Category Archives: Uncategorized

Hackers Eyeing Android Devices/SCADA Systems

Posted on by
Reply

Trend Micro predicts that the proliferation of Android devices, smartphones and tablets is making all systems based on Android an attractive target for hackers.

http://www.mobilitytechzone.com/topics/4g-wirelessevolution/articles/244561-hackers-eyeing-android-devices-scada-systems-2012-prediction.htm

The NSA has released a Secure Android Version:

http://www.informationweek.com/news/government/security/232400479

Security Enhanced Android can be found here:  http://selinuxproject.org/page/SEAndroid

Then there is Project Fishbowl, Secure Android on a Secure Network:

http://www.theverge.com/2012/3/2/2838729/nsa-project-fishbowl-secure-android-devices-network

ACTA’s Aviation Cyber Security Day: June 28, 2012

Posted on by
Reply

From http://www.atca.org/cybersecurity:

Last year’s debut of ATCA’s Aviation Cyber Security Day was so successful that it’s back again.

ATCA’s 2012 Aviation Cyber Security Day will take place June 28, 2012

Registration details will be posted soon and sponsorship opportunities are already available. Contact Claire.Rusk@atca.org or +1 703 299 2430 x309.

The Cyber Security Committee meets regularly in preparation for the event, and your input and suggested topics are welcome. Discussions will include: cyber threats in the NextGen (http://www.faa.gov/nextgen/) environment, different roles played within the aviation community in the event of a cyber attack, and much more.

15 Worst Data Breaches in Recent Memory from CSOonline

Posted on by
Reply

http://www.csoonline.com/slideshow/detail/31963/Slideshow–15-worst-data-breaches?source=csointcpt_15worst_ss#slide1 

Heartland, TJX, Epsilon, RSA, Stuxnet, Department of Veterans Affairs, Sony Playstation Network, ESTsoft, Gawker Media, Google etc., Verisign, CardSystems, AOL, Monster.com, Fidelity National Information Services

A Matter of Size

Posted on by
Reply

According to Will Durant, you can surmise the technological sophistication of a civilization by how they count, from “One, Two, Many”
(http://numberwarrior.wordpress.com/2010/07/30/is-one-two-many-a-myth/)
to “thousands of thousands” to  “Kilo, mega, giga, tera, peta, and all that”.

http://searchstorage.techtarget.com/definition/Kilo-mega-giga-tera-peta-and-all-that:

“Also see Kibi, mebi, gibi, tebi, pebi, … which are relatively new prefixes designed to express power-of-two multiples.

Kilo, mega, giga, tera, and peta are among the list of prefixes that are used to denote the quantity of something, such as, in computing and telecommunications, a byte or a bit. Sometimes called prefix multipliers, these prefixes are also used in electronics and physics. Each multiplier consists of a one-letter abbreviation and the prefix that it stands for.

In communications, electronics, and physics, multipliers are defined in powers of 10 from 10-24 to 1024, proceeding in increments of three orders of magnitude (103 or 1,000). In IT and data storage, multipliers are defined in powers of 2 from 210 to 280, proceeding in increments of ten orders of magnitude (210 or 1,024). These multipliers are denoted in the following table.

Prefix Symbol(s) Power of 10 Power of 2
yocto- y 10-24 *
zepto- z 10-21 *
atto- a 10-18 *
femto- f 10-15 *
pico- p 10-12 *
nano- n 10-9 *
micro- m 10-6 *
milli- m 10-3 *
centi- c 10-2 *
deci- d 10-1 *
(none) 100 20
deka- D 101 *
hecto- h 102 *
kilo- k or K ** 103 210
mega- M 106 220
giga- G 109 230
tera- T 1012 240
peta- P 1015 250
exa- E 1018 * 260
zetta- Z 1021 * 270
yotta- Y 1024 * 280
* Not generally used to express data speed
** k = 103 and K = 210

Examples of quantities or phenomena in which power-of-10 prefix multipliers apply include frequency (including computer clock speeds), physical mass, power, energy, electrical voltage, and electrical current. Power-of-10 multipliers are also used to define binary data speeds. Thus, for example, 1 kbps (one kilobit per second) is equal to 103, or 1,000, bps (bits per second); 1 Mbps (one megabit per second) is equal to 106, or 1,000,000, bps. (The lowercase k is the technically correct symbol for kilo- when it represents 103, although the uppercase K is often used instead.)

When binary data is stored in memory or fixed media such as a hard drive, diskette, ZIP disk, tape, or CD-ROM, power-of-2 multipliers are used. Technically, the uppercase K should be used for kilo- when it represents 210. Therefore 1 KB (one kilobyte) is 210, or 1,024, bytes; 1 MB (one megabyte) is 220, or 1,048,576 bytes.

The choice of power-of-10 versus power-of-2 prefix multipliers can appear arbitrary. It helps to remember that in common usage, multiples of bits are almost always expressed in powers of 10, while multiples of bytes are almost always expressed in powers of 2. Rarely is data speed expressed in bytes per second, and rarely is data storage or memory expressed in bits. Such usages are considered improper. Confusion is not likely, therefore, provided one adheres strictly to the standard usages of the terms bit and byte.

Related glossary terms: hard disk, byte, hard disk drive (HDD), gigabyte (GB), column address strobe, terabyte (TB), array-based memory, giant magnetoresistive effect, storage medium, array
Contributor(s): David Gabel
This was last updated in November 2000″

How to Muddy Your Tracks on the Internet

Posted on by
Reply

From http://www.nytimes.com/2012/05/03/technology/personaltech/how-to-muddy-your-tracks-on-the-internet.html:

How to Muddy Your Tracks on the Internet
By KATE MURPHY
Published: May 2, 2012

Legal and technology researchers estimate that it would take about a month for Internet users to read the privacy policies of all the Web sites they visit in a year. So in the interest of time, here is the deal: You know that dream where you suddenly realize you’re stark naked? You’re living it whenever you open your browser.

