Can You Trust Social Media?

Can You Trust Social Media?

Interesting article in BBC about a project underway to develop a system that will rate information on the Internet as trustworthy or not.

Considering how quickly we get information from the Net and how easy it is to start crazy rumors, manipulate financial investors, or even cause a near panic, it would be good to know whether the source is legitimate and the information has been validated.

Are we simply getting someone mouthing off on their opinions or what they think may happen or perhaps they are unknowingly spreading false information (misinformation) or even purposely doing it (disinformation)?

Depending how the Internet is being used–someone may be trying to get the real word out to you (e.g. from dissidents in repressive regimes) or they may be manipulating you (e.g. hackers, criminals, or even terrorists).

To have a reliable system that tells us if information being promulgated is good or not could add some credibility and security online.

What if that system though itself is hacked? Then lies can perhaps be “verified” as truth and truth can be discredited as falsehood.

The Internet is dangerous terrain, and as in the life in general, it is best to take a cautious approach to verify source and message.

The next cyber or kinetic attack may start not with someone bringing down the Internet, but rather with using it to sow confusion and disarm the masses with chaos. 😉

(Source Photo: Andy Blumenthal)

Remodulate The Shields For Cyber Security

I really like the concept for Cyber Security by Shape Security.

They have an appliance called a ShapeShifter that uses polymorphism to constantly change a website’s code in order to prevent scripted botnet attacks–even as the web pages themselves maintain their look and feel.

In essence they make the site a moving target, rather than a sitting duck.

This is like Star Trek’s modulating shield frequencies that would prevent enemies from obtaining the frequency of the shield emitters so they could then modify their weapons to bypass the shield and get in a deadly attack.

In real life, as hackers readily change their malware, attack vectors, and social engineering tactics, we need to be agile and adapt faster than the enemy to thwart them.

Changing defense tactics has also been used by agencies like Homeland Security to alter screening methods and throw potential terrorists off from a routine that could be more easily overcome.

I think the future of IT Security really lies in the shapeshifter strategy, where the enemy can’t easily penetrate our defenses, because we’re moving so fast that they can’t even find our vulnerabilities and design an effective attack before we change it and up our game again.

And hence, the evil Borg will be vanquished… 😉

Care To Be Curious?

Care To Be Curious?

Here’s three topics for the curious of mind today:

Are we technologically safer? As we attempt to beef up IT security, we continue to be technologically insecure. Just this last week, BBC reported how a fridge was part of 100,000 devices used to send out 750,000 pieces of spam. Yes, a fridge, and there was also a television involved–sounds like the beginning of a bad joke, right? But this is our reality these days…Proofpoint, a cloud computing and security company said “Many of these devices are poorly protected at best, and consumers have virtually no way to detect or fix infections when they do occur.”

Is our economy healing or hurting? As unemployment fell from 7% to 6.7% last week–an impressive reduction–the overall labor force participation rate didn’t rise, but rather sank to 62.8%–its lowest level in 35 years! And while, the Wall Street Journal explains that U.S. employment is simply not keeping up with population growth, the S&P 500 hit a new record high just last Wednesday. Meanwhile, the Fed continues to pour money into the economy, although at a slowing rate (expected to go down next week to only $65B a month), speculation is building whether we have another real bubble brewing, and this one of our own making, perhaps.

Is this the lead up to peace or war with Iran? As we continue to seek a long-term deal with Iran on their dangerous nuclear weapons foray, we read from Bret Stephens that Iranian President Rouhani said during his presidential campaign, “Saying ‘Death to America” is easy…We need to express ‘Death to America’ with action.” If we are getting a good deal that can truly lead to WMD disarmament of Iran, why did Rouhani tweet, “In #Geneva agreement world powers surrendered to Iranian nation’s will.” Curious, whether this is for political consumption in Iran or whether he sees the deal as just a stalling tactic leading to a breakout capability in nuclear weapons as well as a way to get some goodies in terms of sanctions relief for his country in the meantime.

