Tag Archives: cyber security

October 25, 2025 · 14:04

As evil goes

There is a setting that was inflicted upon us all by books like the bible, it goes like “the idea that humans are the source of their own suffering, whether through their actions, choices, or the inherent negative inclinations they possess” we refer to this like ‘the evil we create’ it is ‘told’ that it revolves around issues of free will and the connected moral responsibility we have. That and last week I went for a job interview. I was told that ‘older’ people are rejected as we lack certain views of adaptation and acceptance of new technologies. In a short saying, that is what my grandfather said when I was wrong until I unplugged his life support, showed him who was boss.

Anyway, something snapped in me and today it is the outcome of short sighted HR people, lazy It people and a dedicated techie who has little to lose, merely the effort that some have and the impact on a lazy business effort with the setting of “Well look at it next quarter” the right combination of issues and impact. And as it goes, places like Ukraine can release such a system on the larger Russian technology setting, so there is that. Although America makes much more likely a target than Moscow, Vladivostok, Saint Petersburg, Arkhangelsk, or Novosibirsk will likely be. 

The setting is that we have two parts. The first part is the automated setting of a standalone laptop with dedicated software that relies on its own (optionally with DML spaces), it is carried around by a drone, one that can hold up to 5Kg, as such a netbook and 3-4 battery packs for longer activities. I reckon that a setup like that would cost around $25,000. Now consider that it goes out looking for wireless enabled servers and in America it would be a lot, In Russia likely a lot less, but not zero. It infects these servers whilst flying around the buildings and in less then 2 minute per servers it does what it needs to do and in one swift control it gets activated, optionally all in one swoop and the location gets a load of DDOS attacks in under an hour. Consider what AWS did to the world, is done by third party players to the business industry. And without effort the business world goes down. So how’s that for an elderly person person without certain views you HR hack. 

As the US governmental settings are in shutdown it will take days to instigate anything and by the time others figure out that they were hacked remotely wirelessly others will destroy the evidence needed and nothing gets done yet again, until the next rounds of hacks come into the wireless connectors. 

So, as evil goes, I am doing quite well. I merely had it with the people deciding on what is possible and leaving me out to dry. Ill soak them all in hardship and terror in an instance. The too is the consequence of unleashed adaptability and considerable creativity. 

So is my idea likely? I am not sure, I think so, but it requires the engineer with effort to program a DML setting and there are other settings, so that they are on the ground hacking via the netbook in a drone so that they become the second hop and that is the unlikely setting, because the hacker needs to remain in an 8 block distance from the drone, not consider that setting that this hacker is drinking and working from a Starbucks at 233 S Wacker Dr, Chicago, or perhaps a coffeeshop in Pershing Square, Los Angeles. How many corporations and servers could be hacked in these 8 block radiuses? That is beside the settings in San Francisco, Houston, Phoenix, SanDiego, Dallas and Austin. Consider that before you write of IT people in their 50’s and 60’s. 

A simple setting and I combined a few simple variables with simple creativity. A setting others cannot dream of and I gave the world a new fear a fear where the world stops because of a simple setting that others (for greed reasons) left around for another quarter. 

That is the setting everyone seems to ignore. The setting that it comes to a halt because these places tend to be out for lunch at 21:00-23:00 hours and that gives the, something to be worried about and with the available IT people working remotely so they can tend to more corporations, that comes down to a grinding halt real quick.

So as such there is evil I can do and the world is not ready for my creativity, as such the HR wench that wrote me off because of age, have a nice day and consider what you unleashed unto the world. Time for me to consider hat else I have wreck havoc on, my creativity is going just fine, so have a great day and consider that the world is about to get more complicated in an instance. And with the police in shutdown to some degree, help might not be coming any day soon and in that same setting you bleed revenue every minute because you left something until the next quarter, which would be on you. 

Have a great day and enjoy the matcha today (apparently prices are currently soaring on that stuff).

