For Sale: Government Web Sites at a Bargain

December 21, 2016

We trust that government Web sites are safe and secure with our information as well as the data that keeps our countries running.  We also expect that government Web sites have top of the line security software and if they did get hacked, they would be able to rectify the situation in minutes.  Sadly, this is not the case says Computer World, because they posted an article entitled, “A Black Market Is Selling Access To Hacked Government Servers For $6.”

If you want to access a government server or Web site, all you need to do is download the Tor browser, access the xDedic marketplace on the Dark Web, and browse their catalog of endless government resources for sale.  What is alarming is that some of these Web sites are being sold for as little as six dollars!

How did the xDedic “merchants” get access to these supposed secure government sites?  It was through basic trial and error using different passwords until they scored a hit.  Security firm Kaspersky Lab weighs in:

It is a hacker’s dream, simplifying access to victims, making it cheaper and faster, and opening up new possibilities for both cybercriminals and advanced threat actors,’ Kaspersky said.

Criminal hackers can use the servers to send spam, steal data such as credit card information, and launch other types of attack…Once buyers have done their work, the merchants put the server back up for sale. The inventory is constantly evolving.

It is believed that the people who built the xDedic are Russian-speakers, possibly from a country with that as a language.  The Web site is selling mostly government site info from the Europe, Asia, and South America.  The majority of the Web sites are marked as “other”, however.  Kaspersky track down some of the victims and notified them of the stolen information.

The damage is already done.  Governments should be investing in secure Web software and testing to see if they can hack into them to prevent future attacks.  The Dark Web scores again.

Whitney Grace, December 21, 2016

HonkinNews: Special Google Legacy Video Now Available

December 20, 2016

For December 20, 2016, a seven minute video about Stephen E Arnold’s The Google Legacy is available. Published in 2004, this monograph is no longer in print. The traditional publisher stumbled into a French wine vat and the disappeared. The Google Legacy explains how decisions made between 1998 and 2004 blazed a trail that other digital pioneers would follow. You can view the free program at this link.

Kenny Toth, December 20, 2016

More Watson Cheerleading from a Former IBMer

December 20, 2016

I love content marketing. It seems so fresh, insightful, and substantive. Consider a write up about IBM Watson by a former IBMer turned consultant. I wonder, “Is Frank Palermo working for IBM Watson now as a rental?” I know that when you read “IBM Watson Points the Way to Our Cognitive Business Future”, you will realize how darned wonderful IBM Watson is. I believe that Watson is ahead of its time. On the other hand, perhaps Watson lags Google DeepMind by a teeny tiny bit.

In the write up, which strikes me as a touchstone of intellectual and journalistic integrity, I learned:

In the five years since Jeopardy, Watson has become pervasive in the world around us.

Yes, pervasive. Just like Android or Amazon. Well, almost.

I learned:

IBM has invested more than $15 billion in Watson. IBM is betting its 105-year-old future on Watson.

Okay, that’s quite a bit of money. In order for IBM to recover that money, Big Blue will have to crank out the $15 billion, plus interest, plus the ongoing costs of staff, infrastructure, consultants, PR professionals, etc. That works out to IBM’s need to have Watson deliver something on the order of 2.5 the $15 billion in the next year or two to get within sniffing distance of a pile of break even cash before stakeholders lose patience. How close is IBM to having a $6 or $7 billion dollar per year revenue stream from Watson? I don’t have any idea, and IBM does not offer a fully loaded Watson cost and revenue breakdown in its remarkable financial reports.

I learned that the president of IBM who wants to assist President Elect Trump apparently said at the WOW conference (oh, wow, WOW, is World of Watson):

IBM president and CEO Ginni Rometty opened her World of Watson keynote proclaiming that, “in five years, there is no doubt in my mind that cognitive computing will impact every decision. Bringing cognitive capabilities to digital business will change the way we work and help solve the world’s biggest problems.”

Perhaps. But I think the focus will be on IBM Federal Systems and its ability to retain its government work. IBM, like several other big time technology outfits, is involved with many projects; for example, the DCGS Army search and discovery system. Mr. Trump may make some changes to that program, which might add some urgency to the Watson making money thing.

