Monthly Archives: June 2013

1371492725000-200340315-001-1306171413_4_3_rx404_c534x401[1]

Upgrade your cable modem for faster speeds

I’ll be honest: Cable modems aren’t glamorous technology. In fact, you probably haven’t thought about yours since it was installed.

It’s easy to forget how important, and impressive, your cable modem actually is. It handles your Internet traffic 24/7 for years, usually without a hiccup. Some modems even pull double duty as your wireless router.

Beyond that, there is another good reason to think about your cable modem. If it’s more than a few years old, you might not get the Internet speeds you pay for.

Don’t guess at your Internet speed. Find out how fast it is in seconds with this free service at speedtest.net.

Cable companies are busy upgrading their networks for faster speeds. Naturally, to access these faster speeds requires a newer cable modem.

The newest standard for cable modems is DOCSIS 3 — although DOCSIS 3.1 is coming soon. DOCSIS 3 can have data download rates of 160 megabits per second, or better — four times faster than DOCSIS 2. Sounds great!

But don’t run out and grab a new modem just yet. Check with your cable provider to see if your connection uses DOCSIS 3. If your neighborhood network isn’t up-to-date, a new cable modem can wait.

There’s also no rush to upgrade if you have a basic low-speed Internet plan. You won’t get anywhere near your modem’s capacity.

The exception is if you have a really old DOCSIS 1.1 modem. That really needs to be replaced.

In addition to boosting your transfer rates, a newer modem could clear up any connection issues you’ve been experiencing. Many cable companies are phasing out DOCSIS 1.1 modems anyway.

To find out what kind of a modem you have, visit the modem manufacturer’s website. Then look up your model number. This information should be on the bottom or back of the modem.

Even if you’ve determined that you should upgrade, you aren’t done yet. The big question is should you buy a new modem or lease one from your cable company?

Both strategies have their pros and cons.

The major cable providers tack on a monthly fee of $3 or more for renting a modem. If anything goes wrong with it, the company will usually fix it or replace it for no charge.

Most cable companies keep the modem up-to-date with the latest firmware automatically. This can enhance the modem’s performance.

Call your provider and see if it will upgrade you to a DOCSIS 3 modem for free. It might do so to keep you a happy customer. Some people have even gotten the monthly rental fee waived.

So, what about buying your own modem? There’s a case for that as well.

Let’s say you lease a modem for $4 a month. After 4 years, you’ve shelled out $192.

You can buy an excellent DOCSIS 3 modem for $85-$100. It’s more expensive up front. But the longer you keep the modem, the more you save. I know people who have had the same modem for 6 years or more.

The downside is that you’re on the hook if something goes wrong with it. Plus, you’re responsible for staying current on firmware updates. However, those don’t happen too often.

If you decide to buy, check out your service provider’s support pages for recommended DOCSIS 3 modems. If you stick with top brands such as Motorola, Zoom, Linksys and D-Link, you’ll get reliability and a good warranty. You should also be able to use it with another provider if you move.

When shopping, you’ll notice some modems with built-in wireless routers. These are often called gateways. While a gateway is convenient space-wise, it has disadvantages.

Stand-alone wireless routers are more powerful and have more features. A gateway is tethered to the wall with a short coaxial cable. A standalone router is easier to place where you want, which means a better signal.

Don’t forget what happens if one part of the gateway goes kaput. You’ll have to buy a new gateway or a standalone unit anyway.

Additionally, with 802.11ac Wi-Fi gaining popularity, you’ll probably upgrade your router in a few years. That’s well before you want to upgrade your cable modem again.

Retrieved from USA Today

 

Firefox working with CIS to give users greater control over cookies

The Center for Internet and Society (CIS) at Stanford Law School this week launched a new cookie initiative – the Cookie Clearinghouse – aimed at giving browser users greater granular control over third-party cookies, with Firefox and Opera already interested.

CIS has long been involved in the drive to make cookies more accountable to users. It was behind the Do Not Track initiative that allows users to indicate that they do not wish to be tracked by cookies, and has evolved into a worldwide standard. Its weakness is that websites do not necessarily adhere to the instruction. 

