Is The Internet Secure?

Hacker blogger Quinn Norton is getting a lot of coverage with her blog claiming that the Internet is broken. She argues that every computer and every piece of software we use is vulnerable to hackers because of terrible security flaws. Norton blames these flaws on the fact that developers who face immense pressure to ship software quickly.

Norton says that those bugs may have been there for years unnoticed, leaving systems susceptible to attacks. One of her hacker mates accidentally took control of more than 50,000 computers in four hours after finding a security vulnerability. Another one of her colleagues accidentally shut down a factory for a day after sending a “malformed ping.”

She said that the NSA wasn’t, and isn’t, the great predator of the internet, it’s just the biggest scavenger around. It isn’t doing so well because they are all powerful math wizards of doom. The other problem is software is too complicated and the emphasis placed on security too light.

“The number of people whose job it is to make software secure can practically fit in a large bar, and I’ve watched them drink. It’s not comforting. It isn’t a matter of if you get owned, only a matter of when,” Norton said.

Source

Virtru Goes Office 365

Virtru has added Microsoft’s Office 365 and Outlook Desktop services to its growing list of compatible email platforms available on its encryption product.

The company, headquartered in Washington, D.C. and launched in January, is targeting people using major email providers who want stronger privacy controls for more secure communication.

The service is designed to be easy to use for end users who may not have the technical gumption to set up PGP (Pretty Good Privacy), a standard for signing and encrypting content.

Virtru is compatible with most major webmail providers, including Google’s Gmail, Yahoo’s Mail and Microsoft’s Outlook webmail, which replaced Hotmail.

Emails sent using Virtru through those services would look like gibberish, providing a greater degree of privacy. Law enforcement or other entities would not be able to read the content unless they could obtain the key.

Virtru uses a browser extension to encrypt email on a person’s computer or mobile device. The content is decrypted after recipients receive a key, which is distributed by Virtru’s centralized key management server.

Although Virtru handles key management, the company is working on a product that would allow that task to be managed on-site for users, as some administrators would be uncomfortable with another entity managing their keys.

Virtru has said it put aside funds to contest government orders such as a National Security Letter or law enforcement request that are not based on a standard of probable cause.

Source

Tesla Updates Charging Software

Tesla Motors Inc is making changes to prevent overheating of its charging systems, including giving customers upgraded wall adapters and providing charging-software upgrades, the electric-car company said on Friday.

The moves come after a November garage fire involving a Model S in Irvine, California, which the Orange County Fire Authority said may have been caused by a Tesla charging system or by a connection at the electricity panel on the wall of the garage.

At the time, Tesla disagreed with the fire officials’ findings, denying that the charging electronics were related to the fire. A Tesla spokeswoman did not immediately respond to a question on Friday about whether the upgrades were related to the Irvine fire.

In a Friday press release, Tesla said that its goal was to prevent excessive heating of the adapters used to charge its cars. A variety of factors ranging from corrosion to inappropriate wiring of electrical outlets can cause overheating, the company said.

A December tweak to its charging software tackles the issue through reducing charging by 25 percent if the charging system detects fluctuations in power entering the vehicle, Tesla said.

“Tesla believes that this software update fully addresses any potential risks,” the release said. But as a precaution, it said it would make available an improved wall adapter with a thermal fuse for affected customers, staring in a few weeks.

Separately, three road fires in Model S sedans caused Tesla’s stock to fall sharply in October.

The fires occurred in Washington state, Tennessee and Mexico. In the U.S. incidents, Model S sedans caught fire after running over road debris. In Mexico, a Model S caught fire after striking a concrete wall.

On Friday, Tesla’s stock fell 1.23 percent to $145.72, up from levels under $120 in late November but down from its high of $194.50 in late September.

Source

NSA Developing System To Crack Encryption

The U.S. National Security Agency is working to develop a computer that could ultimately break most encryption programs, whether they are used to protect other nations’ spying programs or consumers’ bank accounts, according to a report by the Washington Post.

The report, which the newspaper said was based on documents leaked by former NSA contractor Edward Snowden, comes amid continuing controversy over the spy agency’s program to collect the phone records Internet communications of private citizens.

In its report, The Washington Post said that the NSA is trying to develop a so-called “quantum computer” that could be used to break encryption codes used to cloak sensitive information.

Such a computer, which would be able to perform several calculations at once instead of in a single stream, could take years to develop, the newspaper said. In addition to being able to break through the cloaks meant to protect private data, such a computer would have implications for such fields as medicine, the newspaper reported.

The research is part of a $79.7 million research program called “Penetrating Hard Targets,” the newspaper said. Other, non-governmental researchers are also trying to develop quantum computers, and it is not clear whether the NSA program lags the private efforts or is ahead of them.

Snowden, living in Russia with temporary asylum, last year leaked documents he collected while working for the NSA. The United States has charged him with espionage, and more charges could follow.

His disclosures have sparked a debate over how much leeway to give the U.S. government in gathering information to protect Americans from terrorism, and have prompted numerous lawsuits.