Leave a comment

Filed under Finance, IT, Media, Politics, Science

Tagged as , , , , , , , , , , , , , , , , , , , , ,

January 24, 2024 · 20:55

The Gump setting

You remember that famous character? Forest Gump with his ‘stupid is as stupid does’. This is the setting that I saw happening when the BBC (at https://www.bbc.co.uk/news/technology-68025683) alerted us to ‘US regulator admits cyber-security lapse before rogue Bitcoin post’, this is not a lapse, this is a screwup of the umpteenth order. They give us “The Securities and Exchange Commission (SEC) did not have multi-factor authentication (MFA) in place when hackers gained access to the account.” To give a clear view, to give you proportions. MFA was a discussed issue in University when I was at UTS 10 years ago. It was invented in 1996, well over a quarter century ago, although it was called two factor authentication. It is my speculation but I think that they left it aside until the call was needed and that call was clearly needed a decade ago. As such heads at the SEC need to roll (a queen of hearts idea). As such the quote “cyber-security experts say it should be a wake-up call for other agencies” is equally a joke. Those who aren’t ready need to be sanitised on several levels. There is no boo or bah about it. The fact that it took hackers this long to catch on is perhaps a small blessing in disguise. And the quote ““While MFA had previously been enabled on the @SECGov X account, it was disabled by X Support, at the staff’s request, in July 2023 due to issues accessing the account,” the SEC said in a statement.” The setting here is the question whether this was an SEC staff request or an X staff request (it could be read either way), but to remove security for access reasons implies stupidity of an unacceptable level. It means that systems were not ready, protocols were not ready and systems were deployed and configured in unacceptable ways. Then we get “The SEC has confirmed the account was compromised by a fraudster convincing a mobile operator to transfer an SEC employee’s phone number to a new Sim.” As such is it purely the fraudster, or is the mobile operator equally guilty? I honestly cannot tell on these facts, but multiple systems were unable to perform because the human element was not correctly set in stone. At present (based on SLA, or Service Level Agreements) there is a case that the mobile operator did not have the proper hat on because certain facts might not have been known to the mobile operator. The fact that an SEC phone number got swapped leaves the guilty party in the middle, but in this I admit that it is based on missing information. That missing information might show who went wrong (SEC or Mobile operator). And above all a properly placed MFA is intended to protect against this kind of hack (and several others). And lets be clear, this was not a grocery store, this was the SEC that got compromised in this way. 

As such stupid is indeed as stupid does and I reckon the head honchos in charge there will be upturning every process, protocol and service level agreement in place just to keep their jobs somewhat secured. That might be merely my speculative view, but I personally believe that to be the only step left for those yahoo’s.

Enjoy the middle of the week.

Leave a comment

Filed under Finance, IT, Law, Media, Science

Tagged as , , , , , , , , , , , , ,

September 30, 2023 · 21:27

I tend to disagree

There are a few issues and they all relate to the CBC articles. I do not think that the CBC is doing anything wrong. They merely report on a point of view I disagree with and we all have that at times. It started earlier, but what set me off was the article (at https://www.cbc.ca/news/politics/national-security-canada-military-defence-ward-elcock-1.6963391) where we see ‘Canada needs to ditch the complacency and get serious about national security, experts say’. My initial question is ‘Who are these so called experts?’ I know I am not one, but I think these claiming to be could be seen as Monday morning quarterbacks. We are then pushed onto “something unexpected happened last week when the Business Council of Canada issued an urgent call for the federal government to develop a national security strategy with economic security as one of its pillars”. So who exactly are the members of the Business Council of America? It gets worse from here. You see, when we go back several weeks we get (at https://www.cbc.ca/news/politics/foreign-interference-china-russia-csis-business-council-canada-1.6958627) ‘Business council says CSIS should start warning private companies of foreign interference’. This sounds nice, but we have two issues at this point.

  1. The validity of Business Intelligence
  2. The issue of American linked businesses.

The CSIS (aka the Client Server Integrity Society). If the NSA is allowed its ‘different’ version (No Such Agency) then the CSIS is allowed the same thing. My larger issue is “One of the country’s leading business voices warned Thursday that Canada’s economic security faces external threats — and called on Ottawa to give its spies the power to share intelligence with private firms being targeted for foreign interference.” The direct linked question becomes “Who exactly is that leading business voice?” And which idiot yahoo decided to throw sharing intel with places that have leaks larger than any sif into the mix? You see, there is a larger station here. ‘Targeted for foreign interference’ is a large setting. We tend to think China and what the reality is, is that Wall Street is also a source of foreign interference. Those people do not play nice. In addition too many  Canadian businesses would have to up their cyber security by a lot. I merely showed one aspect earlier this week, one of close to half a dozen. Microsoft cannot stop emails leaking, what gives you the idea that Canada is any different? 

So when we get to “The group — which has a long, influential history of pushing for policies like free trade, fiscal responsibility and tax reform — said it believes Canada is deeply vulnerable in this era of renewed great power competition.” We get to the larger disagreement. Canada is not more vulnerable, it is less interesting to a lot of power players. It is roughly 10% of the US and merely 50% of the United Kingdom and is spread over a whole area. In all this the larger station is not merely foreign interference, it is the danger of American interference for its own need for greed and that takes a different approach and until the Business Council of Canada gets its members to up their Cyber Security by a lot, any action is a wasted one and the CSIS keeping its actions secret is the best course of action at present. This might not be the right view, but it is my view.

Then we get to the interesting quote “CSIS jealously guards its sources and methods of collecting information. In one espionage case, it even kept the RCMP in the dark about a former sailor who was stealing classified information for the Russians.” The CSIS is confronted with too may leaks. There is no factual evidence that it amounts to corruption, but that word was mentioned more than once in sources I looked at. The important question was whether that traitor was caught in time. How long was that person active and how was that person (in the end) caught? It was not jealousy, that is the word of a reporter out for flames. The larger station becomes that Canada has vulnerability issues and not all of them are from China or Russia. American businesses are ready to expand and get the Canadian corporations as well, some politicians seem to cater to that need and the CSIS for sure does not. As such whatever the CSIS is doing now, it is seemingly doing right. From here we get to the dangerous statement “Neiman said Canada’s allies have found ways to strike that balance between secrecy and disclosure.” I believe it to be dangerous, because  Canada’s allies are all catering to big business. Microsoft, Google, Amazon, IBM and Meta. You name it, it has a stakeholder trying to find a balance of intelligence at their exposure and risks they can mitigate and Intelligence at the expense to mitigate risk is not sharing Intel, it is giving nations options away to greed driven people and the CSIS, in particular that person with grey hairs (aka David Vigneault) needs to cater to the need of Canada and its citizens, not the needs of a Business Council and its friends.