I learned:

Everywhere you turn, Watson is now impacting and — in many cases — transforming businesses. Hundreds of millions of people are now impacted by Watson. By the end of next year, it will hit 1 billion people. Watson is interacting with 200 million consumers in shopping, insurance, banking services, education and let’s not forget: the weather.

What’s “everywhere” is IBM Watson PR. I am not sure it has had much, if any, impact here in Harrod’s Creek. IBM had an operation in Lexington, but that went south and now the new owners are from a foreign land. IBM used to make hardware, but that too has gone away. Now IBM generates wordage about IBM Watson.

I remember Jeopardy. I wonder if IBMers know much about post production and the scandal that tarnished TV game shows. That’s a $64,000 question, isn’t it.

Now the author of this piece is described as a person who:

brings more than 22 years of experience in technology leadership across a wide variety of technical products and platforms. Frank has a wealth of experience in leading global teams in large scale, transformational application and product development programs.

I liked the fact that the bio did not mention this factoid:

Frank worked at IBM in the Advanced Workstations Division, and took part in the PowerPC consortium with IBM, Motorola and Apple. He was also involved in the design of PowerPC family of microprocessors as well as architecting and developing a massive distributed client/server design automation and simulation system involving thousand of high-end clustered servers. Frank received several patents for his work in the area of microprocessor design and distributed client/server computing.

Objectivity? Nope, just the stuff that dreams are made of. I cannot wait until my content management system is powered by Watson. That will be a dream, a treat, a great day, and highly useful.

Stephen E Arnold, December 20, 2016

Healthcare Technology as a Target for Cyberthreats

December 20, 2016

Will the healthcare industry become the target of cyber threats? Security Affairs released a story, Data breaches in the healthcare sector are fueling the dark web, which explains medical records are among the most challenging data sources to secure. One hacker reportedly announced on the Dark Web he had over one million medical records for sale. The going rate is about $60 per record. According to the Brookings Institute, more than 155 medical records have been hacked since 2009. We learned, 

The healthcare sector is a labyrinth of governance and compliance with risk mitigations squarely focused on the privacy of patient data. We in the industry have accepted the norm that “security is not convenient” but for those in the healthcare industry, inconvenience can have a catastrophic impact on a hospital, including the loss of a patient’s life. Besides patient records, there’s a multitude of other services critical to patient health and wellbeing wrapped by an intricate web of cutting-edge and legacy technologies making it perhaps the most challenging environment to secure. This may explain the rise in attacks against healthcare providers in the last six months.

When it comes to prioritizing secure healthcare technology projects in healthcare organizations, many other more immediate and short-term projects are likely to take precedence. Besides that barrier, a shortage of healthcare technology talent poses another potential problem.

Megan Feil, December 20, 2016

In Pursuit of Better News Online

December 20, 2016

Since the death of what we used to call “newspapers,” Facebook and Twitter have been gradually encroaching on the news business. In fact, Facebook recently faced criticism for the ways it has managed its Trending news stories. Now, the two social media firms seem to be taking responsibility for their roles, having joined an alliance of organizations committed to more competent news delivery. The write-up, “Facebook, Twitter Join Coalition to Improve Online News” at Yahoo News informs us about the initiative:

First Draft News, which is backed by Google [specifically Google News Lab], announced Tuesday that some 20 news organizations will be part of its partner network to share information on best practices for journalism in the online age. Jenni Sargent, managing director of First Draft, said the partner network will help advance the organization’s goal of improving news online and on social networks.

Filtering out false information can be hard. Even if news organizations only share fact-checked and verified stories, everyone is a publisher and a potential source,’ she said in a blog post. ‘We are not going to solve these problems overnight, but we’re certainly not going to solve them as individual organizations.

Sargent said the coalition will develop training programs and ‘a collaborative verification platform,’ as well as a voluntary code of practice for online news.

We’re told First Draft has been pursuing several projects since it was launched last year, like working with YouTube to verify user-generated videos. The article shares their list of participants; it includes news organizations from the New York Times to BuzzFeed, as well as other interested parties, like Amnesty International and the International Fact-Checking Network. Will this coalition succeed in restoring the public’s trust in our news sources? We can hope.