Last week, a federal judge ruled that the NSA’s collection of phone call records is lawful, while another judge earlier in December questioned the program’s constitutionality. The issue is now more likely to move before the U.S. Supreme Court.

On Thursday, the editorial board of the New York Times said that the U.S. government should grant Snowden clemency or a plea bargain, given the public value of revelations over the National Security Agency’s vast spying programs.

Source

FTC Pushes For Security Standards

Despite growing resentment from companies and powerful industry groups, the Federal Trade Commission continues to insist that it wants to be the nation’s enforcer of data security standards.

The FTC, over the past years, has gone after companies that have suffered data breaches, citing the authority granted to it under a section of the FTC Act that prohibits “unfair” and “deceptive” trade practices. The FTC extracted stiff penalties from some companies by arguing that their failure to properly protect customer data represented an unfair and deceptive trade practice.

On Thursday, FTC Chairwoman Edith Ramirez called for legislation that would bestow the agency with more formal authority to go after breached entities.

“I’d like to see FTC be the enforcer,” Law360 quoted Ramirez as saying at a privacy event organized by the National Consumers League in Washington. “If you have FTC enforcement along with state concurrent jurisdiction to enforce, I think that would be an absolute benefit, and I think it’s something we’ve continued to push for.”

According to Ramirez, the FTC supports a federal data-breach notification law that would also give it the authority to penalize companies for data breaches. In separate comments at the same event, FTC counsel Betsy Broder reportedly noted that the FTC’s enforcement actions stem from the continuing failure of some companies to adequately protect data in their custody.

“FTC keeps bringing data security cases because companies keep neglecting to employ the most reasonable off-the-shelf, commonly available security measures for their systems,” Law360 quoted Broder as saying.

An FTC spokeswoman was unable to immediately confirm the comments made by Ramirez and Broder but said the sentiments expressed in the Law360 story accurately describe the FTC’s position on enforcement authority.

The comments by the senior officials come amid heightening protests against what some see as the FTC overstepping its authority by going after companies that have suffered data breaches.

Over the past several years, the agency has filed complaints against dozens of companies and extracted costly settlements from many of them for data breaches. In 2006 for instance, the FTC imposed a $10 million fine on data aggregator ChoicePoint, and more recently, online gaming company RockYou paid the agency $250,000 to settle data breach related charges.

Source

Inventor Predicts Future Of 3D

Pablos Holman predicts that in the not too distant future our diets will be tailored to our metabolisms, adding a few bits of broccoli, a smattering of beets and some meat — all extruded from a 3D printer in an appetizing form to please our palates.

Holman is a futurist and inventor at the Intellectual Ventures Laboratory in Bellevue, Wash., where he and others work on futuristic projects like printable food. He was not alone in speaking on the topic at the Inside 3D Printing Conference last week.

Avi Reichentall, CEO of 3D Systems, one of the largest consumer printer companies, has already been able to configure his machines to create a variety of sugary goods, including cakes and candy. The sweets were on display with ornate designs.

Reichentall said consumers can expect his company to build a machine that will take a place next to the coffee maker on a kitchen counter, but instead of a caffeine shot, it will offer a sugar rush.

“We are working on a chocolate printer. I want a chocolate printer in my kitchen. I want it to be as cool as a Keurig coffee maker,” Reichentall said. “We now have 3D printed sugar. We’re going to bring to pastry chefs and confectionaries and bakers a whole range of new sugar printing capabilities.

“This is coming to a marketplace near you very soon,” he said.

While Reichentall focuses on desserts, Holman is busy with main courses, creating machines that can take freeze-dried food and hydrate it as it is being extruded through nozzles to create an eye-pleasing meal.

Source

U.S. Cloud Vendors Hurt By NSA

Edward Snowden’s public unveiling of the National Security Agency’s Prism surveillance program could cause U.S. providers of cloud-based services to lose 10% to 20% of the foreign market — a slice of business valued at up to $35 billion.

A new report from the Information Technology & Innovation Foundation (ITIF) concludes that European cloud computing companies, in particular, might successfully exploit users’ fears about the secret data collection program to challenge U.S. leadership in the hosted services business.

Daniel Castro, author of the report, acknowledges that the conclusions are based, so far, on thin data, but nonetheless argues that the risks to U.S. cloud vendors are real.

Indeed, a month prior, the Cloud Security Alliance reported that in a survey of 207 officials of non-U.S. companies, 10% of the respondents said that they had canceled contracts with U.S. service providers after Snowden’s leak of NSA Prism documents earlier this year.

“If U.S. companies lose market share in the short term, it will have long-term implications on their competitive advantage in this new industry,” said Castro in the ITIF report. “Rival countries have noted this opportunity and will try to exploit it.”

To counter such efforts, the U.S. must challenge overstated claims about the program by foreign companies and governments, said Jason Weinstein, a partner in the Washington office of law firm Steptoe & Johnson and a former federal prosecutor and deputy assistant attorney general specializing in computer crime.