That is how I see it and I might be wrong, but so far in history whenever a business person wanted intel to be shared, we were confronted by a leak the size of the Grand Canyon right behind it. So before we rinse, shave, grate and repeat Trevor Neiman and optionally these non mentioned friends of his, we should be told who they were EXACTLY. In that the CBC missed the plank by a fair bit.

Enjoy the weekend.

Leave a comment

Filed under Finance, IT, Politics

Tagged as , , , , , , , , , , , , , , , , , ,

September 27, 2023 · 00:47

One card to rule them all

This morning I was confronted with an image. The image wasn’t the unsettling part, it was the part that the image did not give. You see, I got my first smart-card in 1991 by Unilever. They already had smart-card security when it was a myth at best. 

Now consider the set-up above. This level of card cloning can now be done by a high schooler. And people think that this level of protection works? How quaint.

So my old noggin started to mull things over, we need to upgrade this stuff by a lot. I know all the people will state that this isn’t needed. But when insurance companies catch on that people are cutting corners the premium goes up by a lot. Now, my idea might not be the best solution, but I leave this to the ACTUAL cyber boys to mull this idea into something workable.

In my view the smart-card has 3 layers, the lowest layer is an RFID shield, this makes scanning the cards really hard, the middle layer is the circuitboard and the top layer is the plastic layer. Now the circuitboard can have 7 nano sims, but only a minimum of two are required. You see, all that cheap corner stuff is done for. The 6 sim locations are connected through printed circuitry, the one part a hacker cannot copy or clone. As such these sims become part of a non-repudiation process. And as they are specifically created for each client, you have 64 options right from the start and when you consider that each nano sim and the circuitry adds a few thousand combinations we can safely say that these hackers stop being a problem.

The centre sim is where specifics are programmed on site (hotel, corporation HR), the other one, or up to 3 other ones are SPECIFIC to that client. Yes, it could all fit ONE sim, but that is where people get into trouble and cyber criminals will have a field day.

You see, what we do is raise the threshold. The image below gives the side I was after. 

The lower part are the wannabe hackers, simple thieves and so on, that is a little over 50% of the lot and they are taken out of the equation completely. They lack the resources to make it work. The yellow are partial threats, these are the high end hackers. They are driven to results and finance, so if the goal is not the required need, it is left alone. That doesn’t make them a non-issue, but unless they have something really interesting to gain, they aren’t interested. The green ones are the remaining threats. People with government access, or serious funds. We have now removed a little over 90% of the threat that was in existence. You think and insurance company having to pay out millions upon millions will try to avoid having to pay at all. We can come with all the usual culprits, but that is not where it is at. Consider that a player like Northrop Grumman needs to keep their IP safe, the first stage is non-repudiation.  That person and that person alone could have done this and a cloned card makes that part near impossible. In the end some will always have access, but when we can remove 90% from the equation, that part matters and it matters a lot. So that is what I was mulling over and this idea came to the top. Perhaps not everyone’s cup of tea, but that is not my concern. I had another idea, number 4 (or 5) this week alone and now I will snore like a sawmill, it is Wednesday here now.

Enjoy the day.

Leave a comment

Filed under Finance, IT, Science

Tagged as , , , , , ,

September 29, 2022 · 22:11

Optus seems more stupid

I wrote about this earlier, I had concerns, I had questions and I had to some degree accusations. Yet that is nothing compared to now. The BBC gives us (at https://www.bbc.com/news/world-australia-63056838) ‘Optus: How a massive data breach has exposed Australia’ this shows a few sides, I was unaware of earlier. They start with “about 40% of the population – had personal data stolen in what it calls a cyber-attack” that is a lot, but Optus has a large user population. It is “Those whose passport or licence numbers were taken – roughly 2.8 million people – are at a “quite significant” risk of identity theft and fraud, the government has since said” which is close to everyone, to become most telecom members, you need 200 points of identification, which tends to include a passport or a drivers license. So when we get to “In an emotional apology, Optus chief executive Kelly Bayer Rosmarin called it a “sophisticated attack”, saying the company has very strong cybersecurity”, is that so? So when the BBC treats us to “Sydney-based tech reporter Jeremy Kirk contacted the purported hacker and said the person gave him a detailed explanation of how they stole the data. The user contradicted Optus’s claims the breach was “sophisticated”, saying they pulled the data from a freely accessible software interface. “No authenticate needed… All open to internet for any one to use,” they said in a message, according to Kirk.” This seems like there is a serious flaw in the Optus system, and when we revisit the statement from Kelly Bayer Rosmarin “I’m disappointed that we couldn’t have prevented it,” she said on Friday

