Monday, April 29, 2013

China’s Hackers Shifting Focus

According to the Taipei Times, Taiwan's National Security Bureau (NSB) estimates that the PLA’s cyberarmy now numbers more than 100,000, has a budget of more than US$2.71 million and targets telecoms and think tanks. It also believes that the Chinese military has shifted the emphasis of cyberattacks on Taiwan from government institutions to civilian think tanks, telecommunications service providers, Internet node facilities and traffic signal control systems.

This doesn't seem to agree with US evaluations. PRC has long engaged in espionage with the other APT: humans. It's only recently, it seems, that attention has been directed to government, critical infrastructur, and military targets.

Tuesday, April 23, 2013

IoT, IPv6: IT Issues? Security Problems? Anything?

A recent issue of Networkworld teased The Internet of Things: Coming to a Network Near You on its cover.

We’ve been following, and publishing books on, IoT for a long time now. Speakers at last week’s Infosecworld mentioned IoT, along with Smart Grid, in sessions and keynotes. My question is, does anyone really know or care? Based on readership of articles and excerpts we’ve published and book sales, I’d say no.

Yet, like IPv6, another topic that doesn’t seem important to many people, IoT is going to become an IT problem, and an major security issue as well. It’s not just your smart refrigerator telling you to pick up milk on the way home from work. As the Smart Grid rolls out with essentially billions of sensor nodes, and vehicular networks, bandwidth demands will jump sharply and Big Data will inundate everything.

As a test, here are some books, articles, and excerpts covering IoT, IPv6, and Smart Grid. I’m going to monitor to see if there’s any increase in interest.

Articles and Excerpts
Internet of Things: A Context-Awareness Perspective
The Internet of Things in the Cloud: A Middleware Perspective
Communication Middleware for the Internet of Things
Smart Grids
Basic IPv6 Security Considerations


Unit and Ubiquitous Internet of Things
The Internet of Things in the Cloud: A Middleware Perspective
The Internet of Things: From RFID to the Next-Generation Pervasive Networked Systems
Security in an IPv6 Environment
IPv6: An Introduction and Overview
Handbook of IPv4 to IPv6 Transition: Methodologies for Institutional and Corporate Networks

Friday, April 12, 2013

Reading Is So 20th Century

I received this pitch yesterday for 2 - 3 minutes videos.

"Reading is so 20th century. That's why MaaS360 has created quick hit videos to make you a master in mobility management. You'll know so much about mobile device, app and doc management, people will actually think you read a white paper."

Then there was this this from Spectrum. Videos and slideshows are taking the place of print in presenting technical information.

What's more, there has been a lot of news about new 'long-form' websites publishing pieces longer than magazine artiles and shorter than books. Sign of things to come? Does anyone read books anymore?

It took USA Today to dumb-down newspapers. What's next?

Wednesday, April 10, 2013

O-TTPS and Huawei

The Open Group Releases Global Technology Supply Chain Security Standard
From the press release, "Specifically intended to prevent maliciously tainted and counterfeit products from entering the supply chain, this first release of the O-TTPS codifies best practices across the entire COTS ICT product lifecycle, including the design, sourcing, build, fulfilment, distribution, sustainment, and disposal phases."

Meanwhile, the head of Huawei admits "challenges and problems" in America.

So, even though the new O-TTPS is supposed to create trust within the supply chain for COTS, could Huawei, even if it were a software company, ever use it? I doubt any type of certification will overcome the deep mistrust of enterprises owned by either the PRC or the PLA.

Tuesday, April 9, 2013

To Hack Health Care Costs, Employers Can Now Track How You Grocery Shop

"'Your boss will never know what you’re eating,' says NutriSavings CEO."

Sure. I believe that. 

I think because I buy so little at the grocery store, and because whatever savings I get from use of the store card is minimal, I should consider not using it. It should be a simple habit to break.

Don't you wish you could see the aggregated data about you? Or maybe not. Life off the grid is looking better and better. I'm already starting to use cash more often, and hit the 'net anonymously.

There was a story in the local paper this morning about a town who surrendered citizens' email addresses
because of a FOIA request. Strange, though, how easily government gives up information like this, but is willing to fight to the death against providing information pertaining to its own perfidy.

It's a scary world.

Thursday, April 4, 2013

Use of Personal Data on Internet Is ‘Out of Control’

86% of Consumers Think They Have Little or No Say About How Corporations Use Personal Information; 81% Want More Control Back
TETTNANG, Germany--(BUSINESS WIRE)--Security expert Avira announced today the results of its latest online research survey that found that 86 percent of consumers worldwide felt they had little or no control over how corporations use their personal information online.

The personal information survey was presented to a random sample of Avira’s website visitors during February and March of 2013. There were 950 respondents with a margin of error of +/- of 3.18 percent. The two-part question asked:

How much of a say do you feel you have today over your personal information on the Internet?
A) 54.53% - I feel like I have almost no say over how companies use my personal information online.
B) 32.11% - I feel like I have a little say over how companies use my personal information online.
C) 7.16% - I feel like I have a lot of say over how companies use my personal information online.
D) 6.21% - I feel like I have an almost complete say over how companies use my personal information online.

A follow-up question asked:
How much control would you like to have over your personal information on the Internet?
A) 80.95% - I'd like more control.
B) 16.53% - I'm happy with how much control I have.
C) 2.53% - I’d like less control.

“Most consumers don’t really understand what is happening with the information about them and this scares many of them. The reality is that they have more control than they think,” said Sorin Mustaca, IT security expert at Avira. “For example, only few know that they can disable the advertising tracker in their iPhones, they can install a do-not-track extension into their web browsers, and that they can control many privacy and security settings in Facebook and other social networking websites. Last but not least, no tool or security solution is able to replace a healthy common sense: do not share information about you which you don’t want to be public.

While I agree with these findings, I wonder about the respondents. If they were mostly European, it could skew the findings. In general, Europeans are much more aware of privacy issues than Americans; and European privacy protection laws are very tough, especially when compared to American laws, which are basically non-existent.
I posted here about a NY Times story that consumers would sell their privacy very cheaply.
So, who really cares about online privacy, the dangers of aggregators of personal information, and intrusive advertising?

Tuesday, April 2, 2013

Monday, April 1, 2013

It's Official. Consumers Don't Care Much Online Privacy

This interesting NY Times story  focuses on the reseach of Alessandro Acquisti, co-editor of Digital Privacy: Theory, Technologies, and Practices.

And, if they don't care much about their own privacy, they likely care less about security at work.