What does little kitty cat say about these? 😉

(Source Photo: Andy Blumenthal)

When GPS Takes You Down The Wrong Path

When GPS Takes You Down The Wrong Path

Mashable is reporting that a team of university students from University of Texas at Austin were able to spoof the GPS receivers on an $80 million yacht with false signals and make it veer off course without anyone even noticing!

I remember a couple of years ago, I was heading to an offsite meeting for work.

It was planned for a location that I wasn’t extremely familiar with.

Of course, I turned on my GPS device in the car and set the destination.

It was a cold snowy day–the roads were iced–and it was already treacherous driving.

But I followed the GPS directions to a T.

I ended up in someone’s backyard–at a dead end–practically in the middle of a cornfield.

I’m thinking to myself Crap!–what type of crazy GPS is this?

Thank G-d, I had my smartphone in my pocket and I opened up the GPS app on it and set the destination again.

Sure enough, it takes me off and running to the meeting location–about 10 minutes away!

Some things I learnt:

1) OMG, we are so very dependent on our technology; with technology gone wrong, I was stuck in nowhere land USA; with it right–I got out of there and to the correct location and thank G-d.

2) GPS is a capability that is critical for everything from getting us to where we need to go to getting our missiles to hit on target. Take away or mess with our GPS and we end up missing the mark–potentially big time and with devastating consequences.

3) Always have a backup, plan B. One GPS can be wrong as in this case, while the other GPS was correct. Redundancy and contingency planning is a must have, period.

4) When you’re heading down the wrong road (or you’re off course in international waters), man up and admit it and make a course correction. You don’t win any brownie points for continuing to drive into the cornfields. 😉

(Source Photo: Andy Blumenthal)

Like Buying A Nuke On The Black Market

Like Buying A Nuke On The Black Market

Buying a serious computer vulnerability is now like acquiring a nuke on the black market.

Nations and terrorists will pay to find the fatal flaw in computer programs that will enable them to perpetrate everything from subversive cyber spying to potentially massively destructive cyber attacks.

As the world is focused on nuclear non-proliferation, computer weapons are the new nukes–able to do everything from a targeted strike on an organization or agency to taking out vast swaths of our nation’s critical infrastructure.

According to the New York Times (13 July 2013), there is a great interest in buying “zero-day exploits”–one where governments or hackers can strike using a computer vulnerability before anyone even knows about it and can correct it.

The average zero-day exploit persists for “312 days–before it is detected”–giving amble time for attackers to cash-in!

Brokers are now working to market the computer flaws for a 15% cut, with some even “collecting royalty fees for every month their flaw is not discovered.”

The average flaw “now sells for around $35,000 to $160,000” and some companies that are selling these are even charging an annual $100,000 subscription fee to shop their catalog of computer vulnerabilities in addition to the cost for each one that varies with it’s sophistication and the pervasiveness of the operating system behind the exploit.

While governments and terrorists are on the prowl to buy the exploits for offensive purposes, technology companies are competing to purchase them and are offering “bug bounties” in order to identify the flaws and fix them before they are exploited.

We’ve come a long way from people and organizations buying software with their regular upgrades and patches to nations and hackers buying the knowledge of the flaws–not to patch–but to spy or harm their adversaries.

You can buy the bomb shelter or software patch, but someone else is buying the next more lethal bomb or vulnerability–the question is who will pay more to get the next exploit and when and how will they use it.

(Graphic by Andy Blumenthal adapted from here with attribution for the mushroom cloud photo to Andy Z.)

Emergency Alert Or R U Kidding?

Emergency Alert Or R U Kidding?

BBC News Technology (9 July 2013) reports on how the U.S. Emergency Alert System (EAS) was hacked.

The EAS is a program of the Federal Emergency Management Agency (FEMA) and was set up “to allow the president to talk to the entire country within 10 minutes of a disaster.” It also provides the public with alerts on local weather emergencies, such as tornados and flash floods.

EAS replaced the Emergency Broadcast System (EBS) in 1997 and with it came security weaknesses.

Earlier this year, those vulnerabilities were tested and exploited when the Montana Television Network was hacked with an alert of a zombie attack.