“There are a lot of reasons to be concerned about just how significant those consequences will be,” Weinstein said. “The effort by European governments and European cloud providers to cloud the truth about data protection in the U.S. was going on well before anyone knew who Edward Snowden was. It just picked up new momentum once the Prism disclosures came out.”

Weinstein contends that European countries have fewer data protection rules than the U.S.

For example, he said that in the U.K. and France, a wiretap to get content can be issued by a government official without court authority, but that can’t happen in the U.S.

“U.S. providers have done nothing other than comply with their legal obligations,” he said. But because of Snowden’s leaks, “they are facing potentially significant economic consequences.”

Gartner analyst Ed Anderson said his firm has yet to see any revenue impact on cloud providers since the Prism disclosures, but added, “I don’t think Prism does U.S. providers any favors, that’s for sure.”

Nonetheless, Anderson added, “I think the reality is [the controversy] is likely to die down over time, and we expect adoption to probably continue on the path that it has been on.”

One reason why U.S. providers may not suffer is because “the alternatives aren’t great if you are a European company looking for a cloud service,” he said.

Source

FTC Warns Google And FB

The Federal Trade Commission (FTC) has promised that her organisation will come down hard on companies that do not meet requirements for handling personal data.

FTC Chairwoman Edith Ramirez gave a keynote speech at the Technology Policy Institute at the Aspen Forum. She said that the FTC has a responsibility to protect consumers and prevent them from falling victim to unfair commercial practices.

“In the FTC’s actions against Google, Facebook, Myspace and others, we alleged that each of these companies deceived consumers by breaching commitments to keep their data confidential. That isn’t okay, and it is the FTC’s responsibility to make sure that companies live up to their commitments,” she said.

“All told, the FTC has brought over 40 data security cases under our unfairness and deception authority, many against very large data companies, including Lexisnexis, Choicepoint and Twitter, for failing to provide reasonable security safeguards.”

Ramirez spoke about the importance of consumer privacy, saying that there is too much “shrouding” of what happens in that area. She said that under her leadership the FTC will not be afraid of suing companies when it sees fit.

“A recurring theme I have emphasized – and one that runs through the agency’s privacy work – is the need to move commercial data practices into the sunlight. For too long, the way personal information is collected and used has been at best an enigma enshrouded in considerable smog. We need to clear the air,” she said.

Ramirez compared the work of the FTC to the work carried out by lifeguards, saying that it too has to be vigilant.

“Lifeguards have to be mindful not just of the people swimming, surfing, and playing in the sand. They also have to be alert to approaching storms, tidal patterns, and shifts in the ocean’s current. With consumer privacy, the FTC is doing just that – we are alert to the risks but confident that those risks can be managed,” she added.

“The FTC recognizes that the effective use of big data has the potential to unleash a new wave of productivity and growth. Like the lifeguard at the beach, though, the FTC will remain vigilant to ensure that while innovation pushes forward, consumer privacy is not engulfed by that wave.”

It’s all just lip service, of course. Companies might be nominally bound by US privacy laws in online commerce, and that might be overseen by the FTC, but the US National Security Agency (NSA) collects all internet traffic anyway, and makes data available to other US government agencies and even some private companies.

Source

Windows 8 ‘Grace Period’ Ends

Microsoft has halted the 30-day grace period, a trademark of Windows 7, in the retail copies of Windows 8, requiring that users provide a product key during setup.

The change runs counter to previous practice by the Redmond, Wash. developer. With Windows 7, for example, users could run the OS for 30 days before activating the copy by providing a legitimate key.

That “grace period” was used by some to evaluate the software prior to purchasing, to save up to $100 by using an “upgrade” license to install the OS on a newly-formatted hard drive, and to create physical partitions or virtual machines for quick testing purposes.

Because Windows 8 handles activation differently, the grace period has been eliminated.

As several blogs have noted, customers must enter a unique product key — a 25-character alpha-numeric string — to proceed during Windows 8 setup. Failure to do so stops the process in its tracks. The Consumer Preview and Release Preview used this technique too, although Microsoft provided users a generic key for those sneak peeks.

Once Windows 8 is installed — assuming the machine is connected to the Internet — it automatically seeks out a Microsoft server to verify that the key is valid and then activates the OS. “If the licensed computer is connected to the Internet, the software will automatically connect to Microsoft for activation,” states the end-user licensing agreement, or EULA, for Windows 8 Pro.

Source…

Satellite Phone Encryption Cracked

German researchers claim to have cracked the algorithm that secures satellite phone transmissions.

Benedikt Driessen and Ralf Hund from Ruhr University have reverse engineered the GMR-1 and GMR-2 voice ciphers used in a lot of satellite systems. These are used by, among others, government agencies and the military.

Bjoern Rupp, CEO at GSMK Cryptophone said, “This breakthrough has major implications for the military, civilians engaged on overseas operations, or indeed anyone using satellite phones to make sensitive calls in turbulent areas.”

Their report is titled “Don’t Trust Satellite Phones” and shows how someone with a “suitably programmed computer” and software radio capable of receiving satellite frequencies can hack calls. These include ones made by disaster relief agencies and the military.

Source…

« Previous Page — Next Page »