GDT::Security::Watchdog::Archive::Year 2012

Security Watchdog

Smartphones Not Smart Enough To Be Secure?
My Facebook posting on 18 September 2012.
   A tweet from yesterday via @CNNMoneyTech: "Your smartphone will 
   (eventually) be hacked." I have three comments. (1) It's "cracked" 
   not "hacked." (2) I assume my 'smart'phone has already been cracked. 
   (3) It's too bad smartphones aren't smarter than the crackers 
   [not hackers] who crack [not hack] into them.

Money.CNN.com::Your smartphone will (eventually) be hacked

[18 September 2012, top]
No Punctuation Characters In AzCentral.com Passwords
Why no puncutation characters?

When setting a password on AzCentral.com, the password rule is "5-30 characters, no spaces, letters and numbers only".

[17 September 2012, top]
Criminal Hackers are Crackers
@nanofoo received the following tweet from @Gawker on 2012.09.05.
   Hackers claim to possess Mitt Romney's tax returns, threaten to release 
   them unless million-dollar ransom is paid: http://gaw.kr/lI8LEmu

If true, then it's not hackers, but crackers who are doing this. Granted, the crackers might be hackers, but it's easy to be a cracker without being a hacker. Criminal hackers are crackers.

[05 September 2012, top]
Watchdogs Are Important
@nanofoo received the following tweet from @TechEye on 2012.07.02.
   Google privacy scandal reveals weakness in US watchdog system 
   http://bit.ly/Lsd4FX #internet

I decided to blog this tweet because it contained the word "watchdog" and this blog is the Security WatchDog.

I was not aware of a "Google privacy scandal" prior to receiving this @TechEye tweet. The TechEye.net posting starts with the following.

   "A computer scientist has proved that Google has been bypassing 
    technology designed to block tracking systems to allow for 
    anonymous browsing." -- TechEye.net

I consider watchdogs important and that is why I haven't killed the Security WatchDog blog.

[02 July 2012, top]
Cyberwarfare; eSoldier; DigitalBattlefields
02 June 2012 (today)

Headline from the front page of today's Arizona Republic: "U.S., Israel hit Iran with cyberattack".

01 June 2012

@yottagoo blog posting on 02012.06.01.

    Yesterday (02012.05.31) the front page of the Arizona Republic 
    had the following headline: "U.S. broadening cyberwar strategy". 
    Today the New York Times has a news story titled "Obama Order 
    Sped Up Wave of Cyberattacks Against Iran". My gut tells me 
    cyberwarfare, which I think is in progress, is going to be 
    uglier than ugly.
31 May 2012

@compufoo tweeted the following on 02012.05.31.

   Headline seen on the front page of today's (5/31) Arizona Republic: 
   "U.S. broadening cyberwar strategy" #DigitalBattlefields #CyberWarfare

   ... followed by ...

   #Flame #sKyWIper RT @NatureNews Uncovered spyware may have been at 
   work for years http://bit.ly/LDMoDY

Security Watchdog Blog Postings

The following are Security Watchdog blog postings that have been posted during the 21st century. The postings are listed in newest-to-older order. The oldest posting is from 9 March 02001.

09 April 2012

On 7 April 2012, the Arizona Republic had an interview with Janet Napolitano (U.S. secretary of Homeland Security). The following was the highlighted quote.

   "We're really at only the beginning stages of what could be
    a very serious time in cyberspace. ... Cyber is the evolving
    threat that most concerns me right now." -- Janet Napolitano
    via the Arizona Republic on 7 April 2012
28 August 2011

I found the eWeekEurope.co.uk headline difficult to understand... "RSA: Cyber War Mass Hysteria Is Hindering Security"

On the same day I saw the following.

   "Cyber war is a terrible metaphor," said the US government's 
    cybersecurity czar Howard Schmidt. "Don't make it something 
    it's not." Internet attacks from hackers, spies and terrorist 
    groups deserves serious attention, he said, but this should 
    not be "to the extent of mass hysteria."

Computing security guru Bruce Schneier fears we are on the "verge of an IT arms race. "We haven't seen offensive cyber weapons companies, but they are coming," he said. "Big defence contractors are working on this -- you know they would be dumb not to."

