Friday, December 20, 2013

CYBERTHEFT - Target Inc. Gets Hacked

"U.S. consumers have many protections but no guarantees against credit card fraud" PBS Newshour 12/19/2013


GWEN IFILL (Newshour):  The retail chain Target confirmed that hackers breached tens of millions of credit card and debit accounts at the height of the shopping season, just before Thanksgiving and right up until Dec. 15.

The theft occurred when people swiped their cards in store, not online.  The retailer confirmed that customers' names, credit card and debit card numbers and security codes were stolen.  It's the latest in a series of major breaches in recent years.

We explore them with Steve Surdu of Mandiant, a cyber-security firm.

How did 40 million accounts get compromised?

STEVE SURDU, Mandiant:  Well, we don't know the details at this point in time.  They're still investigating.

But, obviously, information had to be siphoned off from the organization.  Attackers almost certainly came in from outside, put software in place that allowed them to aggregate the information over time and then remove it, so that they could use it.

RE:  Hackers installed a Trojan virus that allowed external access to Target systems.

Thursday, December 19, 2013

COMPUTER GAMING - Financing 'Oculus Rift' Gaming Goggles

"Tricking the brain with transformative virtual reality" PBS Newshour 12/18/2013


JUDY WOODRUFF (Newshour):  Correspondent Paul Solman takes a look at a technology that allows adventurous users to explore the latest developments in the world of video gaming.

It's part of his ongoing coverage Making Sense of financial news.

PAUL SOLMAN (Newshour):  It was a 20-year-old named Palmer Luckey who would finally make science fiction dreams come true.

Working in his parents garage, he cobbled together a headset out of ski goggles, smartphone and tablet parts to create a just-like-real-life gaming experience.  Then, hoping to raise $250,000 to take his invention to market, he turned to the crowd-funding Web site Kickstarter.

PALMER LUCKEY, Oculus Rift:  So join the revolution.  Make a pledge.  And help up change gaming forever.

PAUL SOLMAN:  Within days, he had 10 times what he needed, as gamers went gaga over the goggles.

Monday, November 25, 2013

Monday, November 18, 2013

SECURITY - Government Security Breach by Collective 'Anonymous'

"Government security breach by Anonymous - scope unknown" PBS Newshour 11/17/2013


SUMMARY:  Joseph Menn of Reuters reports on the story he helped break about how activist hackers linked to the collective known as Anonymous have secretly accessed U.S. government computers in multiple agencies and stolen sensitive information.  Menn says the campaign began almost a year ago and its scope is not yet known.

Monday, October 28, 2013

INTERNET - Secret Weapon Against Hacking

"Secret weapon against hacking:  College students" PBS Newshour 10/26/2013


SUMMARY:  Inside the high-tech criminal mind. It's no secret that cybercriminals are stealing personal information and credit card numbers by hacking into corporate and government computers.  One school in Pittsburgh is training the next generation of cybersecurity experts to fight off the bad guys by teaching them to think the same way.

RICK KARR:  The bad guys stole more than three million Social Security numbers from the State of South Carolina.  As many as seventy million credit card numbers from Sony PlayStation.  They got access to all of the personal details of some customers of a nationwide mortgage lending firm.  But cybercriminals aren’t just looking to steal personal information and credit card numbers when they break into corporate computers -- they’re looking for other valuable information.
RICK KARR:  All those flaws that Carnegie Mellon’s undergrads find every semester ... don’t necessarily mean that the software on your P-C or your bank’s web site is badly written.  Almost every piece of software, every computer system has vulnerabilities that can be exploited -- it’s virtually impossible to make anything that’s connected to the internet perfectly secure.  And today -- compared to 10 or 20 years ago, all of us have just so many more computers and smartphones and tablets -- all of them connected and vulnerable.  So we’re vulnerable, too.

Carnegie Mellon’s students are so good at exploiting those vulnerabilities ... that the NSA enlisted them to create a game that teaches hacking skills to high-school-aged students -- and paid for the job.  Cylab, the university’s cybersecurity institute, is home to the to-ranked competitive hacking team in the world: the Plaid Parliament of Pwning -- “pwn” is hacker-speak for “own”, as in the hacker takes a computer over and owns it.  For third straight year, the team won top honors at international contests that pit teams of hackers against one another ... and utterly demolished the competition at a prestigious contest in Las Vegas.

Monday, October 7, 2013

TECHNOLOGY - Make Using Touch Screen Feel Bumps

"New Disney technology can add texture to completely smooth touch screens" by News Desk, PBS Newshour 10/7/2013

By regulating a flow of voltage to the surface of smooth touch screen, Disney researchers in Pittsburgh discovered that they can create the sensation of texture and three-dimensional surfaces.  The technology can represent an artificial texture applied to an image, or elevation data extracted from topographical maps.  But how does a smooth surface simulate the feel of a 3D bump?

"Our brain perceives the 3D bump on a surface mostly from information that it receives via skin stretching," said Ivan Poupyrev, who directs Disney Research, Pittsburgh's Interaction Group.  "Therefore, if we can artificially stretch skin on a finger as it slides on the touch screen, the brain will be fooled into thinking an actual physical bump is on a touch screen even though the touch surface is completely smooth."

Thursday, September 26, 2013

OPERATOR SYSTEMS - ReactOS Alternative to Microsoft Windows

ReactOS alternative to Microsoft Windows

ReactOS® is a free open source operating system based on the best design principles found in the Windows NT® architecture (Windows versions such as Windows XP, Windows 7, Windows Server 2012 are built on Windows NT architecture).  Written completely from scratch, ReactOS is not a Linux based system, and shares none of the UNIX architecture.

The main goal of the ReactOS® project is to provide an operating system which is binary compatible with Windows.  This will allow your Windows® applications and drivers to run as they would on your Windows system.  Additionally, the look and feel of the Windows operating system is used, such that people accustomed to the familiar user interface of Windows® would find using ReactOS straightforward.  The ultimate goal of ReactOS® is to allow you to use it as alternative to Windows® without the need to change software you are used to.

ReactOS 0.3.15 is still in alpha stage, meaning it is not feature-complete and is recommended only for evaluation and testing purposes.

As the quote above, this is under development but sounds good considering it is FREE and the developers MAY be more responsive to users than Microsoft.  Also may be more stable in the long run, not having new versions every few years.

Here is a link to their "Missing ReactOS Functionality" page.

My desktop system is WinXP SP3.  I do not like any of the newer versions of Windows which I consider glitzy resource hogs.

We should keep an eye out on progress of ReactOS.  I may give it a try AFTER I can be sure in will install OVER my WinXP and all applications (especially my antivirus) and games will work.

ReactOS Wikipedia

Friday, September 6, 2013

SECURITY - From Dilbert


SECURITY - The NSA's Internet Hacking

"Revealed:  The NSA’s Secret Campaign to Crack, Undermine Internet Security" by Jeff Larson (ProPublica), Nicole Perlrothand and Scott Shane (The New York Times), ProPublica 9/5/2013

The National Security Agency is winning its long-running secret war on encryption, using supercomputers, technical trickery, court orders and behind-the-scenes persuasion to undermine the major tools protecting the privacy of everyday communications in the Internet age, according to newly disclosed documents.

The agency has circumvented or cracked much of the encryption, or digital scrambling, that guards global commerce and banking systems, protects sensitive data like trade secrets and medical records, and automatically secures the e-mails, Web searches, Internet chats and phone calls of Americans and others around the world, the documents show.

Many users assume — or have been assured by Internet companies — that their data is safe from prying eyes, including those of the government, and the N.S.A. wants to keep it that way.  The agency treats its recent successes in deciphering protected information as among its most closely guarded secrets, restricted to those cleared for a highly classified program code-named Bullrun, according to the documents, provided by Edward J. Snowden, the former N.S.A. contractor.

Beginning in 2000, as encryption tools were gradually blanketing the Web, the N.S.A. invested billions of dollars in a clandestine campaign to preserve its ability to eavesdrop.  Having lost a public battle in the 1990s to insert its own “back door” in all encryption, it set out to accomplish the same goal by stealth.

The agency, according to the documents and interviews with industry officials, deployed custom-built, superfast computers to break codes, and began collaborating with technology companies in the United States and abroad to build entry points into their products.  The documents do not identify which companies have participated.

The N.S.A. hacked into target computers to snare messages before they were encrypted.  And the agency used its influence as the world’s most experienced code maker to covertly introduce weaknesses into the encryption standards followed by hardware and software developers around the world.

