Journalists Use Dark Web Technology to Protect Source Privacy
November 4, 2015
Canada’s paper the Globe and Mail suggests those with sensitive information to reveal some Dark Web tech: “SecureDrop at the Globe and Mail.” As governments get less squeamish about punishing whistleblowers, those with news the public deserves to know must be increasingly careful how they share their knowledge. The website begins by informing potential SecureDrop users how to securely connect through the Tor network. The visitor is informed:
“The Globe and Mail does not log any of your interactions with the SecureDrop system, including your visit to this page. It installs no tracking cookies or tracking software of any kind on your computer as part of the process. Your identity is not exposed to us during the upload process, and we do not know your unique code phrase. This means that even if a code phrase is compromised, we cannot comply with demands to provide documents that were uploaded by a source with that code phrase. SecureDrop itself is an open-source project that is subject to regular security audits, reducing the risk of bugs that could compromise your information. Information provided through SecureDrop is handled appropriately by our journalists. Journalists working with uploaded files are required to use only computers with encrypted hard drives and follow security best practices. Anonymous sources are a critical element of journalism, and The Globe and Mail has always protected its sources to the best of its abilities.
The page closes with a warning that no communication can be perfectly secure, but that this system is closer than most. Will more papers take measures to ensure folks can speak up without being tracked down?
Cynthia Murrell, November 4, 2015
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Google Hacks to Make You Grin
October 30, 2015
Google is run by a bunch of geeks that entertain themselves using the high tech toys at their fingertips. Beyond the insertion of Douglas Adams references in search results, there are other Google hacks that the tech geeks developed to make themselves and you smile. Digital Spy tracked down “Eleven Google Secrets That Will Change The Way You Search, From Playing Pac-Man To Lego Street View.”
“Day after day you hammer out search after search, overlooking not only the hidden gems lurking beneath the surface, but the very thing that makes Google such an anomaly amongst the world’s biggest companies – its sense of humor. Here are a few thinks you might not have known you can do in Google.”
Google can do numerous things just by typing a few simple commands into the search bar. Try typing: “askew” or “tilt,” “do a barrel roll,” and “Zerg rush.” Google is also a time machine and can take you back to the 1998 Google interface or you can spend hours playing Pac-Man on an uploaded Google Doodle from May 2010. The yellow stick figure on Google Street View also likes to play dress-up when he visits certain places.
But our absolute favorite is the six degrees of Kevin Bacon calculator. Based off an old Internet meme that everyone in Hollywood has worked with Kevin Bacon in less than six degrees, type in a famous person and “bacon number” to find out how close their careers are.
Little hacks and fun games like this show the human side to the Google empire. What will they think of next? However, it would be nice if Google added some practical functions, such as a time and date feature.
Whitney Grace, October 30, 2015
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
CSI Search Informatics Are Actually Real
October 29, 2015
CSI might stand for a popular TV franchise, but it also stands for “compound structured identification” Phys.org explains in “Bioinformaticians Make The Most Efficient Search Engine For Molecular Structures Available Online.” Sebastian Böcker and his team at the Friedrich Schiller University are researching metabolites, chemical compounds that determine an organism’s metabolism. Metabolites are used to gauge information about the condition of living cells.
While this is amazing science there are some drawbacks:
“This process is highly complex and seldom leads to conclusive results. However, the work of scientists all over the world who are engaged in this kind of fundamental research has now been made much easier: The bioinformatics team led by Prof. Böcker in Jena, together with their collaborators from the Aalto-University in Espoo, Finland, have developed a search engine that significantly simplifies the identification of molecular structures of metabolites.”
The new search works like a regular search engine, but instead of using keywords it searches through molecular structure databases containing information and structural formulae of metabolites. The new search will reduce time in identifying the compound structures, saving on costs and time. The hope is that the new search will further research into metabolites and help researchers spend more time working on possible breakthroughs.
Whitney Grace, October 29, 2015
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
The PurePower Geared Turbofan Little Engine That Could
October 29, 2015
The article on Bloomberg Business titled The Little Gear That Could Reshape the Jet Engine conveys the 30 year history of Pratt & Whitney’s new PurePower Geared Turbofan aircraft engines. These are impressive machines, they burn less fuel, pollute less, and produce 75% less noise. But thirty years in the making? The article explains,
“In Pratt’s case, it required the cooperation of hundreds of engineers across the company, a $10 billion investment commitment from management, and, above all, the buy-in of aircraft makers and airlines, which had to be convinced that the engine would be both safe and durable. “It’s the antithesis of a Silicon Valley innovation,” says Alan Epstein, a retired MIT professor who is the company’s vice president for technology and the environment. “The Silicon Valley guys seem to have the attention span of 3-year-olds.”
