Tag: cyber security

Member Post

 

The latest so-called cyber hit landed on one of the U.S.’s biggest meat suppliers, JBL, today.   “The world’s largest meat processing company has resumed most production after a weekend cyberattack, but experts say the vulnerabilities exposed by this attack and others are far from resolved. Preview Open

Join Ricochet!

This is a members-only post on Ricochet's Member Feed. Want to read it? Join Ricochet’s community of conservatives and be part of the conversation. Get your first month free.

Member Post

 

Did you have any electronic issues over the past weekend?  We did. Late Saturday afternoon, we went to pick up a take out dinner and I ran into CVS to return two items. The only cashier was an Asian girl, very sweet, and spoke perfect English.  I mention that she was Asian, not because I […]

Join Ricochet!

This is a members-only post on Ricochet's Member Feed. Want to read it? Join Ricochet’s community of conservatives and be part of the conversation. Get your first month free.

Don’t Regulate Artificial Intelligence: Starve It

 

As long as we are sitting around bored, in lockdown, how about a little controversy? This is currently running in Scientific American. The essay is an adaptation from my book The Autonomous Revolution. Here’s the opening, and a link if you want to read further.

Artificial intelligence is still in its infancy. But it may well prove to be the most powerful technology ever invented. It has the potential to improve health, supercharge intellects, multiply productivity, save the environment and enhance both freedom and democracy.

You have seen many a spy movie or TV show, but the days of fake names and fancy disguises may be behind us because of our digital footprints. Jenna McLaughlin, National security and investigations reporter for Yahoo News, joins Carol Roth to talk about the future of spying and the tremendous piece she recently co-authored for Yahoo News, ‘Shattered’: Inside the secret battle to save America’s undercover spies in the digital age.

Jenna, who is an award-winning investigative journalist focused on national security, technology, and foreign affairs, helps to break down everything from the types of tech that have compromised the use of human intelligence in spying to what it means for CIA recruitment and even implications for your own privacy.

Member Post

 

While I think “cyber” obscures the real locus of threat and defense — networks — and while I smell pork dripping off every jargon laden government “security” program, I appreciate President Trump trying to do something substantial about the alleged problems. I invite real expert commentary on the following. —National Cyber Strategy — from the […]

Join Ricochet!

This is a members-only post on Ricochet's Member Feed. Want to read it? Join Ricochet’s community of conservatives and be part of the conversation. Get your first month free.

How to Crack Excel Files

 

This all starts with Mike Mahoney. Mahoney was the Excel guy, two Excel guys ago. To his credit, he wrote pretty good stuff. His macros don’t break often. Everything would have been cool except he was writing these things when Excel 2003 was the hot new thing. Mahoney was also excellent about locking things down from accidental damage. Trouble is, nobody remembers his passwords. Breaking through his protections makes an excellent case study on how to secure and how to bypass the security on an excel workbook.

Not even swordfish works.

It’s a threat the likes of which America has never faced: the theft of intellectual property, lifestyle disruptions, and attacks tailored to degrade or destroy the nation’s military capabilities. Amy Zegart, the Hoover Institution’s Davies Family Senior Fellow and codirector and senior fellow at Stanford University’s Center for International Security and Cooperation, outlines a strategy for how the United States can gain the upper hand in the global cyber war.

The Good News About the NSA Theft

 

985px-National_Security_Agency_headquarters,_Fort_Meade,_MarylandAnd it’s a good thing, too. Not because of the exposure of massive hackability (with simple tools provided by the NSA’s coders) of enterprise and private networks; many businesses will likely be hacked in the next few months while vendors like Cisco frantically patch their code, and that’s bad for everyone. Nor is the theft good because of the way vendors will be patching their gear, since more exploits become possible every day and fixing these problems is an un-winnable war now that so much is public knowledge.

The good news is that the NSA must now confront the fact that they aren’t as superior as they think they are. They kept their toys locked up because — in their hearts of cold hearts — they believed that nobody could ever work out the things they worked out, or ever steal it. Maybe, just maybe, the exposure will break their hubris and the world will become a more secure place with those exploits behind patches, where they belong.

Microsoft Accidentally Released a Backdoor to the World

 

shutterstock_380478805Remember the iPhone mess, when half the country was yelling for the government to have access to encrypted machines, and the other half was yelling back about the foolishness of that idea? Well, Microsoft just found its private access codes leaked, seriously compromising the security of its tablet and mobile devices (PCs are unaffected).

