…if – IF – so, then it will be very very bad for the future of private communication:
Talk, for example, was built to help enterprise users communicate better, Singhal says. “The notion of creating something that’s social and that’s always available wasn’t the same charter as we set out with when we created Talk.” With Hangouts, Singhal says Google had to make the difficult decision to drop the very “open” XMPP standard that it helped pioneer.
via Exclusive: Inside Hangouts, Google’s big fix for its messaging mess | The Verge.
Install Ghostery on Chrome or Firefox; this page is particularly impressive:
I recognise that this is an unorthodox approach, so I will be brief and hope you find time to respond.
IBM’s acquisition of Green Hat has given us a leadership position in the service virtualisation and integration testing market. IBM’s service virtualisation solution enables our customers to simulate and model the services that share dependencies with the new solutions they are developing. With IBM Green Hat you are able to work with systems which are:
• Not yet operational, or still under active development.
• Only available for testing in limited capacity or at inconvenient times.
• Owned by a third party or partner, who may charge significant fees for access.
• Difficult or expensive to provision or configure in a test environment.
• Required for simultaneous testing by teams with different requirements.
Through the adoption of IBM’s solution, a major financial institution has saved £30 million in the last 3 years, whilst being able to increase the projects delivered by over 100%.
If this is an area of current consideration I would like to book some time in your diary to identify areas where IBM would be able to help you to meet your business needs more effectively.
I look forward to hearing from you.
Rational Account Manager – IBM
The National Police Agency in Japan is apparently asking ISPs in that country to “voluntarily” block the use of Tor, the well-known and widely used system for anonymously surfing the internet.
An expert panel to the NPA, which was looking into measures to combat crimes abusing the Tor system, compiled a report on April 18 stating that blocking online communications at the discretion of site administrators will be effective in preventing such crimes. Based on the recommendation, the NPA will urge the Internet provider industry and other entities to make voluntary efforts to that effect.
This is an extreme and dangerous overreaction. Yes, some people abuse the anonymity of Tor to do illegal things. Just as some people abuse the anonymity of cash to do bad things. But we don’t then outlaw cash because of this. There are many, many reasons why people have good reason to seek out an anonymizing tool like Tor to protect their identity. What if they’re whistle blowing on organized crime or corruption (say) in the police force? As for the fear that it’s being used for criminal activity, that doesn’t mean that police cannot identify them through other means. We’ve seen time and time again people leave digital tracks in other ways when they’re committing crimes. Yes, it makes life more difficult for police, and it means they have to do actual detective work, but that’s what their job is.
via Police In Japan Are Asking ISPs To Start Blocking Tor | Techdirt.
Since the beginning of the cybersecurity FUDgasm from Congress, we’ve been asking for proof of the actual problem. All we get are stories about how airplanes might fall from the sky, but not a single, actual example of any serious problem. Recently, some of the rhetoric shifted to how it wasn’t necessarily planes falling from the sky but Chinese hackers eating away at our livelihoods by hacking into computers to get our secrets and destroy our economy. Today, Congress is debating CISPA (in secret) based on this assumption. There’s just one problem: it’s still not true.
The 27 largest companies have now admitted to the SEC that cyberattacks are basically meaningless and have done little to no damage.
The 27 largest U.S. companies reporting cyber attacks say they sustained no major financial losses, exposing a disconnect with federal officials who say billions of dollars in corporate secrets are being stolen.
MetLife Inc., Coca-Cola Co. (KO), and Honeywell International Inc. were among the 100 largest U.S. companies by revenue to disclose online attacks in recent filings with the Securities and Exchange Commission, according to data compiled by Bloomberg. Citigroup Inc. (C) reported “limited losses” while the others said there was no material impact.
So what’s this all really about? It goes back to what we said from the very, very beginning. This is all FUD, engineered by defense contractors looking for a new way to charge the government tons of money, combined with a willing government who sees this as an opportunity to further take away the public’s privacy by claiming that it needs to see into corporate networks to prevent these attacks.
If this was a real problem, wouldn’t we see at least some evidence?
via As Congress Debates CISPA, Companies Admit No Real Damage From Cyberattacks | Techdirt.
Ben Hammersley, a Number 10 adviser to the Tech City project, said the draft Communications Data Bill could be turned from a force for good into something more sinister under future governments.
The main aim of the Bill is to give security services like MI5 and GCHQ the ability to monitor email traffic, without actually looking at its content.
However, it is currently being revised after a committee of MPs and peers raised privacy concerns about the bill’s intrusion into people’s lives.
Asked for his views on the new laws, Mr Hammersley said the consequences could be “disastrous” in an interview with Tank magazine.
“I don’t trust future governments,” he said. “The successors of the politicians who put this in place might not be trustworthy.
via Snoopers’ laws could be used to ‘oppress us’, says David Cameron technology adviser – Telegraph.
