Archive for USA

« Older Entries
Newer Entries »

“Extreme Vetting” Proposal Would Require Some Visitors To US To Share Contacts & Social Media Passwords

Posted in Commentary with tags , on April 5, 2017 by itnerd

This proposal has popped up in the past, and it has been suggested long before Donald Trump became President of the USA, but it now looks like that it may actually happen. The Guardian is quoting a Wall Street Journal story that visitors from 38 countries that participate in the US Visa Waiver Program would be required to hand over mobile phone contacts, social media passwords and financial data as part of the “Extreme Vetting” proposals that are being floated by the Trump Administration. The idea is that this will be used to figure out if a visitor is up to no good.

Here’s why this is not going to work in my opinion. Nobody who is up to no good is going to serve up that information. Nor are they going to make it easy enough to find. Think fake social media handles, burner phones and the like. Not to mention that they’ll leave electronic devices at home. Thus leaving border guards with nothing to search. Plus how does a border agent quickly figure out if you’re a threat when US airports have lineups of people coming into their country if they now have troll your Facebook, Twitter, and Instagram accounts? True, there are some details missing here, but It seems incredibly cumbersome, fraught with judicial over-reach, and more to the point, I am not sure what will actually get accomplished by this. As in, will a single “bad dude” get caught by this policy?

One other point. Tourism is a huge economic driver for the US. According to my favorite search engine, it accounted for $1.6 trillion in economic output in 2015. Proposals like this will likely have the effect of driving those dollars away from the US. I’m not sure that is what the folks behind this plan had in mind when they came up with it. But it’s not going to help them get tourists. Previous tweaks to US border rules have resulted in Canadians deciding to avoid travel to the US because of stories of Canadian citizens being denied entry to the US and questioned about their faith. That’s led to school boards and even the Girl Guides of Canada banning trips to the US for fear that all those on such a trip will not be treated equally. This latest move is likely to add to this and the number of people who plan to avoid the USA is about to skyrocket as this idea seems way over the top.

What are your thoughts? Is America doing the right thing or not? Are you going to avoid travel to the US because of this? Please leave a comment below and share your thoughts?

Leave a comment »

US Government Hack Now MUCH MUCH Worse Than Originally Thought [UPDATED]

Posted in Commentary with tags , on July 10, 2015 by itnerd

You might recall that the Office Of Personnel Management was hacked recently and the info on 4 million people got nicked. But that figure was revised upward as it was proven it was not a one time event. Well, we now know the scope of the problem. It appears that the personal info on 22 million Americans is out in the wild:

That number is more than five times larger than what the Office of Personnel Management announced a month ago when first acknowledging a major breach had occurred. At the time, OPM only disclosed that the personnel records of 4.2 million current and former federal employees had been compromised.

Here’s what’s really bad. Not all of these people are government employees:

Investigators ultimately determined that 19.7 million applicants for security clearances had their Social Security numbers and other personal information stolen and 1.8 million relatives and other associates also had information taken, according to OPM. That includes 3.6 million of the current and former government employees for a total of 22.1 million.

“If an individual underwent a background investigation through OPM in 2000 or afterwards … it is highly likely that the individual is impacted by this cyber breach,” OPM’s statement said today.

If this isn’t a wake up call for organizations of all shapes and sizes to get their collective acts together when it comes to cyber security, I don’t know will wake them up. This is a massive data breach where those who were responsible for protecting this info need to be hauled in front of congress to answer some tough questions on this because having this much info out there to be used in any way that some evil doer sees fit is not acceptable.

UPDATE: I guess heads are rolling as Katherine Archuleta who heads the Office Of Personnel Management has just resigned:

Ms. Archuleta went to the White House on Friday morning to personally inform Mr. Obama of her decision, saying that she felt new leadership was needed at the federal personnel agency to enable it to “move beyond the current challenges,” the official said. The president accepted her resignation.

Leave a comment »

US Government Pwned Again By Hackers…. Personal Info Stolen

Posted in Commentary with tags , on June 15, 2015 by itnerd

It turns out that this hack that resulted in the personal info of US Government employees being stolen wasn’t a one time event. The US Government acknowledged Friday that in a separate attack hackers stole highly sensitive forms used in vetting federal employees for security clearances. Here’s what AP had to say:

Deeply personal information submitted by U.S. intelligence and military personnel for security clearances – mental illnesses, drug and alcohol use, past arrests, bankruptcies and more – is in the hands of hackers linked to China, officials say.