“For the past decade, N.S.A. has led an aggressive, multipronged effort to break widely used Internet encryption technologies,” said a 2010 memo describing a briefing about N.S.A. accomplishments for employees of its British counterpart, Government Communications Headquarters, or GCHQ.  “Cryptanalytic capabilities are now coming online.  Vast amounts of encrypted Internet data which have up till now been discarded are now exploitable.”

When the British analysts, who often work side by side with N.S.A. officers, were first told about the program, another memo said, “those not already briefed were gobsmacked!”

An intelligence budget document makes clear that the effort is still going strong.  “We are investing in groundbreaking cryptanalytic capabilities to defeat adversarial cryptography and exploit Internet traffic,” the director of national intelligence, James R. Clapper Jr., wrote in his budget request for the current year.

In recent months, the documents disclosed by Mr. Snowden have described the N.S.A.’s broad reach in scooping up vast amounts of communications around the world.  The encryption documents now show, in striking detail, how the agency works to ensure that it is actually able to read the information it collects.

The agency’s success in defeating many of the privacy protections offered by encryption does not change the rules that prohibit the deliberate targeting of Americans’ e-mails or phone calls without a warrant.  But it shows that the agency, which was sharply rebuked by a federal judge in 2011 for violating the rules and misleading the Foreign Intelligence Surveillance Court, cannot necessarily be restrained by privacy technology.  N.S.A. rules permit the agency to store any encrypted communication, domestic or foreign, for as long as the agency is trying to decrypt it or analyze its technical features.

The N.S.A., which has specialized in code-breaking since its creation in 1952, sees that task as essential to its mission.  If it cannot decipher the messages of terrorists, foreign spies and other adversaries, the United States will be at serious risk, agency officials say.

Just in recent weeks, the Obama administration has called on the intelligence agencies for details of communications by Qaeda leaders about a terrorist plot and of Syrian officials’ messages about the chemical weapons attack outside Damascus.  If such communications can be hidden by unbreakable encryption, N.S.A. officials say, the agency cannot do its work.

But some experts say the N.S.A.’s campaign to bypass and weaken communications security may have serious unintended consequences.  They say the agency is working at cross-purposes with its other major mission, apart from eavesdropping: ensuring the security of American communications.

Some of the agency’s most intensive efforts have focused on the encryption in universal use in the United States, including Secure Sockets Layer, or SSL, virtual private networks, or VPNs, and the protection used on fourth generation, or 4G, smartphones. Many Americans, often without realizing it, rely on such protection every time they send an e-mail, buy something online, consult with colleagues via their company’s computer network, or use a phone or a tablet on a 4G network.

For at least three years, one document says, GCHQ, almost certainly in close collaboration with the N.S.A., has been looking for ways into protected traffic of the most popular Internet companies:  Google, Yahoo, Facebook and Microsoft’s Hotmail. By 2012, GCHQ had developed “new access opportunities” into Google’s systems, according to the document.

“The risk is that when you build a back door into systems, you’re not the only one to exploit it,” said Matthew D. Green, a cryptography researcher at Johns Hopkins University.  “Those back doors could work against U.S. communications, too.”

Paul Kocher, a leading cryptographer who helped design the SSL protocol, recalled how the N.S.A. lost the heated national debate in the 1990s about inserting into all encryption a government back door called the Clipper Chip.

“And they went and did it anyway, without telling anyone,” Mr. Kocher said.  He said he understood the agency’s mission but was concerned about the danger of allowing it unbridled access to private information.

“The intelligence community has worried about ‘going dark’ forever, but today they are conducting instant, total invasion of privacy with limited effort,” he said.  “This is the golden age of spying.”

A Vital Capability

The documents are among more than 50,000 shared by The Guardian with The New York Times and ProPublica, the nonprofit news organization.  They focus primarily on GCHQ but include thousands either from or about the N.S.A.

Intelligence officials asked The Times and ProPublica not to publish this article, saying that it might prompt foreign targets to switch to new forms of encryption or communications that would be harder to collect or read.  The news organizations removed some specific facts but decided to publish the article because of the value of a public debate about government actions that weaken the most powerful tools for protecting the privacy of Americans and others.

The files show that the agency is still stymied by some encryption, as Mr. Snowden suggested in a question-and-answer session on The Guardian’s Web site in June.

“Properly implemented strong crypto systems are one of the few things that you can rely on,” he said, though cautioning that the N.S.A. often bypasses the encryption altogether by targeting the computers at one end or the other and grabbing text before it is encrypted or after it is decrypted.

The documents make clear that the N.S.A. considers its ability to decrypt information a vital capability, one in which it competes with China, Russia and other intelligence powers.

“In the future, superpowers will be made or broken based on the strength of their cryptanalytic programs,” a 2007 document said.  “It is the price of admission for the U.S. to maintain unrestricted access to and use of cyberspace.”

The full extent of the N.S.A.’s decoding capabilities is known only to a limited group of top analysts from the so-called Five Eyes:  the N.S.A. and its counterparts in Britain, Canada, Australia and New Zealand.  Only they are cleared for the Bullrun program, the successor to one called Manassas — both names of American Civil War battles.  A parallel GCHQ counterencryption program is called Edgehill, named for the first battle of the English Civil War of the 17th century.

Unlike some classified information that can be parceled out on a strict “need to know” basis, one document makes clear that with Bullrun, “there will be NO ‘need to know.’ ”

Only a small cadre of trusted contractors were allowed to join Bullrun.  It does not appear that Mr. Snowden was among them, but he nonetheless managed to obtain dozens of classified documents referring to the program’s capabilities, methods and sources.

Ties to Internet Companies

When the N.S.A. was founded, encryption was an obscure technology used mainly by diplomats and military officers.  Over the last 20 years, with the rise of the Internet, it has become ubiquitous.  Even novices can tell that their exchanges are being automatically encrypted when a tiny padlock appears next to the Web address on their computer screen.

Because strong encryption can be so effective, classified N.S.A. documents make clear, the agency’s success depends on working with Internet companies — by getting their voluntary collaboration, forcing their cooperation with court orders or surreptitiously stealing their encryption keys or altering their software or hardware.

According to an intelligence budget document leaked by Mr. Snowden, the N.S.A. spends more than $250 million a year on its Sigint Enabling Project, which “actively engages the U.S. and foreign IT industries to covertly influence and/or overtly leverage their commercial products’ designs” to make them “exploitable.”  Sigint is the abbreviation for signals intelligence, the technical term for electronic eavesdropping.

By this year, the Sigint Enabling Project had found ways inside some of the encryption chips that scramble information for businesses and governments, either by working with chipmakers to insert back doors or by surreptitiously exploiting existing security flaws, according to the documents.  The agency also expected to gain full unencrypted access to an unnamed major Internet phone call and text service; to a Middle Eastern Internet service; and to the communications of three foreign governments.

In one case, after the government learned that a foreign intelligence target had ordered new computer hardware, the American manufacturer agreed to insert a back door into the product before it was shipped, someone familiar with the request told The Times.

The 2013 N.S.A. budget request highlights “partnerships with major telecommunications carriers to shape the global network to benefit other collection accesses” — that is, to allow more eavesdropping.

At Microsoft, as The Guardian has reported, the N.S.A. worked with company officials to get pre-encryption access to Microsoft’s most popular services, including Outlook e-mail, Skype Internet phone calls and chats, and SkyDrive, the company’s cloud storage service.

Microsoft asserted that it had merely complied with “lawful demands” of the government, and in some cases, the collaboration was clearly coerced.  Executives who refuse to comply with secret court orders can face fines or jail time.

N.S.A. documents show that the agency maintains an internal database of encryption keys for specific commercial products, called a Key Provisioning Service, which can automatically decode many messages.  If the necessary key is not in the collection, a request goes to the separate Key Recovery Service, which tries to obtain it.

How keys are acquired is shrouded in secrecy, but independent cryptographers say many are probably collected by hacking into companies’ computer servers, where they are stored.  To keep such methods secret, the N.S.A. shares decrypted messages with other agencies only if the keys could have been acquired through legal means.  “Approval to release to non-Sigint agencies,” a GCHQ document says, “will depend on there being a proven non-Sigint method of acquiring keys.”

Simultaneously, the N.S.A. has been deliberately weakening the international encryption standards adopted by developers.  One goal in the agency’s 2013 budget request was to “influence policies, standards and specifications for commercial public key technologies,” the most common encryption method.