A CIS researcher, Jonathan Mayer, subsequently developed a Firefox patch that works similarly to Safari and blocks third-party cookies from websites the user has never visited. This patch nearly got through to full Firefox release, but was abandoned earlier this year because of the potential for both false positives and negatives. In the former, if the primary site delivers content from a secondary site, any cookies from the secondary site are automatically blocked because the user never visited that particular site. In the latter, visiting a site doesn’t mean the user actually trusts its cookies.

Now CIS has come up with a new approach – the Cookie Clearinghouse – and Firefox is on board. The concept starts with four presumptions: set cookies from visited websites; disallow cookies from other sites; allow Digital Advertising Alliance opt-out cookies; and set cookies allowed by the user. These presumptions borrow ideas from existing approaches: the first two from Safari, the third from Chrome, and the last in conformance with European law.

But it’s not foolproof. The big new initiative from the Cookie Clearinghouse is the maintenance of both a block-list and an allow-list to override the automatic response. Inclusion on either of these lists can be challenged.

“Internet users are starting to understand that their online activities are closely monitored, often by companies they have never heard of before,” said Aleecia M. McDonald, the director of privacy at CIS driving the project, “But Internet users currently don’t have the tools they need to make online privacy choices. The Cookie Clearinghouse will create, maintain, and publish objective information. Web browser companies will be able to choose to adopt the lists we publish to provide new privacy options to their users.”

Mozilla’s CTO Brendan Eich announced Wednesday, “Today Mozilla is committing to work with Aleecia and the CCH Advisory Board, whose members include Opera Software, to develop the CCH so that browsers can use its lists to manage exceptions to a visited-based third-party cookie block.”

It’s early days yet, and it will be some months before anything comes of the initiative. The advertising industry is, however, already concerned. The Washington Post (itself a member of the Interactive Advertising Bureau) quoted IAB president Randall Rothenberg, who “said the changes could disrupt Internet commerce, especially damaging smaller Web publishers that rely on the revenue brought by targeted advertising.”

Meanwhile, Forbes has reported on a potential cookie replacement: computer fingerprinting, or ‘the creepier technology that comes next.’ “This technique allows a web site to look at the characteristics of a computer such as what plugins and software you have installed, the size of the screen, the time zone, fonts and other features of any particular machine,” warns Forbes. It notes that the EFF “has found that 94% of browsers that use Flash or Java – which enable key features in Internet browsing – had unique identities.” The suggestion is that as browsers and users increasingly opt-out or remove cookies, the advertising industry will move to a different tracking technology based on the recognition of what is effectively a unique PC biometric.

Retrieved from Infosecurity

childproofinternet_primary-100042896-large[1]

How to child-proof the Internet

The Internet is filled with websites that are inappropriate for anyone, much less children. Kids get into trouble online all the time, even when they aren’t looking for it. Misspelling a website address, screwing up a search term, or clicking a risqué ad can lead to some awkward bedtime conversations. Online bullying, predatory adults, and illegal downloading of copyrighted content are other threats.

Though we can’t make the Internet itself kid-safe, we can at least make its darker crevices harder to access. Setting up parental controls and content filtering on computers, tablets, smartphones, and other gadgets is easy. More important, these precautions empower your devices to protect kids from digital dangers when you aren’t around to supervise.

Start with Web filtering

The most effective precaution you can take to safeguard kids while they’re browsing is to set up Web filtering on your router with OpenDNS. You can enable Web filtering on most devices individually, but I recommend trying the free or premium service from OpenDNS because it can filter Internet access across all computers and devices connected to your router.

OpenDNS offers three parental control options: FamilyShield, Home, and Home VIP. OpenDNS FamilyShield, the simplest option, offers preconfigured adult content filtering—just set it on your router and forget it. OpenDNS Home allows you to customize the filtering and security settings. You also need to create an account and install a program on at least one PC in your home. OpenDNS Home VIP, the high-end option, starts at $20 a year and provides additional features such as Internet usage stats and premium support.

Neowin
This is the sort of OpenDNS page you’ll see when trying to visit a blocked site.

To get started with OpenDNS, visit the company’s website and choose the service that suits your needs. The OpenDNS website provides step-by-step instructions for enabling the service on many different router models.

Setting up content filtering on mobile devices for when your kids are connected to other Wi-Fi networks or to a mobile 3G or 4G network is trickier: You have to install a Web browser that offers filtering. I recommend K9 Web Protection, downloadable from the Google Play store for Android devices and from the Apple Store for iOS devices. For Windows Phone 7.5 or 8 devices, give AVG Family Safety 8 a whirl.