First, a little background. Newer Windows computers, with the UEFI system installed (the modern replacement to good old BIOS), have a feature called “Secure Boot” to make sure only the Right Software gets to be the operating system on the computer. This has genuinely positive security implications (making sure that on your laptop, only your OS and not some malware lookalike is in charge). However, as in all things computers, the only way to ensure validity of images is through cryptographic means: encryption and its twin, signing files. However, Microsoft wanted the ability to circumvent these restrictions; presumably the security got in the way of development, where files change every minute instead of every upgrade. This was where they got into trouble.

Microsoft created a special shim that disabled all of Secure Boot’s confirmation, probably for internal convenience. And that shim ended up getting copied to devices that ended up in the hands of security researchers. Now it’s out in the world, and Microsoft can’t do anything to stop it, try as hard as they are.

Cyber-security or Counterterrorism: The Dilemma Jeb Doesn’t Grasp

 

In last night’s debate, Neil Cavuto asked Jeb Bush about intelligence against ISIS:

CAVUTO: The FBI says Islamic radicals are using social media to communicate and that it needs better access to communication. Now the CEO of Apple, Governor, Tim Cook said unless served with a warrant private communication is private, period. Do you agree, or would you try to convince him otherwise?

The NSA: Not as Smart as They Think They Are …

 

JuniperLast week, I posted a link to an article about the breach at Juniper Networks — and said it was bad news.

Today, Wired released an article that describes in great detail how the breach affected Juniper’s network gear. For the layfolks in the room, let me summarize the nature of the breach.  Then I’ll point out how this breach was caused, probably intentionally, by the NSA, and how the NSA has, in this case, made us all more vulnerable.

To understand the breach, you need to first have a rudimentary understanding of how a virtual private network, or VPN, works. Anyone who works for a company and connects remotely to their company’s network will have heard the term. A VPN is a private network that uses a public network (usually the Internet) to connect remote sites or users. A VPN creates a “tunnel” through the Internet between two points — usually a laptop and a company firewall. Or the two points may be two firewalls, one at the corporate headquarters, the other at a remote branch. The data that flows through this tunnel is encrypted by the VPN software at one end, then decrypted at the other. Theoretically, while the data is in transit, it’s safe from prying eyes. While the process for encrypting data is generally complex, the idea is quite simple. The software simply runs the data through a set of instructions (known as an algorithm) that scramble it all up like an egg. It does this based upon an encryption key. So long as the other end has the same key, and the same algorithm for encryption, it can basically reverse the steps and unscramble the data.

Cyber Security at the Speed of Bureaucracy

 

mediumThe Office of Personnel Management’s (OPM) security clearance files were hacked 20 months ago. It is just now notifying the people whose personal identification information was stolen.

Two friends of mine, one a naval officer and the other a defense contractor, received letters from OPM today telling them that their Social Security Numbers had been stolen. All of the information submitted in their SF-86s (the official form for a security clearance application) may have been compromised as well, but OPM does not know for sure what else was taken.

That information would include the applicant’s name, address, date of birth, educational and employment history, foreign travel history, and fingerprints. It would include personal information about his or her immediate family and colleagues, personal references, and “other information used to adjudicate your background information.”

Weekend Geek: Keep Your Internet Away From My Things

 

IoT

The Internet of Things (IoT), basically, is the connection of electronic devices not normally used for computation to the Internet. The definition of IoT also includes devices that aren’t necessarily connected directly to the Internet, but communicate with each other via a wireless network that’s in turn usually accessible from the Internet.

Take modern home security systems such as those offered by Xfinity. This kind of system allows you, for example, to go on the Internet while you’re at work and access systems in your house remotely — to lock or unlock doors, turn lights on or off, or view the feed from security cameras. Other IoT devices in your house might let you change the thermostat setting or check food inventories in the refrigerator. IoT also allows devices to act on their own or interact with each other: For example, your refrigerator could be programmed to detect when you’re running out of milk, eggs, or Guinness Stout, and automatically place orders over the Internet to restock itself. Self-driving cars will probably make heavy use of IoT technology. Infrastructure can be modified to provide information about traffic jams, dangerous road conditions, or bridges in danger of imminent collapse, and then automatically apply the brakes or reroute self-driving traffic.