Cryptographers have long suspected that the agency planted vulnerabilities in a standard adopted in 2006 by the National Institute of Standards and Technology, the United States’ encryption standards body, and later by the International Organization for Standardization, which has 163 countries as members.

Classified N.S.A. memos appear to confirm that the fatal weakness, discovered by two Microsoft cryptographers in 2007, was engineered by the agency.  The N.S.A. wrote the standard and aggressively pushed it on the international group, privately calling the effort “a challenge in finesse.”

“Eventually, N.S.A. became the sole editor,” the memo says.

Even agency programs ostensibly intended to guard American communications are sometimes used to weaken protections.  The N.S.A.’s Commercial Solutions Center, for instance, invites the makers of encryption technologies to present their products and services to the agency with the goal of improving American cybersecurity.  But a top-secret N.S.A. document suggests that the agency’s hacking division uses that same program to develop and “leverage sensitive, cooperative relationships with specific industry partners” to insert vulnerabilities into Internet security products.

A Way Around

By introducing such back doors, the N.S.A. has surreptitiously accomplished what it had failed to do in the open.  Two decades ago, officials grew concerned about the spread of strong encryption software like Pretty Good Privacy, or P.G.P., designed by a programmer named Phil Zimmermann.  The Clinton administration fought back by proposing the Clipper Chip, which would have effectively neutered digital encryption by ensuring that the N.S.A. always had the key.

That proposal met a broad backlash from an unlikely coalition that included political opposites like Senator John Ashcroft, the Missouri Republican, and Senator John Kerry, the Massachusetts Democrat, as well as the televangelist Pat Robertson, Silicon Valley executives and the American Civil Liberties Union.  All argued that the Clipper would kill not only the Fourth Amendment, but also America’s global edge in technology.

By 1996, the White House backed down.  But soon the N.S.A. began trying to anticipate and thwart encryption tools before they became mainstream.

“Every new technology required new expertise in exploiting it, as soon as possible,” one classified document says.

Each novel encryption effort generated anxiety.  When Mr. Zimmermann introduced the Zfone, an encrypted phone technology, N.S.A. analysts circulated the announcement in an e-mail titled “This can’t be good.”

But by 2006, an N.S.A. document notes, the agency had broken into communications for three foreign airlines, one travel reservation system, one foreign government’s nuclear department and another’s Internet service by cracking the virtual private networks that protected them.

By 2010, the Edgehill program, the British counterencryption effort, was unscrambling VPN traffic for 30 targets and had set a goal of an additional 300.

But the agencies’ goal was to move away from decrypting targets’ tools one by one and instead decode, in real time, all of the information flying over the world’s fiber optic cables and through its Internet hubs, only afterward searching the decrypted material for valuable intelligence.

A 2010 document calls for “a new approach for opportunistic decryption, rather than targeted.”  By that year, a Bullrun briefing document claims that the agency had developed “groundbreaking capabilities” against encrypted Web chats and phone calls.  Its successes against Secure Sockets Layer and virtual private networks were gaining momentum.

But the agency was concerned that it could lose the advantage it had worked so long to gain, if the mere “fact of” decryption became widely known.  “These capabilities are among the Sigint community’s most fragile, and the inadvertent disclosure of the simple ‘fact of’ could alert the adversary and result in immediate loss of the capability,” a GCHQ document outlining the Bullrun program warned.

Corporate Pushback

Since Mr. Snowden’s disclosures ignited criticism of overreach and privacy infringements by the N.S.A., American technology companies have faced scrutiny from customers and the public over what some see as too cozy a relationship with the government.  In response, some companies have begun to push back against what they describe as government bullying.

Google, Yahoo and Facebook have pressed for permission to reveal more about the government’s secret requests for cooperation.  One small e-mail encryption company, Lavabit, shut down rather than comply with the agency’s demands for what it considered confidential customer information; another, Silent Circle, ended its e-mail service rather than face similar demands.

In effect, facing the N.S.A.’s relentless advance, the companies surrendered.

Ladar Levison, the founder of Lavabit, wrote a public letter to his disappointed customers, offering an ominous warning.  “Without Congressional action or a strong judicial precedent,” he wrote, “I would strongly recommend against anyone trusting their private data to a company with physical ties to the United States.”

Statement from the Office of the Director of National Intelligence:

It should hardly be surprising that our intelligence agencies seek ways to counteract our adversaries’ use of encryption.  Throughout history, nations have used encryption to protect their secrets, and today, terrorists, cybercriminals, human traffickers and others also use code to hide their activities.  Our intelligence community would not be doing its job if we did not try to counter that.

While the specifics of how our intelligence agencies carry out this cryptanalytic mission have been kept secret, the fact that NSA’s mission includes deciphering enciphered communications is not a secret, and is not news.  Indeed, NSA’s public website states that its mission includes leading “the U.S. Government in cryptology … in order to gain a decision advantage for the Nation and our allies.”

The stories published yesterday, however, reveal specific and classified details about how we conduct this critical intelligence activity.  Anything that yesterday’s disclosures add to the ongoing public debate is outweighed by the road map they give to our adversaries about the specific techniques we are using to try to intercept their communications in our attempts to keep America and our allies safe and to provide our leaders with the information they need to make difficult and critical national security decisions.

Monday, September 2, 2013

MICROSOFT - Can They Survive?

"Can Microsoft Be Saved?  Maybe Not" by Vivek Wadhwa, PBS Newshour 8/31/2013

Is Microsoft going the way of the Soviet Union?  Vivek Wadhwa, vice president for academics and innovation at Singularity University, director of research at Pratt School of Engineering, Duke University, and a fellow at Stanford Law School, thinks so.  A good friend of the Making Sen$e Business Desk, Wadhwa takes another look at Microsoft's future -- an issue he explored earlier this week in his column on the Washington Post's Innovations blog.

Vivek Wadhwa:  When companies become too big, they usually lose their ability to innovate.  There are a few notable exceptions, such as Apple, GE and Google, but most become complacent and focus increasingly on defending their existing turf rather than on creating new markets.  Thus they begin their march into oblivion.

That is the present state of Microsoft.  It has become an old giant, obsessed with defending its aging products.  If Microsoft doesn't change course, it is likely to suffer the same fate as that old superpower, the former Soviet Union, whose obsession with preserving its bloated bureaucracy led to its destruction.

Microsoft has lost ground in practically every emerging field, including mobile computing, music players, smartphones, search and social networking.  Yes, it has had an odd success or two, such as the Xbox, but these are just flukes.

It isn't that Microsoft doesn't have talented people working for it.  Quite to the contrary, it has an abundance of talent.  For two decades, it was the tech industry's strongest talent magnet.  It hired the best of the best.  And most of these geniuses haven't left -- yet.

My former students and friends who work at Microsoft tell me that they love the company, but are stifled by its bureaucracy, turf wars and central planning.  Big ideas get quashed because they don't fit into the corporate vision; products with great potential are killed because they could threaten the company's core products.  These employees believe that their talent is being wasted.  They long for the days when Microsoft was a lean mean fighting machine.

That's why I believe that the best path forward for Microsoft is to break itself up into a number of fighting machines -- smaller companies that compete with upstarts in Silicon Valley and with each other.  These micro-Microsofts need to have the freedom to take risks and cannibalize the company's core products.  That won't happen under its present structure.

The Windows 8 fiasco illustrates the problems that Microsoft faces.  Windows RT, the version of Windows 8 that was designed for tablet computers with touch screens, has a beautiful user interface and functionality.  In many ways, it is better than Apple's iOS and Google's Android.  But Microsoft was obsessed with protecting its Windows operating system and Office tools franchise.  So it bundled a version of Microsoft Office into RT.  To make the desktop version of Windows 8 consistent with RT, it added to it the same tiled user interface and removed the Start button.

Most desktop computers and laptops, however, don't have touch screens.  And Windows users aren't used to computers without Start buttons.  So they hated Windows 8 desktop, and it was a commercial disaster.

The inclusion of Microsoft Office on RT and Microsoft's desire to protect its operating system's pricing structure led it to charge re-sellers a price rumored to be about $85 (the re-seller price is a well-guarded secret).  This is more than what lower-end tablets will soon cost, and competes directly with Android, which Google gives away.  That's why RT, too, was a commercial disaster.

The sensible thing for Microsoft to do would have been to provide a lighter version of RT -- for free.  It would have competed head to head with Android and would likely have won because it has a superior user interface.  Microsoft could have made money by charging for special features and apps such as Office.  If Microsoft's RT division had had the freedom, it might also have done the unimaginable by bundling Google's Office apps and other competitive products into it.