Enable Windows’ excellent Family Safety features

Starting with Vista, every copy of Windows includes parental controls that allow you to control and monitor PC usage based on which account is signed into the PC. The controls let you limit how long specific accounts can use the PC and which games and programs they can run (based on content ratings or simply your fiat), and let you introduce stringent Web filtering. You can also view activity reports on those accounts—or have them emailed to you—and centrally manage the settings for all protected accounts and PCs on the Family Safety site.

For Windows Vista and Windows 7 PCs, you must download and install the Family Safety application, a part of the free Windows Essentials software package, to use all the Parental Controls features. The Parental Controls features are built into Windows 8, where they remain grouped under the moniker Family Safety.

To enable and adjust Parental Controls settings in Windows Vista or 7, click Start, type parental controls and press Enter. In Windows 8, go to the Start Screen, type family safety, select Settings, and open Family Safety.


Use the Parental Controls options in Windows 7 to control what specific user accounts can do on your PC.

Even if you set up OpenDNS filtering on your router, consider also using the Web filtering offered by Windows. When activated, it automatically imposes the safe-searching filter options on search engines like Google, Bing, and Yahoo. It also allows you to block downloads.

Even Mac OS X should be secured

Starting with Mac OS X 10.4 Tiger, Apple has been building parental controls similar to those in Windows into Mac OS X. The most recent versions of Mac OS X let you specify computer usage time limits, identify applications that the user can run, limit applications that the user can download from the Apple App Store, and enable Web filtering. You can also specify who the user can communicate with via the Mail, Messages, and Game Center apps; and you can restrict access to printer administration, CD/DVD burning, and other features.

To get started with parental controls in Mac OS X 10.5 and 10.6, open the Apple menu in the top-left corner, click System Preferences, and in the System section, open Parental Controls. In OS X 10.7 and later, accounts with parental controls must be set as a ‘Managed with Parental Controls’ account. If you haven’t yet created such an account, Mac OS will walk you through the process for doing so.


The Mac OS X Parental Controls menu lets you exercise an amazing level of control over what users can do on the Mac PC.

Lock down your iOS devices

Apple also includes parental controls in iOS (available on iPhones, iPod touches, and iPads), but—somewhat confusingly—it refers to these settings as Restrictions. You can block access to certain apps, such as the Safari Web browser, the Camera, and FaceTime video chatting; and you can block users from performing basic tasks, such as installing or deleting apps. In addition, you can restrict access to content based on ratings or content type, and require a PIN to make purchases on the device—perfect for keeping young children from charging new apps to your credit card without your permission.


Take advantage of the Restrictions menu (in the General section of your iOS Settings app) to disable troublesome apps.

To configure the Restrictions in iOS, open your Settings app, scroll down to select General, and select Restrictions.

Hack your own controls on Android

Unlike iOS, the Android operating system doesn’t offer built-in parental controls. But if you have the official Google Play Store app on your Android device, you can restrict the type of apps that a user can download, based on their ratings, and you can require a password for purchases. Here’s how to set up this control: Launch the Play Store app, open the app options screen, select Settings, and enable Content Filtering.

For devices that lack the Google Play Store app—usually cheaper or branded tablets—parental control features vary depending on the manufacturer’s firmware, and they may not even exist.

Don’t let that stop you: Android is a fairly open platform, and you can hack together your own parental controls by installing a utility such as Application Protection to restrict which apps can be used on the device.

Do what you can with Windows Phone

Windows Phones running Windows Phone 8 include a basic parental control feature that Microsoft calls My Family. Currently it allows you to restrict app and game downloads—but nothing else. On the Windows Phone games front (ha!), you can use My Family to block unrated games.

To get started with My Family, log in to the Windows Phone site and choose My Family from the menu. From there, to enable parental restriction, add the Windows Live ID that belongs to a child’s phone to the My Family list; then configure exactly what downloads are to be blocked.

Don’t forget about social networks

For kids on Facebook, Twitter, or other social networking sites, consider reviewing their privacy and security settings. Ideally, of course, you either share admin rights to the social networking accounts of your minor children, or you have established rules that allow you to have access upon request.


It’s well worth your time to review the Privacy Settings menu on your child’s Facebook account, which you can find by clicking the blue gear icon in the upper right corner of a Facebook page.