From discussion with friends, an extract:
If the definition or example that somehow APT is a ‘newer, better and prolonged method of attack and stealth to obtain the crown jewels’ then what was Kevin Mitnick’s attack on Sun Microsystems?
It’s because Mitnick was an American – not “a Red” – and the net was not infrastructure back then.
In short: since the threat model has moved on from “Commies” now, APT is essentially a racist/jingoistic term for “foreign hacker who is other than us”.
My friend Jon Care says that ‘cloud’ is an irregular noun:
- I have a Private Cloud
- You have a Botnet
- They have a Cyberwarfare Capability / Cyberweapon
…and I am basically thinking that APT is the equivalent third term for government pentester - the second being the eternally-slightly-tarnished Hacker, of course.
ps: obligatory tip for decyber
1 Why is Chrome spawning a new browser engine?
The WebKit maintainers wouldn’t let us attack Apple directly, by changing WebKit in ways that would make it perform badly on OS X and iOS.
Because they share a rendering engine, developer effort to ensure Chrome compatibility currently benefits Apple platforms for free. To prevent this, we must make Chrome and WebKit behave differently.
1.1 What sorts of things should I expect from Chrome?
Nothing yet. This is a political move, not a technical one.
However, while the Chrome user interface will not change in any significant way, we will be silently overwriting all existing installations of Chrome with our new rendering engine without your knowledge or consent.
…continues gloriously at Chrome Blink FAQ.
…check some history:
The “bomber gap” was the unfounded belief in the Cold War-era United States that the Soviet Union had gained an advantage in deploying jet-powered strategic bombers. Widely accepted for several years, the gap was used as a political talking point in order to justify greatly increased defense spending. One result was a massive buildup of the United States Air Force bomber fleet, which peaked at over 2,500 bombers, in order to counter the perceived Soviet threat. Surveillance flights utilizing the Lockheed U-2 aircraft indicated that the bomber gap did not exist. Realizing that mere belief in the gap was an extremely effective funding source, a series of similarly nonexistent Soviet military advances were constructed in a tactic now known as “policy by press release.”
The missile gap was the term used in the United States for the perceived disparity between the number and power of the weapons in the U.S.S.R. andU.S. ballistic missile arsenals during the Cold War. The gap only existed in exaggerated estimates made by the Gaither Committee in 1957 and in United States Air Force (USAF) figures. Even the CIA figures that were much lower and gave the US a clear advantage were far above the actual count. Like thebomber gap of only a few years earlier, it is believed that the gap was known to be illusionary from the start, and was being used solely as a political tool, an example of policy by press release.
Policy by press release refers to the act of attempting to influence public policy through press releases intended to alarm the public into demanding action from their elected officials. The practice is frowned upon, but remains effective and widely used. In modern times, the term is used to dismiss an opponent’s claims, suggesting they are lacking in substance and created to generate media attention.
Now: Compare with:
You Call This an Army? The Terrifying Shortage of U.S. Cyberwarriors.
The United States doesn’t have nearly enough people who can defend the country from digital intrusions. We know this, because cybersecurity professionals are part of a larger class of workers in science, technology, engineering, and math–and we don’t have nearly enough of them, either. We’re just two years into President Obama’s decade-long plan to develop an army of STEM teachers. We’re little more than one year from his request to Congress for money to retrain 2 million Americans for high-tech work (a request Republicans blocked). And it has been less than a month since the Pentagon said it needed to increase the U.S. Cyber Command’s workforce by 300 percent–a tall order by any measure, but one that’s grown even more urgent since the public learned of massive and sustained Chinese attempts at cyberespionage last month.
Where are Cyber Command’s new hires going to come from? Even with so many Americans out of work, it isn’t as though there’s a giant pool of cyber professionals tapping their feet, waiting to be plucked up by federal agencies and CEOs who’ve suddenly realized they’re naked in cyberspace. In fact, over the next couple of years, the manpower deficit is only going to get worse as more companies come to grips with the scale of the danger.
Demand for cyber labor is still far outstripping supply, Ron Sanders, a vice president at Booz Allen Hamilton, told National Journal in a phone interview. “With each headline we read,” he said, “the demand for skilled cyber professionals just increases.”
The number of industry employees is already growing at double-digit rates. A new report released Monday finds that the number of people working in the cyber field is going to grow worldwide by 11 percent every year for the next five years. In North and South America, according to the paper–published by the International Information System Security Certification Consortium (ISC2)–that will mean almost a million more workers in the field by 2017. Many of them will be highly qualified. But not all of them will be in the employ of U.S. entities, to say nothing about working in the United States itself.
“…doomed to repeat it.”
I am wondering if we are going to end up with people who are skilled in security getting quite literally drafted in order to quell the panic?