Tablet prices are dropping rapidly.  I expect that next year, there will be several players selling devices that cost less than $100.  Full-featured tablets that cost around $50 -- and less -- are also on the horizon.  When these become available, the market for tablets will explode.  There will be hundreds of millions, perhaps billions, of such devices.  Instead of running Microsoft's RT, they will likely run Android.  Microsoft has lost its opportunity to sell additional products on these devices through its obsession with protecting its legacy software.  Windows and Office will likely slip into oblivion like the five year plans and Politburo the Soviet Union clung to.

But there is still hope for Microsoft.  It has a wealth of great people and great technologies in its labs.  They need to be untethered from the central bureaucracy and set free to compete and take big risks.  I am not too optimistic, though, that this will happen.  I worry that Microsoft will go the way of Kodak, RIM and Nokia -- or even the former Soviet Union -- all of which tanked because they were busy protecting old turf.

Friday, August 16, 2013

SOFTWARE - LibreOffice vs Microsoft Office

"Battle of the Office Suites: Microsoft Office and LibreOffice Compared" by Thorin Klosowski, LifeHacker 8/15/2013


For a long time, Microsoft Office has been the reigning champ of office suites, but that doesn't mean the free alternative, LibreOffice, isn't worth considering.  Let's take a look at how the two compare, and if it's finally possible to ditch the paid option for the free one.

You might not think it's really fair to compare the free LibreOffice and the paid Microsoft Office, but the two are a lot closer in features than you might think.  For one, LibreOffice is compatible with a lot more systems, including Windows, OS X, and Linux, while Microsoft Office's newest version is restricted to just Windows 7 and Windows 8.  Besides:  it’s not about which one is “better” or “more feature filled.”  It’s about whether your work requires what Microsoft has to offer, or if you can get by with something free and save a bit of money.  Now, with LibreOffice reaching 4.1, we've decided it's time to give it an in-depth comparison with Microsoft Office.

While we certainly can't go through each feature one-by-one, we'll attempt to get a good look at how they compare.  If you're interested in looking for a specific feature, head to this page and search for it on the table.  It should give you a pretty good idea of exactly which features are in which suite.  In this post, we're going to talk in more general terms.

The full article has comparison screenshots and explanations and a "The Bottom Line" for each common application (word processing, spreadsheets, database, presentation).  Also note the link above to the comparison table.

I use LibreOffice at home.

Wednesday, July 24, 2013

HARDWARE - nVidia's Next Generation Mobile GPU

"Kepler to go:  nVidia brings high-end graphics core technology to Tegra 5" by Agam Shah, PC World 7/24/2013

Augmented reality, image recognition and other multimedia features could be standard in future smartphones and tablets, and nVidia’s upcoming Tegra 5 mobile chip will have features to handle such demanding graphics capabilities.

nVidia on Wednesday said that it has made its biggest advance in mobile graphics technology with the integration of its latest graphics core code-named Kepler into Tegra 5, which is code-named Project Logan.  The chip is due next year, and will be able to handle the most demanding graphics applications through ray-tracing, tessellation, advanced lighting and post processing, said Daniel Vivoli, senior vice president at nVidia.

The graphics capabilities in Logan will be demonstrated at the SIGGRAPH show in Anaheim, California.  The demo will highlight the ability of a mobile processor to show a lifelike human face while consuming just two to three watts of power.  The 3D simulation of the human face will show “full features,” Vivoli said, including light refraction, microscopic wrinkles on the skin, and other small details such as skin oils.

The human face — called Ira by nVidia — was demonstrated on stage at nVidia’s GPU Technology Conference and was rendered with server-class graphics processors based on Kepler.  Features from those high-end GPUs are being scaled down to fit into the power constraints of mobile devices, Vivoli said.  The Ira demonstration was ported to Logan after paring down some hardware capabilities and also with tweaks in clock gating and cache.

Tegra 5 is scheduled to ship next year.  nVidia has just started shipping its Tegra 4 chip, which will be in devices such as Hewlett-Packard’s SlateBook X2 tablet.

nVidia declined to provide numbers on the graphics performance gains versus Tegra 4.  But the graphics core will be faster and more power efficient, and nVidia said it will use less than a third of the power of graphics cores in tablets like the iPad when rendering the same graphics.  Logan will provide better graphics performance at the same power consumption levels.

nVidia is known for its graphics, and its chips are considered among the best at handling multimedia in mobile devices.  The company’s high-end Tesla graphics chips based on Kepler are being used in some of the world’s fastest supercomputers, and now similar features will be available in mobile devices going ahead.

It’s also the first time that nVidia is bringing its latest graphics core to the mobile processor, effectively uniting all graphics products on the same microarchitecture.

“We’ve always have a separate architecture,” Vivoli said.  “We’ve been working for years where we can converge the graphics roadmaps.”

nVidia earlier offered a graphics development platform called Kayla in which a Tegra processor was attached to a Kepler GPU via a PCI-Express interconnect.  The platform was intended to get programmers to start writing mobile applications for the Kepler GPU.  But with Logan, the Kepler graphics processor is integrated inside the Tegra chip.

Programmers will have to write algorithms and programs to enable augmented reality, face recognition and other high-end multimedia, Vivoli said.  Processing such tasks will be quicker when off-loaded to the Kepler graphics core, Vivoli said.

It will also be the “first time” GPGPU (general-purpose graphics processing unit computing) comes to mobile devices, Vivoli said, referring to a concept in which processing is being increasingly moved to from CPUs to graphics cores in systems.

But the CPUs and graphics processors still need to work in a coherent manner, and the Tegra 5 chip will support a range of parallel programming tools such as CUDA 5.5, OpenCL 2.0 and Microsoft’s DirectX.  Such tools harness the joint processing power of CPUs and GPUs to bring performance gains in supercomputers, and with mobile devices, the performance boosts have to fit within a specific power limit.

There are multiple parallel programming development tools for mobile devices and supercomputing.  Intel offers development tools to work with its Xeon Phi accelerator chip, while Advanced Micro Devices is pushing with specifications from the HSA (Heterogeneous System Architecture) Foundation, a group that hopes to provide tools so applications can be easily ported across different chip architectures and devices.  nVidia is not a member of HSA, which is backed by ARM, Qualcomm, Texas Instruments and others.

Beyond Logan, nVidia is making more hardware improvements that should make graphics rendering faster.  The Tegra 6 processor code-named Parker will unite CPU and GPU and make it a shared resource.  Parker will also have a 3D structure in which transistors will be stacked on top of each other, which should make the GPU faster and more power efficient.  Parker is due for release in 2015.

Wednesday, July 17, 2013

CYBER SECURITY - Cyberattacks on U.S. Universities

"Universities Face a Rising Barrage of Cyberattacks" by RICHARD PÉREZ-PEÑA, New York Times 7/16/2013


America’s research universities, among the most open and robust centers of information exchange in the world, are increasingly coming under cyberattack, most of it thought to be from China, with millions of hacking attempts weekly.  Campuses are being forced to tighten security, constrict their culture of openness and try to determine what has been stolen.

University officials concede that some of the hacking attempts have succeeded.  But they have declined to reveal specifics, other than those involving the theft of personal data like Social Security numbers.  They acknowledge that they often do not learn of break-ins until much later, if ever, and that even after discovering the breaches they may not be able to tell what was taken.

Universities and their professors are awarded thousands of patents each year, some with vast potential value, in fields as disparate as prescription drugs, computer chips, fuel cells, aircraft and medical devices.

“The attacks are increasing exponentially, and so is the sophistication, and I think it’s outpaced our ability to respond,” said Rodney J. Petersen, who heads the cybersecurity program at Educause, a nonprofit alliance of schools and technology companies.  “So everyone’s investing a lot more resources in detecting this, so we learn of even more incidents we wouldn’t have known about before.”

Tracy B. Mitrano, the director of information technology policy at Cornell University, said that detection was “probably our greatest area of concern, that the hackers’ ability to detect vulnerabilities and penetrate them without being detected has increased sharply.”

Like many of her counterparts, she said that while the largest number of attacks appeared to have originated in China, hackers have become adept at bouncing their work around the world.  Officials do not know whether the hackers are private or governmental.  A request for comment from the Chinese Embassy in Washington was not immediately answered.

