Howard Schmidt To Be Cybersecurity Czar
Howard A. Schmidt has been named Cyber-Security Coordinator of
the Obama Administration (i.e. Cybersecurity Czar). Schmidt was
a cyber-adviser in President George W. Bush's White House.
The only thing I know about Howard Schmidt is that he is not
the father of Google's CEO Eric Schmidt.
When it comes to computer security I try to listen to
Bruce Schneier, Gene Spafford, Phil Zimmermann and
Edward Felten; therefore, I am interested in what
these computer security gurus have to say about
Howard Schmidt. To date, I haven't been able to
find much, but I did find the following.
"Reporters are calling me for reactions and opinions, but
I just don't know. Schmidt is good, but I don't know if
anyone can do well in a job with lots of responsibility
but no actual authority. But maybe Obama will imbue the
position with authority -- I don't know."
From Spafford via TheCommandLine.net...
"Well, to be correct about it, neither Bruce nor I was ever
contacted about taking the position or about suggesting anyone
to fill it."
I find this (neither Bruce nor I [Gene] was ever contacted)
Spafford continued via TheCommandLine.net...
"This may or may not say something about the search itself.
I do not know of anyone with a primarily cyber technology
background who was contacted -- only people with business
and/or military backgrounds. This is another factor that
made me believe that the view of this position is skewed
in a direction that will limit its effectiveness."
Keyphrases... Schneier: "a job with lots of responsibility
but no actual authority." Spafford: "this position is
skewed in a direction that will limit its effectiveness."
[24 December 2009, top]
Using Face Recognition At Malls
Via Slashdot.org on 2009.12.10...
"The Sydney Morning Herald reports that face recognition is
being considered at Westfield's Sydney mall to catch offenders."
place face to hide.
No place for crooks to hide
[10 December 2009, top]
Are the Russians Responsible for Climategate?
Critical FYI to NewScientist.com: Climategate was the result
of crackers cracking into computer systems. Granted, the crackers
might have been hackers, but we need to differentiate between
hackers and crackers. Only a small percentage of hackers
are crackers. And it is possible (probably downright easy)
to be a cracker without being a hacker.
Climategate: Russian secret service blamed for hack
[08 December 2009, top]
Hackers Fail To Crack Brazilian Voting Machines
Potentially good news when it comes to e-voting.
Hackers Fail To Crack Brazilian Voting Machines
[15 November 2009, top]
Who was Fred Cohen?
The first episode of Sesame Street aired on 10 November 1969.
Fast forward 14 years...
"1983: Fred Cohen, a University of Southern California graduate
student, gives a prescient peek at the digital future when he
demonstrates a computer virus during a security seminar at
Lehigh University in Pennsylvania. A quarter-century later,
computer viruses have become a pandemic for which there's
Nov. 10, 1983: Computer 'Virus' Is Born
[10 November 2009, top]
Conficker Remains a Problem
I had forgotten about Conficker, but it appears as though it is
"alive" and doing well.
"On Thursday [2009.10.29], researchers at the volunteer-run
Shadowserver Foundation logged computers from more than 7
million unique IP addresses, all infected by the known
variants of Conficker.'
7,000,000 seems like a lot of "infected" computers.
IT: After 1 Year, Conficker Infects 7M Computers
[01 November 2009, top]
A Bit About Hotmail Passwords
Hotmail.com has been a favorite website for crackers for a long time.
In a nutshell: passwords are still important.
Most Common Hotmail Password Revealed!
[07 October 2009, top]
Cybersecurity Requires Real-Time Processing
The headline read: "Cybersecurity debate touches a nerve."
The AP (Associated Press) report started with...
"There's no kill switch for the Internet, no
secret on-off button in an Oval Office drawer."
The AP report included the following quote by
Melissa Hathaway, former White House cybersecurity
adviser: "We need a system to identify, isolate and
respond to cyberattacks at the speed of light."
In the computing world, speed of light implies real-time.
[29 September 2009, top]
Password Hackers Are Crackers
Yikes! Even technologists at the EFF (Electronic Frontier Foundation)
are calling crackers hackers.
"This is an important point that people haven't grasped,"
said Peter Eckersley, a staff technologist for the Electronic
Frontier Foundation in San Francisco. "We've been using e-mail
for years, and it's been insecure all that time. . . . If you
have any hacker who is competent and spends the time and
targets you, he's going to get you."
Password Hackers Are Slippery To Collar
[11 September 2009, top]
Microsoft and FTP Defects
First, and most importantly, hackers who crack (attack) computer
systems are crackers.
Second, crackers are using defects found in FTP (File Transfer
"Microsoft confirmed a bug in several versions of its Windows
operating system that could leave the door open to malicious
"Microsoft confirmed that hackers are actively using exploits
of the FTP bug to attack Web servers."
