To hear my podcast, please go here:
http://misam.podbean.com/2011/11/
Thank you,
Michael Isam
Tuesday, November 22, 2011
Thursday, November 17, 2011
Online Privacy
Online Privacy
“A 20-year-old woman stalked through the Internet and killed. Thousands of e-commerce customers watching as their credit card numbers are sold online for $1 apiece. Internet chat rooms where identities are bought, sold and traded like options on the Chicago Board of Trade. These are the horror stories dredged up by privacy advocates who say the Net’s threat to personal privacy can’t be dismissed as mere paranoia. And, they say, we’ve only seen the tip of the iceberg.” So says Bob Sullivan writing for MSNBC1
The internet began so sweetly, so innocently. Sending an “e-mail” to a friend or colleague half a world away. Trading recipes in amongst the corporate communications, or buried in the DNA sequencing paperwork. So tame.
Even when the internet first began, without pictures, all was text and still the world was sublime and childlike. Then came HTM, in caps as it was born shouting, not only in text, but also in pictures.
Then the marketing types discovered it and they wanted to know how many times the site was “hit”. “If we can show the prospective advertiser we have more people walking into his virtual store that come into his brick and mortar, we will be on the gravy train ride” was the thought in Marketerville.
At first everyone was so enamored of this new baby, even with the load voice, that they blindly followed wherever the data stream led.
Then came the boy who told us “The Emperor has no clothes.” Only instead of the Emperor being naked, it was us, the users, being striped of our clothing, one piece at a time. That boy was the Electronic Frontier Foundation (EFF).
Showing us how our once perceived privacy was now in the hands of marketing people all over the world and that our every move could be, I say “Could be” tracked. Did we worry? Not really. As long as we stayed away from the porn sites, we were safe. Au contraire.
Today, according to EFF, “New technologies are radically advancing our freedoms but they are also enabling unparalleled invasions of privacy.”2
Cell phones are electronic bracelets of sorts allowing our locations to be tracked with ease.
Web searches about sensitive medical information might seem secret, but any company wielding a subpoena can have your data. Kiss your medical coverage good bye.
And, thanks to the accuracy of Homeland Security and other law enforcement agencies, boarding a plane could cause you to be turned away or worse, arrested simply based on erroneous data.
“But in my own castle and off the net, I’m safe, right?” Not necessarily so. Cable television has come to quite a little tattle-tale. What you watch as well as when you watch it can now be more accurately monitored by that little box than with the Nielsen ratings.
Still not convinced? Toddle over to https://ssd.eff.org/ and check out the “Surveillance Self Defense kit. It’s an eye opener.
Bibliography
2. https://www.eff.org/issues/privacy
Thursday, November 10, 2011
Conflict in the Digital Age
Conflict in the Digital Age
As a veteran, I think back to times when the enemy was easily recognized. Sometimes by headgear, others by uniform, but mostly by position. “The enemy is over there” soldiers would say as the pointed to some spot or general locale.
Today, it is not so easy as we fight two fronts, the war on the citizens and the war on our governments.
In the early days of cyber-crime, the enemy was like us, just another faceless name as we read a missal from joesmith7642@aol.com inviting us to look at thei great site!
Then came the dreaded “What the hell is happening to my computer? Why can’t I get away from this page?” And the dreaded “Oh Crap!” as the system would not boot up and the message that track zero was not to be found displayed prominently in the middle of the monitor screen.
Luckily, many of us have become more astute in detecting something that is “not quite right” with an email from a friend(?). Many are just scams for all our money, but others are extremely malicious, and in the overall scheme of things, we are under attack from our own governments, sworn to protect us.
Cyber war has no blood and guts, no coffins to be unloaded, no real generals. Government and corporate America, have departments dedicated to communication security, but when it comes right down to it, there are only two. Two hackers sitting with their computers, slugging it out, toe to toe (metaphorically speaking) to find out just how good the other person is and how well they know their software and hardware.
According to the most recent report (October 2011) from SECURELIST website1,
Monthly Malware Statistics: October 2011
October in figures
The following statistics were compiled in October using data collected from computers running Kaspersky Lab products:
161,003,697 network attacks were blocked;
72,207,273 web-borne infections were prevented;
205,822,404 malicious programs were detected and neutralized on user computers;
80,900,079 heuristic verdicts were registered.