Wired.com::"Cyberwar Issues Likely to Be Addressed Only After a Catastrophe"

22 July 2010

@compufoo retweeted the following on 2010.07.22.

   RT @TheOfficialACM Tech News: Cyberwarrior Shortage Threatens 
   U.S. Security http://n.pr/aICIr6 (via NPR) 

@nanofoo received the following tweet from @SchneierBlog on 2010.07.20.

   New GAO Cybersecurity Report: From the U.S. Government Accountability 
   Office: "Cybersecurity: Key Challenges Need ... http://bit.ly/dAeXZ6

@nanofoo received the following tweet from @SchneierBlog on 2010.07.19.

   Embedded Code in U.S. Cyber Command Logo: This is excellent. 
   And it's been cracked already.... http://bit.ly/99iI24

And finally with respect to cyber-attacks on private networks...

   "[they are] comparatively easy to launch, cheap to launch, the amount 
    you can steal is enormous, and the chances of getting caught are 
    miniscule." -- Larry Clinton, president of the 
                   Internet Security Alliance,
06 July 2010

I agree.

   "Cyberspace has become the fifth domain of warfare, 
    after land, sea, air and space."

Question: Will the U.S. have to engage in politically correct cyberwarfare? I hope the answer isn't "yes."

21 February 2010

According to PopSci.com... "we are not prepared."

09 February 2010

Is it FUD?

I don't think so; therefore, it probably is.

@nanofoo tweeted the following on 2010.01.30.

   "Obama said nothing in his State of the Union address about 
    the state of the Union w/respect to cyberwarfare preparedness."
04 February 2010

TechNews.ACM.org had a posting titled "In Cyber War, Most of U.S. Must Defend Itself" on 2010.02.10 and it started with the following.

   "There are concerns that the United States is extremely 
    vulnerable to a full-scale cyberattack, and the U.S. 
    Cyber Command is not in a position to protect U.S. 
    civilian computer networks [...]"

The TechNews.ACM.org posting included the following.

   "Meanwhile, U.S. military networks are under constant 
    cyberattack because they are such an appealing target, 
    according to Deputy Defense Secretary William Lynn. 
    'And the frequency and sophistication of attacks are 
    increasing exponentially,' he notes.

I believe this is true because we're living in exponential times.

More from the TechNews.ACM.org posting titled "In Cyber War, Most of U.S. Must Defend Itself."

 
   "McAfee hints at the possibility that countries are 
    competing in a quiet cyber arms race, and communications 
    systems, banks, and power grids are just as likely to be 
    targets as military networks."

Note: McAfee is an "antivirus software and computer security company headquartered in Santa Clara, California."

@nanofoo tweeted the following on 2010.02.07.

China & Russia dominate 2010 ACM Intl. Collegiate 
Programming Contest http://bit.ly/cVLdpz

@nanofoo tweeted the following on 2010.01.30.

Obama said nothing in his State of the Union address about 
the state of the Union w/respect to cyberwarfare preparedness.

The House voted 422-5 in favor of H.R. 4061 -- The Cybersecurity Enhancement Act of 2009.

   "The bill requires the Obama administration to conduct an 
    agency-by-agency assessment of cybersecurity workforce skills 
    and establishes a scholarship program for undergraduate and 
    graduate students who agree to work as cybersecurity specialists 
    for the government after graduation."  
    [source: NYTimes.com via Slashdot.org]

Yikes! politician Michael Arcuri said, "Nearly every high school hacker has the potential to hamper our unfettered access to the Internet. Just image what a rogue state could do."

FYI to Arcuri: Kids not yet in high school can be crackers.

29 September 2009

The headline read: "Cybersecurity debate touches a nerve."

The AP (Associated Press) report started with...

   "There's no kill switch for the Internet, no 
    secret on-off button in an Oval Office drawer."

The AP report included the following quote by Melissa Hathaway, former White House cybersecurity adviser: "We need a system to identify, isolate and respond to cyberattacks at the speed of light."

In the computing world, speed of light implies real-time.