There are no secrets online. That emotional e-mail you sent to your ex, the illness you searched for in a fit of hypochondria, those hours spent watching kitten videos (you can take that as a euphemism if the kitten fits) — can all be gathered to create a defining profile of you.

Your information can then be stored, analyzed, indexed and sold as a commodity to data brokers who in turn might sell it to advertisers, employers, health insurers or credit rating agencies.

And while it’s probably impossible to cloak your online activities fully, you can take steps to do the technological equivalent of throwing on a pair of boxers and a T-shirt. Some of these measures are quite easy and many are free. Of course, the more effort and money you expend, the more concealed you are. The trick is to find the right balance between cost, convenience and privacy.

Before you can thwart the snoopers, you have to know who they are. There are hackers hanging around Wi-Fi hot spots, to be sure. But security experts and privacy advocates said more worrisome were Internet service providers, search engine operators, e-mail suppliers and Web site administrators — particularly if a single entity acts in more than one capacity, like Google, Yahoo, Facebook and AOL. This means they can easily collect and cross-reference your data, that is, match your e-mails with your browsing history, as well as figure out your location and identify all the devices you use to connect to the Internet.

“The worst part is they sell this extremely creepy intrusion as a great boon to your life because they can tailor services to your needs,” said Paul Ohm, an associate professor at the University of Colorado Law School in Boulder who specializes in information privacy and computer crime. “But do most people want to give that much away? No.”

He advised logging off sites like Google and Facebook as soon as practicably possible and not using the same provider for multiple functions if you can help it. “If you search on Google, maybe you don’t want to use Gmail for your e-mail,” he said.

If you do not want the content of your e-mail messages examined or analyzed at all, you may want to consider lesser-known free services like HushMail, RiseUp and Zoho, which promote no-snooping policies. Or register your own domain with an associated e-mail address through services like Hover or BlueHost, which cost $55 to $85 a year. You get not only the company’s assurance of privacy but also an address unlike anyone else’s, like me@myowndomain.com.

Or you can forgo trusting others with your e-mail correspondence altogether and set up your own mail server. It is an option that is not just for the paranoid, according to Sam Harrelson, a middle-school teacher and self-described technology aficionado in Ashville, N.C., who switched to using his own mail server this year using a $49.99 OS X Server and $30 SpamSieve software to eliminate junk mail.

“The topic of privacy policies and what lies ahead for our digital footprints is especially fascinating and pertinent for me, since I work with 13- and 14-year-olds who are just beginning to dabble with services such as Gmail and all of Google’s apps, as well as Facebook, Instagram, social gaming,” he said. “I have nothing to hide, but I’m uncomfortable with what we give away.”

But even with your own mail server, Google will still have the e-mails you exchange with friends or colleagues with Gmail accounts, said Peter Eckersley of the Electronic Frontier Foundation, a digital rights advocacy group in San Francisco. “You’re less exposed,” he said. “But you can’t totally escape.”

Another shrouding tactic is to use the search engine DuckDuckGo, which distinguishes itself with a “We do not track or bubble you!” policy. Bubbling is the filtering of search results based on your search history. (Bubbling also means you are less likely to see opposing points of view or be exposed to something fresh and new.)

Regardless of which search engine you use, security experts recommend that you turn on your browser’s “private mode,” usually found under Preferences, Tools or Settings. When this mode is activated, tracking cookies are deleted once you close your browser, which “essentially wipes clean your history,” said Jeremiah Grossman, chief technology officer with WhiteHat Security, an online security consulting firm in Santa Clara, Calif.

He warned, however, that private mode does nothing to conceal your I.P. address, a unique number that identifies your entry or access point to the Internet. So Web sites may not know your browsing history, but they will probably know who you are and where you are as well as when and how long you viewed their pages.

Shielding your I.P. address is possible by connecting to what is called a virtual private network, or V.P.N., such as those offered by WiTopia, PrivateVPN and StrongVPN. These services, whose prices price from $40 to $90 a year, route your data stream to what is called a proxy server, where it is stripped of your I.P. address before it is sent on to its destination. This obscures your identity not only from Web sites but also from your Internet service provider.

Moreover, these services encrypt data traveling to and from their servers so it looks like gibberish to anyone who might be monitoring wireless networks in places like coffee shops, airports and hotels.

While V.P.N. providers generally have strict privacy policies, Moxie Marlinspike, an independent security researcher and software developer in San Francisco, said, “It’s better to trust the design of the system rather than an organization.” In that case, there is Tor, a free service with 36 million users that was originally developed to conceal military communications. Tor encrypts your data stream and bounces it through a series of proxy servers so no single entity knows the source of the data or whence it came. The only drawback is that with all that bouncing around, it is very S-L-O-W.

Free browser add-ons that increase privacy and yet will not interrupt your work flow include Ghostery and Do Not Track Plus, which prevent Web sites from relaying information about you and your visit to tracking companies. These add-ons also name the companies that were blocked from receiving your data (one social network, five advertising companies and six data brokers on a recent visit to CNN.com), which is instructive in itself.

“Companies like Google are creating these enormous databases using your personal information,” said Paul Hill, senior consultant with SystemExperts, a network security company in Sudbury, Mass. “They may have the best of intentions now, but who knows what they will look like 20 years from now, and by then it will be too late to take it all back.”

A version of this article appeared in print on May 3, 2012, on page B7 of the New York edition with the headline: How to Muddy Your Tracks on the Internet.