In describing a cyberbreach of federal records dramatically worse than first acknowledged, authorities point to Standard Form 86, which applicants are required to complete. Applicants also must list contacts and relatives, potentially exposing any foreign relatives of U.S. intelligence employees to coercion. Both the applicant’s Social Security number and that of his or her cohabitant are required.

Lovely. Just think of what some evil doer can do with that sort of information. I can think of lots of things that hackers can do and none of it is good. If I was one of those people, I’d be very, very worried right now. This is a clear indication that the US is falling behind in terms of IT security and they seriously need to step up their game. Otherwise, they will just keep getting pwned by hackers again and again.

Leave a comment »

US Agency That Handles Security Clearances Gets Pwned By Hackers

Posted in Commentary with tags , on June 4, 2015 by itnerd

The US Government admitted today that they were hacked and the info on 4 million government employees is out in the wild:

“As a result of the incident,” uncovered in April, the Office of Personnel Management said it “will send notifications to approximately four million individuals.”

It added additional exposures “may come to light.”

The government’s personnel department handles hundreds of thousands of sensitive security clearances and background investigations on prospective employees each year.

It was not immediately clear whether the hack affected President Barack Obama, other senior government officials or the intelligence community.

Early indications say it was the Chinese that was behind the hack. Regardless of who it was, this is very embarrassing for the US government. It’s bad enough when private institutions can’t keep personal info safe from hackers. But when the US government is the victim of this sort of hack, it should send a message that they really have a huge problem on their hands given that they should be the last people to get pwned by hackers.

I think it’s time for them to rethink their IT security strategy.

Leave a comment »

US & UK Spies Hack Into Maker Of SIM Cards To Spy On Mobile Phone Users

Posted in Commentary with tags , , , on February 20, 2015 by itnerd

This is something that potentially will keep you awake tonight. It has come to light that American and UK spies have hacked into a company called Gemalto in order to gain the ability to spy on smartphone users. Here’s some of the details from the BBC:

The Intercept says that “the great Sim heist” gave US and British surveillance agencies “the potential to secretly monitor a large portion of the world’s cellular communications, including both voice and data”.

It says that among the clients of the Netherlands-based company are AT&T, T-Mobile, Verizon, Sprint and “some 450 wireless network providers around the world”.

One other thing to consider. Gemalto also produces the ID chips used in modern passports. Thus the effects of this could go beyond the smartphone space. One thing to note is that when Gemalto produces SIM cards, they themselves set the encryption codes. Which means that if you get the encryption code or codes, you can cause a whole lot of damage. The chips used in passports are apparently blank when they’re delivered to the end customer. So they are less likely to be exploited because the end customers would set up their own encryption. At least in theory. These days you never know. Neither country has commented on this. Not that you would expect them to.

This came to light because of the gift that keeps on giving known as Edward Snowden. Love him or hate him, he is sure making intelligence agencies tremble in fear because of what he knows.

Leave a comment »

Hey IT Nerd: What Was The Deal With This “Internet Slowdown Day”?

Posted in Commentary with tags , on September 11, 2014 by itnerd

This was a question that I got yesterday but didn’t have a chance to answer. Internet Slowdown Day was staged to support Net Neutrality. In short, everything on the Internet should be treated equally. But that’s not the case as services such as Netflix are slowed down by ISPs for whatever reason. Be it that they threaten some service the ISP has, as is the case when Netflix deals with an ISP like Comcast, or the ISP simply doesn’t want to treat them equally. So companies like Vimeo, Etsy and reddit along with those who have a presence on the web staged a protest yesterday to decry these tactics.

Sites participating in the “internet slowdown protest” will display an infinitely-spinning “site loading” icon, or as the advocacy group organizing the event calls it, the “spinning wheel of death.”

avatar-cat

Another is changing one’s avatar, on Twitter or Facebook or what have you, to the icon. The hope is that the action will go viral. The protest comes just 5 days before the FCC’s next comment deadline on September 15th. We’ll have to wait and see how effective it is.