I tend to side with the less diplomatic version of me stating to Kelly Bayer Rosmarin “Do you know that the condom is also used to stop making you fat? It is not just for the prevention of STD’s” now I might be ejaculating a bit premature (aka was Jeremy Kirk told a BS story or the truth) but if this is true, then Optus failed on a few levels. Protecting the data, protecting the servers and protecting their customer base. You see, the software interface might have allowed for injection of a backdoor making the Optus system now close to completely unreliable. The fact that there is a freely accessible software interface in play implies that its IT security failed, the data was collected and that happened without any red flags on access and transfer of data and we see the fact that all the data is accessible, from way too many places and that is the telecom company that Australia trusts? It gets to be even worse when we look at the article (at https://www.afr.com/companies/telecommunications/optus-hack-could-happen-to-anyone-ex-telstra-boss-warns-20220928-p5blrg) where we are given ‘Optus hack ‘could happen to anyone’ ex-Telstra boss warns’, a wannabe from the stables of Telstra, an immature greedy Microsoft minded telecom. There we see “Former Telstra chief executive David Thodey says the cyberattack on Optus “could happen to anyone” and urged all big and small organisations to be “vigilant” about online security”, Well David, if the information from Jeremy Kirk holds true, you better hope that you have a better cyber and IT security division, more importantly if this level of stupidity can happen to EVERONE, your systems ALL SUCK! And in my personal opinion you all need an overhaul and a 80% wage reduction. This level of stupidity when it comes to personal data is too stupid for any of you to be taken seriously as so called ‘captains of industry’ as such, please apply for an Uber or barber position. 

Now this seems overly emotional, but these are the kind of people who judged me a not being professional and THEY set data next to an open interface? This is the 101 of stupidity. OK, if JK was told a bag of lies I would owe a few people an apology, but that is for tomorrow, for now it seems that a lot of people are not aware of the level of stupid their telecom company hung their personal data on and that is more than a simple investigation, there are plenty who will pay handsomely for that much personal data. The US, Russia, India and China. 4 players willing to pay twice what the hacker wanted and they will not ask questions. A whole collection of personal data that can aid in creating deeper learning personalised rainbow tables, a whole battery of data from all kinds of social media that can now be used for granularity and a whole range of other data sets that can now be completed. And it all hangs on a (currently unconfirmed) version of a freely accessible software interface. “No authenticate needed”. How angry would you be hen these so called professionals charged you again and again and as they changed membership status so that they had more legal options. And they are not held to account? Yes, I would be angry and I am (for now still) with Optus, I get to be angry, my data is out there. So how would you feel?

Leave a comment

Filed under Finance, IT, Media, Politics, Science

Tagged as , , , , , , , ,

January 31, 2020 · 15:22

The Bully’s henchman

Yes, we saw it before and again we see a new ploy into the bashing by a bully. The Guardian (at https://www.theguardian.com/technology/2020/jan/29/uk-chance-relook-huawei-5g-decision-mike-pompeo) gave us “Britain has a chance to “relook” at its decision to allow Huawei into its 5G phone network in the future, the US secretary of state, Mike Pompeo, declared as he flew to London for a two-day visit to the UK“, the fact that the number one US bully (as some see him) sends out Mike Pompeo warrants more scrutiny. Lets not forget that on a global scale the US has not actually produced ANY evidence that Huawei is a security concern. We see merely that the US firms will lose their data drops on a global scale as Huawei makes a larger impact, and that is a much larger fear for the US than anything else. Even as we see news with senators with privacy concerns, we see an absolute lack of actions towards Google and Facebook to amend its protocols and data capture activities, all set in some loophole, flaws which are still legal and legally set in stone (of a sort mind you). Yet the undocumented claimed fear of Huawei and the Chinese government has still not been shown to actual cyber specialists and to actual independent hardware experts. 

So as senior (read: ancient) advisors of the Trump administration give: “insisted that sensitive American information should travel only through “trusted networks”” we see a lack of evidence by them. We also see that the US is changing its tune, the claim “But our view is that we should have western systems with western rules, and American information only should pass through trusted networks, and we’ll make sure we do that,” is it the changing claim of the bully that has changed evidence for ‘we should have western systems with western rules‘ is evidence of that. In addition to that its weak and waning “The secretary of state emphasised that work was being done between the two countries “to make sure that there are true competitors to Huawei” so that “we can deliver true commercial outcomes across real secure networks that aren’t subject to the Chinese Communist party’s control”“, where we need to valuate ‘work was being done between the two countries “to make sure that there are true competitors to Huawei”‘ reads more like a flaccid 90’s software sales agent with a concept to sell than an actual commitment. This situation merely exists because governments stopped seeing infrastructure as a priority and as US commercial people saw ‘gains’ elsewhere (read: cheaper/easier way to make commission), hardware needs lagged and the US is almost 3 years behind in the 5G circuit. Like in the BBC article yesterday, we see “The US says Huawei could be used by China for spying, via its 5G equipment” hiding behind the word ‘could‘ whilst not producing any evidence. All whilst presurring on “Mr Ren’s military background and Huawei’s role in comms networks to argue it represents a security risk” that is all slanted on a time when Mr Ren actually looked young and served for 9 years, he left the army in 1983, which was when Mike Pompeo was in High School optionally hoping to fondle a local cheerleaders boobies (we can presume), oh and by the way this was all 37 years ago, as such the lack of evidence on the equipment apart from an almost 10 year old case that was settled, the evidence presently seen is a joke.