Analysts can track where communications come from — a region, a service provider, sometimes even a user’s specific Internet address.  But hackers often route their penetration attempts through multiple computers, even multiple countries, and the targeted organizations rarely go to the effort and expense — often fruitless — of trying to trace the origins.  American government officials, security experts and university and corporate officials nonetheless say that China is clearly the leading source of efforts to steal information, but attributing individual attacks to specific people, groups or places is rare.

The increased threat of hacking has forced many universities to rethink the basic structure of their computer networks and their open style, though officials say they are resisting the temptation to create a fortress with high digital walls.

“A university environment is very different from a corporation or a government agency, because of the kind of openness and free flow of information you’re trying to promote,” said David J. Shaw, the chief information security officer at Purdue University.  “The researchers want to collaborate with others, inside and outside the university, and to share their discoveries.”

Some universities no longer allow their professors to take laptops to certain countries, and that should be a standard practice, said James A. Lewis, a senior fellow at the Center for Strategic and International Studies, a policy group in Washington.  “There are some countries, including China, where the minute you connect to a network, everything will be copied, or something will be planted on your computer in hopes that you’ll take that computer back home and connect to your home network, and then they’re in there,” he said.  “Academics aren’t used to thinking that way.”

Bill Mellon of the University of Wisconsin said that when he set out to overhaul computer security recently, he was stunned by the sheer volume of hacking attempts.

We get 90,000 to 100,000 attempts per day, from China alone, to penetrate our system,” said Mr. Mellon, the associate dean for research policy.  “There are also a lot from Russia, and recently a lot from Vietnam, but it’s primarily China.”

Other universities report a similar number of attacks and say the figure is doubling every few years.  What worries them most is the growing sophistication of the assault.

Being a computer expert and a retired IT Technician the comment "free flow of information you’re trying to promote" does NOT mean that universities should not have very high network security.  Network security does not mean restricting free flow of information between AUTHORIZED users.

Friday, July 12, 2013

SOFTWARE - Virtual Reality Games

"How Virtual Reality Games Can Impact Society, Encourage Prosperity" PBS Newshour 7/11/2013


RAY SUAREZ (Newshour):  Finally tonight: video games, virtual reality and how changes in those technologies may be connected with economic behavior.

NewsHour economics correspondent Paul Solman and Paul's avatar are our guides, part of his ongoing reporting Making Sense of financial news.

And you should know his story contains some video game violence.

MAN:  You should feel like you're there.

MAN:  Oh, gosh. Oh, my gosh.

PAUL SOLMAN (Newshour):  Video games, one of the world's fastest-growing industries, with more than $80 billion a year in revenues now, more than twice that of movies.

MAN:  The feeling of dropping is really awesome.

PAUL SOLMAN:  And at a recent developers conference in San Francisco, the race was on to try out a breakthrough that could take the industry to an entirely new level.

MAN:  This is insane.

PAUL SOLMAN:  Though not yet ready for retail -- it's expected to sell for about $300 -- the Oculus Rift is already being hailed as the Holy Grail of gaming, a lightweight, affordable headset to deliver totally immersive virtual reality, or V.R.

Tuesday, July 9, 2013

CYBERWAR - About Chinese Cyber Theft

"US Government, Industry Fed up with Chinese Cyber Theft; What’s Being Done?" PBS Newshour 7/8/2013


SUMMARY:  As U.S. and Chinese officials meet this week in Washington to discuss cyber issues -- as well as broader strategic and economic issues -- a number of Congress members and computer security experts say they are fed up with China stealing proprietary data from American companies.  Ray Suarez reports.

Friday, June 28, 2013

COMPUTERS - Robotics Challenge From DARPA

"The ultimate video game: teams compete in DARPA Robotics Challenge" by Elizabeth Barber, Christian Science Monitor 6/28/2013

Teams from eight countries competed in the first round of the challenge to develop a disaster response robot

Except in this game, turning on a garden hose is an enormously difficult task, requiring huge teams of scientists and decades of acquired technology.

About twenty-six teams from eight countries competed on June 17-21 in The Virtual Robotics Challenge, the first round of the DARPA Robotics Challenge, using complex software to direct virtual robots in a cloud-based simulator that looks like a 3-D video game.

The overall challenge for the teams is to develop software that can operate a DARPA-supplied humanoid robot across a low-bandwidth network, which is expected to be the only type of network available to first responders in a disaster scenario.

This first round was a software competition in which teams used software of their own design to have a simulated ATLAS robot navigate a simulated disaster zone that looked something like suburbia gone wrong.  For three days, competitors stared into computer screens in their respective far-flung labs and offices, instructing their virtual robots to complete a series of challenges, including driving a vehicle and walking over uneven ground.  Robots also had to pick up a hose, connect it to a spigot and turn it on.

“The disaster response scenario is technically very challenging,” said Russ Tedrake, a professor at MIT’s Department of Electrical Engineering and Computer Science.  “It requires the robot and human operator to simultaneously perceive and gain an understanding for a complex, new environment, and then use that information to perform difficult manipulation tasks and traverse complex terrains.”

That means that the virtual robot must feed its raw sensor data back to its operating team, which then, with the help of the robot, must interpret its surroundings and enter instructions about where to move or how to manipulate objects.  The team then continuously asks the robot to share its plan, adjusting their requests and their suggestions until the robot provides a correct answer, at which point the robot is allowed to go on autonomously.

The top nine teams received funding and an ATLAS robot to compete in the DARPA Robotics Challenge Trials in December 2013.  The trials are the second of three DARPA challenge events and will be the first time that the physical robots will compete.

The overall winner of the first round was The Florida Institute for Human and Machine Cognition, a team of some 22 researchers.

“Getting in the car and driving was our biggest challenge,” said research scientist Jerry Pratt, the Florida Institute’s team leader.  “Walking — we had that nailed.”

Other winners included Worcester Polytechnic Institute, MIT, and TRACLabs.  The Jet Propulsion Laboratory, which was also among the winning teams, donated its awarded funds to three runner-up teams that DARPA had not originally selected – it had chosen six teams – putting the total to nine teams that will compete in the second round.

Saturday, May 18, 2013

HARDWARE - ASUS Xonar DS 7.1 Audio PCI Card

My WinXP desktop system's audio card was a bit 'long in the tooth.'  So I thought I'd search for a new one via Google.

I found something I did not expect, the ASUS Xonar DS 7.1 Audio PCI Card. (I bought via Amazon)

Why?  See below:

(click for larger view)

The Smart Volume Normalization (SVN) is something I've been waiting for ever since I discovered a way to have my iTunes/iPod do the same thing.  That is, play my iPod music without having to adjust between loud and low songs (set volume and forget).

For iTunes/iPod all I had to do is make sure to enable Sound-Check on both, and run a utility called iVolume.  iVolume fine-tunes the Sound-Check value by scanning each song and setting it to the master volume level you set in iVolume.  Which is what SVN does in the Xonar.

Here's the card:

(click for larger view)

Here's the Audio Center:

(click for larger view)

Note that I have SVN enabled (turquoise highlighted button) and the level bar-indicator is titled [Smart Volume].

The [ ^ ] opens the full menu list.

SVN works!  I set the master volume knob and everything plays at that volume.  No more having to adjust for differences between inputs (games, music, WEB, etc).

Xonar DS also includes Flex Bass which can be enabled for those who do not have a powered subwoffer speaker system.

CAUTION:  If you have a game that does NOT automatically detect a new audio card and run a configuration utility, you may have to start a new-game.  This is the case with Skyrim.

WARNING:  Using the GX (Gamers) DSP Mode can cause some games to crash.
Examples:  Oblivion, Skyrim, Inquisitor RPG

Thursday, May 16, 2013

LINUX - Image for Linux

There is a very good drive imaging backup utility available Image for Linux from TeraByte Inc.

Startup dialog

As I have said in a previous post on backing up your hard drive, an image backup is the best.  Much better than any file backup.

Image for Linux backs up all USED sectors on your Linux hard drive, therefore [Restore] gets you your full (boot) hard drive back.  It can backup to CDs or another device, such as an USB Stick.  Well worth the price.

WARNING:  Make sure you have your USB Sick plugged-in BEFORE turning on your system to boot to the CD.  I use a 32gb USB Stick to backup my Ubuntu 13.04 laptop hard drive.

You get an eMail with your license keys, or you can copy/paste from your online recept.

Your download will be via an eMail with a special 24hr expiring link.  The downloaded ZIP file contains several other ZIP files.  You select the one you have the license for and.... see below... the = Image for Linux (IFL) GUI version.

(click for larger view)

Extract and you get all the other files seen above.