SECURELIST is an interesting website to be sure. However, there is more than just statistics to consider. Consider the following bullets on their page:
The cybercriminals’ new bag of tricks
Duqu – the new Stuxnet
The month’s top story was the detection of the Duqu Trojan and its apparent connection with Stuxnet, the first well-known example of a cyber-weapon. Experts at Hungary’s Crysys research lab found numerous similarities in the coding of Duqu and Stuxnet. These striking parallels suggest that they were both written by the same group of people, or that the Stuxnet source code was used. Despite many rumors to the contrary, the Stuxnet code has not been made publically available.
Attacks on individual users
Bundestrojan: permissible limits
This section describes one of the newest war, German police against Joe and Jane Citizen.
A major scandal erupted in Germany in October following the discovery of a backdoor used by the German police to intercept voice traffic and messages from suspects’ computers. There was an outcry not only because five federal states confirmed the use of the Trojan but also because the country’s federal laws only allow law enforcement agencies to intercept suspects’ Skype traffic, while the Trojan was capable of spying on many other types of programs.
Mobile threats: Android leads the way
Statistics
October also saw some major incidents in the world of mobile threats. According to our statistics, the total number of malicious programs for Android has now outstripped that for Java 2 Micro Edition (it had already done so with regards to Symbian by mid-summer). Over the last two years malware for J2ME has been the most prevalent among mobile threats. We’ve written several times about the reasons for this, so won’t go into the details here. However, this dramatic growth suggests that virus writers are likely to concentrate on Android malware – at least for the foreseeable future.
By the close of the month we had detected 1,916 malicious programs for Android belonging to 92 malware families. 1,610 variations from 60 families were detected for J2ME.
This last bullet hit very close to home as I have an Android and I use it extensively for web browsing, and email.
I recently went into my carrier’s place of business because I had a problem I could not undo. The sales person, a sweet young thing, in early twenties, buxom and almost dressed, told me that I “did not need this virus checker on my phone, as the system does it’s own. Luckily, being a somewhat older male and for the most part, not intimidated either by voice or by bodily parts, I informed her that I had been using computers longer than she had been on the earth and I’ll keep it on there.” As of the end of October, the total number of mobile threats detected stood at 4,053 variations from 289 families and 46.9 percent hit Android, 40 percent for J2ME and the rest scattered over Symbian, Windows Mobile and others
On the war against our government front, an article by Kendra Srivastava, dated Mon November 07, 2011 at 5:11 pm on the website Mobiledia2 discusses the plans of the Pentagon to “stress the importance of offensive tactics in the emerging realm of cyber-attacks, as they struggle to set guidelines for online warfare.”
In its first-ever symposium, according to Srivastava ,the Defense Advanced Research Projects Agency, or DARPA, discussed how the U.S. military can better protect itself from foreign-backed hackers.
Putting the problem in perspective, DARPA's director, Regina Dugan, said “the agency will work to develop offensive cyber capabilities as well as maintaining defensive lines as modern warfare will demand cyber and kinetic, bullets, bombs and troops, defenses.”
“No one has yet said exactly what the term "offensive" may mean in cyberspace. But the U.S. government and computer experts will likely continue to discuss the complicated matter for some time as they outline a comprehensive strategy” writes Srivastava.
So, as a veteran with a 2-oak-leaf-cluster GCM, Good Conduct Medal, why should I be concerned about my government and the [ab]use of cyberspace?
Because today, everyone is a suspect, even me.
Bibliography
1. http://www.securelist.com/en/analysis/204792200/Monthly_Malware_Statistics_October_2011
2. http://www.mobiledia.com/news/115529.html
As a veteran, I think back to times when the enemy was easily recognized. Sometimes by headgear, others by uniform, but mostly by position. “The enemy is over there” soldiers would say as the pointed to some spot or general locale.
Today, it is not so easy as we fight two fronts, the war on the citizens and the war on our governments.
In the early days of cyber-crime, the enemy was like us, just another faceless name as we read a missal from joesmith7642@aol.com inviting us to look at thei great site!
Then came the dreaded “What the hell is happening to my computer? Why can’t I get away from this page?” And the dreaded “Oh Crap!” as the system would not boot up and the message that track zero was not to be found displayed prominently in the middle of the monitor screen.
Luckily, many of us have become more astute in detecting something that is “not quite right” with an email from a friend(?). Many are just scams for all our money, but others are extremely malicious, and in the overall scheme of things, we are under attack from our own governments, sworn to protect us.