Cynthia Murrell, December 20, 2016

IBM Open Sourciness Goes Only So Far

December 19, 2016

I love IBM, Big Blue, creator of Watson. Watson, as you may know, is a confection consisting of goodies from IBM’s internal code wizards, acquired technologies like the instantly Big Data friendly Vivisimo, and Lucene. Yep, like Attivio and many other “search” vendors, open source Lucene is the way to reduce the costs for basic information retrieval.

I assume you know about OpenLava, which is an open source system for managing certain types of IBM systems. The Open Lava Web page here states:

With an active community of users and developers, OpenLava development is accelerating, delivering high-quality implementations of important new features including:

  • Fair-share scheduling – allocate resources between users and groups according to configurable policies
  • Job pre-emption – Ensure that critical users, jobs and groups have the resources they need – when they need them
  • Docker support – Providing application isolation, fast service deployment and cloud mobility
  • Cloud & VM friendly auto-scaling – Easily add or remove cluster nodes on the fly without cluster re-configuration

These features are in addition to the many advanced capabilities already in OpenLava including job arrays, run-windows, n-way host failover, job limits, dependencies for multi-step workflows, parallel job support and much more.

I read “OpenLava under IBM Attack.” I believe everything I read on the Internet. The write up explains that that Big Blue wants the OpenLava open source code removed. The write up states:

IBM claims that the versions of OpenLava starting from 3.0 infringe their copyright
and that some source code have been stolen from them, copied, or otherwise taken
from their code base.

Several thoughts:

  1. The folks involved with OpenLava did knowingly and intentionally rip off IBM’s software, and the marketer of Watson and its open source tinged Watson is taking a logical and appropriate action against the open source alternative to IBM’s own management software
  2. IBM is unhappy with OpenLava’s adoption by IBM customers. IBM customers should buy only software from IBM-authorized sources. Other old school enterprise software companies have this philosophy too.
  3. There is a failure to communicate. OpenLava is not making its case understandable to the outfit poised to hire 25,000 more employees and IBM is not making itself clear to the crafty folks at OpenLava.

I don’t have a dog in the fight. But I find it interesting that IBM Watson with its Lucene tinged capabilities is finding open source distasteful in some circumstances.

Life was far simpler when open source projects were more malleable. Next stop? The legal eagles’ nests.

Stephen E Arnold, December 19, 2016

Google Stretches Its AI Wings

December 19, 2016

Google has been very busy launching AI solutions. For example, ReCode tells us, “Pow! Bang! Google Uses Its AI to Bring Visual Punch to Digital Comic Books,” while the New Atlas reports, “DeepMind AI Slashes Cooling Costs at Google’s Data Centers.” Making comic books easier to read is nice, and reducing electric consumption is even better. We would be happy, though, to finally see more relevant search results; perhaps Google will tackle that side project soon.

Recode’s Mark Bergen describes Google’s comic-book enhancement tool, called Bubble Zoom:

The latest [AI] insertion is a neat visual trick to make it easier to read comic books within the Google Play Books app. Unfurled at Comic-Con International, it’s called Bubble Zoom and does just that — zooms in on text bubbles in comics with one touch. Last fall, Google introduced new mobile formats for digital comics, an attempt to get more comics readers, a devotee-heavy group, spending time and money within Google’s digital media store.

That could work. Meanwhile, Google is certainly seeing financial benefits from its AI-enhanced data center cooling project. Michael Irving at the New Atlas explains:

Now, Google has set its DeepMind system loose on its massive data centers, and drastically cut the cost of cooling these facilities in the process. Running Gmail, YouTube, and the all-knowing Google Search guzzles a tremendous amount of power, and while Google has invested heavily in making its servers, cooling systems and energy sources as efficient and green as possible, there’s always room for improvement. Especially when the industrial-scale cooling systems are difficult to run efficiently, given the complex interactions that occur between equipment, environment and staff in a data center. To account for all those factors that a human operator or traditional formula-based engineering might miss, the team put DeepMind to work on the problem, and the result was a drastic reduction in power consumption for the center’s cooling systems.

