This
will take some thinking. What alternatives are available?
Trump
Bars U.S. Companies From Foreign Telecoms Posing Security Risk
President
Donald Trump declared a
national emergency Wednesday barring US companies from
using foreign telecoms equipment deemed a security risk -- a move
that appeared aimed at Chinese giant Huawei.
The
order signed by Trump prohibits purchase or use of equipment from
companies that pose "an unacceptable risk to the national
security of the United States or the security and safety of United
States persons."
… A
senior White House official insisted that no particular country or
company was targeted in the "company- and country-agnostic"
declaration.
However,
the measure -- announced just as a US-China trade war deepens -- is
widely seen as prompted by already deep concerns over an alleged
spying threat from Huawei.
US
officials have been trying to persuade allies not to allow China a
role in building next-generation 5G mobile networks, warning that
doing so would result in restrictions on sharing of information with
the United States.
(Related)
Huawei
Chairman Says Ready to Sign 'No-Spy' Deal With UK
Chinese
telecom giant Huawei is willing to sign a "no-spy"
agreement with countries including Britain, the firm's chairman said
on Tuesday, as the head of NATO said Britain must preserve secure
mobile networks.
Liang
Hua visited Britain as the government weighs the risks of allowing
the Chinese company to help develop its 5G infrastructure.
"We
are willing to sign 'no-spy' agreements with governments, including
the UK government, to commit ourselves, to commit our equipment to
meeting the no-spy, no back-door standards," Liang told
reporters.
The
British government is in the middle of a furious debate over whether
to let Huawei roll out its next-generation mobile service.
In
this case, some good comes from an all too common bad. Failure to
change the default settings.
What
Colorado learned from treating a cyberattack like a disaster
… The
decision by then-Gov. John Hickenlooper to declare a statewide
emergency on March 1, ten days after the initial infection was
detected, allowed officials to bring in resources from the National
Guard and other states, create a unified command structure and
perhaps most crucially, spare the state’s IT workers from having to
work any more 20-hour shifts fueled by junk food, said Kevin Klein,
Colorado’s director of homeland security and emergency management.
… Klein
also recounted for the audience of state IT and security officials
how the SamSam malware infested CDOT’s network. In mid-February
2018, the department activated a new virtual server for testing, but
the server’s security
software was still on its default settings, making it an
appealing target when it started broadcasting its IP address to the
rest of the internet.
“It
started broadcasting ‘I’m here, I’m here, come attack me,’
which of course happened within 48 hours,” Klein said.
(Related)
In stark contrast…
THE
TRADE SECRET
Firms
That Promised High-Tech Ransomware Solutions Almost Always Just Pay
the Hackers
A
good article for my first Computer Security lecture?
A
new
survey from
Google and Harris Poll, released a year after Google introduced
“.app” as a more secure alternative to “.com,” shows that
while 55% of Americans over the age of 16 give themselves an A or B
in online safety and security, 70% of them wrongly identified what a
safe website looks like.
(Related)
For my lecture on Backup
Your
internet data is rotting
The failure of
MySpace to care for and preserve its users’ content should serve as
a reminder that relying on free third-party services can be risky.
MySpace has
probably preserved the users’ data; it just lost their content.
The data was valuable to MySpace; the users’ content less so.
(Related) A
good day for Security articles.
The
Best Free Online Proxy Servers You Can Use Safely
Should some
crimes be “investigation proof?”
Peter
Aldhous reports:
For
the first time on record, the new forensic science of genetic
genealogy has been used to identify a suspect in a case of violent
assault. Cops in Utah had to obtain special permission to upload
crime scene DNA to a website called GEDmatch,
which had previously
only allowed police to investigate homicides or rapes.
Critics worry that the case, which led to
the arrest of a 17-year-old high school student who has not yet been
named, marks the start of a “slippery slope” to law enforcement
using such methods to investigate increasingly less serious offenses,
eroding people’s genetic privacy.
This
is going to continue to be a significant privacy concern until sites
create privacy policies that they then STICK TO. If you post a
privacy policy about how your data may be used or disclosed and
people opt-in based on your words in your policy, and you then do not
stick to that, well….. how is this not a matter for the FTC to take
up as a violation of Section 5?
This was the
area that most concerned me. I had to rethink a lot of my Security
planning.
All
You Should Know about GDPR Acquiescent Software Development
… In this
article, we will take a closer look at some basic terms related to
GDPR and explain several essential secured software development
practices which all the software developers should learn and respect
to create software that is
more GDPR-compliant and future-safe.
Think Russia
could afford $14?
In
India election, a $14 software tool helps overcome WhatsApp controls
WhatsApp
clones and software tools that cost as little as $14 are helping
Indian digital marketers and political activists bypass anti-spam
restrictions set up by the world’s most popular messaging app,
Reuters has found.
… After
false messages on WhatsApp last year sparked mob lynchings in India,
the company restricted forwarding of a message to only five users.
The software tools appear to overcome those restrictions, allowing
users to reach thousands of people at once.
Useful
approach.
Five
questions you can use to cut through AI hype
(Related)
Similar concepts.
Our
Six Principles For Ethically Developing Machine Learning
We
don’t need AI to crack “uncrackable” codes.
Bristol
academic cracks Voynich code, solving century-old mystery of medieval
text
Phys.org:
“A University of Bristol academic has succeeded where countless
cryptographers, linguistics scholars and computer programs have
failed—by cracking the code of the ‘world’s most mysterious
text’, the Voynich manuscript. Although the
purpose and meaning of the manuscript had eluded scholars for over a
century, it took Research Associate Dr. Gerard Cheshire two weeks,
using a combination of lateral thinking and ingenuity, to identify
the language and writing system of the famously inscrutable document.
In his peer-reviewed paper, The
Language and Writing System of MS408 (Voynich) Explained,
published in the journal Romance
Studies,
Cheshire describes how he successfully deciphered the manuscript’s
codex and, at the same time, revealed the only known example of
proto-Romance language. “I experienced a series of ‘eureka’
moments whilst deciphering the code, followed by a sense of disbelief
and excitement when I realised the magnitude of the achievement, both
in terms of its linguistic importance and the revelations about the
origin and content of the manuscript…”
Perspective.
Architecting the military.
Army CIO
Envisions Internet of Strategic Things
Lt.
Gen. Bruce Crawford, USA, chief information officer/G-6, U.S. Army,
suggests the possibility of an Internet of Strategic Things in
addition to the Internet of Tactical Things.
“We’ve
had some really good discussions about the Internet
of Things.
That was a thing a couple of years ago. And then we started talking
about the Internet of Tactical Things. I think what’s on the
horizon is more of a discussion of the Internet of Strategic Things,”
Gen. Crawford told the audience on the second day of the AFCEA
TechNet
Cyber 2019 conference
in Baltimore.
The
near future?
Electric
air taxi startup Lilium completes first test of its new five-seater
aircraft
…
Think
midtown Manhattan to JFK International Airport in under 10 minutes
for $70. (Currently, a company called Blade, which bills itself as
“Uber for helicopters,” offers the same
trip for $195.)
Lilium
isn’t the only company with designs for flying taxis. There
are more than 100 different electric aircraft programs in development
worldwide,
with big names including Joby
Aviation and
Kitty
Hawk,
whose models are electric rotor rather than jet powered as well as
planned offerings from Airbus,
Boeing,
and Bell,
which is partnered with Uber.