Run makedisk to write a bootable CD, and you will be prompted for your license key.  Just in case, you will need a CD/DVD drive that can write.

As noted in pic, you do not need to keep the files you unzipped.  AFTER you confirm you can boot to the CD and IFL works, you can delete these files.  You just keep the original downloaded ZIP file.

I highly recommend you get the PDF manual and save/print, and read.

I've used this IFL for a year now to backup, worked without a hitch.  But, thankfully, I have not used the Restore function yet.

Your IFL boot disk runs in Linux environment GUI with mouse.  You just go through each dialog.

Tuesday, May 14, 2013

LINUX- Ubuntu 13.04

Well, Ubuntu 13.04 is released.

My Ubuntu 13, GNOME Desktop (click for larger view)

Note the [Steam] desktop icon (launcher).  That's right, Ubuntu 13 has the Steam Client available from the Software Center.

The upgrade from Ubuntu 12.10 to 13.04, using the Software Updater when notified, was flawless.  Everything came back as before upgrade.  Only had to change a few settings because of new apps.

As to Steam:

The Steam Client runs very well.  The Store has a [Linux] tab that list Linux Games.  And there's the rub.  Not all games listed in the [Linux] tab run properly, which is NOT Steam's fault.  It is the game publisher's fault.

Here is a list of Linux games I've tried:
  • Amnesia = Does not run at all.
  • Anna = Runs, BUT the mouse speed is so high/fast that the game is unplayable.  And the Main Menu Option to set mouse speed cannot be selected.
  • Postal (1) = Seems to run OK..... so far.
  • Postal 2 = Runs the Running With Scissors [WARNING] dialog, that automatically closes, then nothing.
  • Dungeon Defenders = Supposed to be new, but when started it goes through several Logo Dialogs [Press any key to continue], after those I got a blank-black dialog and that's it.  Even lost the mouse.  Had to use [Alt][F4] to force-close.
  • Half-Life (1) - Runs very good, except for sound, an old reverb problem (need to find a way to disable)
The only reason I tried these?  They were cheap.

So when it comes to Steam's Linux game, beware.

Monday, May 13, 2013

CYBERCRIME - Robbers Hit ATMs for $45 Million Worldwide

"Cyber ATM Robbers Grab $45 Million Worldwide Within Hours" (Part-1) PBS Newshour 5/10/2013

JEFFREY BROWN (Newshour):  And we turn to a major cyber-theft, global in scope and raising new questions about our vulnerabilities in the digital age.

The thefts took place in broad daylight at ATM machines, and the thieves wore no disguises.

U.S. ATTORNEY LORETTA LYNCH, Eastern District Of New York:  This was a 21st century bank heist that reached through the Internet to span the globe.

JEFFREY BROWN:  U.S. authorities say the reach of the international cyber-crime was wide; 27 countries -- Russia, Japan, Egypt, Colombia, Canada and beyond.

The criminals hacked into companies that process prepaid debit cards for two banks in the Middle East, stole the data and then copied it onto doctored cards with magnetic strips.  Yesterday in New York, U.S. Attorney Loretta Lynch explained what happened next.

LORETTA LYNCH:  They become a virtual criminal flash mob, going from machine to machine, drawing as much money as they can before these accounts are shut down.

JEFFREY BROWN:  On Dec. 21st, thieves hit 4,500 ATMs in some 20 countries, stealing five million dollars.  Then on Feb. 19th, they upped their game.  In 10 hours, they stole $40 million dollars in 36,000 transactions worldwide.

In Manhattan alone, a team of eight so-called "cashers" allegedly made their way from ATM to ATM making 2,900 withdrawals totaling $2.4 million dollars.

Two of the suspects took photos of themselves and the stacks of cash they allegedly stole.  To round out the crime, authorities say the suspects laundered the money by purchasing luxury goods in the form of Rolex watches, Gucci bags and expensive cars.

"International ATM Cyber Hackers Hid 'in Plain Sight' to Overcome Computer System" (Part-2) PBS Newshour 5/10/2013


SUMMARY:  The global network of thieves who targeted ATMs struck 2,904 machines over 10 hours in New York alone, withdrawing $2.4 million.  For more on the attack and the aftermath, Jeffrey Brown talks with Loretta Lynch, the U.S. attorney for the eastern district of New York and the federal prosecutor in the heist case.

Friday, April 12, 2013

SECURITY - Online Gaming Firms Targeted by Malware

"'Winnti' Malware Targeting Online Gaming Firms" by Chloe Albanesius, PC Magazine 4/12/2013

News of game-related hacks are nothing new; they have dominated headlines in recent years, from the massive Sony PlayStation Network takedown to the more recent hack of The War Z.

Attacks on gaming firms might not be isolated incidents, however.  Researchers at Kaspersky Lab this week said they uncovered a series of targeted attacks originating in China that are taking aim at Web-based gaming companies.

"According to our estimations, this group has been active for several years and specializes in cyber attacks against the online video game industry," Kaspersky said in a blog post.  "The group's main objective is to steal source codes for online game projects as well as the digital certificates of legitimate software vendors.  In addition, they are very interested in how network infrastructure (including the production of gaming servers) is set up, and new developments such as conceptual ideas, design and more."

Kaspersky started investigating the group - known as Winnti - in the fall of 2011 at a behest of a computer game publisher that detected malware on its network.  The malware was pushed out to users via a standard update, prompting concern that the company was spying on its users.

"However, it later became clear that the malicious program ended up on the users' computers by mistake; the cybercriminals were in fact targeting the companies that develop and release computer games," Kaspersky said.

Once installed on someone's computer, the hackers could control that machine without the user's knowledge.  The malware was "the first time we saw Trojan applications for the 64-bit version of Microsoft Windows with a valid digital signature," Kaspersky said.  Previous incidents of digital signature abuse had only hit 32-bit systems.

The digital certificate in question belonged to South Korea-based KOG, which also produced MMPRG, like Kaspersky's client.  Ultimately, the certificate was revoked, but "over the next 18 months we discovered more than a dozen similar compromised digital certificates."

Kaspersky said that its research suggests that at least 35 companies from around the world have been infected by Winnti malware at some point in time, with a "strong focus" on Southeast Asia.

Friday, April 5, 2013

WINXP - Updates Coming to an End

"When will Microsoft pull the plug on your version of Windows or Office?" by Ed Bott, ZDNet 4/4/2013


Summary:  The countdown for Windows XP is about to get serious.  In one year, Microsoft officially stops supporting XP.  What happens when the clock runs out?  And how long until your current version of Windows or Office suffers the same fate?

For the next year or so, Microsoft will officially offer support for four versions of Windows for desktop and notebook PCs.

Windows XP, the oldest of the bunch, celebrates its 12th birthday this fall.  It kicks off a year-long farewell tour next week, counting down to April 8, 2014, when Microsoft officially ends its support.  XP lived longer than any version of Windows ever, getting multiple extensions on its retirement date to placate customers who said no to Vista.  But April 2014 is the end of the road.

XP will not get a last-minute reprieve.

Let me say that again, in boldface this time:  Microsoft will not extend the support deadline for XP.  If you're still relying on XP, you should have a plan to switch to a supported platform, whether it's from Microsoft or someone else.

April 8, 2014 is a deadline, not a death sentence.  PCs running XP will not stop working when the clock runs out.  In fact, XP diehards won’t notice anything different except an eerie quiet on Patch Tuesday.  Newer Windows versions, including Windows Vista, Windows 7, and Windows 8, will continue to get security patches and bug fixes via Windows Update, but not XP.  When the extended support period ends, so do those updates.  (Large enterprise customers who have custom support agreements with Microsoft and who are willing to pay dearly for the privilege might be able to get custom updates after the official end of support.  But consumers and small businesses will not have that option.)

None of this should be a surprise.  As I’ve noted before, Microsoft has a well-established support life-cycle for its software products.  It’s basically an agreement that the company makes with everyone who commits to Windows.  The terms of that agreement don’t change often, which is an important assurance for business customers who tend to be conservative in their approach to upgrades.

Six months after the launch of Windows 8, it’s become obvious that Windows 7 is the new Long Term Support version.  And I'm starting to get more questions from readers who are concerned that Microsoft is going to try to kill off Windows 7.

MY OPINION:  Microdunce can shove their to-hell-with-consumer policies up you-know-where.

I am NOT about to downgrade my PERFECTLY WORKING WinXP Desktop to a more hoggish, all eye-candy, version that will require me to manually reinstall over 100 apps.