29 August 2009

It appears as though North Korea wants to gain some experience in cyberwarfare. The US government currently has 32 czars, but no cybersecurity czar (yet).

09 July 2009

My heart rate exponentially increases every time I read about politicians considering bills that are related to computing. It appears that at this point and time, the definition for "cybersecurity emergency" gives the President of the United States of America way too much power.

29 May 2009

I agree with Obama with respect to the following...

   "America's economic prosperity in the 21st century will 
    depend on cyber-security."--Barack Obama

Obama is also correct when he says, "acts of terror could come from a few keystrokes on a computer."

It was also refreshing to read that Obama continues to "remain firmly committed to net neutrality."

10 January 2009

This is the first time I've ever hear the term cybergeddon.

   "Cyber attacks pose the greatest threat to the United States 
    after nuclear war and weapons of mass destruction, and they 
    are increasingly hard to prevent, FBI experts say."
    --ABC News (Australian Broadcasting Corp.)
21 November 2008

PCWorld.com reported that the the U.S. Department of Defense took an "estimated 1,500 computers offline Wednesday after a security breach within the Office of the Secretary of Defense (OSD)."

"I don't do e-mail," said Secretary of Defense Robert Gates. "I'm a very low-tech person."

Our next Secretary of Defense must be a very high-tech person because cyber-warfare, bio-warfare, nano-warfare and robo-warfare could be stark reminders that the United States of America has been asleep at the wheel.

   "September 11 was essentially a collision of early 20th-century 
    technology: the airplane and the skyscraper. We don't want to 
    see a collision of 21st-century technology."--Bill Joy in 02006

The United States needs to say 02008 is the 01958 of the 21st century; therefore, DARPA's current annual budget of approximately $3.2 billion needs to be increased at least ten-fold.

05 May 2008

This is bad news for the United States of America. With each attack, China gets better and better at cyberwarfare.

   "China's cyber warfare army is marching on, and India is 
    suffering silently. Over the past one and a half years, 
    officials said, China has mounted almost daily attacks 
    on Indian computer networks, both government and private, 
    showing its intent and capability."

Cyberwarfare is beyond ugly.

04 February 2008

Quoting Bill Joy: "September 11 was essentially a collision of early 20th-century technology: the aeroplane and the skyscraper. We don't want to see a collision of 21st-century technology."

I suspect Joy was referencing bioterrorism (near term) and nanowarfare (next 2-3 decades), but cyberwarfare has probably already started. Simple attack: crack banking systems and multiple every positive account balance by zero. When the masses don't have any money, then what?

09 June 2008

Cyberwarfare is going to be uglier than ugly.

09 July 2007

An InformationWeek.com article posted on 7 July 2007 started as follows.

   "A British court last week handed down prison sentences of 
    up to 10 years to three Muslim men it called 'cyber-jihadis' 
    and convicted of using the Internet to urge Muslims to wage 
    holy war on non-Muslims. And the U.S. Computer Emergency 
    Readiness Team reported politically motivated cyberattacks 
    in Russia."

I've said it before on this blog and I'll say it again: Cyberwarfare is not going to be fun.

Bill Joy is infinitely more expert than me when it comes to this stuff. Here is a quote from Joy that is in my quote collection.

   "September 11 was essentially a collision of early 20th-century 
    technology: the aeroplane and the skyscraper. We don't want to 
    see a collision of 21st-century technology."
21 June 2007

China is going to a major power when it comes to cyberwarfare.

   "China is seeking to unseat the United States as the dominant 
    power in cyberspace, so says a U.S. Air Force general leading 
    a new push in this area."

The general was quoted saying:

   "They're the only nation that has been quite that blatant about 
    saying, 'We're looking to do that.'" 

The following blurb was noteworthy.

   "The Defense Department said in its annual report on China's 
    military power last month that China regarded computer network 
    operations -- attacks, defense and exploitation -- as critical 
    to achieving 'electromagnetic dominance' early in a conflict."

   "China's People's Liberation Army has established information 
    warfare units to develop viruses to attack enemy computer systems 
    and networks, the Pentagon said."

Bottom-line: Cyberwarfare is going to suck. Bill Joy was right when he said we don't want to experience 21st century warfare.