The article goes on to describe how the difference was measured, using the PUE metric and the record-breaking results they achieved. Naturally, Google expects to apply this successful tool throughout their buildings. We’re told they also plan to share the methodology with other organizations, so they can reduce their energy consumption, too. No word yet on how they plan to monetize that initiative.

Cynthia Murrell, December 19, 2016

Cybersecurity Technology and the Hacking Back Movement

December 19, 2016

Anti-surveillance hacker, Phineas Fisher, was covered in a recent Vice Motherboard article called, Hacker ‘Phineas Fisher’ Speaks on Camera for the First Time—Through a Puppet. He broke into Hacking Team, one of the companies Vice called cyber mercenaries. Hacking team and other firms sels hacking and surveillance tools to police and intelligence agencies worldwide. The article quotes Fisher saying,

I imagine I’m not all that different from Hacking Team employees, I got the same addiction to that electronic pulse and the beauty of the baud [a reference to the famous Hacker’s manifesto]. I just had way different experiences growing up. ACAB [All Cops Are Bastards] is written on the walls, I imagine if you come from a background where you see police as largely a force for good then writing hacking tools for them makes some sense, but then Citizen Lab provides clear evidence it’s being used mostly for comic-book villain level of evil. Things like spying on journalists, dissidents, political opposition etc, and they just kind of ignore that and keep on working. So yeah, I guess no morals, but most people in their situation would do the same. It’s easy to rationalize things when it makes lots of money and your social circle, supporting your family etc depends on it.

The topics of ethical and unethical hacking were discussed in this article; Fisher states the tools used by Hacking Team were largely used for targeting political dissidents and journalists. Another interesting point to note is that his evaluation of Hacking Team’s software is that it “works well enough for what it’s used for” but the real value it offers is “packaging it in some point-and-click way.” An intuitive user experience remains key.

Megan Feil, December 19, 2016

Potential Tor Browser Vulnerability Reported

December 19, 2016

Over at Hacker Noon, blogger “movrcx” reveals a potential vulnerability chain that he says threatens the entire Tor Browser ecosystem in, “Tor Browser Exposed: Anti-Privacy Implantation at Mass Scale.” Movrcx says the potential avenue for a massive hack has existed for some time, but taking advantage of these vulnerabilities would require around $100,000. This could explain why movrcx’s predicted attack seems not to have taken place. Yet. The write-up summarizes the technique:

Anti-Privacy Implantation at Mass Scale: At a high-level the attack path can be described by the following:

*Attacker gains custody of an addons.mozilla.org TLS certificate (wildcard preferred)

*Attacker begins deployment of malicious exit nodes

*Attacker intercepts the NoScript extension update traffic for addons.mozilla.org

*Attacker returns a malicious update metadata file for NoScript to the requesting Tor Browser

*The malicious extension payload is downloaded and then silently installed without user interaction

*At this point remote code execution is gained

*The attacker may use an additional stage to further implant additional software on the machine or to cover any signs of exploitation

This attack can be demonstrated by using Burp Suite and a custom compiled version of the Tor Browser which includes a hardcoded root certificate authority for transparent man-in-the-middle attacks.

See the article for movrcx’s evidence, reasoning, and technical details. He emphasizes that he is revealing this information in the hope that measures will be taken to nullify the potential attack chain. Preferably before some state or criminal group decides to invest in leveraging it.

Cynthia Murrell, December 19, 2016

Yahoo Data Value

December 18, 2016

I read “Hacked Yahoo Data Worth $300,000 on the Dark Web.” The Yahoot fumbled bumbled its way to losing more passwords. I have seen numbers ranging from 300 million, 500 million, and one billion. The answer to the question is allegedly $300,000. Seems to work out to about $0.0003. That strikes me as close to the credibility of the Yahoot management team. Those Xoogler led wizards know how to deliver “value.” Yahoo. It’s a hoot. Change that yodel to “yahooooot.”

Stephen E Arnold, December 18, 1016

« Previous PageNext Page »

  • Archives

  • Recent Posts

  • Meta