Thursday, May 16, 2019


This will take some thinking. What alternatives are available?
Trump Bars U.S. Companies From Foreign Telecoms Posing Security Risk
President Donald Trump declared a national emergency Wednesday barring US companies from using foreign telecoms equipment deemed a security risk -- a move that appeared aimed at Chinese giant Huawei.
The order signed by Trump prohibits purchase or use of equipment from companies that pose "an unacceptable risk to the national security of the United States or the security and safety of United States persons."
A senior White House official insisted that no particular country or company was targeted in the "company- and country-agnostic" declaration.
However, the measure -- announced just as a US-China trade war deepens -- is widely seen as prompted by already deep concerns over an alleged spying threat from Huawei.
US officials have been trying to persuade allies not to allow China a role in building next-generation 5G mobile networks, warning that doing so would result in restrictions on sharing of information with the United States.


(Related)
Huawei Chairman Says Ready to Sign 'No-Spy' Deal With UK
Chinese telecom giant Huawei is willing to sign a "no-spy" agreement with countries including Britain, the firm's chairman said on Tuesday, as the head of NATO said Britain must preserve secure mobile networks.
Liang Hua visited Britain as the government weighs the risks of allowing the Chinese company to help develop its 5G infrastructure.
"We are willing to sign 'no-spy' agreements with governments, including the UK government, to commit ourselves, to commit our equipment to meeting the no-spy, no back-door standards," Liang told reporters.
The British government is in the middle of a furious debate over whether to let Huawei roll out its next-generation mobile service.




In this case, some good comes from an all too common bad. Failure to change the default settings.
What Colorado learned from treating a cyberattack like a disaster
The decision by then-Gov. John Hickenlooper to declare a statewide emergency on March 1, ten days after the initial infection was detected, allowed officials to bring in resources from the National Guard and other states, create a unified command structure and perhaps most crucially, spare the state’s IT workers from having to work any more 20-hour shifts fueled by junk food, said Kevin Klein, Colorado’s director of homeland security and emergency management.
Klein also recounted for the audience of state IT and security officials how the SamSam malware infested CDOT’s network. In mid-February 2018, the department activated a new virtual server for testing, but the server’s security software was still on its default settings, making it an appealing target when it started broadcasting its IP address to the rest of the internet.
It started broadcasting ‘I’m here, I’m here, come attack me,’ which of course happened within 48 hours,” Klein said.


(Related) In stark contrast…
THE TRADE SECRET
Firms That Promised High-Tech Ransomware Solutions Almost Always Just Pay the Hackers




A good article for my first Computer Security lecture?
A new survey from Google and Harris Poll, released a year after Google introduced “.app” as a more secure alternative to “.com,” shows that while 55% of Americans over the age of 16 give themselves an A or B in online safety and security, 70% of them wrongly identified what a safe website looks like.


(Related) For my lecture on Backup
Your internet data is rotting
Many MySpace users were dismayed to discover earlier this year that the social media platform lost 50 million files uploaded between 2003 and 2015.
The failure of MySpace to care for and preserve its users’ content should serve as a reminder that relying on free third-party services can be risky.
MySpace has probably preserved the users’ data; it just lost their content. The data was valuable to MySpace; the users’ content less so.


(Related) A good day for Security articles.
The Best Free Online Proxy Servers You Can Use Safely




Should some crimes be “investigation proof?”
Peter Aldhous reports:
For the first time on record, the new forensic science of genetic genealogy has been used to identify a suspect in a case of violent assault. Cops in Utah had to obtain special permission to upload crime scene DNA to a website called GEDmatch, which had previously only allowed police to investigate homicides or rapes.
Critics worry that the case, which led to the arrest of a 17-year-old high school student who has not yet been named, marks the start of a “slippery slope” to law enforcement using such methods to investigate increasingly less serious offenses, eroding people’s genetic privacy.
Read more on BuzzFeed.
This is going to continue to be a significant privacy concern until sites create privacy policies that they then STICK TO. If you post a privacy policy about how your data may be used or disclosed and people opt-in based on your words in your policy, and you then do not stick to that, well….. how is this not a matter for the FTC to take up as a violation of Section 5?




This was the area that most concerned me. I had to rethink a lot of my Security planning.
All You Should Know about GDPR Acquiescent Software Development
In this article, we will take a closer look at some basic terms related to GDPR and explain several essential secured software development practices which all the software developers should learn and respect to create software that is more GDPR-compliant and future-safe.




Think Russia could afford $14?
In India election, a $14 software tool helps overcome WhatsApp controls
WhatsApp clones and software tools that cost as little as $14 are helping Indian digital marketers and political activists bypass anti-spam restrictions set up by the world’s most popular messaging app, Reuters has found.
After false messages on WhatsApp last year sparked mob lynchings in India, the company restricted forwarding of a message to only five users. The software tools appear to overcome those restrictions, allowing users to reach thousands of people at once.




Useful approach.
Five questions you can use to cut through AI hype


(Related) Similar concepts.
Our Six Principles For Ethically Developing Machine Learning




We don’t need AI to crack “uncrackable” codes.
Bristol academic cracks Voynich code, solving century-old mystery of medieval text
Phys.org: “A University of Bristol academic has succeeded where countless cryptographers, linguistics scholars and computer programs have failed—by cracking the code of the ‘world’s most mysterious text’, the Voynich manuscript. Although the purpose and meaning of the manuscript had eluded scholars for over a century, it took Research Associate Dr. Gerard Cheshire two weeks, using a combination of lateral thinking and ingenuity, to identify the language and writing system of the famously inscrutable document. In his peer-reviewed paper, The Language and Writing System of MS408 (Voynich) Explained, published in the journal Romance Studies, Cheshire describes how he successfully deciphered the manuscript’s codex and, at the same time, revealed the only known example of proto-Romance language. “I experienced a series of ‘eureka’ moments whilst deciphering the code, followed by a sense of disbelief and excitement when I realised the magnitude of the achievement, both in terms of its linguistic importance and the revelations about the origin and content of the manuscript…”




Perspective. Architecting the military.
Army CIO Envisions Internet of Strategic Things
Lt. Gen. Bruce Crawford, USA, chief information officer/G-6, U.S. Army, suggests the possibility of an Internet of Strategic Things in addition to the Internet of Tactical Things.
We’ve had some really good discussions about the Internet of Things. That was a thing a couple of years ago. And then we started talking about the Internet of Tactical Things. I think what’s on the horizon is more of a discussion of the Internet of Strategic Things,” Gen. Crawford told the audience on the second day of the AFCEA TechNet Cyber 2019 conference in Baltimore.




The near future?
Electric air taxi startup Lilium completes first test of its new five-seater aircraft
Think midtown Manhattan to JFK International Airport in under 10 minutes for $70. (Currently, a company called Blade, which bills itself as “Uber for helicopters,” offers the same trip for $195.)
Lilium isn’t the only company with designs for flying taxis. There are more than 100 different electric aircraft programs in development worldwide, with big names including Joby Aviation and Kitty Hawk, whose models are electric rotor rather than jet powered as well as planned offerings from Airbus, Boeing, and Bell, which is partnered with Uber.



No comments: