Saturday, December 21, 2013

Hacking the Utah Attorney General's Office


"You're a mean one, Mister Grinch." It would appear to the casual observer that the former Utah Attorney General John Swallow is a crook. Even the Grinch wouldn't beat a legal affidavit out of a guy on his death bed, trying to turn a bribe into an unbribe.* Man, talk about a heart two sizes too small. Sure, Swallow resigned hours ahead of a report on his crookedness, and the wheels of justice are grinding away on his growing litany of shenanigans. But that's not the bad part. The fact is, the Utah Attorney General's office is…well…asleep at the switch. Which is an open invitation for massive miscreant misbehavior. 

Merry Christmas to the LGBT community, who was ready to walk into city hall and have their same-sex marriages licensed and performed by none other than Salt Lake City Mayor Ralph Becker just hours after a federal judge declared Utah's same-sex-marriage ban unconstitutional. A moderately competent attorney general's office would have had the paperwork ready to file for a stay of the decision pending appeal. 

Don't get me wrong. It's not the purpose of this blog to comment on Judge Shelby's ruling or opine on same-sex marriage. The cause of my indigestion is that Utah politicians ought to be paying more attention to operational competence and less attention to diode output of the FOR SALE signs on their lapel buttons. 

So to all you hackers, crackers, and black hats I say, "Come to the Grinch's home state and do some phishing!" U.S. cyber security laws already have us playing with our hands behind our backs. There's not a single person in the U.S. House or Senate that knows a DNS hack from a double hernia. Pay your protection money from a PAC named something like "Decency for the Homeless" and then suck up cash like a Hoover,the vacuum cleaner, not J. Edgar. Heck, if J. Edgar were alive today he'd probably be standing in the marriage license line at the Salt Lake City Hall with his former assistant Clyde Tolson. 

*Swallow had the audacity to cajole Richard M. Rawle into signing an affidavit explaining his arrangement with Swallow just days before Rawle died of cancer in December 2012. Swallow distributed the document as proof that he'd done nothing wrong.

Thursday, December 19, 2013

Hacking the FDA

Want to see the movie my buddy Jeff Hays is producing that blows the lid off the FDA? Click here if you want your own DVD (and a chance to contribute via indiegogo).

Jeff is one of the five or six smartest guerrilla warfare marketeers I've ever known. I'm glad he's chosen to use his powers for good.

Friday, December 13, 2013

Federal Judge Clark Waddoups Rules Utah Polygamy Law ALMOST Unconstitutional

Author's note: Judge Waddoups and his family have been dear friends of me and my wife for over twenty years. The novel Daddy's Little Felons was written about our now-deceased mutual friend Judge Pat Brian. My wife and I had the Waddoups over to the house for dinner in late September, and I knew that the ruling on The Sister Wives case was about to make some history. The judge couldn't talk at all about the case, but I could tell he was excited about the upcoming ruling. I think my old friend made some history with this one.
My friend Clark Waddoups, who I have reported is the most brilliant cyberlaw jurist on the planet (as he whacked 1800CONTACTS in their lawsuit which was then upheld by the appeals court as they tried to take over commerce on the Internet-see the story here), has just made some history with his ruling on the Sister Wives television show case. Once he filed the ruling, Clark sent me a copy, which I posted on my personal website (see it here). I'll have you know that I spent the evening reading it, and avoiding going to my regular Friday night movie or even watching television. This was hands down the most entertaining evening I've had in ages. To help you gird up your loins to dissect the 91-page document (which I think will become required reading in every law school in the country, not to mention advanced degree programs in history and sociology), let me give you some net nets:

  1. The Utah statute on polygamy was ruled unconstitutional and yet miraculously upheld. How could that be?
  2. Simply, Judge Waddoups upheld the ban against legal recognition of polygamous marriage but did not uphold the criminalizing of polygamous behavior
  3. Since Kody Brown and the "Sister Wives" did not purport to have a legalized polygamous marriage, Judge Waddoups awarded them a summary judgment and rejected the state's summary judgment arguments.
  4. Judge Waddoups got off a couple of knee-slappingly funny characterizations of the state's competence with such lines as (p3) "The court was intrigued by the sheer lack of response in Defendant's filing to Plaintiffs' seven detailed constitutional claims." Or how about…
  5. The state wanted to get out of this so badly that (p7) "…the Defendant filed a Motion to Dismiss…and confirmed that the long investigation of the Brown[s] has been closed shortly before the planned summary judgement motions."
  6. In the footnote on page 10, Waddoups gets off another zinger against the state: "The court is not impressed with Defendant's characterization of Plaintiffs' serious and substantial legal arguments in support of each of their Constitutional claims…"
  7. Judge Waddoups took great pains to accentuate the incompetence of Assistant Attorney General Jerrold S. Jensen on pages 59-62 of his ruling when he recounted his dialogue with Mr. Jensen as he went down a list of scenarios, trying to understand Mr. Jensen's logic. Like I say, this should be required reading even at the high school level.
Never have I seen a more compelling and thoroughly reasoned history of not only Mormon polygamy, but (p11) of "the white man's burden—the idea that the civilized white Europeans had a duty to exercise firm but beneficient tutelage over what they regarded as the less advanced, child-like, dark-skinned races and guide them toward civilization." In other words, the reasoning against polygamy was inspired by racism of the most vile nature. Like I say, what a history lesson!

The fine line walked by Judge Waddoups can only be appreciated by another Mormon. Just like Judge Waddoups, my wife has polygamous Utah ancestors. It took some real guts for the judge to swallow hard and uphold the state constitution and federally mandated conditions for Utah to achieve statehood and, at the same time, recognize the reality of modern-day morality. The only nod to the inequity of the Utah law, which he grudgingly upheld, is his footnote on page 84:
"In particular, delegation of part of the amending process of a state constitution to the federal government raises the question of whether the state [of Utah] has been admitted into the Union on an equal footing with sister states." John J. Flynn, Federalism and Viable State Government—The History of Utah's Constitution, 1966 UTAH L. REV. 311, 323 n.89. (citing Coyle v. Smith, 221 U.S. 559 (1911).
Quoting a line from the Movie Top Gun, "Maverick, that's the gutsiest move I've ever seen." Et tu, Your honor!

Wednesday, December 11, 2013

IRONY: TIME Magazine names Snowden "Runner-Up" for Person of the Year

My comment to the TIME MAGAZINE story (read it here) on Edward Snowden being named runner-up to their Person of the Year says it all:
Nomination makes sense, given TIME's criteria for naming POTY. We are at the nexus of a big national decision and debate on privacy. The alternative to a NSA/PRISM big brother state is total transparency of a publicly articulated doctrine (like The Morgan Doctrine) where licensed and bonded CYBER PRIVATEERS get aggressive with the bad guys and rogue governments. Trouble is, right now the USA and NSA are the biggest culprits and would therefore put all US assets around the world at risk. Ironic, eh?
The first nation that adopts the privatization of worldwide Internet security could become the new Land of the Free and Home of the Brave, not to mention the high-tech goldmine of all goldmines.

Ironic that it couldn't be the USA.

Tuesday, December 3, 2013

Anecdote on the State of Internet Trust

When I called Clyde Johnson to confirm he'd won his iPad Mini with Retina Display, I should have immediately identified myself as administering the award from his survey response. Instead, I said, "I'd like to confirm the delivery address for the iPad Mini that you just won."

He said, "Yeah, right."

I immediately realized how I must sound like one of the dozens of telephone scammers that call me every month, so I quickly said, "No, really. You filled out a survey on three thirty-second TV ads for Bingham Memorial Hospital and registered for an iPad drawing. You won. I just want to know where to ship the darn thing."

"Oh!" It suddenly came to him that I was truly on the level, as he remembered the survey.

Which now causes me to muse on what the world would be like, trust wise, if licensed and bonded privateers put a "check" in The Bad Guys' swings with the threat of overwhelming and disproportionate retaliation for misdeeds and thievery.

I'd like that world a lot better than the one we have.

Saturday, November 30, 2013

Which Country is Best Suited to Host Cyber Privateers?

If I were King of the World (yes Mel Brooks, "It's good to be king.") I'd probably make Israel the host of world-wide cyber privateering. They're insular, they've been playing defense since they declared their independence, they don't care if people like them, and they have arguably the smartest technological gunslingers on the planet. That said, their plate is full right now with all kinds of threats, so I'll create my list below them as I see the benefits to the various countries.

  1. Israel
  2. Australia (see my post on this scenario here). Main reason: Australia would be tough to invade, and nobody would dare nuke them.
  3. Poland (or other new democracy looking to start a technology gold rush). Former Communist countries have little going for them technology wise, except maybe as a home for international banking thievery. A country like Poland could use a trillion-dollar shot in the economy, and sharing cyber privateering loot fifty-fifty with the best and brightest around the world is just what the doctor ordered. Overnight they could become Mecca.
  4. The United States, if and only if we'd get out of the spying business and declare a Monroe Doctrine-like and highly public RULES OF ENGAGEMENT. Then the NSA could become the bonding authority to keep licensed and bonded cyber privateers honest. Also, the USA has a set of legal precedents dating back to the Revolutionary War and explicitly stated in the U.S. Constitution (see U.S. legal justification here).
  5. Great Britain, another insular society that bought the world time from the Nazis while the U.S. blithered its way into World War II.
  6. France, another democracy that needs a gigantic shot in the economic arm. Maybe, somewhere in France, the spirit of The French Foreign Legion could be resurrected.
  7. Planet Google in an off-shore eco-independent floating Pirate Server Farm.
I'd appreciate comments to or additions for my list.

Thursday, November 28, 2013

Saturday, November 23, 2013

Win an iPad Mini with Retina Display by Seeing How BMH is Hacking the Healthcare System

If you're located in the United States and are willing to look at 3 30-second television commercials and then answer 10 questions about them, you could win an iPad Mini with Retina display the day before Thanksgiving (11/27/2013). That's in less than a week. Louis Kraml, CEO at Bingham Memorial Hospital in Southwest Idaho is a rather revolutionary genius behind a remarkable way to provide healthcare. Take the survey (click here) and register for the iPad drawing.

Of course, there are multiple levels of "method to my madness" on this project. I'll be using Quantum Leap Innovations' predictive analytics technology to "grok" the survey data for Mr. Kraml in ways that will never be publicly announced. But I will predict that Louis Kraml is going to revolutionize everything about American healthcare within the next 10 years. Everything.

Wednesday, November 20, 2013

Shameless Bribery for Your Good Review of Daddy's Little Felons

Chenoa, one of the main characters in the sequel to Daddy's Little Felons, sitting with a test-mailed 1000 Warriors water bottle. Only 1000 were produced, and about 600 riders received them in the 2009 Tour of Utah bicycle race. After shrinkage (ie, my giving them to my bicycling buddies) there are just 200 left. The bottle commemorates the hardest stage of the hardest stage race in the United States, and racers got the bragging rights of racing the same day on the same course as the pro riders, leaving several hours before the pros rode the same course. The bottles are highest-quality low-density polyethylene and the first class postage to mail them anywhere in the United States is $2.07. That's just about the commission on your $2.99 purchase of Daddy's Little Felons. So not only do you get free shipping if I like your review, but you get a high-quality memento of the damndest bicycle race ever held (the course was so dangerous and there were so many injuries that I swore off putting on bicycle races after that year).
Alright, here's the deal. If you buy a copy of Daddy's Little Felons on Amazon (click the link to the left) and then write a review as an "Amazon Verified Purchaser" of the book, I will reward reviews I like with my gift to you of the above-described bicycling water bottle. My treat. Including postage. Unfortunately, I can only make this offer to readers who want their swell collectors-edition water bottle mailed somewhere in the United States. Heck, the bottle is worth a fortune all by itself. And I'm picking up postage equal to the Amazon commission.

All you need do to get your shamelessly offered bribe is write a review I like and paste a copy of it in an email to me: rick@rickbennett.com. Be sure to include your mailing address. Of course, if you are a cyclist and want to ride some Utah mountains when the snow melts in early 2014, feel free to stop by and pick up the bottle in person. We can ride together and I'll tell you all about Chenoa the wonder dog.


Thursday, November 7, 2013

Perfect Virus Principle #3 Would Have Solved All The Healthcare.gov System Snafus

My creation of the 22 Principles of the Perfect Virus (click here to see them all, in their glory) really evolved from a seminal work by Jeff Walker when he created a software company called TENFOLD (see the nomination of Jeff to my Cyber Privateer Fantasy League here). Jeff's 22 Principles of the Perfect Application saw reality as TENFOLD delivered a working Chicago Board of Trade commodities trading floor as well as the Allstate Insurance system. These systems were infinitely scalable, bullet proof, and worked perfectly right out of the box. TENFOLD no longer exists, but that's a whole other story completely unrelated to the technology. I know the story, because I sat on their board of directors, and for a time I was chairman of the board audit committee. Again, that's another story I won't spend time discussing here. I've never gotten permission from Jeff to publish his 22 Principles of the Perfect Application, but I did get his approval as I modified them for my own 22 Principles of the Perfect Virus.

Adherence to principle #3 alone, which happens to be identical in both our topographies, would have saved our healthcare computer system (just today, Computerworld ran this story the "War Room" notes describing the chaos at Healthcare.gov). Both Jeff and I call Principle #3 "Self Awareness" and you can read all about it here. I described the key benefits of Self Awareness as follows:
  1. The Perfect Application (and The Perfect Virus) is analogous to a Microsoft Excel spreadsheet. It does whatever you want it to do, and does it perfectly. Whatever hardware or operating system underpinnings support the spreadsheet, those are invisible to the application. Furthermore, the spreadsheet user can immediately see if it's doing what he wants it to do, because it runs instantly. No compilation. No human errors introduced through punctuation errors in assembly language or C++ coding. No SQL infinite loops because of mistyped syntax in queries.
  2. The Perfect Application functioned in a bullet-proof virtual machine, independent of hardware architecture, network protocol, or operating system.
  3. The Perfect Application was written in itself, which meant that it could self-diagnose and change its own DNA as it were.
In other words, Self Aware applications work perfectly out of the box every time. They automatically scale as server load increases. They self-diagnose and self-repair as needed.

On October 7th of this year, I seriously offered how Jeff Walker could have saved the healthcare website (see my story here).  As the story of Healthcare.gov has unfolded (Stratfor's George Friedman recently shared an intelligence gathering truism that "The first story is not always the right story."), more and more of "the right story" is unfolding. And I am more certain than ever that TENFOLD's demise will remain one of the great ironies of my professional life.

In my nomination of Jeff Walker as the #3 man on my Cyber Privateer Fantasy League team, I wrote:
When Jeff tracked me down to help him with his public company Tenfold, he immediately endeared himself to me by saying, "You wouldn't know a good application if it bit you." Now since my training is really in mathematics and since I'd once written a real-time operating system that took less than 700 bytes of computer memory, I could have been offended. Instead, I kept my ego in check and paid close attention. Over the next few years, first as a consultant and then as a member of his board of directors, I learned about applications. And guess what? Jeff was right. Before that time, I absolutely didn't have the faintest idea what constituted a good application.
I make the identical observation of the creators of Healthcare.gov: "They wouldn't know a good application if it bit them." And they obviously didn't give Jeff a call.

Taman Shud.


Wednesday, November 6, 2013

2014 Headline: Law Firm Stings Hackers for $60 Million

Based upon "data exhaust" produced by Quantum Leap Buzz from Twitter and Facebook feeds, and Quantum Leap Analyst simulations on cyber security breach escalation, I predict the following story (or one substantially identical with different players) will appear in mid to late 2014.
NEW YORK, NY - December 17, 2014 - In a first-of-its-kind press conference held after the close of markets today, the number-one M&A legal firm of Davis Polk & Wardwell (http://www.davispolk.com) announced a massive. and what they contend to be legal, sting operation against a foreign government attempt to penetrate the security of their super-secure mergers and acquisitions working documents. Senior Counsel Peter R. Douglas (see bio here) outlined the basics of a sting operation which netted Davis Polk's client some $60 million. Those funds will be donated in their entirety to several zero-overhead charitable organizations (see a discussion of zero-overhead charities here).

"Davis Polk would like to thank the news media for attending what we think is an historical event," began Davis Polk's Senior Counsel Peter R. Douglas. "Only one organization had any detailed information on the subject of this announcement, and we purposely misdirected that source to believe in a substantially different scenario. We believe that source to be an arm of the Chinese government who had infiltrated our most sensitive M&A computer systems. Nowhere but in those top secret files did we allude to a major announcement of a shell public company for which we were preparing a spectacular announcement. The organization which illegally accessed those files spent over $75 million buying shares in our shell company, which netted our firm, the owner of those shares, approximately $60 million dollars."

"I would like to assure all Davis Polk clients that our real data security was never at risk," said Douglas. "It was only because of persistent attempts to break into our systems that we devised a 'honey pot' system to lure and trap intruders. Since U.S. cyber law prohibited us from taking direct retaliatory action against the intruders, we came up with a plan to stab them with their own sword."

"Trading in this stock has been suspended," continued Douglas. "Our clearing house has expedited settlement in our favor, and we hereby announce the donation of all $60 million to worthy charities around the world. The funds—all $75 million, including commissions of $15 million—will be held in escrow until we receive authorization from the Securities and Exchange Commission that they anticipate no civil or criminal actions will be taken against Davis Polk or our shell client organization."

Concluded Douglas, "We are providing authorities with the names of the entities who acted on illegally obtained information to buy this stock and profit from it. Except for one domestic buyer, all the funds came from organizations closely tied to the Central Bank of China. The one exception was a domestic buyer who appears to be related to a senior analyst working for the U.S. National Security Agency (NSA)."

Mr. Douglas then closed the press conference without taking questions from the media, indicating that details would be released as deemed appropriate by legal counsel and as authorized by the Securities and Exchange Commission.

Tuesday, November 5, 2013

Stanford Security Conference Keynote This Week by Morgan Rapier

Time Magazine reported today on cyber security leaders from 40 countries meeting at Stanford University this week to discuss worldwide cooperation (see story here). Following is an excerpt from the keynote address prepared by licensed and bonded cyber privateer Morgan Rapier.
Minister Mingzhao [China], Cyberissues Coordinator Painter [U.S. State Department], members of the East West Institute, distinguished guests, ladies and gentlemen. It is my pleasure to report to you that this meeting is in no danger of being overrun by brain-eating Zombies, because there isn't enough mental mass in this room to feed even a Chinese-sized family of the walking dead. Larry Ellison was right back in 1985 when he talked about Oracle hiring practices (see the whole article here):
"If I want to hire someone for the Oracle kernel DBMS development group, I'll go to MIT and hire the guy who got a 5.0 GPA (4.0 was merely an "A" while the 5.0 got "As" in honors classes). If I want someone for the applications division, I'll hire a 5.0 (honors classes again) out of U.C. Davis. And if I want someone to run the mail room, I'll get a 5.0 out of Stanford." 
So if this cyber security gig doesn't work out for you, you can always apply for a job in the Oracle mail room. The only remotely intelligent statement to come out of this conference was by economics professor John Shoven, who directs the Stanford Institute for Economic Policy Research:
He warned of the “tremendous disruption the lack of trust in the security of the Web would do to the economy.”
The United States has essentially re-established this trust in the security of the Web. As I stated in my testimony before the Senate Judiciary Committee (see the final chapter of Daddy's Little Felons, available here):
We are splitting sixty-two billion with the Israelis [operating under a Congressionally issued letter of marquee and reprisal]. Thirty-one billion is our share. And by the way, most of that money came from oil-producing countries that backed a massive jihadist attempt to hack the electronics of every computer-equipped car in America and cause a one-day massacre on September 11th. .
Notwithstanding China Minister Mingzhao's call to "…establish new international rules for behavior in cyberspace…" I suggest that our licensed and bonded cyber privateers, operating under the auspices of the U.S. Justice Department, have effectively established and enforced your so called international rules for behavior in cyberspace. Those rules are clearly and, more importantly, publicly defined in the Cyber Privateer code (read it here). 

[Commander Rapier's remarks were disrupted when representatives of Iran and North Korea rushed the speaker's dais. Rapier, a former U.S. Navy SEAL, had no trouble subduing his attackers.]

Thursday, October 31, 2013

Hacking The World Banking System. Nobel Prize in Economics for Scott Smith?

Scott Smith, author of the most insightful book ever written on our modern economy, should at this very moment be standing in front of his mirror and reciting thoughts similar to those voiced by George C. Scott in the movie Patton:
"The last great opportunity of a lifetime—an entire world a war, and I'm left out of it? God will not permit this to happen! I will be allowed to fulfill my destiny!"
Long ago, another author named Smith wrote a seminal economic book: Wealth of Nations. That would be Adam Smith, of course. Scott Smith's new book "Boom!" eclipses Adam's in every way (click here to buy the book). Scott is a genius and an early pioneer of structured finance on Wall Street, co-founder of two nationally acclaimed charter schools, and over half a dozen companies in the fields of technology, finance, education and agriculture. In a mere 100 pages and for the meager price of $14.95, Scott opens up a giant can of whupp-ass by completely and unambiguously hacking the world banking system. End of debate.

In a perfect world, Scott should win the Nobel Prize in Economics.

Of course, in a perfect world, Scott would have taken my advice and called his book The Real Wealth of Nations by Scott Smith (acolyte of Adam Smith) and his website (which he did reserve but never enabled) would be ZeroDDT.com. 


"ZeroDDT" stands for Zero Deficit, Zero Debt, and Zero Taxes.



That's right. Scott shows how our financial system could be HACKED to produce an economy in which there is no deficit spending, do national debt, and not a stinking penny of income tax.  I tried to convince Scott that he should openly campaign to be the next head of the Federal Reserve, where he could oversee the hacking and keep everybody honest.

Then again, in a perfect world the U.S. Congress would be issuing Letter of Marquee and Reprisal to licensed and bonded cyber privateers.

It's not a perfect world. But just maybe Scott can get himself a Nobel Prize. 

Stay tuned. 

Tuesday, October 29, 2013

Key to Stealth with The Perfect Virus: The Supply Chain

If you want to undetectably infect the known cyber world, the key is the supply chain. Hence my reluctance, along with the U.S. Government, to buy stuff from Chinese-based companies like Huawei. Alas, my deep-dive security guru Brian Krebs has sent chills running up and down my spine since his revelations about the Adobe security breach (see today's article here). His headine: "Adobe Breach Impacted At Least 38 Million Users." You see, if it weren't for Adobe products, I'd probably be robbing liquor stores for a living.

No, it isn't the theft of credit card information or user names that has freaked me worse than a bunch of super-fast zombies racing up the mountain to my pirate cottage. It's the theft of Adobe source code and the likely misdirection of Adobe attention to their 38 million active users and away from their source code management system. The biggest coup for hackers and rogue governments would be slipping malware into the Adobe Acrobat Reader.

Yegads man! The very thought of it makes me shiver like a virgin at the Playboy Mansion. Sooner than later, somebody is going to lace my ginger ale with GHB and I'm going to wake up in bed with some troglodyte asking, "Was that good for you?" Sweet mother of pearl, the reason I don't have to get in a suit and go to meetings all over the world is that I send guerrilla warfare campaigns to my clients as PDF files!

Yo, Adobe. Please make protection of your software release management system the top priority. And please consider putting a couple million dollars as a bounty for finding and, er, punishing the culprits. A little creative accounting and only the vaguest suggestion defining the word "punish" should do the trick. That way, you'll have plausible deniability when ears, fingers, and other terribly crucial organs start appearing in iced FedEx boxes on your doorstep.

Otherwise, I'm going to have to start casing liquor stores. Hey, maybe Mothers Against Drunk Driving (MADD) would give me a stipend?

Saturday, October 26, 2013

Blackberry BUZZ: Sculley or Lenovo (and the prayers of HP and Larry Ellison)?

Data exhaust from Quantum Leap BUZZ (see my BUZZ article from two-and-a-half years ago here): Former Apple CEO Sculley is rumored to be considering a Blackberry bid (see Reuters story here). And the Twitterverse is also abuzz with reports that Lenovo is considering the acquisition (see Time Magazine story here). FYI, White House correspondent Peter Baker's tweet about the New York Times story does a pretty good Net-Net of the Lenovo option (see the October 25th story here): Lenovo's likely ties to Chinese spying would kill Blackberry [my reading between the lines of David Sanger's story]. Not only would President Obama have to give up his treasured Blackberry (from Baker's tweet), but global attention would be focused as never before on China's "roaching" the technology supply chain. My own BUZZ prediction:

If Lenovo buys Blackberry, not only would it kill Blackberry, but Lenovo sales would tank due to increased public awareness of Chinese spying. Which means that the PC execs at HP are probably getting on their dimpled knees every morning and every night and offering a Ricky Bobby prayer to "Baby Jesus" that the Lenovo acquisition will go through so they can regain world leadership in PC sales (and Larry Ellison is probably praying that HP will do something dumb, like buying Blackberry).

I'd personally like to see Sculley put together the deal. Why?

  1. Even though my new Android (Samsung Galaxy S4) is far superior to my old iPhones (don't get me wrong, my wife will ALWAYS have the latest iPhone), I'd prefer a less open supply chain for my smartphone operating system, for security purposes.
  2. Naturally, Mr. Sculley would have to make sure certain key features existed on my new Blackberry (I'll keep those secret for now). And finally,
  3. I'd prefer AT&T as a vendor, since I've had very good luck with them as a cellular provider over the years.
We'll see if either one of the above scenarios plays out.

Friday, October 25, 2013

Morgan Rapier: "Who you gonna' believe, Huawei or your lying eyes?"

Morgan Rapier, the hero of Daddy's Little Felons, would have this to say about Huawei's latest pronouncements on security:
Once again, Huawei missed out on a chance to set itself apart from NSA spying and the complicity of U.S. software companies in aiding and abetting those activities. The UK Register reported on October 19th (read the story here) that Huawei published a white paper calling for "…globally backed, verifiable security standards…" :
"Among the global vendors, the spotlight has been on Huawei more than anyone else, because we are quite unique being a Chinese-headquartered business. And therefore we have to go the extra mile when it comes to security, and we are pleased to go the extra mile. But there's no point in Huawei improving its security on its own if nobody else in the ecosystem improves their security," he concluded. 
Two-and-a-half years ago, a solution to your world-wide image problems was proposed in these very pages (see the story here). It was proposed that you put $1 million in escrow with a trusted third party to whom you would have given the right to make disbursement if anyone discovers any kind of back door or trap door in your offerings. You say you are not a secret arm of the Chinese government? Prove it.
U.S. cloud vendors are on their heels around the world. Major U.S. software companies like Microsoft and Google are acknowledged suppliers of intelligence to the NSA. Our own government has come right out and said you, Huawei, spies for China (see story here). Instead of issuing that inane white paper, you could have "bearded the lion in his own den" once and for all.
That fact that you did NOT take a more aggressive stand is proof positive that you are indeed spying for China. Paraphrasing Richard Prior's use of a thought originally coined by the Marx Brothers, as if he were talking to the worldwide computer industry about you: 
"Who you gonna' believe, Huawei or your lying eyes?"

Thursday, October 24, 2013

If Larry Ellison Were Head of the NSA and Testifying About German Chancellor Merkel

I'd like to take another flight of fancy, and imagine Larry Ellison as head of the NSA, testifying before the Senate Intelligence Committee. I suspect Larry would take a scene out of the movie Clear and Present Danger. If you'll remember, the president's advisors were telling him to distance himself from a big campaign contributor who turned out to be a drug smuggler and was killed on his boat, along with his family. Jack Ryan advised that when the press asked the president if he and this newly discovered criminal were friends, to say, “No, we were good friends.” If asked if they were good friends, the response should be “No, we were lifelong friends.” Ryan’s point was simple:  “Give the press no place to go.” I don't believe Larry would give the press, or the United States Senate, any place to go.

SENATOR: Mr. Ellison, as you know the Wall Street Journal reported on October 24th (see story here) that the German Government had summoned our ambassador to discuss allegations that the U.S. was monitoring Chancellor Angela Merkel's cellphone. Is there merit in these allegations?

ELLISON: Yes.

SENATOR: I beg your pardon…did you answer in the affirmative?

ELLISON: Yes Senator, I answered in the affirmative.

SENATOR: [gasping and stuttering are omitted from this transcript] Mister Chairman, I suggest we immediately close this hearing to the public and clear the room of reporters.

ELLISON: [before the committee chairman had a chance to rule] Not so fast on that ruling. It should be no secret that the NSA does extensive monitoring of all communications worldwide. This includes cellphone and email traffic. Our monitoring is totally automated, however, and we don't have an army of digital "peeping Tom" voyeurs listening in on private conversations. Our systems index keywords against which our evolving Artificial Intelligence, or A.I., technology looks for patterns.

SENATOR: When you say "extensive monitoring" of communications…

ELLISON: [interrupting] Senator, we get pretty much all of it.

[The chairman had to gavel down the uproar in the gallery]

SENATOR: All of it? You're referring to email?

ELLISON: No Senator, I'm referring to every email and every cellphone call made on the planet, along with facial recognition from every public and private surveillance camera.

SENATOR: [explicative deleted], Joseph and Mary. Does this include French President Francois Hollande, too?

ELLISON: Yes sir.

SENATOR: I…just…don't know what to say.

ELLISON: I can assure you we have no interest in, hypothetically, the French President's conversations with his mistresses. If, however, several keywords from his and other conversations around the world suggest an impending clear and present danger to the United States or its citizens, these will be correlated into a threat assessment document which is then forwarded to the Director of Central Intelligence, or DCI, the head of Homeland Security, and to the President's National Security Advisor. Our A.I. systems bypass a good deal of bureaucracy, thereby protecting the privacy and personal lives of heads of state around the world.

SENATOR: But…but…you just invaded the French President's privacy by implying he had mistresses.

ELLISON: I never said such a thing. It was a hypothetical example. [Ellison takes a moment to look at a message on his cellphone]. By the way, Senator, your own mistress just texted you that she's maxed out her credit card in a department store and needs…[the CSPAN feed was cut just after the Senator leapt over the divider at Mr. Ellison and before Larry could say, "Just joking, Senator."].

Wednesday, October 23, 2013

Data Exhaust Prediction: Going After Mike Lee is John Huntsman's "Plan B" For a Run on the Presidency

John Huntsman, Jr. really REALLY wants to be president. Question is, does he do it in 2016 or wait until 2020 and run as a United States Senator where, if he loses, he doesn't give up his Senate seat? Enter Mike Lee, a Tea Party superstar who has the Utah power elite dog piling on him over his high profile in the shutdown. My super-secret social analytics engine fired off a whole bunch of warnings for me today as the "Twitterverse" hit critical mass with a Huntsman quote in the Washington Post (read the story here). Putting his own ideological spin on his home state and voter sentiment here, the former Utah governor and Obama's ambassador to China is quoted as opining about Senator Lee:
“You don’t have ideological wack-jobs,” Huntsman said.
Huntsman has the war chest and state-wide recognition to unseat Lee for the nomination in 2016. I predict this is his "Plan B" if a direct run at the White House doesn't look doable.

Speaking about "wack-jobs" though, the Washington Post managed to interview quite a few of them for their hatchet job on Mike Lee. My advice to Senator Lee is not to take this lying down.

Monday, October 14, 2013

Marc Benioff's Possible 2016 Senate Testimony

Marc Benioff is the second nominee for my Cyber Privateer Fantasy League team (see his 11/8/2010 nomination here). Oracle's Larry Ellison sends his X-wing fighters into cyberspace to fight against the forces of evil, while Benioff makes a stand with one big fat target I call the Salesforce "Death Star." Actually protecting one entity against cyber incursions may be much more efficient from a security standpoint, since just one service has complete control over security compliance and software upgrades. Compare this with with the problem of protecting every single Oracle (and Java) customer in the Universe. Following is a little fun, a kind of Einsteinian "thought experiment" on a possible future scenario. Imagine Mr. Benioff publicly testifying before an open session of the Select Senate Intelligence Committee.

SENATOR:  Thank you Mr. Benioff for taking the time to be with us today.

BENIOFF: Like I had a choice.

SENATOR: [Unintelligible whisper from an aide.] Please, Mr Benioff, this does not need to be a confrontational hearing. In exchange for your unambiguous and truthful testimony, you've been granted transactional immunity. This means that nothing you say here today can be used against you or your firm, even if other law enforcement organizations independently obtain evidence of criminal wrongdoing.

BENIOFF: I just made a statement of fact. I intend no disrespect to this body.

SENATOR: [Clearing his throat.] Thank you for clarifying that. Now, Mr. Benioff, the purpose of this hearing is to dig into a Wall Street Journal story of Friday, April 1st, 2016 which reported that your company, Salesforce-dot-com, is the only major cloud computing entity in the world that has had no security breaches. Is it correct to assume that this story is no April Fool's joke and that you indeed have no security breaches to report to your stockholders or to the government organizations responsible for overseeing President Obama's executive order setting up voluntary best practices for the industry?

BENIOFF: I can assure you, Senator, that this is no April Fool's story. We have no security breaches to report for all of 2015 and thus far into 2016.

SENATOR: How do you explain this, given the recent heavy losses reported by every industry sector, major technology company, and our banking infrastructure itself?

BENIOFF: We have contracted all corporate cyber security with an offshore entity called CyberPrivateer-dot-com.

SENATOR: Given that the United States of America spends billions of dollars on cyber security, I find it odd that you firm has no line item in your financial reporting indicating expenses related to your own cyber security. According to the president's executive order, you are required to report costs of compliance, whether or not you are following the recommended best practices. Why is it, Mr. Benioff, that you have no such line item in your 10K and 10Q reports to the Securities and Exchange Commission?

BENIOFF: Senator, that's because we don't pay any money for our security. It's free from our supplier.

SENATOR: [An aide slaps the senator on the back to help overcoming a coughing fit.] I beg your pardon! Do you mean to tell me your unprecedentedly effective cyber security is not costing you a penny? Come now, Mr. Benioff!

BENIOFF: Truly Senator. And I understand that my blanket immunity in this proceeding is null and void if I perjure myself. Let me assure you, we do not pay a cent to the organization who provides our security.

SENATOR: How in the name of [explicatives deleted] and Mary does this entity make money?

BENIOFF: They simply insisted on two conditions. First, we provide them with peer-to-peer access to our servers and the error logs intruders trigger when they attempt to violate Salesforce-dot-com secutiy. Secondly, all our customers have agreed to terms and conditions of usage whereby they hold Salesforce-dot-com harmless no matter what our third-party security firm does to recover losses incurred by them due to activity of cyber thieves.

SENATOR: I still don't understand how your security firm, I believe you called them CyberPrivateer-dot-com, makes money.

BENIOFF: Oh, that's simple, Senator. Obeying a strictly enforced cyber privateer code, what you'd call rules of engagement, they loot the assets of any organization or individual foolish enough to try and penetrate our systems. Those looted assets more than pay our customers for financial losses due to cyber criminal activity.

[An active discussion takes place between multiple senators, some of which is critical to the foul language coming from the questioning senator.]

SENATOR: [Now under emotional control.] What if the penetration activity is initiated by a government entity?

BENIOFF: [Laughing his "got'cha" laugh] Well sir, in the case of our own NSA, for whom we have refused to install back doors into our systems and for whose actions we elect not to confiscate financial assets of the United States of America, our security firm just counterattacks with computer virus modules that causes the attacking computers to melt down. This may be the reason your Utah Cyberwar facility has had such serious fire and power problems.

SENATOR: [To his fellow senators.] I TOLD you they were responsible for our NSA troubles. [Turning to Benioff.] You're going [expletives deleted] to jail for this!

BENIOFF: I believe not, since my company, our contractors, and I have blanket immunity in my testimony today.

[This rest of this testimony classified as ULTRA TOP SECRET.]

Wednesday, October 9, 2013

Morgan Rapier: "The Only People Who DIDN'T Know About PRISM Were U.S. Voters"

The previous assertion (read it here), that the only people who DIDN'T know about NSA spying were U.S. voters, was reinforced by yesterdays UK Register story (read it here) how the Australian government knew about PRISM as early as 2007. Certainly, all the major  "state players" (read that as governments around the world) knew what we were up to. America really ought to hold itself to a higher standard, which means a publicly articulated cyber doctrine of overwhelmingly disproportionate response to cyber intrusion—The Morgan Doctrine—is the high-ground alternative to a PRISM police state. Yes, as Larry Ellison told Steve Jobs, "That moral high ground is expensive real estate."

Sincerely,

Morgan Rapier

Tuesday, October 8, 2013

"Cyber Kill Chain" Nonsense

What a cool title for a cyber security policy: Cyber Kill Chain. Man, that sounds tough. Data exhaust from a good spin doctor at the top of his game. Today's Computerworld article explains this intriguingly named philosophy of cyber security (see the article here). Wow, talk about putting lipstick on a pig of an idea! Let me be unambiguous in my review of this policy:
Cyber security without the threat of instant and disproportionate response is just plain stupid.
This message is respectfully brought to you by Morgan Rapier.

Monday, October 7, 2013

Jeff Walker Could Have Saved The Health-Care Website

Today's WSJ front-page headline is "Software, Design Defects Cripple Health-Care Website" (see story here). Almost three years ago, I nominated Jeff Walker to be the #3 man on my Cyber Privateer Fantasy League (see the nomination here). The key paragraph in the piece follows:
Jeff wrote a seminal document called The Principles of the Perfect Application, in which he enumerated twenty-two concepts that no application has ever achieved (not even his TenFold platform). While doing research for a sequel novel (all of us ad guys are really closet novelists), I reviewed his document. It slowly dawned on me that with the addition of very few new principles, Jeff had created a platform for the Ultimate Virus. I also think it would be the Ultimate Cyber Privateer Toolkit.
Jeff's original 22 principles for the perfect application remains the most brilliant treatise on creating major applications that run perfectly right out of the box. Design defects are an impossibility. Nobody else has ever come even close to articulating his application development architecture, let alone implementing it. Today, there are a handful of companies who use Jeff's technology to seriously consternate anybody trying to compete with them (England Trucking, Devon Way, and Remedy Informatics to name just three). Remedy Informatics in particular could have developed and fielded a scalable/bullet-proof health-care website without even breathing hard. Clearly though, they weren't wired into the "Beltway Bandit" procurement network that has a lock on selling $1,000 toilet seats to the U.S. government.

It is Jeff Walker to whom I owe the insight and inspiration for the 22 Principles of the Perfect Virus (see them all here). Gary Kennedy, former president of Oracle and CEO of Jeff Walker's TenFold, could have made the difference here. Unfortunately, the 9/11 destruction of the Twin Towers obliterated TenFold's two largest customers and sent the company into an unrecoverable tail spin. Jeff and Gary, both independently wealthy from their days at Oracle and both off doing their own things now, could have made a difference, not only in the implementation of healthcare, but in every other cybernetic domain on the planet. That they didn't remains one of the great ironies of my life.

Taman Shud.

Friday, October 4, 2013

JOSEPH from SPAIN Working on Part K4 of the CIA Kriptos Sculpture


In a seriously clever bit of detective work, JOSEPH from SPAIN (see how he made monkeys out of the FBI decrypting the Ricky McCormick code here) has done another tour de force by just possibly backing into the last mysterious piece of the Kriptos sculpture outside the CIA headquarters in Langley, VA (see his proposed solution here). Is he correct? I can't wait to see.

Monday, September 30, 2013

Phishing for $$: "Hi, we're the Windows support team!"

Got an interesting phone call today from somebody named "Ricky" who claimed he was with the "Windows support team." The number displayed on my caller ID was 1-333-260-2212. When I asked him if he was an employee of Microsoft he said "We support Microsoft who made your Windows computer." I asked him to give me a call-back number for security purposes, and he gave me 1-888-514-1650. When I then asked him which operating system was in question, he said "All of them." I then informed him that I do not run any Windows computers and terminated the call. I googled the 888 number and got a whole page of complaints about their scam.

I tried to get Ricky to spell his last name for me, but his Indian accent was so pronounced that I gave up. The closest thing I could get was "Vhdl."

Too bad I couldn't leave a voice message on the 888 number, which I'm sure would have been monitored by the NSA (they don't have a leave-a-message option). Something implying the specifics of a terrorist plot. Trouble is, I wouldn't want my phone traced. But hey, if I went to an off-brand smartphone store, I could make such a call on one of their demo units. I could press "1" for customer support, ask for Mohammed, and then start a terrorist rant.

Nah, that would be wrong. Wouldn't it?

Thursday, September 26, 2013

Why Larry Ellison is the Captain of My Cyber Privateer Fantasy League Team

For those of you who didn't follow the America's Cup race, Ellison's Oracle team came from an 8-to-1 deficit to retain the America's Cup by a 9-to-8 margin. In short, Larry knows how to wage war and properly lead the troops. He's the only executive on the planet who would stand a chance of securing the Internet and (in a Tony Stark-like lap around a Senate hearing room) proclaiming, "I have successfully privatized world cyber peace!"

I suggest anyone interested in the art of modern warfare take a look at the final Team Oracle press conference (see it here). At about 52 minutes into the YouTube video, skipper Jimmy Spithill was asked to override Larry's refusal to talk specific boat technology and tell what they did to the boat after they "broke the code" for performance. What a class act! Spithill replied:
"I was just winding you guys up. We didn't change a thing."
For six years I spent one, sometimes two afternoons a week with Larry. It was quite an education. For those of you who want to "go to school" and learn how to win, this press conference could provide lesson material for a whole college semester.

Congratulations, Larry!

Monday, September 23, 2013

Data Exhaust: It's Time for Larry Ellison to Save the U.S. Software Industry

Two headlines today do a more effective job of building my case for licensed and bonded cyber privateers. The first, from Computerworld, shows how former U.S. software customers are running overseas because of the "NSA spying fiasco" (see story here). The second story from its sister publication Networkworld has the headline, "NSA wants even closer partnership with tech industry" (see story here). If this trend continues, there will not be any U.S. software industry.

When's Tony Stark (in real life, the head of my Cyber Privateer Fantasy League, Larry Ellison) going to do a victory lap around a Senate Security Committee meeting? Of course, he'll be proclaiming, "I have successfully privatized world cyber peace!"

Okay, Larry. Take some time to win the Americas Cup race. Then get down to saving the U.S. software industry. Hey, you've already saved the world from biblical incineration (see my introduction of Larry here).

Thursday, September 19, 2013

Snowden And The Seven Dorks: What's Next?

Today's excellent summary of Edward Snowden's NSA hi-ho-hi-ho-off-to-datamining-we-go leaks in Computerworld (see the story here) has a not-so-subtle metaphor in the children's tale of Snow White and the Seven Dwarfs (…make that Dorks). Only there may be a lot more than seven. So far we have (my own favorite childhood names come from the1937 movie):

  1. Bashful: Google would like to come clean, but…
  2. Doc: Naturally it's (.doc) Microsoft (see post here)
  3. Dopey: Reserved for the FBI (see posts here and here)
  4. Grumpy: Apple
  5. Happy: Facebook
  6. Sleepy: U.S. Allies around the world
  7. Sneezy: Yahoo (see my story about Yahoo Swiss-cheese security here)
Believe me, the above list is nowhere near complete. But then, metaphors always have a way of falling to pieces in the harsh daylight of reality. Stay tuned, kiddies!

Thursday, September 12, 2013

Excerpt From DADDY'S LITTLE FELONS (and why every smartphone ought to come with a lanyard and a QIK Internet account)

I strongly suggest there is a great market for smart phone lanyards and premium QIK Internet accounts. Not only would this allow instantly streaming video to the Internet while your hands (and feet) are otherwise occupied, but this capability might mean the difference between beating a criminal charge or doing some serious jail time. To illustrate my point, here is an excerpt from Chapter 7 of Daddy's Little Felons. Enjoy!

