Saturday, May 24, 2014

What I am reading 5/24/2014

Wired - The Schools Where Apple, Google, and Facebook Get Their Recruits - Infographic


The Hacker News - New Point-of-Sale Malware Compromises 1,500 Devices Worldwide -

Neiman Marcus, Michaels Store were also targeted involving the heist of possibly 110 million Credit-Debit cards, and personal information. BlackPOS malware was embedded in point-of-sale (POS) equipment at the checkout counters to collect secure data as the credit cards were swiped during transactions.
Now the latest one is the ‘Nemanja botnet,' a recently discovered new piece of malware that has infected almost 1,500 point-of-sale (POS) terminals, accounting systems and other retail back-office platforms from businesses across the world.


The article is hard to read, it was written by a non-native English speaker, but you get the gist.


Many hackers working directly for the Chinese government are men in their 20s and 30s who have been trained at universities run by the People’s Liberation Army and are employed by the state in myriad ways. Those working directly for the military usually follow a 9-to-5 weekday schedule and are not well paid, experts and former hackers said. Some military and government employees moonlight as mercenaries and do more hacking on their own time, selling their skills to state-owned and private companies. Some belong to the same online social networking groups.
“There are many types of relationships,” said Adam Segal, a China and cybersecurity scholar at the Council on Foreign Relations in New York. “Some P.L.A. hackers offer their services under contract to state-owned enterprises. For some critical technologies, it is possible that P.L.A. hackers are tasked with attacks on specific foreign companies.”

Not sure there is really all that much new information here but still kind of interesting. 

Medium - Everything is Broken

Software is so bad because it’s so complex, and because it’s trying to talk to other programs on the same computer, or over connections to other computers. Even your computer is kind of more than one computer, boxes within boxes, and each one of those computers is full of little programs trying to coordinate their actions and talk to each other. Computers have gotten incredibly complex, while people have remained the same gray mud with pretensions of godhood. 
Your average piece-of-shit Windows desktop is so complex that no one person on Earth really knows what all of it is doing, or how.

While I might agree with Quinn Norton's assertions in general - the internet is a vast unsecured frontier - I am not sure I accept her overall conclusion.  Norton seems to have a history of despair in her writing, at least what I read of her writing which is a couple articles a month, and in this article as in others she seems to twist the facts a little to make her point.  I don't know her friend in the opening paragraph, but does anyone really belief that someone just accidentally created a 50,000 node bot network?  I find that a little hard to believe.  

Anyway the question, in my opinion, is - is the internet is broken?  Yes, It's built by humans and humans are fallible.  The good news is that most of the time it can be fixed, and if it can't be fixed something better can be put in place.  So should we worry?  Yeah.  Should it drive our thoughts into a black pit of despair from which there is no escape?  No.

Tech Crunch - Jon Evans in The Internet Is Burning - thinks that Norton may be overstating the case a tad, at least that's how I read it:

There’s actually quite a tricky implicit tradeoff here. We can slowly, carefully, write more secure (though still imperfect!) systems; or we can damn the torpedoes, steam full speed ahead, innovate like crazy, and treat security as an afterthought or a nice-to-have. The reason massive security disasters hit almost weekly these days is because for twenty years virtually the entire industry has, tacitly or explicitly, chosen the latter course.
…And, until now, for 95% of the Internet’s population, that has arguably been the right decision. 
...
But there is no natural law requiring that software be as fragile and vulnerable as most of it is today. We as an industry allowed that to happen — and if we want to, we can fix it.

A slightly more measured response than the rampant alcoholism and suicide prescribed in Norton's article.

Quartz - America has a new subprime problem.  Cars -

Subprime auto loans—that is car loans made to people with shaky credit histories—have been growing fast over the last few years. In 2009, about 17% of the auto loans bundled up into bonds known as asset-backed securities (or ABS, similar to the mortgage-backed securities that crashed the financial system) were subprime. By the first quarter of 2014, that figure had swollen to 31%, according to data from Citi analysts.

And now some of those borrowers are falling behind on payments. Citigroup analysts spotlighted the trend in a recent note


maybe my optimism is misplaced.





Post a Comment

CISSP update

Still scheduled to take the exam 28 Oct.  Been taking practice exams and scoring in the mid 80s to low 90s.  Hopefully the CCCure is a somew...