Thursday, March 28, 2013

INTERNET - Spam or Not to Spam Cyber War

"Cyber War Over Spam Slows Access for Internet Users" PBS Newshour 3/27/2013


SUMMARY:  A dispute between an online company that sends spam emails and a company trying to mitigate spam has led to the one of the largest reporter cyber attacks in history, creating slow access to common sites like Netflix for millions of web users.  Hari Sreenivasan talks over the case with Nicole Perlroth of the New York Times.

HARI SREENIVASAN (Newshour):  One company fights spam; the other is said to be behind sending those pesky e-mails.  A dispute between the two has led to one of the largest reported cyber-attacks in Internet history, the result, widespread congestion that's slowing access for millions of users to sites like Netflix.

Nicole Perlroth has been covering the story for The New York Times, joins me now.

NOTE:  For users, this is what eMail client filters are for.  Delete spam eMails, or move spam to a [Spam] folder.

Tuesday, March 12, 2013

INTERNET - What Happens to Your Online 'Estate' After You Die?

"Law Lags Behind in Defining Posthumous Protocol for Online Accounts" PBS Newshour 3/11/2013


JEFFREY BROWN (Newshour):  Billions of people around the world now live part of their lives online, sharing photographs, information on relationships and careers, tweets and more.

But what happens when physical lives end and life in cyberspace goes on?  Of the one billion people who use the social network site Facebook, for example, an estimated three die every minute.  And that can lead to some painful problems.  For one thing, there's no one method or law on the books for how beneficiaries gain access to a deceased person's digital records.

Virginia dairy farmer Ricky Rash ran into that problem after his 15-year-old son Eric committed suicide in 2011.

RICKY RASH, Father:  It was a complete shock, as any suicide is.  But we had absolutely no warning.  Eric kissed his mom good night the night before.  He did his homework.  He Armor All-ed the seats in that Oldsmobile that was his.  He did everything under the sun to show us it was a normal night.

So, with no answers from home, no answers from school, we were just hoping that there may be something that would give us some insight as to why he chose to make the decision he did.  And Facebook was literally the last frontier that we had to investigate.

Monday, March 4, 2013

CYBERWAR - Pinning Down Motive For Hacking Against U.S.

"As Hacking Against U.S. Rises, Experts Try to Pin Down Motive" by NICOLE PERLROTH, DAVID E. SANGER, and MICHAEL S. SCHMIDT; New York Times 3/3/2013


When Telvent, a company that monitors more than half the oil and gas pipelines in North America, discovered last September that the Chinese had hacked into its computer systems, it immediately shut down remote access to its clients’ systems.

Company officials and American intelligence agencies then grappled with a fundamental question: Why had the Chinese done it?

Was the People’s Liberation Army, which is suspected of being behind the hacking group, trying to plant bugs into the system so they could cut off energy supplies and shut down the power grid if the United States and China ever confronted each other in the Pacific?  Or were the Chinese hackers just trolling for industrial secrets, trying to rip off the technology and pass it along to China’s own energy companies?

“We are still trying to figure it out,” a senior American intelligence official said last week.  “They could have been doing both.”

Telvent, which also watches utilities and water treatment plants, ultimately managed to keep the hackers from breaking into its clients’ computers.

At a moment when corporate America is caught between what it sees as two different nightmares — preventing a crippling attack that brings down America’s most critical systems, and preventing Congress from mandating that the private sector spend billions of dollars protecting against that risk — the Telvent experience resonates as a study in ambiguity.

To some it is prime evidence of the threat that President Obama highlighted in his State of the Union address, when he warned that “our enemies are also seeking the ability to sabotage our power grid, our financial institutions, our air traffic control systems,” perhaps causing mass casualties.  Mr. Obama called anew for legislation to protect critical infrastructure, which was killed last year by a Republican filibuster after intensive lobbying by the Chamber of Commerce and other business groups.

But the security breach of Telvent, which the Chinese government has denied, also raises questions of whether those fears — the subject of weekly research group reports, testimony and Congressional studies — may be somewhat overblown, or whether the precise nature of the threat has been misunderstood.

American intelligence officials believe that the greater danger to the nation’s infrastructure may not even be China, but Iran, because of its avowal to retaliate for the Stuxnet virus created by the United States and Israel and unleashed on one of its nuclear sites.  But for now, these officials say, that threat is limited by gaps in Iranian technical skills.

There is no doubt that attacks of all kinds are on the rise.  The Department of Homeland Security has been responding to intrusions on oil pipelines and electric power organizations at “an alarming rate,” according to an agency report last December.  Some 198 attacks on the nation’s critical infrastructure systems were reported to the agency last year, a 52 percent increase from the number of attacks in 2011.

Researchers at McAfee, a security firm, discovered in 2011 that five multinational oil and gas companies had been attacked by Chinese hackers.  The researchers suspected that the Chinese hacking campaign, which they called Night Dragon, had affected more than a dozen companies in the energy industry.  More recently, the Department of Energy confirmed in January that its network had been infiltrated, though it has said little about what damage, if any, was done.

But security researchers say that the majority of those attacks were as ambiguous as the Telvent case.  They appeared to be more about cyberespionage, intended to bolster the Chinese economy.  If the goal was to blow up a pipeline or take down the United States power grid, the attacks would likely have been of a different nature.

In a recent report, Critical Intelligence, an Idaho Falls security company, said that several cyberattacks by “Chinese adversaries” against North American energy firms seemed intended to steal fracking technologies, reflecting fears by the Chinese government that the shale energy revolution will tip the global energy balance back in America’s favor.  “These facts are likely a significant motivation behind the wave of sophisticated attacks affecting firms that operate in natural gas, as well as industries that rely on natural gas as an input, including petrochemicals and steel-making,” the Critical Intelligence report said, adding that the attack on Telvent, and “numerous” North American pipeline operators may be related.

American intelligence experts believe that the primary reason China is deterred from conducting an attack on infrastructure in the United States is the simple economic fact that anything that hurts America’s financial markets or transportation systems would also have consequences for its own economy.

COMMENT:  The REASON for hacking U.S. systems is in reality irrelevant.  The ABILITY to hack our systems is, or should be, the point.  Hacking methods used for economic reasons can be use for more destructive reasons.

Monday, February 25, 2013

CYBERSECURITY - Social Networking Hacking

"Twitter Hackings Put Focus on Security for Brands" by TANZINA VEGA and NICOLE PERLROTH, New York Times 2/24/2013


While most Americans were winding up their holiday weekends last Monday, the phones at the Vancouver headquarters of HootSuite, a social media management company, began to ring.

Burger King’s Twitter account had just been hacked.  The company’s logo had been replaced by a McDonald’s logo, and rogue announcements began to appear.  One was that Burger King had been sold to a competitor; other posts were unprintable.

“Every time this happens, our sales phone lines light up,” said Ryan Holmes, the chief executive of HootSuite, which provides management and security tools for Twitter accounts, including the ability to prevent someone from gaining access to an account.  “For big brands, this is a huge liability,” he said, referring to the potential for being hacked.

What happened to Burger King — and, a day later, to Jeep — is every brand manager’s nightmare.  While many social media platforms began as a way for ordinary users to share vacation photos and status updates, they have now evolved into major advertising vehicles for brands, which can set up accounts free but have to pay for more sophisticated advertising products.

Burger King and Jeep, owned by Chrysler, are not alone.  Other prominent accounts have fallen victim to hacking, including those for NBC News, USA Today, Donald J. Trump, the Westboro Baptist Church and even the “hacktivist” group Anonymous.

Those episodes raised questions about the security of social media passwords and the ease of gaining access to brand-name accounts.  Logging on to Twitter is the same process for a company as for a consumer, requiring just a user name and one password.

Twitter, like Facebook, has steadily introduced a number of paid advertising options, raising the stakes for advertisers.  Brands that pay to advertise on Twitter are assigned a sales representative to help them manage their accounts, but they are not given any more layers of security than those for a typical user.

Ian Schafer, the founder and chief executive of Deep Focus, a digital advertising company that also fielded a few phone calls from clients concerned about the Burger King attack, argued that Twitter bore some responsibility.

“I think Twitter needs to step up its game in providing better security,” Mr. Schafer said.  In a memo to his staff about such attacks, he called on social networks like Facebook, Twitter, Pinterest “and anyone else serious about having brands on their platform” to “invest time in better understanding how brands operate day to day.”

“It’s also time for these platforms to use their influence to shape security standards on the Web,” he wrote.