It is difficult to imagine what, if anything, “Silicon Valley guys” might develop if they spent three decades researching, collaborating, and testing a single project. Even more so because of the planned obsalesence of their typical products seeming to speed up every year. In the case of this engine, the article suggests that the time spent has positives and negatives for the company- certain opportunities with big clients were lost along the way, but the dedicated effort also attracted new clients.
Chelsea Kerwin, October 29, 2015
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Neglect Exposes Private Medical Files
October 28, 2015
Data such as financial information and medical files are supposed to be protected behind secure firewalls and barriers that ensure people’s information does not fall into the wrong hands. While digital security is at the best it has ever been, sometimes a hacker does not to rely on his/her skills to get sensitive information. Sometimes all they need to do is wait for an idiotic mistake, such as what happened on Amazon Web Services wrote Gizmodo in “Error Exposes 1.5 Million People’s Private Records On Amazon Web Services.”
Tech junkie Chris Vickery heard a rumor that “strange data dumps” could appear on Amazon Web Services, so he decided to go looking for some. He hunted through AWS, found one such dump, and it was a huge haul or it would have been if Vickery was a hacker. Vickery discovered it was medical information belonging to 1.5 million people and from these organizations: Kansas’ State Self Insurance Fund, CSAC Excess Insurance Authority, and the Salt Lake County Database.
“The data came from Systema Software, a small company that manages insurance claims. It still isn’t clear how the data ended up on the site, but the company did confirm to Vickery that it happened. Shortly after Vickery made contact with the affected organizations, the database disappeared from the Amazon subdomain.”
The 1.5 million people should be thanking Vickery, because he alerted these organizations and the data was immediately removed from the Amazon cloud. It turns out that Vickery was the only one to access the data, but it begs the question what would happen if a malicious hacker had gotten hold of the data? You can count on that the medical information would have been sold to the highest bidder.
Vickery’s discovery is not isolated. Other organizations are bound to be negligent in data and your personal information could be posted in an unsecure area. How can you get organizations to better protect your information? Good question.
Whitney Grace, October 28, 2015
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Libraries Failure to Make Room for Developer Librarians
October 23, 2015
The article titled Libraries’ Tech Pipeline Problem on Geek Feminism explores the lack of diverse developers. The author, a librarian, is extremely frustrated with the approach many libraries have taken. Rather than refocusing their hiring and training practices to emphasize technical skills, many are simply hiring more and more vendors, hardly a solution. The article states,
“The biggest issue I see is that we offer a fair number of very basic learn-to-code workshops, but we don’t offer a realistic path from there to writing code as a job. To put a finer point on it, we do not offer “junior developer” positions in libraries; we write job ads asking for unicorns, with expert- or near-expert-level skills in at least two areas (I’ve seen ones that wanted strong skills in development, user experience, and devops, for instance).”
The options available are that librarians either learn to code in their spare time (not viable), or enter the tech workforce temporarily and bring your skills back after a few years. This option is also full of drawbacks, especially that even white women are marginalized in the tech industry. Instead, the article stipulates the libraries need to make more room for hiring and promoting people with coding skills and interests while also joining the coding communities like Code4Lib.
Chelsea Kerwin, October 23, 2015
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Xendo, Can Do
October 23, 2015
While it would be lovely to access and find all important documents, emails, and Web sites within a couple clicks, users usually have to access several programs or individual files to locate their information. Stark Industries wanted users to have the power of Google search engine without compromising their personal security. Xendo is a private, personal search engine that connects with various services, including email servers, social media account, clouds, newsfeeds, and more.
Once all the desired user accounts are connected to Xendo, the search engine indexes all the files within the services. The index is encrypted, so it securely processes them. After the indexing is finished, Xendo will search through all the files and return search results displaying the content and service types related to inputted keywords. Xendo promises that:
“After your initial index is built, Xendo automatically keeps it up-to-date by adding, removing and updating content as it changes. Xendo automatically updates your index to reflect role and permission changes in each of your connected services. Xendo is hosted in some of the most secure data-centers in the world and uses multiple layers of security to ensure your data is secured in transit and at rest, like it’s in a bank vault.”
Basic Xendo search is free for individual users with payments required for upgrades. The basic search offers deep search, unlimited access, and unlimited content, while the other plans offer more search options based on subscription. Xendo can be deployed for enterprise systems, but it requires a personalized quote.