Leave a comment »

US Government Claims That Data On Servers Anywhere Belongs To Them

Posted in Commentary with tags , , on July 15, 2014 by itnerd

If there was something that could be defined as over-reaching, perhaps this is it. Here’s a story from ARS Technica that I just tripped over that has the U.S. Justice Department’s claiming that companies served with valid warrants for data must produce that data even if the data is not stored in the U.S.:

Global governments, the tech sector, and scholars are closely following a legal flap in which the US Justice Department claims that Microsoft must hand over e-mail stored in Dublin, Ireland. In essence, President Barack Obama’s administration claims that any company with operations in the United States must comply with valid warrants for data, even if the content is stored overseas. It’s a position Microsoft and companies like Apple say is wrong, arguing that the enforcement of US law stops at the border. A magistrate judge has already sided with the government’s position, ruling in April that “the basic principle that an entity lawfully obligated to produce information must do so regardless of the location of that information.” Microsoft appealed to a federal judge, and the case is set to be heard on July 31.

Well, isn’t that delightful. I was always under the impression that you cannot serve warrants to search property in other countries. But I’m a computer nerd, not a lawyer. But I’m thinking that if this does hold up somehow, and Microsoft releases the data stored in another country, then how long will it take for every other country in the world to buy equipment or services from a non-American or solely domestic company simply to avoid something like this happening to them? For example Germans buy from German companies or the French buying from French companies. But I’m getting ahead of myself. This is a case that needs to be watched closely as it’s going to have a huge impact.

Leave a comment »

Tech Workers Boycott Infosys, IBM, & Manpower

Posted in Commentary with tags , on June 4, 2014 by itnerd

Three U.S. tech worker groups have launched a labor boycott of IBM, Infosys and Manpower. The groups say that these three companies have engaged in a pattern that discourages U.S. workers from applying for U.S. IT jobs by tailoring employment ads toward overseas workers. Here’s what Donna Conroy, director of Bright Future Jobs had to say:

The main goals of the boycott are “attention getting” and putting pressure on the IT staffing firms to change their practices, Conroy said. With IT staffing agencies competing to fill U.S. positions, the companies contracting for their services may want to consider if the staffing firm “has a good reputation,” she said.

The boycott should also raise concerns about staffing firms violating equal employment laws, said Les French, president of WashTech. “In addition to calling attention to an illegal practice, we want to show there are valid challenges to the ‘labor shortage’ of STEM workers,” French said in an email.

For its part, Infosys disputed the charges:

“It is incorrect to allude that we exclude or discourage U.S. workers,” she said by email. “Today, we are recruiting for over 440 active openings across 20 states in the U.S.”

Neither Manpower or IBM responded to this.

My take: The H1-B visa program which is how a lot of these workers get into the US is a bit of a gong show. There’s ample evidence that the program is in need of an overhaul so that it protects American workers. For example, Professor Norm Matloff has an excellent paper on this. Plus Mother Jones has another excellent commentary on the subject. But what is really damming is a video of a attorney and his consultants teaching corporations how to manipulate foreign-worker immigration law so that they replace qualified American workers:

So clearly there’s a problem here that needs to be addressed.

As for this boycott, I am going to guess that it won’t make any difference except for a day or two of bad press for these three companies. After all, they likely don’t hire Americans anyway. Thus they won’t notice.

Leave a comment »

USA Remains The Largest Market For Cyber Security

Posted in Commentary with tags , on June 10, 2013 by itnerd

It didn’t come as a shock to me that the USA remains the largest market for cyber security given the events about Prism and related disclosures about what the NSA is apparently looking at. Strategic Defence Intelligence took a look at this and will be publishing a report today titled The Global Cyber Security Market 2013-2023. Here’s the highlights:

In 2014 the US is going to increase the budget on cyber defence by 21% or US$800 million. This comes despite an overall cut in the American defence budget. In recent years the US has been a major target for cyber espionage and cyber attacks operations sponsored by nations such as China,Iran, Russia and North Korea. A number of cyber attacks have targeted highly intelligent military networks and corporate institutions. In 2010 the US government suffered from the thousands of confidential US diplomatic cables that were leaked and published online by WikiLeaks. The recent digital infiltration of the RQ170 Sentinel drone by Iran as well as the ongoing rivalry against Russia and China have only underpinned the strong demand for cyber security services in the country.