Once you have access to a child’s social network account, make posts and most other content on the profile viewable only by people who are friended or approved. You might also want to enable some optional security features to help protect the account from being hacked. For the full rundown on how to lock down Facebook, Twitter, Instagram, and more, see our guide to safer social networking.

If that doesn’t put you at ease, consider using a service such as Avira Social Network Protection to help you monitor minors’ online activity and to report on any inappropriate or dangerous communication. The Internet can be a dangerous place, and putting a little time and money into child-proofing your devices can pay off down the road.

Retrieved from PC World

LinkedIn-magnified[1]

LinkedIn Recovering From Outage Due to Possible DNS Hijack

Linkedin-magnified

LinkedIn is recovering from a DNS issue that sent visitors to a different web site for an hour Wednesday night.

The issue, which is now resolved for most users, rerouted the traffic to a domain sales page.

LinkedIn, a popular professional social network, acknowledged the issue in a tweet, but did not elaborate.

However, App.net co-founder Bryan Berg claims there’s more to the issue.

“LinkedIn just got DNS hijacked, and for the last hour or so, all of your traffic has been sent to a network hosted by this company [confluence-networks.com]. And they don’t require SSL, so if you tried to visit, your browser sent your long-lived session cookies in plaintext,” Berg wrote.

If he is correct, it’s possible that user cookies were captured in plaintext by a third party that could use them to compromise LinkedIn accounts.

LinkedIn has had its share of security problems in June 2012, when 6.5 million encrypted passwords were leaked online.

LinkedIn did not immediately respond to a request for comment. We will update the story as we get more details.

Update: LinkedIn has sent us the following statement: “LinkedIn is experiencing some intermittent issues due to a DNS issue. Many users have since been able to access the site.  Our team continues to work on it and we hope to resolve this as soon as possible.”

Image courtesy of LinkedIn

Retrieved from Mashable

Screen-Shot-2013-06-19-at-1.03.07-PM[1]

Microsoft Finally Offers To Pay Hackers For Security Bugs With $100,000 Bounty


Vasilis Pappas claiming his $200,000 reward for developing a new hacking defense at Microsoft’s Blue Hat Prize event last year. Now Microsoft is adding ongoing bounties for offensive hacking techniques, too

For years, Microsoft has refused to offer financial rewards to researchers who tell the company about security flaws in its software, even as Google GOOG -0.02% and Facebook FB +0.47% have ratcheted up their so-called “bug bounty” programs. Now the software giant has suddenly changed its mind–and it’s even offering even bigger bounties in some cases than those competitors.

On Tuesday Microsoft announced that it’s now willing to pay up to $100,000 for information about security bugs that can be used to bypass the defenses of Windows, starting with the upcoming preview version of Windows 8.1 to be released later this month. For researchers who also detail new defensive techniques for preventing similar bugs from being exploited in the future, Microsoft will pitch in an extra $50,000 “Defense Bonus” per submission.

Aside from those $100,000 and $50,000 bounties, Microsoft will also pay up to $11,000 for exploits affecting the preview version of Internet Explorer 11, a strategy designed to fix the software’s bugs before it’s widely released to users. “[Most organization] don’t offer bounties for software in beta, so some researchers would hold onto vulnerabilities until the code is released to manufacturing,” reads a blog post about the bug bounty program from Microsoft’s senior security strategist Katie Moussouris. “Learning about these vulnerabilities earlier is always better for us and for our customers.

Microsoft’s payouts compare to just $20,000 offered by Google for bugs in its Web applications, though the search firm did briefly offer $150,000 for a bug in its Chrome operating system in a competition in January and $60,000 for bugs in its Chrome browser the year before. Mozilla offers up to $3,000 for bugs in its software. Facebook pays a minimum of $500 but doesn’t specify its maximum reward.

Since Bill GatesTrustworthy Computing memo in 2002, Microsoft has created a reputation for working closely with the security research community, hiring hackers and hosting the Blue Hat security conferences in Redmond.  At the Black Hat conference last year it awarded the first Blue Hat prize for researchers who develop defensive techniques against exploits, totally $260,000 in rewards.