And it provided advice on how to survive–“Do not approach or apprehend these bodies as they are considered extremely dangerous.”

This is reminiscent of the hoax in 1938 when over the radio came a warning that a meteorite had smashed into New Jersey and aliens were attacking New York–an adaptation of H.G. Wells “War of the Worlds.”

Well yesterday it was aliens, today it’s zombies, and tomorrow it could be an phony announcement of an invasion by country XYZ or perhaps a imminent detonation of a thermonuclear warhead somewhere over the continental U.S.

Imagine the panic, confusion, and potential loss of life and property from the ensuing chaos.

It goes without saying that this is not a way to inspire confidence by the citizens in case of a true national emergency.

If we cannot count on the systems meant to survive an emergency then how can we be expected to survive the emergency itself?

The EAS may interrupt your regularly scheduled programming with those loud and annoying tests, but what can really ruin you day is a cyber attack on the system that broadcasts something much nastier and more ominous–and you don’t really know whether it’s the real thing or just another hack. 😉

(Source Photo: here with attribution to UWW ResNet)

Turnkey Cyberwar

Turnkey Cyberwar

Interesting article by Noah Shachtman in Wired about how the Pentagon is gearing up for cyberwar.

It’s called Plan X and it’s being pursued by the Defense Advanced Research Projects Agency (DARPA).

The idea is for cyber warfare to be conducted like traditional kinetic warfare–where “munitions made of 1s and 0s [are] to be as a simple to launch as ones made of metal and explosives.”

Cyberspace is considered a domain of warfare similar to land, sea, air, and space, and it is necessary to be able to craft offensive capabilities where “a military operator can design and deploy a cyber effect, know what it’s going to accomplish…and take the appropriate level of action.”

We can’t fly by the seat of our pants in cyberspace any longer; we’ve got to have turnkey solutions ready to launch in order to defend our people and interests.

To accomplish this, we need:

1) Surveillance: A good map of cyberspace detailing enemy cyber outposts and threats akin to the geographical maps we have identifying physical targets and dangerous movements.

2) Weapons: Reliable cyber weapons ready to take on and take out enemy networks similar to kinetic weapons ready to destroy their military hardware and infrastructure.

3) Launch protocols: The rules of engagement for attack and counterattack and the ability to intuitively and securely unleash those even faster then the turnkey capabilities with which we can respond with traditional military might.

Whether, the cyber weapon looks like Angry Birds or some other point (at the target) and swipe (to launch at them) interface is almost beside the point–what is key is that we are ready to fight like hell in cyberspace, win uncontested, and keep the peace again. 😉

(Source Photo: here with attribution to Great Beyond)

Innovation Infertility

The 7 Skinny Cows

Many of you may have probably the seen the movie, “Children of Men,”–it is themed around a time in the future when women are infertile (because of pathology, pollution, drugs, or whatever) and the world is in chaos–for what is life without children to carry on?

Fortunately, in the movie, after 18 years, one woman does get pregnant and bears a child and there is hope in the scientific community for a resurgence of humankind.

Unfortunately, we are now in a similar period of technology, where big innovation of yesterday has come grinding to a miserable saunter.

When the biggest news leaking out of superstar innovator, Apple is the potential for an iWatch–uh, not exactly earth shattering, we know we are in innovator’s hell!

And vendors from Apple to Samsung and Sony trying to come out with some sort of voice activated television–again, who doesn’t hate the TV clicker, but really this is not going to revolutionize our entertainment center days.

With hundreds of thousands of apps available for everything from social networking, eCommerce, gaming, and more, it seems like there are more copycat apps then anything else coming out these days–where’s the real wow factor?

Microsoft can’t find it’s way in a mobile world, the mighty Intel has been supplanted by ARM with mobile chips, Marissa Mayer is trying to figure out how to remake the jump for joy, Yahoo, relevant again, as are the Vanderhook brothers and Justin Timberlake trying to do for MySpace.

With the overemphasis on the form factor making bigger and smaller sizes and shapes for computing devices, we seesaw between iPod Classics and Nanos and between iPads and Minis. But where are the great functional enhancements? Yeah, ask Siri.