The risk for Twitter is in offending potential business partners as the company tries to build its advertising dollars, which make up the bulk of its revenue.  In 2012, the company grew more than 100 percent, earning $288.3 million in global advertising revenue, according to eMarketer.

On Wednesday, it introduced a product that would allow advertisers to create and manage ads through third parties like HootSuite, Adobe and  Advertising is estimated to account for more than 90 percent of the company’s revenue.

“This is not something we take lightly,” said Jim Prosser, a Twitter spokesman, in an interview last month.  (The company declined to comment on the Burger King hacking, saying it did not discuss specific accounts.)  Mr. Prosser said Twitter had manual and automatic controls in place to identify malicious content and fake accounts, but acknowledged that the practice was more art than science.

Mr. Prosser said Twitter had taken an active role in combating the biggest sources of malicious content.

Last year, the company sued those responsible for five of the most-used spamming tools on the site.  “With this suit, we’re going straight to the source,” it said in a statement.  “We hope the suit acts as a deterrent to other spammers, demonstrating the strength of our commitment to keep them off Twitter.”

But security experts say, and the recent hacks of Burger King, Jeep and other brands have demonstrated, that Twitter could do more.

“Twitter and other social media accounts are like catnip for script kiddies, hacktivists and serious cybercriminals alike,” said Mark Risher, chief executive at Impermium, a Silicon Valley start-up that aims to clean up social networks.  “Because of their deliberately easy access and liberal content policies, accounts on these networks prove irresistibly tempting.”

Wednesday, February 13, 2013

CYBERSECURITY - Executive Orders vs CISPA

"Obama's Cybersecurity Executive Order vs. CISPA: Which Approach Is Best?" by Chloe Albanesius, 2/13/2013

As part of his State of the Union speech last night, President Obama tipped an executive order that is intended to improve the security of Internet-based critical infrastructure.  But what does that order include?

Obama's plan would allow federal agencies to notify private companies if they detect any sort of cyber intrusion that would harm operations or the security of company data.

Specifically, the plan expands the Defense Industrial Base (DIB) information-sharing program to other federal agencies.  The DIB was put in place in 2011 and allows the Defense and Homeland Security Departments to share non-classified information about cybersecurity-related threats with DIB partner companies, like contractors.

But as we've seen with hacks of the Federal Reserve and the Department of Energy, defense-related agencies are not the only ones being targeted by hackers.  So the executive order "requires Federal agencies to produce unclassified reports of threats to U.S. companies and requires the reports to be shared in a timely manner," the White House said.  It also allows for "near real-time sharing of cyber threat information to assist participating critical infrastructure companies in their cyber protection efforts."

Obama has also ordered the National Institute of Standards and Technology (NIST) to develop a framework for handling cyber-security threats.  "NIST will work collaboratively with industry to develop the framework, relying on existing international standards, practices, and procedures that have proven to be effective," the White House said.

Given the rapid pace of technology, the recommendations will be technology neutral, the administration said.  Once they've been developed, DHS will work with other agencies to reach out to companies for voluntary implementation of the framework.

While sharing details about cyber attacks might seem like a no brainer, a major concern is how the data is handled.  If these threats deal with a credit card company or major social network, will your personal information be protected?

The White House insisted that the executive order includes "strong privacy and civil liberties protections."  Any type of information sharing will be based on the Fair Information Practice Principles (FIPP), a set of information-sharing principles developed by the FTC, as well as other applicable privacy and civil liberties policies, principles, and frameworks.

"Agencies will conduct regular assessments of privacy and civil liberties impacts of their activities and such assessments will be made public," the White House said.

Executive Order vs. CISPA

Last night, Obama called on Congress to do even more on cyber security.  Two members of the House, in fact, plan to re-introduce the controversial CISPA information-sharing bill today, but it has not secured the support of the White House.  A bill backed by the administration was introduced in the Senate last year, but did not make any major headway.

The main difference between the White House executive order and CISPA is that CISPA would allow private companies (like Facebook or Google) to share details about cyber attacks with the government, whereas the executive order is a one-way street, with the feds sharing information with the private sector.  CISPA opponents were concerned about immunity clauses that they said would incentivize companies to hand over customer information without hesitation.

As a result, the White House threatened to veto CISPA if it made it to President Obama's desk.  The White House Office of Management and Budget (OMB) released a statement that said the bill "departs from longstanding efforts to treat the Internet and cyberspace as civilian spheres."

In a statement last night, the ACLU issued its support for the executive order and warned against CISPA.  "The president's executive order rightly focuses on cybersecurity solutions that don't negatively impact civil liberties," said ACLU Legislative Counsel Michelle Richardson.  "For example, greasing the wheels of information sharing from the government to the private sector is a privacy-neutral way to distribute critical cyber information."

Broadband trade association USTelecom said the executive order "takes some important steps toward achieving policy goals that will help protect our nation from harmful threats," but said the issue should ultimately be handled by Congress - via bills like CISPA.

Monday, February 4, 2013

GAMING BUSINESS - From Valve Co-Founder

"Watch Gabe Newell Talk For An Hour About Making Video Games" by Kirk Hamilton, Kotaku 1/31/2013

Earlier this week, Valve co-founder Gabe Newell gave a talk at University of Texas at Austin about the business and art of making video games.  Today, the school has posted a full video of one of the talks.

Sit back, relax, and watch one of gaming's visionaries talk about how he does what he does, and how his company operates.


COMMENT:  When Steam first 'hit the streets' back when Half-Life came out, I and many others, ranted about it.  That was because you actually had to be online to run a Steam game EVEN FOR SINGLE-PLAYER games.

Finally, Valve/Steam listened to what users were saying and Steam now has an Off-Line Mode.  So we can play Seam games WITHOUT being online.

Friday, February 1, 2013

CYBERWAR - New York Times Hacked by China

"New York Times Computer System Target of Lengthy Chinese Hacking Attack" PBS Newshour 1/31/2013


SUMMARY:  The New York Times fell victim to a four-month cyber attack by Chinese hackers who cracked passwords to more than 50 email accounts, including those of top reporters.  Ray Suarez talks with Times reporter Nicole Perlroth and Grady Summers, vice president of the cyber security company hired to investigate the attacks.

Friday, January 11, 2013

DRIVERS - Things to That Can Happen When Upgrading

This is about what potential glitches can happen when upgrading drivers.

For reference, my desktop system:
  • WinXP SP3
  • Pentium 4 Hyper Threading 3 GHz CPU (near Du Core performance)
  • nVidia GeForce 7900 GS 512mb RAM
  • 2 Gig RAM
I have 3 specific examples of what can happen with driver upgrades, these are games:
  1. One of my favorite game series is "Thief" which is a stealth RPG.

    I loaded this series on an older system and had no problems. But when I upgraded my motherboard to what I have now (with P4 HT) the game had occasional crashes. Suspect the faster CPU speed was the problem.

    When I upgrade my nVidia drivers to the 300+ the game had constant crashes.

  2. Next is the original Splinter Cell series (first 3 games).

    On my present system, with nVidia with drivers 200+, there was only a minor rendering problem. The second game had a scene where spotlights are sweeping the area. Originally you could actually see the spotlight beams, but with the nVidia 200+ drivers you could NOT see the beams.

    After upgrading to nVidia 300+ drivers, very frequent crashes.

  3. Then there is the original Far Cry (aka Far Cry 1).

    Had no problems with the game until I upgraded to nVidia 300+ drivers. In scenes with outdoor views there were areas that were transparent. You see the sky where land should be.

Because of these issues I had to uninstall these games (sigh).

The problem in all these examples is the interface of the game engines with hardware and video drivers. Most of the problems were reported by other gamers. Also, I did try various tweaks to try to fix.

My research into tweaks for Far Cry 1 made me aware of something. The tweak guide and detailed listing of configuration entries that could be manually edited. BUT when I used nVidia Inspector to look at the calls for my card, many of the calls listed in the tweak guide were NOT there.

NOTE: nVidia Inspector latest version is Use Google to find download, I use the Major Geeks site. Also the ZIP file is the entire utility, you make a folder and put all the files there then create a shortcut to run the EXE.

This tells me that nVidia drivers MAY not be fully backwards compatible. Newer drivers may not have older function calls.

This means that game engines that have hard-coded calls to specific functions MAY not work with newer video drivers.

Note that my system has no problems with 'newer' games like Skyrim or Far Cry 2.

This is just a reminder that upgrading drivers is not always smooth.