Cyber war has no blood and guts, no coffins to be unloaded, no real generals. Government and corporate America, have departments dedicated to communication security, but when it comes right down to it, there are only two. Two hackers sitting with their computers, slugging it out, toe to toe (metaphorically speaking) to find out just how good the other person is and how well they know their software and hardware.
According to the most recent report (October 2011) from SECURELIST website1,
Monthly Malware Statistics: October 2011
October in figures
The following statistics were compiled in October using data collected from computers running Kaspersky Lab products:
161,003,697 network attacks were blocked;
72,207,273 web-borne infections were prevented;
205,822,404 malicious programs were detected and neutralized on user computers;
80,900,079 heuristic verdicts were registered.
SECURELIST is an interesting website to be sure. However, there is more than just statistics to consider. Consider the following bullets on their page:
The cybercriminals’ new bag of tricks
Duqu – the new Stuxnet
The month’s top story was the detection of the Duqu Trojan and its apparent connection with Stuxnet, the first well-known example of a cyber-weapon. Experts at Hungary’s Crysys research lab found numerous similarities in the coding of Duqu and Stuxnet. These striking parallels suggest that they were both written by the same group of people, or that the Stuxnet source code was used. Despite many rumors to the contrary, the Stuxnet code has not been made publically available.
Attacks on individual users
Bundestrojan: permissible limits
This section describes one of the newest war, German police against Joe and Jane Citizen.
A major scandal erupted in Germany in October following the discovery of a backdoor used by the German police to intercept voice traffic and messages from suspects’ computers. There was an outcry not only because five federal states confirmed the use of the Trojan but also because the country’s federal laws only allow law enforcement agencies to intercept suspects’ Skype traffic, while the Trojan was capable of spying on many other types of programs.
Mobile threats: Android leads the way
Statistics
October also saw some major incidents in the world of mobile threats. According to our statistics, the total number of malicious programs for Android has now outstripped that for Java 2 Micro Edition (it had already done so with regards to Symbian by mid-summer). Over the last two years malware for J2ME has been the most prevalent among mobile threats. We’ve written several times about the reasons for this, so won’t go into the details here. However, this dramatic growth suggests that virus writers are likely to concentrate on Android malware – at least for the foreseeable future.
By the close of the month we had detected 1,916 malicious programs for Android belonging to 92 malware families. 1,610 variations from 60 families were detected for J2ME.
This last bullet hit very close to home as I have an Android and I use it extensively for web browsing, and email.
I recently went into my carrier’s place of business because I had a problem I could not undo. The sales person, a sweet young thing, in early twenties, buxom and almost dressed, told me that I “did not need this virus checker on my phone, as the system does it’s own. Luckily, being a somewhat older male and for the most part, not intimidated either by voice or by bodily parts, I informed her that I had been using computers longer than she had been on the earth and I’ll keep it on there.” As of the end of October, the total number of mobile threats detected stood at 4,053 variations from 289 families and 46.9 percent hit Android, 40 percent for J2ME and the rest scattered over Symbian, Windows Mobile and others
On the war against our government front, an article by Kendra Srivastava, dated Mon November 07, 2011 at 5:11 pm on the website Mobiledia2 discusses the plans of the Pentagon to “stress the importance of offensive tactics in the emerging realm of cyber-attacks, as they struggle to set guidelines for online warfare.”
In its first-ever symposium, according to Srivastava ,the Defense Advanced Research Projects Agency, or DARPA, discussed how the U.S. military can better protect itself from foreign-backed hackers.
Putting the problem in perspective, DARPA's director, Regina Dugan, said “the agency will work to develop offensive cyber capabilities as well as maintaining defensive lines as modern warfare will demand cyber and kinetic, bullets, bombs and troops, defenses.”
“No one has yet said exactly what the term "offensive" may mean in cyberspace. But the U.S. government and computer experts will likely continue to discuss the complicated matter for some time as they outline a comprehensive strategy” writes Srivastava.
So, as a veteran with a 2-oak-leaf-cluster GCM, Good Conduct Medal, why should I be concerned about my government and the [ab]use of cyberspace?
Because today, everyone is a suspect, even me.
Bibliography
1. http://www.securelist.com/en/analysis/204792200/Monthly_Malware_Statistics_October_2011
2. http://www.mobiledia.com/news/115529.html
Subscribe to:
Posts (Atom)