HARDWARE - ASUS Xonar DS 7.1 Audio PCI Card

My WinXP desktop system's audio card was a bit 'long in the tooth.'  So I thought I'd search for a new one via Google.

I found something I did not expect, the ASUS Xonar DS 7.1 Audio PCI Card. (I bought via Amazon)

Why?  See below:

(click for larger view)

The Smart Volume Normalization (SVN) is something I've been waiting for ever since I discovered a way to have my iTunes/iPod do the same thing.  That is, play my iPod music without having to adjust between loud and low songs (set volume and forget).

For iTunes/iPod all I had to do is make sure to enable Sound-Check on both, and run a utility called iVolume.  iVolume fine-tunes the Sound-Check value by scanning each song and setting it to the master volume level you set in iVolume.  Which is what SVN does in the Xonar.

Here's the card:

(click for larger view)

Here's the Audio Center:

(click for larger view)

Note that I have SVN enabled (turquoise highlighted button) and the level bar-indicator is titled [Smart Volume].

The [ ^ ] opens the full menu list.

SVN works!  I set the master volume knob and everything plays at that volume.  No more having to adjust for differences between inputs (games, music, WEB, etc).

Xonar DS also includes Flex Bass which can be enabled for those who do not have a powered subwoffer speaker system.

CAUTION:  If you have a game that does NOT automatically detect a new audio card and run a configuration utility, you may have to start a new-game.  This is the case with Skyrim.

WARNING:  Using the GX (Gamers) DSP Mode can cause some games to crash.
Examples:  Oblivion, Skyrim, Inquisitor RPG

LINUX - Image for Linux

There is a very good drive imaging backup utility available Image for Linux from TeraByte Inc.

Startup dialog

As I have said in a previous post on backing up your hard drive, an image backup is the best.  Much better than any file backup.

Image for Linux backs up all USED sectors on your Linux hard drive, therefore [Restore] gets you your full (boot) hard drive back.  It can backup to CDs or another device, such as an USB Stick.  Well worth the price.

WARNING:  Make sure you have your USB Sick plugged-in BEFORE turning on your system to boot to the CD.  I use a 32gb USB Stick to backup my Ubuntu 13.04 laptop hard drive.

You get an eMail with your license keys, or you can copy/paste from your online recept.

Your download will be via an eMail with a special 24hr expiring link.  The downloaded ZIP file contains several other ZIP files.  You select the one you have the license for and.... see below... the ifl_en_gui.zip = Image for Linux (IFL) GUI version.

(click for larger view)

Extract ifl_en_gui.zip and you get all the other files seen above.

Run makedisk to write a bootable CD, and you will be prompted for your license key.  Just in case, you will need a CD/DVD drive that can write.

As noted in pic, you do not need to keep the files you unzipped.  AFTER you confirm you can boot to the CD and IFL works, you can delete these files.  You just keep the original downloaded ZIP file.

I highly recommend you get the PDF manual and save/print, and read.

I've used this IFL for a year now to backup, worked without a hitch.  But, thankfully, I have not used the Restore function yet.

Your IFL boot disk runs in Linux environment GUI with mouse.  You just go through each dialog.

LINUX- Ubuntu 13.04

Well, Ubuntu 13.04 is released.

My Ubuntu 13, GNOME Desktop (click for larger view)

Note the [Steam] desktop icon (launcher).  That's right, Ubuntu 13 has the Steam Client available from the Software Center.

The upgrade from Ubuntu 12.10 to 13.04, using the Software Updater when notified, was flawless.  Everything came back as before upgrade.  Only had to change a few settings because of new apps.

As to Steam:

The Steam Client runs very well.  The Store has a [Linux] tab that list Linux Games.  And there's the rub.  Not all games listed in the [Linux] tab run properly, which is NOT Steam's fault.  It is the game publisher's fault.