So why only start paying bounties for bugs in its software now? Microsoft’s Reavey says that the company has been receiving a growing stream of reports through third-party bug buying programs like the HP-owned Zero Day Initiative and Verisign’s iDefense, which pay up to $10,000 for bugs and report them the software’s vendor. It also saw the impact of events like the annual Pwn2Own competition, where hackers are sometimes paid six-figure rewards for developing advanced exploits against Microsoft products and then revealing their techniques. “We find out about [these advanced exploits] once a year through these events, or unfortunately,  in the wild,” says Reavey. “We want o get them year round as early and often as possible.”

Part of the incentive for Microsoft’s program may also be the growing bounty for exploit techniques among a different community: Government and black market buyers who plan to use them for espionage or for crime. According to interviews I conducted in March of last year, a working exploit affecting Windows could earn a hacker between $60,000 and $120,000 dollars from an intelligence or law enforcement agency, and one that achieves full compromise of a Windows computer through Internet Explorer could earn as much as $200,000.

In her blog post, Moussouris alluded to those less-friendly bug-sellers, arguing that Microsoft’s program aims to give them an equally lucrative alternative, and that its “Defense Bonus” may also make their offensive hacking more difficult. “With the strategic bounty programs announced today and the industry collaboration program enhancements to come, Microsoft will simultaneously encourage those who want to work with us while increasing costs for those whose actions cannot be affected by bounties or other incentive programs.”

Retrieved form Forbes

googleprism[1]

PRISM paranoia is officially Google’s worst nightmare

PRISM paranoia is officially Google’s worst nightmare

Reports of  widespread government surveillance aren’t a problem for  just you– they’re a nightmare for Google as well.

Since the initial PRISM reports dropped earlier this month, Google and other  tech companies have struggled to distance themselves from the claims that they  give government agencies direct access to their servers.

To dispel these fears, Google asked the government yesterday to allow  it to disclose how many Foreign Intelligence Surveillance Act (FISA) requests it  receives. Google’s goal? To show just how limited of a relationship it has  with government agencies like the National Security Agency (NSA).

While the move was obviously an important one for Google, what’s more notable  is that Google made no attempt to hide why it cared so much about the PRISM  paranoia: It’s killing the company’s image.

“Google’s reputation and business has been harmed by the false or misleading  reports in the media, and Google’s users are concerned by the allegations.  Google must respond to such claims with more than generalities,” the company  said in yesterday’s filing.

edward snowden

Edward Snowden is making it a tad tougher for Google  to do business.

Google and its fellow tech companies are in a tough spot. Not only do they  have to comply with government requests for user information, but they must also  deal with claims from whistle-blowers and journalists that they’re giving  that information up without a fight.

The problem for Google, as Google itself notes, is that no matter how  misleading PRISM reports get, the law prevents the company  from effectively refuting the accusations. Information requests  made under FISA come with gag orders, which prevent Google from listing the  requests in its annual Transparency Report. This means that while Google  can defend itself, its defense largely amounts to “just trust us” as far as FISA is concerned.

For Google, the cure for this whole thing is transparency.

“Google’s numbers would clearly show that our compliance with these requests  falls far short of the claims being made. Google has nothing to hide,” Google wrote in a letter to the offices of the Attorney  General and the FBI.

For Google, which prides itself on its transparency and openness, its  current predicament is an extremely dangerous one to be in. When  people stop trusting Google, they stop using Google’s services,  choking the company of not only data but advertising revenue as  well.

To see where this fear could ultimately go, consider DuckDuckGo, a  private search engine that  saw its best traffic ever last week. As DuckDuckGo founder Gabriel Weinberg  noted, PRISM exposed just how eager people are to find alternatives to Google’s  services. “We offer [an alternative] in web search, and there are others that  offer it in other verticals. As people find out about these alternatives,  they make that choice,” he said.

That sort of thing must scare the pants off Google. PRISM has done more  damage to Google’s reputation in a few days than rivals like Microsoft  could ever hope to do in a decade. The situation  is especially troubling because people are already paranoid about how  much data Google collects about them. PRISM, then, is stirring up a perfect  storm of fear that Google is trying as hard as it can to dispel.

The company’s basic argument is this: Google has just as much reason to keep  the government’s hands off your information as you

Retrieved from venturebeat

dhscyberaudit[2]

DHS needs to step up its game in federal cybersecurity

Cybersecurity at DHS

The Homeland Security Department was given the lead in overseeing the Federal Information Security Management Act in 2010, but according to the DHS Office of Inspector General, government cybersecurity remains very much a work in process.

