Thursday, July 24, 2014

Data Exhaust: Time For The U.S. Power Grid To Go Down?

Let's see, now. Russian "separatists" down a passenger airline with Russia-supplied a surface-to-air missile. Palestinians are parading civilian casualties after the psychotic impunity of having used those civilians as human shields in their rocket attacks on Israel. Coyotes are making thousands of dollars a head to smuggle children across our border with Mexico. That makes at least three proponents of the argument that America needs something else on which to concentrate. Hey, how about a few teams of…wink, wink…"separatist jihadist Remember-the-Alamo patriots" with high-powered rifles taking out critical power substations throughout the United States? Take us offline as effectively as an EMP attack. Toss in a few wildfires near populated areas.

Good grief! I hope somebody is thinking a few chess moves ahead besides Vladimir Putin. Those critical power components are well known. Certainly a few governors are deploying their National Guard assets to protect the power grid. Right?

Tuesday, July 1, 2014

Russians and Chinese are Infecting an App Near You

The next-best way to hack the world, if you can't hit the supply chain and nail every customer of Microsoft or Adobe with those vendors' software update programs, is to set up "watering hole" infections of far less astute application providers, like:

  1. Your local Chinese restaurant (or any take-out food supplier) who has their own swell application.
  2. Your favorite TV station's weather application.
  3. Your bicycling or other exercise-logging application.
Yes sir, Big Dog. How many times a day do you see automatic software updates on your iPhone, Android, or even from desktop software suppliers. Heck, look at the permissions you grant to the average Android application, and you'll see why today's New York Times story about those pesky Russians deploying Stuxnet-like viri (see the story here) is really REALLY relevant to your lives. Just update your favorite small business application (hey, you get free meal points, just like your airline frequent flyer program), and before you know it Boris and Natasha (or Wen and Hu, see my parody of the Abbott and Costello routine here) will be draining your bank account.

So the next time you consider downloading an online application from the Foo King Chinese restaurant, remember Hu might be infecting all your computers. It's not a question of "if" but a question of…Wen. 

[Note: Check out the above-referenced Abbott and Costello parody if you wonder about that last paragraph.]

Wednesday, June 25, 2014

2016 Prediction: Bill Gates and Warren Buffett Could Choose our Next President

On June 4th (read the article here), I shared the remarkable news that just two men could pretty well get together and name our next POTUS. No, neither of them is Rush Limbaugh nor Barak Obama. 68% of the random sample surveyed said they'd support a candidate endorsed by Bill Gates and Warren Buffett. Gates I can understand, since his selfless generosity in giving away billions clearly marks him as one with the world's best interests at heart. I guess Mr. Buffett's challenge to the high rollers to give away lots of their net worth pays his dues into that club, too.

So what'll it be, Bill and Warren? Who has the brain power and the courage to step up and save our dysfunctional national family? If you guys agree on it, then it's a done deal.

I have a candidate you should look at, and I've been breaking my pick trying to find people to facilitate some kind of introduction. Alas, nobody who knows either of you two is willing to broker an introduction. I guess those are chips nobody wants to risk, and who can really blame them. I can't tell you how often somebody calls me out of the blue and asks for help setting up a meeting with Oracle's Larry Ellison or Salesforce's Marc Benioff. Half of me seriously doubts I could accomplish the intro, the the other half says out loud, "And you think I'll waste these chips for some stranger?" Yep, no wonder I haven't found a broker.

So directly to Mr. Gates and Mr. Buffett, I've got a candidate whose elevator pitch will blow your mind. Let me give you a one-paragraph elevator pitch, the goal of which is to set up a five-minute telephone call with my guy. Worst case, you'll be entertained. Best case, you'll want to nominate him for election in 2016 as well as for the Nobel Prize in Economics.

Wednesday, June 18, 2014

Russia and China REALLY Want You to Back Up Your Files to The Cloud

There is a fine line between paranoia and plain stupidity. Sure, it sounds like a jim-cracking-dandy good idea to back up your files to the firms advertising on talk radio. Insure those priceless photos and your address book for less than $5 per month. What could go wrong? Two options give me a little heartburn.

First, read the privacy policy and the terms of service of the backup service. Basically, they can screw up big time and your only recourse is a refund of the money you've paid them for the backup service. Not to mention the common disclaimer below:
[Vendor Name Here] will not disclose Your personal information, including the contents of Your Account, to third parties unless disclosure is necessary to comply with the law.
I'm not planning to engage in illegal activities, but it's not like I trust Big Brother, either.

Second, a more troubling story appeared today in Computerworld (read it here). They report a "Russian forensic firm's tool" can access iCloud backups. To my mind, this "data exhaust" presents the very real possibility that foreign governments and/or crooks have targeted all the cloud backup firms with BPTs (that's Brilliant Persistent Threats) designed to let them troll all privately stored files. The same reason several governments will not buy computer equipment from China-based companies like Huawei and Lenovo ought to be reason enough for those same governments to forbid their employees to use cloud backup services: competition, foreign governments, or mere thieves will find a way to monetize your data assets. Guaranteed.

And speaking about guarantees, I have yet to see any cloud backup services advertise significant insurance for losses you might incur due to your files being grabbed by The Bad Guys. Quite to the contrary, their terms of service agreement has you pretty thoroughly indemnifying them from any responsibility for protecting your data.

Paranoia vs. stupidity. Hey, disk storage devices and fire safes are dirt cheap. Buy your own backup.

Tuesday, June 10, 2014

Israel, The Last Great Hope for Worldwide Cyber Security?

Three years ago (read my article here), I gave eight reasons why Israel should become the first cyber privateer haven. Data exhaust from today indicates that the Israelis might just be our last chance for coherent worldwide cyber security.The data points:
  1. Computerworld estimates worldwide cybercrime losses now exceed $400 billion (read their story here).
  2. The New York Times verifies massive institutionalized Chinese cybertheft (see the story here).
  3. On June 2nd, the New York Times essentially verified that the complete U.S. strategy for dealing with cybercrime is to continue playing a defense-only game (see the story here) with DARPA (the Defense Advanced Research Projects Agency) holding a contest to see which genius can come up with technology to detect intrusions and close the doors on the fly (Was that Vince Lombardi shrieking from his grave?)
All the superpowers are playing the cyberspy-vs-cyberspy "plausible deniability" game. The U.S. is telling China, "We only spy on your government, not your businesses." To which China replies, "Give us a break!" The Russians are at least smart enough to go where the money is with some pretty sophisticated cyberthievery. The Brits are keeping their mouths shut and plodding along to create the world's biggest CCTV police state. The French are keeping their mouths shut. The Germans are assuming all their cellphone conversations are being personally monitored by Barak Obama himself. Australia, a nation I thought could host licensed and bonded cyber privateers because of their remoteness, seems to be more concerned with shutting down their home-grown hacker community. South Korea won't do anything to jeopardize the missile defense shield they want from the U.S. North Korea is playing the "Hey-is-THIS-crazy-enough-for-ya?" game. The only purpose being served by Islamic countries is to get the blame for what in reality are false-flag operations created by the big boys (ie; The Syrian Electronic Army). And Japan seems to have lost the national self confidence to do much of anything. That leaves…drum roll…Israel.

It's time for Israel to step up to a foreordination that's been in The Books for thousands of years.

Selah.