Here is a list of Linux games I've tried:

• Amnesia = Does not run at all.
• Anna = Runs, BUT the mouse speed is so high/fast that the game is unplayable.  And the Main Menu Option to set mouse speed cannot be selected.
• Postal (1) = Seems to run OK..... so far.
• Postal 2 = Runs the Running With Scissors [WARNING] dialog, that automatically closes, then nothing.
• Dungeon Defenders = Supposed to be new, but when started it goes through several Logo Dialogs [Press any key to continue], after those I got a blank-black dialog and that's it.  Even lost the mouse.  Had to use [Alt][F4] to force-close.
• Half-Life (1) - Runs very good, except for sound, an old reverb problem (need to find a way to disable)

The only reason I tried these?  They were cheap.

So when it comes to Steam's Linux game, beware.

CYBERCRIME - Robbers Hit ATMs for $45 Million Worldwide

"Cyber ATM Robbers Grab $45 Million Worldwide Within Hours" (Part-1) PBS Newshour 5/10/2013

JEFFREY BROWN (Newshour):  And we turn to a major cyber-theft, global in scope and raising new questions about our vulnerabilities in the digital age.

The thefts took place in broad daylight at ATM machines, and the thieves wore no disguises.

U.S. ATTORNEY LORETTA LYNCH, Eastern District Of New York:  This was a 21st century bank heist that reached through the Internet to span the globe.

JEFFREY BROWN:  U.S. authorities say the reach of the international cyber-crime was wide; 27 countries -- Russia, Japan, Egypt, Colombia, Canada and beyond.

The criminals hacked into companies that process prepaid debit cards for two banks in the Middle East, stole the data and then copied it onto doctored cards with magnetic strips.  Yesterday in New York, U.S. Attorney Loretta Lynch explained what happened next.

LORETTA LYNCH:  They become a virtual criminal flash mob, going from machine to machine, drawing as much money as they can before these accounts are shut down.

JEFFREY BROWN:  On Dec. 21st, thieves hit 4,500 ATMs in some 20 countries, stealing five million dollars.  Then on Feb. 19th, they upped their game.  In 10 hours, they stole $40 million dollars in 36,000 transactions worldwide.

In Manhattan alone, a team of eight so-called "cashers" allegedly made their way from ATM to ATM making 2,900 withdrawals totaling $2.4 million dollars.

Two of the suspects took photos of themselves and the stacks of cash they allegedly stole.  To round out the crime, authorities say the suspects laundered the money by purchasing luxury goods in the form of Rolex watches, Gucci bags and expensive cars.

"International ATM Cyber Hackers Hid 'in Plain Sight' to Overcome Computer System" (Part-2) PBS Newshour 5/10/2013

Excerpt

SUMMARY:  The global network of thieves who targeted ATMs struck 2,904 machines over 10 hours in New York alone, withdrawing $2.4 million.  For more on the attack and the aftermath, Jeffrey Brown talks with Loretta Lynch, the U.S. attorney for the eastern district of New York and the federal prosecutor in the heist case.

LINUX - Ubuntu on Tablet Systems

"Ubuntu on tablets"

SECURITY - Online Gaming Firms Targeted by Malware

"'Winnti' Malware Targeting Online Gaming Firms" by Chloe Albanesius, PC Magazine 4/12/2013

News of game-related hacks are nothing new; they have dominated headlines in recent years, from the massive Sony PlayStation Network takedown to the more recent hack of The War Z.

Attacks on gaming firms might not be isolated incidents, however.  Researchers at Kaspersky Lab this week said they uncovered a series of targeted attacks originating in China that are taking aim at Web-based gaming companies.

"According to our estimations, this group has been active for several years and specializes in cyber attacks against the online video game industry," Kaspersky said in a blog post.  "The group's main objective is to steal source codes for online game projects as well as the digital certificates of legitimate software vendors.  In addition, they are very interested in how network infrastructure (including the production of gaming servers) is set up, and new developments such as conceptual ideas, design and more."

Kaspersky started investigating the group - known as Winnti - in the fall of 2011 at a behest of a computer game publisher that detected malware on its network.  The malware was pushed out to users via a standard update, prompting concern that the company was spying on its users.

"However, it later became clear that the malicious program ended up on the users' computers by mistake; the cybercriminals were in fact targeting the companies that develop and release computer games," Kaspersky said.