Efforts to make FISMA a more responsive tool for protecting government IT systems are hampered by a lack of a strategic plan with long-term goals and metrics, according to the recently released OIG report.  CyberScope, a primary tool for automating and enabling continuous monitoring of systems, provides only limited ability to assess security status and is itself not fully protected by baseline security configurations.

CyberScope System Architecture and Encryption Elements

CyberScope System Architecture and Encryption Elements

Inspectors also found that security training for contractors running CyberScope is not documented, a finding that Rep. Bennie G. Thompson (D-Miss.) called disturbing in light of recent leaks from former Booz Allen Hamilton employee Edward Snowden abut National Security Agency surveillance programs.

“It is puzzling that DHS has not taken the solid steps to ensure its contractor workforce gets proper security training,” Thompson, ranking member of the House Homeland Security Committee, said in a statement. “With the recent national security leak revelations involving a contractor at NSA, we no longer have to speculate about whether contractors are capable of leaking sensitive information.”

The report contains six recommendations for the National Protection and Programs Directorate’s (NPPD), which DHS has agreed to and says it is working on implementing.

The Office of Management and Budget has statutory authority for overseeing FISMA and has designated DHS the lead agency, with NPPD’s Office of Cybersecurity and Communications, Federal Network Resilience division, managing FISMA reporting and cybersecurity evaluations. A major complaint of FISMA has long been that documenting compliance has siphoned away agency resources needed for improving security. This situation has improved somewhat under DHS.

Just two agencies of 10 interviewed by the OIG complained that the annual reporting process is a strain on available personnel resources. And just “one agency stated that, instead of spending resources to implement technical controls and automated capabilities to monitor and protect its networks, it had to divert available funding to ensure FISMA compliance and address the annual reporting metrics.”

CyberScope, a cornerstone of the automated reporting process, is a Web-based application for delivering monthly security and vulnerability data feeds intended to improve risk management and situational awareness. But although it has eased some reporting burdens, it has provided little other return so far.

“The current data feeds do not provide the fidelity or reliability required to provide a detailed vulnerability picture,” the report said. They “are useful for informing decision makers of large-scale trends and possible threats concerning the existence of unsupported (end-of-life) operating system and software. The feeds also provide useful (though rough) situational awareness data regarding the types of monitoring tools being used and the fullness of current implementations.” This lack of detailed analysis has contributed to a lack of feedback.

Current CyberScope feeds were called only a transitional tool toward more comprehensive continuous monitoring. Plans are under way to make CyberScope information more useful in spotting vulnerabilities and evaluating security.

Although the report stops short of saying CyberScope is not secure, it points out that DHS has not implemented all of the security controls and baseline configurations required for its IT systems, which could allow unauthorized access. Problems spotted included improper guest and default accounts on the system and the granting of elevated permissions to a public group that could expose parts of the system.

The lack of a strategic plan with milestones and metrics for fulfilling its cybersecurity responsibilities was a primary shortcoming identified in the report. This was partially the a result of a rapidly evolving role at DHS coupled with high management turnover in the last year. Michael Locatis left his post as assistant secretary in the Office of Cybersecurity and Communications in January; Matt Coose left his post as director of the Federal Network Security Branch in July; and the head of the Cybersecurity Performance Management branch left in March.

DHS has agreed with all six recommendations included in the report:

  • Coordinate with the Office of Management and Budget to develop a strategic implementation plan identifying long-term goals and milestones for FISMA compliance.
  • Update and finalize internal operating procedures and guidance documents so that cyber responsibilities and procedures are clearly defined.
  • Improve communication and coordination with agencies by making FISMA reporting metrics more clear.
  • Implement a process to analyze and provide detailed feedback on agencies’ monthly vulnerability data feeds.
  • Establish a process to ensure that all CyberScope contractor system administrators have received adequate security training in compliance with applicable guidance.
  • Implement all required DHS baseline configuration settings on the CyberScope database.
  • Retrieved from GCN
1371422642000-records-1306161845_4_3_rx404_c534x401[1]

Commentary: Is NSA showing real cost of ‘Big Data’?

The leak of NSA information demonstrates how global companies are at risk of being turned into national assets.