Growth in the Global Market for Cyber Security

A steady flow of investments by the US government in the cyber security domain is expected to result in even more advanced technological innovations and cyber warfare capabilities. This in turn is anticipated to influence the cyber security strategies of most major defence spending countries, by prompting them to acquire similar technological capabilities. According to the Strategic Defence Intelligence report, the global market for cyber security is expected to value US$11.1 billion by the end of 2013. By 2023 this number is expected to reach US$19.4 billion. 

Government Initiative to Protect Civilian Institutions

Today most cyber security initiatives are designed to offer protection and deterrence, not only for military and government institutions, but also in the civilian and corporate world. The US Department of Homeland Security (DHS) has been a major proponent of bringing the civilian cyber security domain under governmental protection and has proposed a US$6 billion bill in its 2014 budget to provide civilian institutions with the technology and expertise needed for real-time cyber threat detection under an initiative named ‘Continuous Monitoring as a Service’ or CMaaS.

Cyber Weapons – The Move from Defence to Offence

The US is the first country to have militarily classified a number of cyber tools as cyber weapons, and has a state sponsored program aimed at developing these. As such, most countries with advanced cyber warfare capabilities, such as Israel, China, Russia and France are likely to move from a defensive to a more offensive position. The US is developing a number of cyber weapons including a master computer that can carry out cyber warfare activities without the intervention of a human programmer. In 2014, the US Air Force expects to spend US$19.7 million on offensive cyber operations, including research and development, operations and training. Similarly, the army proposes to spend US$5 million for improving its computer network exploitation and computer network attack capabilities. This recent focus on developing offensive capabilities has influenced other major defence spending countries too, with the UK developing a cyber weapons program in line with the US cyber security strategy. The Japanese Defence Ministry will also allocate substantial funds aimed at developing a cyber weapon. Countries such as Russia, China and North Korea are already believed to be in possession of cyber weapons and are likely to already have deployed and tested these weapons.

Definitions

Cyber security – Cyber security refers to the group of technologies, processes and practices designed to protect networks, computers, programs and data from unauthorized access, theft or damage.

Cyber weapons – Cyber weapons refer to devices or any set of computer instructions which are intended to unlawfully damage a system acting as a critical infrastructure, its information, the data or programs contained within the system.

Cyber warfare capabilities – Cyber warfare capabilities refers to the ability of an entity to defend itself from cyber weapons and launch attacks against other systems by deploying cyber weapons. 

Civilian cyber security domain – The civilian cyber security domain consists of private businesses and government contractors who store a lot of proprietary and classified information on their networks and are hence vulnerable to cyber threats.

Continuous Monitoring as a Service/CMaaS – CmaaS is a program initiated by the US Department of Homeland Security (DHS) which aims to install an array of sensors that collects data about cyber security risks and presents that information in an automated and continually updated dashboard. This display will allow technical workers and managers to improve the DHS’ view of security, to counter recurring threats more effectively and to support a data-driven approach to agency risk management.

 

 

1 Comment »

Want To Unlock Your Phone? If You’re In The US, Do It NOW!

Posted in Commentary with tags , on January 24, 2013 by itnerd

Here’s the deal. If you’ve got the need to unlock your phone so that you can port it to another carrier, I’d do it very quickly. That’s because next week unlocking your phone in certain circumstances will be illegal in the US:

In October 2012, the Librarian of Congress, who determines exemptions to a strict anti-hacking law called the Digital Millennium Copyright Act (DMCA), decided that unlocking mobile phones would no longer be allowed. But the librarian provided a 90-day window during which people could still buy a phone and unlock it. That window closes on January 26.

I can see why there would be those who argue that this is the right thing to do. But I would say that all it does is restrict consumer choice. Oh well. I guess your only option is to get a phone that’s unlocked to begin with. Google for one can help you with that. That of course assumes you can find a Nexus 4.

Leave a comment »

« Older Entries
Newer Entries »