Once installed on someone's computer, the hackers could control that machine without the user's knowledge.  The malware was "the first time we saw Trojan applications for the 64-bit version of Microsoft Windows with a valid digital signature," Kaspersky said.  Previous incidents of digital signature abuse had only hit 32-bit systems.

The digital certificate in question belonged to South Korea-based KOG, which also produced MMPRG, like Kaspersky's client.  Ultimately, the certificate was revoked, but "over the next 18 months we discovered more than a dozen similar compromised digital certificates."

Kaspersky said that its research suggests that at least 35 companies from around the world have been infected by Winnti malware at some point in time, with a "strong focus" on Southeast Asia.

WINXP - Updates Coming to an End

"When will Microsoft pull the plug on your version of Windows or Office?" by Ed Bott, ZDNet 4/4/2013

Excerpt

Summary:  The countdown for Windows XP is about to get serious.  In one year, Microsoft officially stops supporting XP.  What happens when the clock runs out?  And how long until your current version of Windows or Office suffers the same fate?

For the next year or so, Microsoft will officially offer support for four versions of Windows for desktop and notebook PCs.

Windows XP, the oldest of the bunch, celebrates its 12th birthday this fall.  It kicks off a year-long farewell tour next week, counting down to April 8, 2014, when Microsoft officially ends its support.  XP lived longer than any version of Windows ever, getting multiple extensions on its retirement date to placate customers who said no to Vista.  But April 2014 is the end of the road.

XP will not get a last-minute reprieve.

Let me say that again, in boldface this time:  Microsoft will not extend the support deadline for XP.  If you're still relying on XP, you should have a plan to switch to a supported platform, whether it's from Microsoft or someone else.

April 8, 2014 is a deadline, not a death sentence.  PCs running XP will not stop working when the clock runs out.  In fact, XP diehards won’t notice anything different except an eerie quiet on Patch Tuesday.  Newer Windows versions, including Windows Vista, Windows 7, and Windows 8, will continue to get security patches and bug fixes via Windows Update, but not XP.  When the extended support period ends, so do those updates.  (Large enterprise customers who have custom support agreements with Microsoft and who are willing to pay dearly for the privilege might be able to get custom updates after the official end of support.  But consumers and small businesses will not have that option.)

None of this should be a surprise.  As I’ve noted before, Microsoft has a well-established support life-cycle for its software products.  It’s basically an agreement that the company makes with everyone who commits to Windows.  The terms of that agreement don’t change often, which is an important assurance for business customers who tend to be conservative in their approach to upgrades.

Six months after the launch of Windows 8, it’s become obvious that Windows 7 is the new Long Term Support version.  And I'm starting to get more questions from readers who are concerned that Microsoft is going to try to kill off Windows 7.

MY OPINION:  Microdunce can shove their to-hell-with-consumer policies up you-know-where.

I am NOT about to downgrade my PERFECTLY WORKING WinXP Desktop to a more hoggish, all eye-candy, version that will require me to manually reinstall over 100 apps.

INTERNET - Spam or Not to Spam Cyber War

"Cyber War Over Spam Slows Access for Internet Users" PBS Newshour 3/27/2013

Excerpt

SUMMARY:  A dispute between an online company that sends spam emails and a company trying to mitigate spam has led to the one of the largest reporter cyber attacks in history, creating slow access to common sites like Netflix for millions of web users.  Hari Sreenivasan talks over the case with Nicole Perlroth of the New York Times.

HARI SREENIVASAN (Newshour):  One company fights spam; the other is said to be behind sending those pesky e-mails.  A dispute between the two has led to one of the largest reported cyber-attacks in Internet history, the result, widespread congestion that's slowing access for millions of users to sites like Netflix.

Nicole Perlroth has been covering the story for The New York Times, joins me now.

NOTE:  For users, this is what eMail client filters are for.  Delete spam eMails, or move spam to a [Spam] folder.

INTERNET - What Happens to Your Online 'Estate' After You Die?

"Law Lags Behind in Defining Posthumous Protocol for Online Accounts" PBS Newshour 3/11/2013

Excerpt

JEFFREY BROWN (Newshour):  Billions of people around the world now live part of their lives online, sharing photographs, information on relationships and careers, tweets and more.