Several weeks ago, the Washington Post and the Guardian ran stories about the NSA, revealing the agency’s forays into “big data” and its attempts to acquire ever-larger quantities of that data off of corporate servers. The big revelation was PRISM, a partnership with American tech companies — alleged to include Googl, Microsoft Corporation, Yahoo!, Facebook, and others — through which they provided the government with, if not a backdoor, at least a back window. This information was leaked to the media by former NSA contractor Edward Snowden, who argued that “the public needs to decide whether these programs and policies are right or wrong.”

That may be, but the public also needs 20 gigabytes of free cloud storage. Having sacrificed privacy for the convenience of social media and the cloud, it’s unlikely that we’ll draw a line in the sand when it comes to security. The Patriot Act is 12 years old, polls suggest that Americans don’t mind surveillance so long as it’s their party doing it, and a cynic might argue that criticism of the NSA has more to do with the next election cycle than with any qualms over privacy.

The fallout may be more severe overseas, where American tech companies were under political pressure long before PRISM came to light. In Europe, ongoing concerns over data privacy have now been vindicated, while China finds itself in a position to retaliate for actions taken by Congress last year.

In October 2012, two Chinese conglomerates – Huawei and ZTE – were condemned via Congressional report, and effectively banned from selling network equipment in the US. This came several years after the NSA reportedly scuttled a deal between Huawei and AT&T, over fears that the Chinese government would use Huawei’s infrastructure “to monitor US communications.” China responded with reprisals against American companies, and Cisco was ousted from one of the country’s backbone networks. Several months later, Apple came under attack in state media. The NSA leak provides China with ammunition for further action against American companies, the only question being whether – and when – they’ll decide to use it.

Europe, meanwhile, has taken data privacy more seriously than we have in the US, with Brussels adopting a regulatory approach over the last few years. The tech industry has lobbied hard — and with some success — to soften the EU’s stance, but NSA-gate comes at an inconvenient time, and rubs a tender spot. American tech firms do much of their business across the Atlantic, but US law affords little protection to European customers. This worries the EU, which earlier this year attempted to block FISA (the Foreign Intelligence Surveillance Act) from applying in its territory. The existence of PRISM seems to justify their concerns. When details of the program were revealed, Facebook and others issued press releases, stating that they had only followed US law — which, the NSA was quick to point out, protects US citizens. This was tantamount to an admission that foreigners were the primary target.

No law requires American companies to make it easy for the government to seize information — and Google, at least, has denied that it did — but Washington wouldn’t find it difficult to compel them to do so. Silicon Valley is the frequent target of antitrust lawsuits, cyber bills are a common occurrence in Congress, and government contracts drive a large amount of revenue. It might be hoped that the NSA has no sway over the other branches of government — and we might similarly hope that the IRS is impartial — but then, AT&T was threatened with the loss of its public sector business in the dustup over Huawei.

The leak has some larger implications. It demonstrates how global companies are at risk of being turned into national assets. No government ever needed to be convinced about the virtues of protectionism, and with the arrival of big data, foreign firms have become a security risk. Can we trust them not to share information with their governments? Can they trust us? We’re finding that these are serious questions even in today’s relatively peaceful world. At a more difficult time, they would become pivotal.

Big data is now used to foil terrorist attacks, and to decide elections. It might just as well be used to win a war. For governments and businesses both, it has become something irresistible. Its presence guarantees its use, and there is little at this point to distinguish use from abuse, or to discourage the latter. The advantages of big data could prove to be ephemeral, as the companies that collect it find themselves marginalized internationally, and the individuals who provide it become more discrete. On the other hand, the costs — to openness, personal autonomy, and the competitiveness of global tech companies — will probably be sticking around.

Retrieved from USA Today

obama-charlie-rose[2]

Obama steps up defense of NSA snooping: ‘Freedom vs. security is a false choice’

Obama steps up defense of NSA snooping: ‘Freedom vs. security is a false choice’

President Barack Obama wants you to know that those PRISM slides you saw last  week aren’t the full picture.

The president appeared  on the Charlie Rose show Monday night, defending the National  Security Agency’s surveillance practices and attempting to calm the fears  that the government’s antiterrorism efforts are infringing on the freedoms of  Americans. The broadcast came on the same day as that NSA whistleblower Edward Snowden answered readers’ questions via the Guardian‘s website, making Monday an interesting day for anyone  following both sides of the ongoing debate over the NSA’s practices.