I turned left in front of the Grand America hotel and spotted two men about fifty yards behind, one of whom I recognized from the Kendrick hearing. I wondered if he’d gotten a belt since our last encounter. It wouldn’t be at all cool if his pants fell down during our next conversation. His companion looked about the same size, which meant they thought the two of them could handle me. Deciding not to risk involving bystanders in the hotel elevator lobby, I walked down the underground parking ramp from the outside. Once out of their line of sight, I hurried even faster toward my car. Luckily, less than a dozen cars occupied the space near the elevator, which meant we’d have the garage to ourselves. It also meant that the inevitable security cameras near the elevators would put any physical activities in context. But to be sure, I hung my cell phone from a lanyard around my neck and connected through the hotel’s Wi-Fi system to a streaming video. Both sound and video would instantly stream to the Internet, creating a record of the encounter. If I played this fair and square, notwithstanding greater risk to myself, Lyle Kendrick might have some friends and family with whom to while away the hours behind bars in Draper. Greater risk to myself, because I’d have to let them make the first solid move, as opposed to my OPA philosophy—that’s Overwhelming Preemptive Assault philosophy—intercepting the first incoming fist and pulverizing everything in sight with overwhelming retaliation. 
The two guys following me didn’t take any great pains to do it stealthily. Interesting. Maybe they hoped I’d run from them. Or die of fright. Or let me get my car door half open before rushing and pinning me half way into the seat. Upon reaching the car I examined their reflection behind me from my tinted glass windows, and they didn’t appear to come armed, walking with their arms loosely hanging away from their bodies the way weight lifters strut around the gym—or the prison yard—after getting pumped up. 
“Hi, guys,” I said, turning slowly to size up the visiting team. Then, to Lyle’s look-alike, “You must be a Kendrick?” 
“You owe me an apology,” he replied. 
“They don’t teach manners in the trailer park, huh?” I said. “My name is Morgan. And you are?” 
“I’m Lavar. Lavar Kendrick,” he said. He didn’t seem to take my trailer park comment as an insult, possibly wondering instead how I knew where he lived. Gesturing to his companion, “This is Lamar Kendrick.” 
“Lyle’s brothers?” I asked. 
“Yep,” said Lavar. 
“Cousin,” said Lamar. 
“Like I said, you owe me an apology,” restated Lavar. 
And at that moment, I realized I probably did owe the poor blighted soul an apology. Sure, he’d been about to vent his frustration on a poor defense attorney, but I’d humiliated him in public just after his brother had been thrown into the slammer. Maybe the two of them had endured quite a few beatings in their respective lives. Maybe the abused hadn’t yet become the abuser, and Lavar’s problem solving skills had evolved past physical confrontation. I decided to cut him some slack. 
“You’re right, Lavar. I guess I do owe you an apology,” I began. Neither one of them could make eye contact without looking up at me, and I hoped they’d use my apology as an face-saving excuse to back off. “I was just trying to stop you from giving that poor attorney a heart attack. The pants thing just happened.” 
Alas, Lavar didn’t take my apology in the spirit I’d intended. Instead, he did his smirk toward Lamar, incorrectly assessing my honest apology as cowardice. Then back to me, “Too little. Too late, Morgan.” 
“So I don’t suppose you’ll let me buy you guys a beer and call it even?” I asked. 
“You’d probably get arrested for walking into a bar without your pants on,” smirked Lavar. 
“Ah, quid pro quo,” I said. 
“What’d you call me?” said Lavar, flexing to keep his pump-up going. Lamar looked equally confused and flexed, too. 
“Boys, that means eye for an eye. Pants for pants.” 
“Yes it do,” said Lamar, wanting to keep up his end of the conversation. 
“Too bad you feel that way, Lamar, Lavar,” I sighed. “Let me therefore apologize in advance.” 
“In advance of what,” said Lamar. 
“I truly didn’t want to hurt you guys, but you’re not leaving me much choice.” 
The faintest shadow of concern registered as Lamar’s eyebrows seemed to grow together. He looked about to step back, but Cousin Lavar seemed to miss the implication of my pre-pology. He snickered and said, “We’ve taken down big guys before.” 
“In a bar fight, maybe,” I said. “Fair warning. I’m a US Navy SEAL. Team Three if you know anything about SEALs. I’ve seen a lot of combat, and I could whip ten of you. So, last chance Lamar and Lavar Kendrick.” 
I repeated their last name, for my streaming video record. 
“Don’t forget Cousin Laverl,” said a voice behind me. Obviously, he couldn’t get to me with the car to my back, but perhaps he wanted me to turn so the other two could sucker punch me. My only risk in not assessing the threat might be a baseball bat to the head, but I mitigated against that threat by stepping away from the car and toward the two guys in front of me. Laverl would have to throw his bat, if he had one. 
My forward motion threw off the timing of Lavar’s round house punch, which glanced off my shoulder, instead of my jaw. Lamar also stepped forward, which accelerated his throat into my two right knuckles headed for his larynx. Luckily, I pulled the thrust at the last instant, thereby saving Lamar’s life. But even the pulled punch put him out of the fight, which I knew it would. Lavar had quickly followed his right-hand round house with a left jab to my solar plexus, and it might have hurt me if I didn’t have the reach advantage. A split second after I’d slugged Lamar in the throat, the heel of my eft hand slammed into Lavar’s unprotected chin. Combined with his forward momentum, the force snapped his head back and into a garage supporting post. He bounced rather nicely with eyes rolled back before he hit the ground. Now, where was that little scamp, Cousin Laverl? 
I turned to see a wide-eyed statue on the other side of my car. He hadn’t moved since his opening line of the scene. A quick glance behind me at Lamar on his hands and knees and breathing, albeit with difficulty, reassured me that I hadn’t killed the poor devil. Maybe time for an olive branch? 
“Laverl is it?” I said. “You want to take a crack at me, that’s fine. Or you can give me a hand with your cousins to make sure I haven’t hurt them too badly. Your call.” 
He came around the car, both hands with palms raised and facing me. “Okay, mister. Whoever you are, we don’t want any more whup-ass.” 
“Good call.” I knelt by Lamar and massaged his throat. “Relax man, you’re panicking and that’ll just make it harder to breathe. I’m not going to hurt you unless you give me a reason to.” 
Laverl was shaking his unconscious cousin. “Lavar?” 
“Is he breathing?” I asked. 
“Y-yeah, he is,” stuttered Laverl. 
“Good,” I said. “I’ve got a bottle of water in my car.” 
I opened the car door, the remote-proximity feature of the key in my pocket unlocking it, and grabbed a bottle of water from the door pocket. After squirting a little into Lavar’s face and seeing a quick shudder, I handed it to the now sitting Lamar. “Take a very small sip of this water.” 
He accepted the water tentatively, as if expecting the bottle to get jammed down his throat or into an eyeball. 
“Okay, Mom, I’ll go feed the chickens,” came Lavar’s voice to my left. 
“He’s probably got a concussion,” I said. “Would you guys like a ride into emergency? Lamar ought to have his throat looked at. If his larynx is bleeding, he could drown in his sleep.” 
Both Lamar and Laverl stared at me in disbelief. Lamar croaked something unintelligible and then shook his head to decline the offer. Laverl got the gist of the message and said, “Lamar’s truck is on the corner. We can take it.” 
I helped Lamar to his feet. Laverl grabbed the semi conscious Lavar and walked between them toward the parking lot ramp. Lavar looked up and around, probably wondering how he got here, and Lamar carried my water bottle in his free right hand, using the left to steady himself against his cousin. 
“I’m serious, Laverl,” I said. “I know your name, and if you don’t go to emergency and something bad happens to either one of these guys, me and a bunch of SEAL buddies are going to pay you a midnight visit.” 
“Yes sir,” said Laverl. I watched them disappear up the ramp, and turned off my telephone streaming video. My one or two video followers would probably have some fun passing around the link.

IMHO, the most serious problem with Google Glass is lack of stealth. A simple lanyard attachment to any smartphone and an instant-streaming account with a video online repository (like QIK) is a  necessity in these dangerous (read that as "litigious") times.

Wednesday, September 11, 2013

Syrian Data Exhaust: "Assad Na Zdorovie, Obama Nyet!"

In my last post, I hypothesized that either Russia or China were arming the Syrian Electronic Army with cyberwar technology (thanks to Jerry Pournelle's and Larry Niven's novel Footfall, I had a metaphor to describe how such a group of incompetents as the SEA could mount such sophisticated attacks on The New York Times and on the USMC website). Given that Russian President Vladimir Putin has openly stated Russia will provide Syria with a missile shield should the U.S. launch an attack (see story here), there may not be enough to convict Russia in a criminal court. But any Las Vegas bookmaker would be crazy to bet against that hypothesis. So yes, it's the Russians. China, I'll let you off the hook this time. But only this time.

Wednesday, September 4, 2013

DATA EXHAUST: Who's Helping The Syrian Electronic Army? China or Russia?

How do the bumbling nincompoops in the Syrian Electronic Army manage to get their own servers hacked and yet do some fairly sophisticated hacking themselves (I suggested decent hackers would use DNS vulnerabilities in my post of almost three years ago—see item number 5—which you can read here)? The answer, once again, was predicted by my friend and science fiction author Jerry Pournelle (with Larry Niven) in their novel Footfall. In this hilarious piece of fiction, a elephantine race called the Fithp manages to leapfrog technological evolution when they stumbled upon advance alien technology. Not understanding a tenth of what they had, the Fithp set out to conquer earth using kinetic weapons they feel is metaphorical to their own understanding of dominance. And they can't grok why humans won't let them put their big elephant-like feet gently on human heads as a symbol of mankind's surrender. No, they don't want to crush human heads. They just want what they regard as obvious symbolic surrender. Humans should let them put those big feet lightly on their human heads. This analogy is a lot like the Syrian Electronic Army.

This bunch of troglodyte Iranian-backed numbskulls have clearly gotten their hands on a few early versions of sophisticated cyber weapons developed by outside sources. Perhaps those outside sources wanted plausible deniability as they conducted the equivalent of nuclear testing. Give this "gang who can't shoot straight" a couple of decent cyber weapons, and then watch them have some fun.

Further "data exhaust" proving my point is the Twitter rhetoric of the Syrian Electronic Army, who promises worldwide cyber war if the U.S. attacks Syria (for the record, I think a U.S. attack of Syria is stupid on too many levels to articulate in this venue). Their threats are oddly reminiscent of Saddam Hussein's "Mother of all wars" pronouncements prior to commencement of his own bitch slapping. Again, elephant brains with sophisticated weapons they didn't create themselves.