Vulnerabilities in the FTP Service in Internet Information Services
RFC 114 - File Transfer Protocol
[09 September 2009, top]
OSDV - Open Source Digital Voting Foundation
I tweeted the following on 6 September 2009.
nanofoo I'm following @OSDV i.e. #OpenSourceDigitalVotingFoundation
"Fundamentally re-inventing digital voting technology."
I like how the ODSV Foundation describes itself as "a meritocratic
community of technology and policy geeks, developing open source
guidelines, specifications, and prototypes of high assurance digital
voting systems and services."
Open Source Digital Voting Foundation
Recent news item concerning evoting.
"Computer scientists from the University of California,
San Diego (UCSD), the University of Michigan, and Princeton
University have demonstrated that a Sequoia electronic-voting
machine could be hacked, and votes stolen, using a programming
technique that had not yet been invented when the machine
[06 September 2009, top]
There's No One Definition For Spam
The following is hard to believe, yet I believe it.
"[...] a student who, after sending a respectful and serious
e-mail to select members of the faculty about the university's
decision to reduce the school year by several days, was brought
up on charges of spamming."
The student was found guilty, but the EFF (Electronic Frontier Foundation)
and others came to the student's defense and the charges were dropped.
Michigan State University: Serious Student Complaints = Spam
[30 August 2009, top]
Politicians and Biometrics
I get nervous when politicians create bills that involve the
use of biometrics. One Arizona politician got a biometrics
related Letter to the Editor published in the Arizona Republic
and posted the following comment.
Biometrics is the future and it is refreshing to see a
couple of Arizona politicians doing something that hints
of the 21st century. I feel good about Giffords ability
to learn about 21st century technologies, but I can't
say the same for Harry.
I looked at the "full text" of the New Employee Verification Act
and the term "biometrics" is used a total of five times; however,
no specific biometric details are given. It's almost as if the bill
wants to be buzzword-compliant. Granted, biometrics is an emerging
technology and it would be unwise to restrict it to specific types
(e.g. face recognition, DNA, voice, nose hair [humor], etc.), but
leaving it blank makes me nervous.
Another item that bothers me is that H.R.2028 states biometric
data will be encrypted, but it defines zero minimal encryption
requirements. In other words, the biometric data could be encrypted
using ROT13 encryption and that would be 100% unacceptable.
[side-bar] AzCentral.com claims it is Arizona's homepage, but my
experience with respect to hyperlinking is that they like to cause
linkrot. In other words, the following hyperlink might stop working
at some point and time.
Bill does tout biometrics for firms
[30 August 2009, top]
What Exactly Is a Cybersecurity Emergency?
My heart rate exponentially increases every time I read about politicians
considering bills that are related to computing. It appears that at this
point and time, the definition for "cybersecurity emergency" gives the
the President of the United States of America way too much power.
Bill would give president emergency control of Internet
[29 August 2009, top]
Is Malware Growing Exponentially?
The following tweet from Pingdom prompted this posting.
pingdom Google malware stats: http://tinyurl.com/knnznw
"The number of entries on our malware list has more than
doubled in one year"
Sounds like malware is experiencing exponential growth.
Malware Statistics Update
I tweeted the following the day prior to receiving
the Pingdom tweet.
I saw this first on the TV news... Crackers are using
some actress named Jessica Biel to crack computers.
Typical headlines found the web.
"Cybercriminals Favor Jessica Biel as Malware Bait" --Yahoo.com
"Obsessions with Jessica Biel lead to a world of malware hurt"
The headline "Jessica Biel Causes Malware?" at Mixx.com is
a bad headline because it makes it sound as if Jessica Biel
is a cracker.
[27 August 2009, top]
Healthcare IT Crackers--Get Ready
Two tweets by @nanofoo.
nanofoo Great document... "How To Become a Hacker" by
Eric S. Raymond; http://ow.ly/j14U
"hackers build things, crackers break them"~esr #quote
nanofoo WSJ.com "New Epidemic Fears: Hackers" The headline
should read "Crackers" not "Hackers." http://ow.ly/j11p
There lots of work that needs to be done in healthcare IT
and I have zero doubts that will be a gold mine for crackers.
[17 August 2009, top]
Cyber-Attacks Are a Form of Cyber-Warfare
It appears as though North Korea wants to gain some
experience in cyberwarfare. The US government currently
has 32 czars, but no cybersecurity czar (yet).
New 'cyber attacks' hit S Korea
[09 July 2009, top]
Western Technology Usage in Iran
Two tweets from John Perry Barlow (co-founder of the EFF)
posted on or around 22 June 2009.
johnperrybarlow EFF 101. We've long held that tools to
guard copyright, etc. can serve tyranny. WSJ vindicates:
johnperrybarlow Western companies sell "deep packet inspection"
technology to Iran government (via @mkapor)
[22 June 2009, top]
Obama Admits Cybersecurity is a Huge Issue
I agree with Obama with respect to the following...
"America's economic prosperity in the 21st century
will depend on cyber-security."--Barack Obama
Obama is also correct when he says, "acts of terror could
come from a few keystrokes on a computer."
It was also refreshing to read that Obama continues to
"remain firmly committed to net neutrality."