This is all about the US losing its data collecting position and it is willing to sell anyother nation down the drain, all becasue the US became lacks, stupid and flaccid. Is that the legacy that the EU and the UK have to look forward to? Lets not forget that no matter how happy Nokia and Ericsson become, they are a little over 5 years in the running and well over 3 years too later to adapt to the high-tech that Huawei is currently releasing, that is the price of iterative technology.

The fact that my personal IP surpasses the US tech stream is further evidence still, in 1992 I was really behind the curve, it makes for the difference of innovative thinking and as the world relied on the US, its flaccid actions are now a real issue. 

In addition to all this, Wednesday also gave us “A group of anti-Huawei Tories want an assurance that the government will work towards reducing the Chinese company’s influence in UK infrastructure to zero, ultimately stripping it out of the 4G network as well” which is linked to “any provider deemed high-risk by the intelligence services should be phased out of the supply chain” and the problem here is not that Huawei is a claimed spy tool for the Chinese government, it is the fact that (as Alex Younger) stated that no infrastructure should be in the hands of non-UK corporations, which is acceptable. Yet they will hand the hardware over to EU and the US government, which is slicing the meat on the other side and almost as pointless. Let’s be clear, Alex (big boss MI6) gave a clear and understandable point of view. UK infrastructure needs to be in UK hands and as such we can accept that. Yet British Telecom is nowhere near this situation and as such we see a failing of policy on more than one shore.

So as we get to “Unhappy MPs held a series of meetings in Westminster, although they are keen to operate behind the scenes to push for a concession, several senior Tories believe they have a chance of getting the 45 rebels needed for a successful backbench revolt on legislation relating to regulation of Huawei” which would boil down to a conservative mutiny on a few fronts, the question that I am currently posing is: “If I investigate these 45 ‘proclaimed rebel’ members, how many will reveal a carefully denied personal link and gain from a non Chinese Telecom market?” Is that not an interesting side either?

And the intentional limitation of 35% would that be to keep American commerce happy, or is there an actual security setting here?

There is too much on the surface that we should investigate and it is not. Even as the article makes a reference to American diplomat Plus One, whose wife Anne Saccolas is accused of causing the death of 19-year-old motorcyclist Harry Dunn. They still insist on their bully tactics and they will refuse to make public any evidence of the Chinese government links to Huawei hardware, all whilst the massive bugs in the Cisco routers are ignored by all.

So whilst we all cry over non existent hacks on Huawei equipment, we are faced by Cisco insecurity, and whilst some will not get this, the fact that the bulk of all servers in the world rely on Cisco Switches. so when we get (source: Cisco) “2020 January 29. A vulnerability in the web UI of Cisco Small Business Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper validation of requests sent to the web interface. An attacker could exploit this vulnerability by sending a malicious request to the web interface of an affected device. A successful exploit could allow the attacker to cause an unexpected reload of the device, resulting in a DoS condition.” Now apart from the local need to fix this, there is no real blame at Cisco, this happens and whilst we see

Vulnerable Products

  • 200 Series Smart Switches
  • 300 Series Managed Switches
  • 500 Series Stackable Managed Switches

So whilst everyone is crying over non proven proclaimed weaknesses, there are actual weaknesses in the hardware leading to the internet and that gets my goat up, the entire Hawei matter is about the US losing too much revenue and the US being out of the data loop, and we support that….why?

When we wonder how we care on who gets our data, we seem to forget that someone gets it, yet the US wants to be the only runner in this race, based on decades of feigned superiority and now that they are in the race and moving from first to 4th position we seem to grant them all the leeway they need, whilst on the other side we see no improvement on personal data intelligence security, why do we need to continue this situation?

That issue becomes larger when we see the Financial Times (at https://www.ft.com/content/96c79040-40ea-11ea-bdb5-169ba7be433d). Here we see “Wealthy individuals are scrambling to lock down their privacy in the wake of the alleged hack of Jeff Bezos’ iPhone, as personal cyber security experts warn that the rich and famous are increasingly becoming the target of sophisticated cyber criminals“, which makes sense and the supported ‘a report last week alleged that Amazon founder Mr Bezos was hacked by Saudi Crown Prince Mohammed bin Salman in 2018‘ in all this there are (at least) two sides

  1. We see a proven part where ‘sophisticated cyber criminals‘ are getting onto more and more mobiles (an issue that will continue faster and more intense in 5G. 
  2. The world is realising that corporations are not lucrative targets, the softer market and larger market of one million mobiles might be worth a lot more, and the collected information could lead to a switch in ‘criminal economies’, that part is optionally seen in “Rubica, a company that provides more affordable digital protection for families, added that had he received “lots of inbound” inquiries last week from clients about how to better protect themselves from adversaries“, and as we see “According to data compiled by RSA Security, 70 per cent of fraudulent transactions in 2019 originated on mobiles
  3. (Optional) The guilt of Saudi Crown Prince Mohammed bin Salman was never clearly established and is by some experts in the field regarded as a strange choice of actor to incriminate in the first place, as such it implies that there is a larger concern that the ‘vested’ parties cannot make clear statements on guilt and providing proof on who did it. Making the cyber setting a lot more dangerous, especially as insurers will try to seek more ways on options to not having to pay out (making more stringent contracts), this setting could hurt millions of people whilst the actual criminals go on without prosecution.