Data exhaust from the Twitterverse (using now-publicly-unavailable Quantum Leap Buzz Pattern Based Analysis—hey, I live in a state of grace and sit on the Quantum Leap board of directors) suggests either China or Russia are SEA's cyber arms dealers. Right now, my gut tells me China is arming the mullah mothers. But then, I have an old bone to pick with China and their attacks on my now-decommissioned Linux servers (see my diatribe of almost three years ago here).

Time will tell whether or not I'm on target. I'm personally staying tuned to Brian Krebs' eventual dissection of SEA's toolset. That ought to get some imamaries in a twist.

Thursday, August 29, 2013

DESTROYING ANGEL ranks high on Amazon after just one day

Amazingly, Destroying Angel ranks #10 in "Crime Fiction" and #32 in the "Action & Adventure" categories after just one day in the free promotion category:
Yeah, I know. Free is free. But something is resonating out there with my "deep dive into Black Box Portability" of computer virus technology (see my Principle #7 of the Perfect Virus here).

Wednesday, August 28, 2013

My 1st Novel DESTROYING ANGEL available free on Amazon until Sunday, 9/1/2013

In case you're wondering if you should spend $2.99 on Amazon for Daddy's Little Felons, here's your chance to see if you like my style at all. My first novel, Destroying Angel, is available free through Sunday at Amazon (click here for the link).

Best wishes,
Rick Bennett

Tuesday, August 27, 2013

If I Were a Jihadist, Part III (Adios New York Times)

Back on Valentines Day 2011, I waxed poetic/operatic and changed the words to a song made famous by Johnny Cash as well as Bobby Darin (see the post here), changing the lyrics of If I Were A Carpenter to If I Were A Jihadist. I pointed out that I wouldn't have to painstakingly hack specific target sites. I'd just take down the Domain Name Servers. I called it the "…(cyber) nuclear option."

Well, guess what? That whacky Iran-supported FTW Syrian Electronic Army with their backs against the wall have done a small version of just that. They didn't have to hack the New York Times. They just went after vulnerable DNS servers (see the Time Magazine story here). Et tu Huffington Post and Twitter feeds of The Associated Press, Al-Jazeera English and the BBC.

The guy I passed in New York's Times Square had the right idea as he waved his bible and shrieked, "The End is Near!" He did give me a funny look I winked at him and said that I'd been saying the same thing. He might not have been some poor soul off his meds, after all. When I said he must know how the Old Testament prophets felt, he kind of recoiled. Then all I did was raise my hand to straighten my hair and he started to run away. Go figure.

So my question is, are you willing to leave world cyber security up to a bunch of politicians and generals who don't know an outer join from a double hernia, and who sit around a table wringing their hands after each "extinction-event scenario dry run"just as real as the Armageddon movie comet headed for the earth, or might you at least participate a public debate on Real Internet Security and the Enforcement of Such by Licensed and Bonded Cyber Privateers?

I concluded my article with these words:
One way or another the Internet is probably going to cease to exist as we know it. Either because of a physical pygmy in North Korea or a mental pygmy in Tehran. And remember, in a world full of emotional pygmies, the patient man is king. 
Think "DNS Security" my friend. Then just try to get a good night's sleep.

Selah.

Monday, August 26, 2013

"Hell no, we're not in the #&@*%$ cloud!"

With all the hype about investing in cloud technology, I have yet to see any software firms say "Hell no!" to the cloud. Given Saturday's UK Guardian story on the incestuous relationship between the NSA and Silicon Valley cloud vendors (see the story here), maybe somebody should put that skunk on the table.

Wednesday, August 14, 2013

Google: Gmail users have no "legitimate expectation of privacy."

Today's Time Magazine story makes the NSA inroads to Silicon Valley rather unambiguous (see Time's story here). In Google's motion filed on June 13, 2013 regarding class action complaints that "…allege the company violates wiretap laws by poking around in email…" we read:
Just as a sender of a letter to a business colleague cannot be surprised that the recipient’s assistant opens the letter, people who use web-based email today cannot be surprised if their communications are processed by the recipient’s ECS [electronic communication service] provider in the course of delivery. Indeed, “a person has no legitimate expectation of privacy in information he voluntarily turns over to third parties."
Hey, I don't mind unambiguous. Good for Google. I just wish our government would be equally unambiguous and let us stop playing defense-only tactics with people trying to hack our systems.

In fact, realizing that some übersnooper is looking at my email for keywords, I've had some ideas about responding to spam that would put a national security bullesye on spammers. For the time being, I'll keep those to myself.
 

Friday, August 9, 2013

Appeals Court Whacks 1800CONTACTS' Attempt to Hijack the Internet

On December 30, 2010, I reported that Federal Court Judge Clark Waddoups "got it right" when he ruled against 1800CONTACTS' attempt to hijack the Internet (see my story here). Would you believe 1800CONTACTS appealed the ruling? Only in Utah, where church and business are so incestuously linked that the if-I-think-it-then-it-must-be-the-will-of-God-and-I-will-fight-to-the-death-as-a-matter-of-principle attitude prevails in our theatre of absurdity. Well, the Tenth Circuit of the United State Court of Appeals has ruled on the case (see the full ruling here). Net net, they told 1800CONTACTS to get an eye exam and possibly a new legal team.

1800CONTACTS has spent HUNDREDS OF THOUSANDS OF DOLLARS suing Lens.com for having the audacity to buy Google AdWords to poach leads from 1800CONTACTS. Imagine the gaul! Competing for business on the Internet. How dare they!

If you don't have time to dissect the ruling, here are a few knee-slappingly funny points:

  1. The total business generated by a Lens.com affiliate who did indeed use the 1800CONTACTS name in their ad copy was less the the price of a used Yugo!
  2. The appeals court ever-so-diplomatically suggested that 1800CONTACTS' law firm blew it when, on page 17 of the ruling, they write:  "…1-800's only clearly expressed theory of infringement was initial-interest confusion. Although it asserts on appeal that Lens.com's acts of direct infringement included purchasing merely generic keywords and then failing to designate the 1800CONTACTS mark as a negative keyword, that theory was not raised in district court."Translated: "Too bad your legal geniuses missed a more cogent argument."
  3. The appeals court again slaps 1800CONTACTS' brilliant legal team on page 29 when they write: "But this argument misreads the district court's order." Translated: "Learn to read, morons!"
  4. Finally, the appeals court is downright effusive in their praise of Judge Waddoups original ruling: "We affirm for substantially the reasons set forth in the district court's thorough and cogent order" [I added the emphasis in the last four words of that sentence].
What's next? Only in Utah my friends, only in Utah does the I-will-fight-to-the-death-because-it's-right mentality rear it's inbred head. Somewhere, I can hear a lot of pounding on the conference room table as 1800CONTACTS lectures the legal lackies for which they are paying an aggregate $2,000 an hour: "I don't care if it costs us another million dollars and we take this to the United States Supreme Court, Baby Jesus came to me last night and said this is the right thing to do." Okay, I couldn't resist poaching a phrase from Will Farrell's Ricky Bobby role in the movie Talladega Nights. But you get the idea.

Throwing 1800CONTACTS a bone, the appeals court ruled that Lens.com was guilty of contributory negligence because they took too long to figure out the who and where of the actual affiliate infringement, and did not do a simple blast email to all their affiliates telling them to never EVER use 1800CONTACTS in their advertising. So this will go back to the Federal Court for another run with the bulls. But again, the actual bull-goring of 1800CONTACTS from this contributory negligence was less than the price of a used Yugo. 

Hey, it's the principle that matters! And, of course, the attorneys being able to afford country club memberships for their trophy wives and far-away private schools for the kids to keep them from ogling their stepmother's latest cosmetic surgery. How about we at least castrate the attorneys so their rancid genes can't produce more blights on humanity?  

I now return from this comic opera to again focus on the critical cyber security issues facing this fragile world.