Prez on cyber-crime: "It has happened to me"
[29 May 2009, top]
Bullfoo = Meier Cyberbullying Prevention Act?
Q: What is one way bullfoo can be defined?
A: The Megan
Meier Cyberbullying Prevention Act [H.R. 1966]
[05 May 2009, top]
Beware of Bots
This is old, but I have finally got around to posting...
A Robot Network Seeks to Enlist Your Computer
IT World ponders an interesting question...
When A Company Folds, Who Guards Your Data's Privacy?
[03 May 2009, top]
Crackers Drawn To DoD Systems
The Wall Street Journal (on 2009.04.21) reported that "Computer spies
[crackers] have broken [cracked] into the Pentagon's $300 billion
Joint Strike Fighter project. WSJ went on to report the following.
"The Joint Strike Fighter, also known as the F-35 Lightning II,
is the costliest and most technically challenging weapons program
the Pentagon has ever attempted. The plane, led by Lockheed Martin
Corp., relies on 7.5 million lines of computer code, which the
Government Accountability Office said is more than triple the
amount used in the current top Air Force fighter."
7.5 million lines of code sounds like a lot of code.
Computer Spies Breach Fighter-Jet Project
[21 April 2009, top]
South Africa Has Biometric Passports
They are a couple of years behind schedule, but South Africa now
has biometric passports.
"The new passports have an embedded RFID chip which stores
the owner's biometric information, including personal details,
a high-resolution colour photograph and fingerprint information."
South Africa rolls out biometric passports
[20 April 2009, top]
Using Buffer Overflows to Crack the Smart Grid?
Lots of money is going into the development of the "Smart Grid"
for distributing electricity, but some security experts are
concerned that it won't take lots of smarts to crack the
"According to network security researchers and product
specialists alike, the Smart Grid may also be a breeding
ground for the types of cyberattacks that could leave it
not only hacked, but blacked out entirely."
Build it and they will crack it and it is being built.
"According to IOActive, there are more than 2 million Smart
Meters used in the country already, and an estimated 73
utilities nationwide have ordered 17 million more of them."
Hard to believe, but I believe it when I read that even the
Smart Grid has buffer overflow defects.
"Research conducted throughout the industry has independently
concluded these technologies are susceptible to common security
vulnerabilities such as protocol tampering, buffer overflows,
persistent and nonpersistent rootkits, and code propagation."
Report: National Smart Grid Vulnerable To Attacks
[23 March 2009, top]
Security by obscurity doesn't combat serious crack attempts.
"Despite a presidential promise of openness in government, GSA
officials decline to release the full list for fear of cyberattack."
GSA is the General Services Administration.
"The GSA claims that 'release of the requested sensitive but
unclassified information presents a security risk to the top
level Internet domain enterprise.'"
This does not reflect positively on the SysAdmins of
Government Keeping Its .Gov Domain Names Secret
[03 March 2009, top]
Crackers + Flashmob + ATMs = $9 Million
I posted the following to my AzFoo@AzCentral.com on 8 February 2009.
Back on 17 December 02008 I had a posting titled "Twitter and flash mobs"
in which I wrote: "I don't hear about flash mobs these days, but it sure
seems as though Twitter would be a great tool for flash mobbers."
I hadn't heard of the following when I did my posting...
A computer system is cracked (not hacked) by a cracker (not hacker).
Information obtained (stolen) from the cracked system is distributed
to a flashmob. The flashmobbers steal $9 million from "over 130 different
ATM machines in 49 cities worldwide in a 30-minute period on 8 November
02008." [source: FBI]
People who use computers for criminal activity are crackers; not hackers.
Granted, some crackers are hackers, but it is easy to be cracker without
being a hacker. True hackers do not use computers for criminal activity.
The following was copied from Eric Raymond's "How To Become A Hacker" essay.
"Unfortunately, many journalists and writers have been fooled into
using the word 'hacker' to describe crackers; this irritates real
hackers no end. The basic difference is this: hackers build things,
crackers break them." -- Eric Raymond
How To Become A Hacker
[08 February 2009, top]
Coming Soon? Cybergeddon
This is the first time I've ever hear the term cybergeddon.
"Cyber attacks pose the greatest threat to the United States
after nuclear war and weapons of mass destruction, and they
are increasingly hard to prevent, FBI experts say."
--ABC News (Australian Broadcasting Corp.)
US security experts fear 'cybergeddon'
[10 January 2009, top]
Are University Computer Systems More Secure?
A few years ago the Security Watchdog had numerous postings about university computer systems being cracked, but it appears as though university systems have gotten more secure.
But then again...
Top 10 Threats to Computer Systems Include Professors and Students
[10 January 2009, top]
About the Security Watchdog
The starts 2009
with 468 postings. This blog was started during March of 2000
and the current world of computer security is worse now than it
was then. Needless to say, there will always be content for the
for at least the
next couple of years.
Security Watchdog Archives:
[01 January 2009, top]