We see a shift in the market and this shift becomes a much larger issue in 5G, as such do you want your 5G infrastructure to be 3 years behind the latest technology? It will go faster and faster as I saw what the direction was and my IP would (hopefully) lessening the impact by almost 30% whilst 400 million starters (globally) will get a much larger slice of their marketing pie for their small businesses, whilst keeping more control of their information. All because some people forgot to look in one direction, that too is the effect of flaccid American innovation. I would never be a contender if they upped their game, so when my ship does come in, I will have to thank them for that.

Marc Rogers, vice-president of cyber security at Okta is right when we see “The cache of data on these devices is just growing, We’ve seen a massive escalation of theft [from] mobile devices because criminals are realising that people are storing immense amounts of personal and financial information,” is part of that crux and the US whilst bullying their Huawei part are basically not ready to deal with this, because they will claim that is up to you and your insurance. Which is an interesting ploy to give out in the near future as Cyber crime will spike and all whilst most global governments still do not have a clear and well documented Common Cyber Sense setting in play, many are hiding it in some HR document and using that to sack people when the damage becomes a little too pronounced, or the transgression becomes a ‘politically correct’ consideration. 

I see a much larger problem and the US is merely adding fuel to the fire and whomever they send will merely be the spokesboard of US data collection groups (as I personally see it) that need their data to maintain existence. 

So who is ready to play catch with the next henchman that the US sends?

 

 

1 Comment

Filed under Finance, IT, Media, Politics

Tagged as , , , , , , , , , , , , , , , , , , , , , , , ,

May 21, 2019 · 12:55

That’s the way the money flows

The Independent had an interesting article 2 hours ago. The article (at https://www.independent.co.uk/news/world/americas/china-drones-spy-us-dhs-security-data-alert-a8922706.html). The title leaves little to the imagination with: ‘Chinese drones may be stealing sensitive information, DHS warns‘, after the Trump google play, after his refusal to submit to subpoena’s, after the anti Huawei activities that so far has never yielded any active evidence (the 8 year old case was settled within months are done with). Now we see: “Chinese-made drones in America may be sending sensitive data to their manufacturers back home where it can be accessed by the government, the United States Department of Homeland Security (DHS) has warned“, which might be a nightmare if it was not so hilarious. You see the next quote: “CNN, which obtained the internal alert, reported that the DHS fears drones will offer Chinese intelligence unfettered access to American data“, it comes across like we have a case where a CNN reporter has been hit by a silly stick and never recovered. Consider the drones we see, there is no space to have a dedicated hack system on board. Yes some can be done with a mobile, and there is plenty of space in that device, now consider the ‘sensitive’ data that needs to be found, the data needs to be connected to (and with all these faulty Cisco routers that is relatively easy at present), then a selection needs to be downloaded and that is merely for one place, one device. All this stops when any person uses common cyber sense. It is the revelation that we see next, that is the one that matters. With: “Though the alert didn’t name specific companies, the vast majority of drones used in the US and Canada are made by the Shenzen based Company, DJI, CNN reported” we see the part that matters. As drone services are up on an almost exponential growth as we see the push that got there. The news from November 2016 gave us: “Domino’s Pizza Enterprises Limited (Domino’s) and drone delivery partner Flirtey delivered the first order, a Peri-Peri Chicken Pizza, and a Chicken and Cranberry Pizza“. Consider the option to avoid traffic in New York, Los Angeles, San Francisco, Boston, Chicago, Seattle, Pittsburgh, all places with massive congestion. Drones are the optionally the newest quick way to deliver food, Amazon needs, Walmart needs, all in growing need due to the events where retailers and shippers combine forces to avoid a few items, and with congestion set to zero, people will flock to that consideration. Now the operational part, it seems that DJI is ahead of the curve, another Chinese company decided to truly innovate and now that the push is there and America is bankrupt (as I personally see it) anything possible to avoid money going to China, America is taking a pot shot at that. So when we are also treated to: “A spokesman for DJI denied that any information was being transmitted to it from its drones, adding that the security of its technology has been independently verified by the US government.” I start wondering if DHS was able to do its job properly. Now let’s be clear, there is no doubt that ANY drone can be used for espionage, especially if it is quiet enough. Yet is that the issue for DJI, or is that an issue with the spy that utilises drone technology? Yet that is actually not the only side, on the other side we see mentioned: “Those concerns apply with equal force to certain Chinese-made (unmanned aircraft systems)-connected devices capable of collecting and transferring potentially revealing data about their operations and the individuals and entities operating them, as China imposes unusually stringent obligations on its citizens to support national intelligence activities,” Now, this part does make sense. It is the same as the Apple Fitbit, that due to its global nature started to hand out the jogging patterns of Special forces in the Middle East, so within 3 days several members of the two dozen operatives had a check on their calorie burning and health, whilst the mapping data showed the world where the CIA black site was (oh apologies, I meant to say a military specialist endeavouring location of an undetermined nature). The question becomes how was the ‘the security of its technology has been independently verified by the US government‘ achieved? Was that verification process competent, or perhaps slightly less so?