Whitney Grace, October 23, 2015
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Lexmark, a Printer Supply Company, Receives Hold Rating from Analysts
October 20, 2015
The article on Dakota Financial News titled Lexmark International Given Average Recommendation of “Hold” by Brokerages (NYSE: LXK) piles on the bad news for Lexmark, a company best known for its printer supply services. It is a tough time to be in the printing business, and Lexmark has received numerous analyst ratings of “Hold” and “Sell.” The article details the trend,
“Lexmark International (NYSE:LXK) traded down 0.59% during trading on Wednesday, hitting $28.59. The company had a trading volume of 259,296 shares. Lexmark International has a one year low of $27.22 and a one year high of $47.69. The stock has a 50-day moving average of $30.27 and a 200 day moving average of $39.70. The company’s market capitalization is $1.76 billion…The company reported $0.97 earnings per share (EPS) for the quarter, beating analysts’ consensus estimates of $0.85 by $0.12. “
Certainly not a vote of confidence in Lexmark, which owns both Brainware and ISYS Search Software. The article goes into some detail about the companies other work beyond printer supplies including enterprise content and process management software and healthcare archive with integration abilities for unstructured patient information. Perhaps these extras are saving the company from falling entirely into the “sell” category and maintaining at “Hold.”
Chelsea Kerwin, October 20, 2015
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Bye-Bye Enterprise Storage
October 19, 2015
Storage is a main component of the enterprise system. Silos store data and eventually the entire structure transforms into a legacy system, but BusinessWire says in “MapR Extends Support For SAS To Deliver Big Data Storage Independence” it is time to say good-bye to old enterprise storage. MapR is trying to make enterprise storage obsolete with its new extended service support for SAS, a provider of business software and services. The new partnership between allows advanced analytics with easy data preparation and integration in legacy systems, improved security, data compliance, and assurance of service level agreements.
The entire goal is to allow SAS and MapR clients to have better flexibility for advanced analytics within Hadoop as well as to help customers harvest the most usefulness our of their data.
Here is a rundown of the partnership between SAS and MapR:
“The collaboration makes available the full scope of technologies in the SAS portfolio, including SAS® LASR™ Analytic Server, SAS Visual Analytics, SAS High-Performance Analytics, and SAS Data Loader for Hadoop. Complete MapR integration delivers security and full POSIX compliance for use in “share everything architectures,” as well as enables SAS Visual Analytics to easily and securely access all data. With SAS Data Loader for Hadoop, users can prepare, cleanse and integrate data inside MapR for improved performance and then load that data in-memory into SAS LASR for visualization or analysis, all without writing code.”
Breaking away from legacy systems with old onsite storage is one of the new trends for enterprise systems. Legacy systems are clunky, don’t necessary comply with new technology, and have slow information retrieval. A new enterprise system using SAS and MapR’s software will last for some time, until the new trend buzzes through town.
Whitney Grace, October 19, 2015
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Coveo Touts Secure, Intelligent Cloud Search
October 19, 2015
Security is a perpetual concern, especially for those who work in the cloud. Enterprise search firm Coveo want us to know they take security very seriously. Their press release, “Coveo Completes Security Evaluation for cloud-Based Intelligent Search Offerings,” is posted at MarketWatch. The question is, “What does secure mean?” The definition may depend on one’s knowledge of the exploit world.
The write-up states:
“Marking its commitment to be the most secure intelligent search provider in the marketplace, Coveo announced that it has completed a comprehensive evaluation of data security and compliance procedures and processes. Coveo engaged with Brightline CPAs & Associates, which conducted a series of tests to evaluate the effectiveness of operations and controls that address data integrity and security. With data security threats on the rise across various industries and around the world, Coveo recognizes how important it is to provide clients of its cloud, intelligent search offerings with the highest security standards. Over the years, Coveo has implemented a set of industry-standard operations, infrastructure and services to ensure the integrity and privacy of customer data, including:
— SOC II and SOC I examinations
— Strong logical and physical access controls
— Systematic application and source code scanning
— Comprehensive background checks on all employees
— 24/7/365 live, dedicated operations and security teams
— Formal, ongoing 3rd party compliance and security reviews”
We are reminded that Coveo was recently named “most innovative leader” for the second year running in the Gartner Enterprise Search Magic Quadrant, with that report lauding the company’s “unusually rich security functions.” Founded in 2005, Coveo maintains offices in the U.S. (SanMateo, CA), the Netherlands, and Quebec.
Cynthia Murrell, October 19, 2015
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
-
- Subscribe to Beyond Search
Feature archive
News archive
-