Here’s what Obama wants you to know:

Security vs. freedom is a false choice

Security or freedom? If you’re like a lot people, you probably don’t think  they’re compatible. But Obama disagrees. “We don’t have to sacrifice  freedom in order to achieve security. That’s a false choice,” he  said.

Obama did note, however, that there are trade-offs that have to be made  in these sorts of arrangements — and by “trade-offs,” we can only assume he  means “privacy.”

The NSA’s phone-snooping program is full of oversight

Another common defense of the NSA’s surveillance programs is plain  old checks and balances. As Obama pointed out, the NSA’s activity is overseen by  both Foreign Intelligence Surveillance Act (FISA) courts and congress,  which makes the entire snooping process both legal and transparent.

“My concern has always been not that we shouldn’t do intelligence-gathering  to prevent terrorism but rather are we setting up a system of checks and  balances?” Obama said.

The problem, of course, is that much of that checks-and-balances process is  kept secret, which isn’t much comfort for those who don’t trust the government  to begin with.

Metadata-matching is possible, but no one’s doing it because … well,  it’s illegal 

Probably the biggest fear attached to metadata — data like when and where a  phone call is made, for instance — is that it can be very, very powerful in  bulk, particularly when it’s matched against other data. This is true  even if the data is “anonymized.” Once you learn a lot of disparate information  about someone, you can get a pretty good sense of who they are and what they’re  into — regardless of whether you know their names.

While Obama conceded that as true, he dismissed the concerns on the basis  that that sort of data-matching is illegal under current programs. “We would not  be allowed to do that,” he said.

Translation: It’s not that the NSA doesn’t have the capacity to do widespread  matching analysis on the data it collects; it’s that the law prevents it from  doing so. Still, as many have point out, there’s very little preventing the  government from changing that law to suit increased data collection and  analysis.

The NSA programs focus on foreigners, not  Americans 

One of the most strict limitations applied to the  NSA’s surveillance programs is that they apply to foreigners, not  Americans. Moreover, as Obama pointed out, the NSA’s investigations are narrow  and focus on matters related to “counterterrorism, weapons proliferation, cyber  hacking or attacks.”

While that might be something of a solace for Americans, it’s certainly not  one for the rest of the world. In a letter sent today to Congress on  Tuesday, an international group of nonprofit organizations  said that the U.S. government has the responsibility to respect the  privacy of not just its own people but the rest of the world as well.

“The contradiction between the persistent affirmation of human rights online  by the U.S. government and the recent allegations of what appears to be mass  surveillance of U.S. and non-U.S. citizens by that same government is very  disturbing and carries negative repercussions on the global stage,” the group  said.

Photo: Instagram/PBS

Retrieved from Venture beats

chinese-supercomputer[1]

Report: China Now Has The World’s Fastest Supercomputer

chinese supercomputerEric Piermont/AFP/File

A Chinese supercomputer is the fastest in the world, according to survey  results announced Monday, comfortably overtaking a US machine which now ranks  second

Tianhe-2, a supercomputer developed by China’s National University of Defense  Technology, achieved processing speeds of 33.86 petaflops (1000 trillion  calculations) per second on a benchmarking test, earning it the number one spot  in the Top 500 survey of supercomputers.

The tests show the machine is by far the fastest computer ever  constructed. Its main rival, the US-designed Titan, had achieved a performance  of 17.59 petaflops per second, the survey’s website said.

Five of the world’s 10 fastest computers are  installed in the US, the survey said, with the two in China, two in Germany and  one in Japan.

The recognition of Tianhe-2, meaning Milky Way-2, as the world’s fastest  computer marks the return of the title to China after the machine’s predecessor,  the Tianhe-1 was ranked the world’s fastest in November 2010, only to be  overtaken by a machine from the US.

Unlike some of its Chinese predecessors, most of the Tianhe-2’s parts are  developed in China, except for its main processors, which  are designed by US firm Intel.

“Most of the features of the system were developed in China…the  interconnect, operating system, front-end processors and software are mainly  Chinese,” the list’s website quoted editor Jack Dongarra as saying.

But the US still dominates the overall supercomputer rankings, with 252  systems making the top 500. The number of European machines, at 112 systems  remains lower than the number of Asian machines, at 119, the list’s website  said.

The supercomputers on the Top 500 list, which is produced twice a year, are  rated based on speed of performance in a benchmark test by experts from Germany  and the United States.

Retrieved from Business Insider