I am not stating my verdict in either direction; yet the entire Huawei mess, as well as the DJI setting implies that the growth industries are shunned from America, mainly because it is not an American industry. Yet in all this, the forget that places like the EU and India are large enough to go forward with both players and truly grow further, whilst the downturn and the economic lag that the US is creating will merely grow the loss of momentum and the recession it will fuel in other ways. I would consider that the setback that Google is trying to create will have larger repercussions down the road. As larger Data vendors will now optionally choose the Chinese side, they will grow market share. You see no matter how it is sliced, all this is data based and data can only grow if there is usage. So when people remain with Huawei as their phone keeps on working, we see that there is a larger concern soon enough. At some point people will stop trusting Samsung, Google and Apple phones, which works out nicely for several players (Microsoft actually more than most), what do you think happens when the larger share of 14.7% of a global market changes to player three and not use Google apps to some degree? Google momentum relies on non-stop data and usage, when a third of the 60% that these three cover stops, do you think that this has no impact for Google?

The same applies to drones. You see intelligence makes the drone and as it grows its market share and the collected data of drone usage is set, the innovation of DJI grows faster. It is the difference between generation now and generation 2022, DJI will grow and can grow in several directions, yet the entire the setting of ‘data theft’ we see that there is a lack of ‘what’ data. What data is collected, the flight path? Well, I think we all need to know in 2023 what flight path was taken for the delivery of 342,450 pizza’s delivered per hour, is it not? It is not that Google Map has that data, and within a building in New York, is there truly a clear sign in the drone itself who exactly the merchandise was for, or was that on the box (instead of the drone). Now, there is no denying that some of that data would optionally be accessible to the Chinese government? Yet what data, what level of data? Do you think that they have time for the hundreds of drones and the data whilst they can monitor 20,000 times that data with a spy satellite (and an additional truckload of data that the drone never had in the first place?

It is when I see ‘unfettered access to American data‘ where the questions become pressing. It is like watching Colin Powell coming into a non-disclosed location with his silver briefcase and in the end the lack of WMD’s, are we going in that direction again? when I see ‘unfettered access to American data‘, it is at that moment I see the optional comparison (an extreme lose comparison mind you) with the innocent preachers daughter who did the naughty thing to 30% of the boys coming to Sunday sermon, having attempted things I cannot even rent on adult video. It is the CNN article (at https://edition.cnn.com/2019/05/20/politics/dhs-chinese-drone-warning/index.html) that gives additional rise to concerns. When you see: “Users are warned to “be cautious when purchasing” drones from China, and to take precautionary steps like turning off the device’s internet connection and removing secure digital cards. The alert also warns users to “understand how to properly operate and limit your device’s access to networks” to avoid “theft of information.”” It seems to me that there are dozens of ways to get this data, a drone seems like an expensive long way round-trip to get to that data, whilst more can be accessed in several other ways and it is the speculation through ‘device’s internet connection‘, so when we see one of these devices (at https://www.dji.com/au/phantom-4-pro-v2/info#specs), we are treated to: “The new Phantom 4 Pro V2.0 features an OcuSync HD transmission system, which supports automatic dual-frequency band switching and connects to DJI Goggles wirelessly“, where did the internet come in? Yes there is an app, to get a live view from the drone, so what ‘unfettered access to American data‘ could there be that Google Maps at present does not have in more detail?

It is the next part that is the actual ace. When we see: “DJI, which reported $2.7 billion in revenue in 2017, is best known for its popular Phantom drone. Introduced in 2013, the drone is the top-selling commercial drone on the market“, information the Independent did not give us, that is the actual stage as I personally see it. It was $2.7 billion in 2017, there is no doubt that when drone delivery truly takes off, at that point revenue that sits between $15 and $27 billion is not unrealistic, the dire need to avoid congestion on a global scale will drive it and that is before you realise the non-US benefits in London, Amsterdam, Paris, Berlin, Munich, Madrid, Barcelona, Rome, Athens, Moscow. At that point you will see stronger growth and I haven’t even looked at the opportunities in a place like Mumbai, Tokyo, Delhi, Bangkok, Rio, Buenos Aires and Sydney yet. Everything leaves me with the impression that this is not about security, it is about money. That fact can be proven when you realise that everyone remains silent on the 29 new vulnerabilities that Cisco reported merely a month ago. How many Cisco router stories have come from that non-technologically refined White House, where they are currently optionally limited by “Cisco routers, including ones that can be found in malls, large companies or government institutions, are flawed in a way that allows hackers to steal all of the data flowing through them“, the cybersecurity company Red Baron handed out that issue to the media last week, so who picked up on that danger to ‘unfettered access to American data‘? And when you consider ‘it allows potential malicious actors to bypass the router’s security feature, Trust Anchor. This feature has been standard in Cisco’s routers since 2013‘, when we realise that Cisco is a household name on a global scale (especially when connected to the internet), the entire Cisco matter seems to be at least 15,000 times worse than any DJI drone ever could be, and the fact that DHS remains silent on that gives (again, as I personally see it) is added proof that this is merely about the money and the fact that US companies are losing markets on a global scale.