01 December 2006

Cyberwarfare will be ugly. It would be chaos if a majority of Americans woke up one morning and all their savings and investment accounts had been set to zero.

   "The U.S. government warned American private financial services 
    on Thursday of an al-Qaida call for a cyber attack against online 
    stock trading and banking Web sites beginning on Friday."
    [Friday was 1 December 2006]

In a nutshell, the attack, if any, will try to wipe out financial databases. Cracking databases is hard, but denial of services attacks, which don't access data, could prevent access to data.

CNet News.com::"U.S. warns of possible Qaida financial cyber attack"

16 April 2005

University of California, Berkeley, will "lead an ambitious multi-institution center to protect the nation's computer infrastructure from cyberattacks while improving its reliability." The center is called the Team for Research in Ubiquitous Secure Technology (TRUST) and it is a collaboration of academic partners "Carnegie Mellon University, Cornell University, Mills College, San Jose State University, Smith College, Stanford University and Vanderbilt University." TRUST also includes non-academic partners such as "Bellsouth, Cisco Systems, ESCHER (a research consortium that includes Boeing, General Motors and Raytheon), Hewlett Packard, IBM, Intel, Microsoft, Oak Ridge National Laboratory, Qualcomm, Sun Microsystems and Symantec."

TRUST has an outreach program that includes education programs for "K-12 schools, undergraduate students and institutions serving underrepresented populations." UC Berkeley's press release says the education outreach "will lay the groundwork for training new scientists and engineers who, center leaders say, will develop the next generation of trustworthy systems. The program includes a focus on outreach to women-only institutions, exemplified by the partnerships with Mills and Smith colleges."

Berkeley.edu::"UC Berkeley to Lead $19 Million NSF Center on Cybersecurity Research"

22 May 2005

GCN reported that the "United States Naval Academy beat out the four other service academies in the annual Cyber Defense Exercise, designed to equip students with the ability to protect the nation's critical information systems." {"Navy Academy Knows Its Cybersecurity"}

15 October 2005

After Hurrican Katrina, the FEMA (Federal Emergency Management Agency) had undergone significant ridicule. In a nutshell, many think FEMA is joke. Declan McCullagh equates the current state of computer security with FEMA. Declan, we'd be better off if computer security was on par with FEMA.

CNET News.com::"U.S. cybersecurity due for FEMA-like calamity?" [by Declan McCullagh]

03 December 2005

From a homeland security perspective, the following news reported from Financial Times is bothersome. {FT.com:: US 'relying on private companies to counter cyber-terrorism' }

28 December 2005

Becoming a computer security guru probably offers a great long-term career, but only if you are good. Getting a graduate degree certified by SANS will not be easy, but then nothing's easy.

GCN.com::"SANS to offer graduate degrees in cybersecurity"

30 April 2004

I have written about being "drafted" to become an esoldier. I wouldn't be a general, but I could probably make an okay sargent. It appears as though the West Point Military Academy is looking for a view good hackers to help defend our computer systems against the crackers of this world.

09 April 2004

How do wars start? You hit me; I hit you; we have war. This is okay if you and I are in a room by ourselves, but it becomes a problem when Internet resources are used to deliver payloads. Here is a yucky quote: "Rules of engagement for information warfare." I doubt anybody is going to be interested in a collection of rules when it comes to cyberwarfare.

14 February 2003

I have had numerous people laugh and dismiss me because I keep pondering the responsibilities of being an esoldier. Cyberwarfare is a difficult topic to discuss publicly.

25 October 2002

Here are some quotes spoken on on Monday, 14 October 2002 by Howard Schmidt, cyber-security adviser for President Bush.

   "We have a great deal of focus nowadays on weapons of mass destruction 
    but we need to be aware of the proliferation in cyberspace of weapons 
    of mass disruption." [...]"

   "Cyber crime is costing the world economy billions of dollars and it 
    is still on the increase. The more we depend on the system, the more 
    we use the system, the more they will exploit it." [...]

   "What we are concerned about is reducing vulnerability whether the 
    threat is from the Mideast or the Midwest." [...]

Great quotes, but let's consider the source: Howard Schmidt is a former chief security officer at Microsoft.

