiles, large caliber rockets and moving vehicles that
could be used for attacks, including boats, cars and trucks. 'We're
trying to determine how the surveillance radar information from the
JLENS platforms can be integrated with existing
systems in the National Capital Region,' says Michael Kucharek, a
spokesman for the North American Aerospace Defense Command.
Washington is currently guarded by an air-defense system that
includes Federal Aviation Administration radars and Department of
Homeland Security helicopters and fixed-wing aircraft on alert at
Reagan National Airport to intercept slow, low-flying aircraft."
I'm sure they are trying to tell me
something....
February 05, 2013
Paper
- Open Wireless vs. Licensed Spectrum: Evidence from Market Adoption
"The Berkman Center for Internet &
Society at Harvard University is pleased to announce
the publication of Open
Wireless vs. Licensed Spectrum: Evidence from Market Adoption,
authored by Yochai Benkler, and published in the latest issue of the
Harvard Journal of Law & Technology [download
here]. The paper reviews evidence from eight wireless markets:
mobile broadband; wireless healthcare; smart grid communications;
inventory management; access control; mobile payments; fleet
management; and secondary markets in spectrum. Benkler
finds that markets are adopting unlicensed wireless strategies in
mission-critical applications, in many cases more so than they are
building on licensed strategies. If the 1990s saw what was called
"the Negroponte Switch" of video from air to wire, and
telephony from wire to air, the present and near future are seeing an
even more fundamental switch. Where a decade ago most of our
wireless capacity was delivered over exclusive control
approaches-both command and control and auctioned
exclusivity--complemented by special-purpose shared spectrum use,
today we are moving to a wireless infrastructure whose core relies on
shared, open wireless approaches, complemented by exclusive control
approaches for special, latency-intolerant, high-speed mobile
applications. The scope of the latter will contract further if
regulation catches up to technological reality, and opens up more
bands to open wireless innovation, with greater operational
flexibility and an emphasis on interoperability."
What's the opposite of “too big to
fail?” (Breakup worked really well for Standard Oil)
HP
considering company 'breakup,' says report
PC maker Hewlett-Packard is mulling
over breaking up the company in a bid to return the maximum value to
company shareholders, according to a report.
Citing unnamed sources, blog Quartz
said company directors have "discussed the details of a possible
breakup scenario," among other options.
Have you ever complained about slow
response times?
Nasdaq
said to be settling with SEC over Facebook's IPO flop
… One investigation, initiated by
the U.S. Securities and Exchange Commission, focused on technical
errors in Nasdaq's system that inadvertently delayed
trading that first day.
Now, word has it that Nasdaq may be
able to settle the debacle with the federal regulators, according to
the Wall
Street Journal.
Sources familiar with the matter have
told the Journal that Nasdaq has been in preliminary settlement talks
with the SEC. If the two sides do make a deal, it will most likely
include a financial penalty that could be as much as $5 million.
This surprises me. I wonder why?
No comments:
Post a Comment