I could set the stage by singing ‘All ‘Bout the money‘ by Meja and ‘That’s the way the money goes‘ by M, but then, I realise that people would most likely pay me serious money not to sing (my voice is actually that bad).

That’s the way the money flows, specifically at present in a direction that the US is for the foreseeable future most displeased about.

 

1 Comment

Filed under Finance, IT, Media, Military, Science

Tagged as , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

February 15, 2013 · 11:32

Fraud, deception or Ignorance in IT Safety?

Fraud, deception or Ignorance in IT Safety?
Again it was the Dutch NOS last night that gave me the idea of reflection on today’s blog. Their newscast and articles on NOS.nl is all about cybercrime. The news was that last year (October 2012), cyber criminals using the botnet Citadel was able to acquire over 750 GB of data. The data is coming from computers involving the Energy industry, Media corporations, Hospitals, Universities and airlines. The data seems to have gone to eastern European cyber criminals. Over 150.000 computers infected in the Netherlands alone.
Watching it, you could see login details, passwords, network layouts, detailed notes from a doctor and the medication prescribed. The amount of information was staggering! I looked a little further into this botnet. Its name is Citadel. It seems to be an ingenious piece of work. This is something the NSA, GCHQ or the FSB and several other Boy Scout units of a governmental type. When looking at the info, there was an implied strength that it could go passed and ignores many anti-virus systems. When looking at my own provider, there was an interesting lack of information regarding this botnet.
So we are looking at a three edged sword.
Are anti-viral protectors committing fraud? When looking at a Norton protection plan, and I see the green ‘Secure’ sign. Am I really secured? Tracy Kitten from Bankinfo security wrote: “Segura notes that hackers claim PCs relying on anti-virus solutions from Microsoft Security Essentials, McAfee, and Norton were infected. ‘That’s kind of worrisome,’ he says. ” So, am I paying for security I am not receiving?
It seems that this secure statement is also a case of deception. My Norton anti-virus states a secure setting, yet, citadel was initially designed to collect bank information for cyber criminals. From the two facts earlier, I must also conclude that the banks have been insincere to me on more than one occasion (big surprise I know). They claim safety and security, whilst 150.000 computers in the Netherlands seem to prove the opposite. Especially considering that banks have been trimming down on staff because much more goes on-line, yet there is no clear information that the cyber divisions of the financial industry is making any kind of strong progress. The BBC stated on Oct 10, 2012, that GBP 341 million was acquired through card fraud in 2011. The events involving Citadel imply that the losses in 2011 are not likely to go down any day soon.
Last is about Ignorance. That would be you the reader and me. These anti-viral dealers leave us with a false sense of security while we are charged $70-$100 a year, whilst it lowers intrusions, but not remove the threat. I must confess that we are all likely a lot safer with then without anti-viral protection. So stopping anti-virus protection is the worst of ideas.
I feel slightly safer as I have always refused any kind of on-line banking option. From the 90’s I knew that their X-25 protocols had several weak spots, which is now getting me to the last part of this.
If Windows is so weak, volatile and easily transgressed upon, then the dozens of security updates seem little more than a smoke screen. I reckon a lot of us should seriously consider moving to another system like Linux. Linux has proven to be a very secure system. We used to consider Apple to be very secure as it was a Unix based system, which has all matters of security or a much higher level than Windows ever had. However, that it is now an INTEL based system with Microsoft attachments makes me wonder if it remained that secure.
What is my issue with this all is that Yesterday’s news on Citadel was known with the Dutch cyber security for months, and little was done, the newscast even mentioned that many had not been alerted to this danger. I reckon that IF there is truth on transgression on ‘secured’ systems, we need to consider the dangers of connected networks. This likely endangered the infrastructure, and it definitely endangered personal information of millions. With that state of mind, how should we see the security of corporate and personal systems in the UK, US and Australia?
Consider that the implied ignoring of Cyber security is mentioned (but unproven as far as the validity of sources go). Yet, when I seek places like Norton, I get no answer (connection was reset). If we can believe people like Tracy Kitten then the financial sector that relies on massive internet presence, we are in serious trouble. On the other side is the opinion showing on the NOS site by Professor Michel van Eeten from the TU Delft. It is not really created to a directed attack. He compared it to a buck shot into the internet. It was designed to acquire login, passwords and bank details.
My issue is the fact that 150.000 systems were infected! The one flaw in the NOS newscast is the absence of the cyber safety factor. Whether Common Cyber Security was used by those infected. If so, then why are these questions not openly directed at the makers of Norton Anti-Virus, McAfee, Kaspersky and a league of other Cyber Safety providers?

2 Comments

Filed under IT

Tagged as , , , , , , , , , ,