Similarly in computing architecture, we have latched unto cloud computing as the next great savior of IT-mankind, ignoring the repackaging again of the mainframe into a cool new computing model again, and relegating the prior go-to architecture of distributed computing as the evil twin. Sure, we can save some bucks until the pendulum swings back toward more decentralization and agility again.

In social computing, with Facebook what can you say–it’s got a billion users, but virtually not a single one would pay a dime to use it. If not for marketers scooping up our personal information online and advertisers annoying us with their flashing and protruding pop-ups, we continue to trade privacy for connectedness, until we lose too much of ourselves to identity thieves and snooping sources, and we fall back clamoring for more protection.

In security, we are getting clobbered by cyber intrusions, cyber espionage, and cyber attacks–everyday! We can’t seem to figure out the rules of cyberspace or how to protect ourselves in it. We can’t even find enough qualified people to fight the cyber fight.

I was surprised that even magazine, Fast Company, which prides itself on finding the next great innovation out there, states this month (April 2013), “Growing uncertainty in tech is creating chaos for startups, consumers, and investors…nobody has a non-obvious new social business model that can scale.”

As in the movie, Children of Men, we are suffering from an infertility of innovation–whether from burnout, a focus on short-term profit instead of long-term R&D investments, declining scores in STEM, or a lack of leadership–we are waiting for the next pregnancy so we can have hope again, but are disappointed that so many are false positives or overhyped prophets.

One of the things, I am most excited about is Google Glass and their concept of augmented reality, but the glasses are geeky and will need to be package in a lot more eloquent solution to really be practical in our futures.

The next great thing will come–life is a great cycle–but as in the Bible with 7 fat cows and 7 skinny cows, leading to the great famine in Egypt, we are now seeing lots of skinny cows walking around and it is darn scary. 😉

(Source Photo: Andy Blumenthal)

Cyberweapons Power Up

In you haven’t heard of Project Aurora, this is a wonderful segment from 60 Minutes on this cyberwar project.

Faced with some of the worst case scenarios for cybergeddon, Idaho National Labs set out in 2007 to test what would happen to a 27-ton power generator if the researchers hacked into it from a mere laptop.

The turbine was sent instructions that would essentially tear itself apart–and in the video you can see what happened–it shudders, shakes, smokes, and ultimately destroys itself.

The test was a grand success demonstrating our capabilities to conduct cyberwar operations against an adversary.

Interestingly, Reuters reported the Symantec researchers “uncovered a version of Stuxnet from the end of 2007 that was used to destroy two years later about 1,000 Iranian centrifuges used in their Natanz nuclear uranium enrichment facility for alleged development of weapons of mass destruction.

The flip side of this cyberwar test is the realization of the potential blowback risk of cyberweapons–where adversaries can use similar technology over the Internet against our critical infrastructure–such as SCADA industrial control systems for the power grid, water treatment, manufacturing, and more–and cause potentially catastrophic events.

As stated toward the end of the video, this is a type of “pre 9/11 moment” where we identify a serious threat and our vulnerability and we need to act to prevent it–the question is will we?

Analyzing The Law

Analyzing The Law

So I am back in school AGAIN (I’m a life-long learner), augmenting my not so slow-paced job.

Let’s just say that at this point, I recognize that the more I know, the more I don’t know anything.

The class that I am taking now is Cyberlaw, and while I did take law in business school–many moons ago–that was more focused on contracts and business organizations.

This class looks interesting from the perspective of the legal and regulatory structure to deal with and fight cybercrime, -terrorism, and -war.

One interesting thing that I already learned was a technique for evaluating legal cases called IRAC, which stands for:

– Issues–the underlying legal matters that the case is addressing.

– Rules–what legal precedents can be applied.

– Analysis–whether those rules apply or not, in this case.

– Conclusion–rendering an opinion on the case.

This is a structured way to analyze any legal case.

Of course, before you do these, you have to look at the facts–so that is the very first section.

The problem with that is then you have F-IRAC and that can definitely be taken the wrong way. 😉

(Source Photo: Andy Blumenthal)