27 June 2002 (Facebook status update on 02 June 2012)

I hope it never comes true, but someday I could see myself being an esoldier. [Not as a General, but as a Private.] On 27 June 2002, WashingtonPost.com posted a story titled Cyber-Attacks by Al Qaeda Feared.

09 March 2001

Time and time again we have indicated how awful cyberwar will be. Corrupting data can be an effective way to " drop bombs" on all citizens of a country. I would not be happy to wake up some morning and have no money in my checking account. I want to thank SeanJ for providing a resource that introduces us to the idea of Information Warfare.

[02 June 2012, top]
Anyone Can Be a Cracker
For years I've been defending the goodness of the title "hacker." Hackers don't use computers to commit crimes, but crackers do. [P.S. I don't care if "cracker" is a form of n-word.] Quoting self... You don't have to be a hacker to be a cracker.

Forbes.com::Now Anyone Can Hack A Website Thanks To Clever, Free Programs

[26 April 2012, top]
Need To Increase My CISPA Literacy
This was a Facebook status update on 9 April 2012.
Headlines like this "Even worse than SOPA: New CISPA cybersecurity bill..." coming from multiple sources are hints that I should be learning about CISPA (H.R. 3523), but I'm not. I did, however, click the "Like" button for the Center for Democracy & Technology this morning.

RT.com::Even worse than SOPA: New CISPA cybersecurity bill will censor the Web

On 7 April 2012, the Arizona Republic had an interview with Janet Napolitano (U.S. secretary of Homeland Security). The following was the highlighted quote.

   "We're really at only the beginning stages of what could be
    a very serious time in cyberspace. ... Cyber is the evolving
    threat that most concerns me right now." -- Janet Napolitano
    via the Arizona Republic on 7 April 2012
[09 April 2012, top]
Google Wallet Not Supported On Rooted Phones
My Facebook posting on 11 February 2012.

At Google's annual meeting I talked with a Goggle Wallet developer. I expressed (a) concerns about security and (b) the ease at which these apps separate people from their money. (a) is in the news these days. Google's advice is cute... "we strongly discourage doing so if you plan to use Google Wallet because the product is not supported on rooted phones." Old Unix farts know this fact: Superuser has super computing powers.

[comment] If I have to be a SysAdmin to keep my "smart"phone secure, then my "smart"phone will never be secure because I ain't no SysAdmin.

[comment] GoogleCommerce.Blogspot.com::Protecting your payments with Google Wallet

[comment] I find this funny for some reason and need to make one more flippant comment... "the product is not supported on rooted phones." I'm 99.999% confident that most products are *not* supported on rooted phones. Borrowing from the Homer Simpson grunt bank... D'oh!

[11 February 2012, top]
Data Privacy Day (every January 28th)
January 28th is Data Privacy Day. The following was copied from the "Data Privacy Day" Wikipedia entry on 28 January 2012.
   "The 'Convention for the Protection of Individuals with regard 
    to Automatic Processing of Personal Data' was opened for signature 
    by the Council of Europe on January 28, 1981."

The Wikipedia indicates that the U.S. started recognizing Data Privacy Day on 28 January 2008.

[28 January 2012, top]
Israel To Treat Crackers Like Terrorists?
@nanofoo received the following tweet from @RobotSpaf on 2012.01.07.
   Cyber strike rampage: White-hot Israel vows to treat hackers 
   like terrorists http://on.rt.com/h0966l

@RobotSpaf is Gene Spafford and he is a computer security guru (and a GDT::DreamTeam member).

[07 January 2012, top]
About the Security Watchdog
The Security Watchdog started 2012 with 526 postings. This blog was started during March of 2000 and the current world of computer security is worse now than it was then. Needless to say, there will always be content for the Security Watchdog for at least the next couple of years.

Security Watchdog Archives: 2011 | 2010 | 2009 | 2008 | 2007 | 2006 | 2005 | 2004 | 2003 | 2002 | 2001 | 2000

[01 January 2012, top]


Creator: Gerald Thurman [deru@deru.com]
Last Modified: Monday, 21-Jan-2013 06:08:32 MST

Thanks for Visiting