A New Side of Cyber Security

Cyber attacks have taken on a new and dangerous dimension. The goal of these attacks is to manipulate people to believe a certain thing, increasingly identify with that belief, and ultimately to take actions based on that belief.

Read More

Walking on Other Worlds

On July 21, 1969 the first human walked on another world. On December 14, 1972 the last human walked on another world. Will we reach a time when no living human has walked on another world?

Read More

The Jungle Book, Again

A second live action version of “The Jungle Book” is coming out just 2 years after the last live action version.

Read More

Streaming Analytics, Geometric Series, and Intrusion Detection

Streaming analytics for analyzing endpoints and users for intrusive behavior has been around for about a quarter century, probably most heavily promoted by SRI with their extensive publications on their NIDES intrusion detection system. These 1998 notes show how I made SRI's statistics more understandable to me.

Read More

Lacked Candor

Friday evening, 16 March 2018, Attorney General Sessions fired Deputy FBI Director Andrew McCabe. McCabe was set to retire on Sunday. Jeff Sessions in a statement explained that he fired McCabe in part for "lack of candor - including under oath - on multiple occasions."

Note that Sessions did not say McCabe "lied" but that he "lacked candor".

That reason makes this video of Session's testimony under oath seem extra special.

Equifax: Professional Hackers and B-team Defenders?

While the Bloomberg title and much of the article focuses on fingerprints of professional hackers, I want to highlight two other aspects of the story - the differences in rewards and experience between the executive staff and the IT and cyber security staff.

Read More

Debugging HDR on Apple TV

Last year I bought a new Sony TV with 4K and HDR anticipating a new 4K HDR Apple TV box. Last week my HDR Apple TV finally arrived, but I was disappointed when I apparently could not use the HDR capability.

After several days of experiments, I finally resolved all my issues

Read More

Before Applying New Technologies

My entire career has been based on developing new cyber security technologies and products, and I would love to sell everyone the latest & greatest tech. But first, any potential user or customer should take care of many of the basic (and often cheap or free) things.

Read More

Monitor What You Can't Fix (or Haven't Fixed Yet)

On September 7 Equifax announced it had suffered a major breach exposing very sensitive information (names, Social Security numbers, birth dates, addresses, and, in some instances, driver's license numbers) on almost all Americans who participate in the economy. Unlike passwords or credit cards, this is information that cannot be changed.

Read More

Kaspersky, EULA Companies, and Influence Operations

The article FBI pushes private sector to cut ties with Kaspersky discusses specific concerns about Kaspersky, but I think the issues are much broader.

In the briefings, FBI officials also raise the issue of Russia’s increasingly expansive surveillance laws and what they charge is a distinct culture wherein powerful Russian intelligence agencies are easily able to reach into private sector firms like Kaspersky with little check on government power.

This is not unique to Russia as governments and organizations all over the world want greater access to network activity, metadata, and contents on servers. The book After On: A Novel of Silicon Valley describes the fictitious social networking company Phluttr as a "EULA company" - a company where users essentially abdicate any 4th Amendment right to privacy when they agree to the End User License Agreement (which no one reads) and then contribute tons of information about themselves and their social connections.

Antivirus companies shipping metadata about all your files and network activity to their cloud servers, cloud-based file services (think about how they do de-duping), cloud-based email & messaging services, social networks, etc. all leak huge amounts of data about you.

The large amount of details users voluntarily give to companies is ripe for use in influence operations. For more details on the potential when analytics is applied to troves of data voluntarily provided, see The Data That Turned the World Upside Down:

The strength of their modeling was illustrated by how well it could predict a subject's answers. Kosinski continued to work on the models incessantly: before long, he was able to evaluate a person better than the average work colleague, merely on the basis of ten Facebook "likes." Seventy "likes" were enough to outdo what a person's friends knew, 150 what their parents knew, and 300 "likes" what their partner knew.
Source: https://www.cyberscoop.com/fbi-kaspersky-p...