But what happens when physical lives end and life in cyberspace goes on?  Of the one billion people who use the social network site Facebook, for example, an estimated three die every minute.  And that can lead to some painful problems.  For one thing, there's no one method or law on the books for how beneficiaries gain access to a deceased person's digital records.

Virginia dairy farmer Ricky Rash ran into that problem after his 15-year-old son Eric committed suicide in 2011.

RICKY RASH, Father:  It was a complete shock, as any suicide is.  But we had absolutely no warning.  Eric kissed his mom good night the night before.  He did his homework.  He Armor All-ed the seats in that Oldsmobile that was his.  He did everything under the sun to show us it was a normal night.

So, with no answers from home, no answers from school, we were just hoping that there may be something that would give us some insight as to why he chose to make the decision he did.  And Facebook was literally the last frontier that we had to investigate.

CYBERWAR - Pinning Down Motive For Hacking Against U.S.

"As Hacking Against U.S. Rises, Experts Try to Pin Down Motive" by NICOLE PERLROTH, DAVID E. SANGER, and MICHAEL S. SCHMIDT; New York Times 3/3/2013

Excerpt

When Telvent, a company that monitors more than half the oil and gas pipelines in North America, discovered last September that the Chinese had hacked into its computer systems, it immediately shut down remote access to its clients’ systems.

Company officials and American intelligence agencies then grappled with a fundamental question: Why had the Chinese done it?

Was the People’s Liberation Army, which is suspected of being behind the hacking group, trying to plant bugs into the system so they could cut off energy supplies and shut down the power grid if the United States and China ever confronted each other in the Pacific?  Or were the Chinese hackers just trolling for industrial secrets, trying to rip off the technology and pass it along to China’s own energy companies?

“We are still trying to figure it out,” a senior American intelligence official said last week.  “They could have been doing both.”

Telvent, which also watches utilities and water treatment plants, ultimately managed to keep the hackers from breaking into its clients’ computers.

At a moment when corporate America is caught between what it sees as two different nightmares — preventing a crippling attack that brings down America’s most critical systems, and preventing Congress from mandating that the private sector spend billions of dollars protecting against that risk — the Telvent experience resonates as a study in ambiguity.

To some it is prime evidence of the threat that President Obama highlighted in his State of the Union address, when he warned that “our enemies are also seeking the ability to sabotage our power grid, our financial institutions, our air traffic control systems,” perhaps causing mass casualties.  Mr. Obama called anew for legislation to protect critical infrastructure, which was killed last year by a Republican filibuster after intensive lobbying by the Chamber of Commerce and other business groups.

But the security breach of Telvent, which the Chinese government has denied, also raises questions of whether those fears — the subject of weekly research group reports, testimony and Congressional studies — may be somewhat overblown, or whether the precise nature of the threat has been misunderstood.

American intelligence officials believe that the greater danger to the nation’s infrastructure may not even be China, but Iran, because of its avowal to retaliate for the Stuxnet virus created by the United States and Israel and unleashed on one of its nuclear sites.  But for now, these officials say, that threat is limited by gaps in Iranian technical skills.

There is no doubt that attacks of all kinds are on the rise.  The Department of Homeland Security has been responding to intrusions on oil pipelines and electric power organizations at “an alarming rate,” according to an agency report last December.  Some 198 attacks on the nation’s critical infrastructure systems were reported to the agency last year, a 52 percent increase from the number of attacks in 2011.

Researchers at McAfee, a security firm, discovered in 2011 that five multinational oil and gas companies had been attacked by Chinese hackers.  The researchers suspected that the Chinese hacking campaign, which they called Night Dragon, had affected more than a dozen companies in the energy industry.  More recently, the Department of Energy confirmed in January that its network had been infiltrated, though it has said little about what damage, if any, was done.

But security researchers say that the majority of those attacks were as ambiguous as the Telvent case.  They appeared to be more about cyberespionage, intended to bolster the Chinese economy.  If the goal was to blow up a pipeline or take down the United States power grid, the attacks would likely have been of a different nature.

In a recent report, Critical Intelligence, an Idaho Falls security company, said that several cyberattacks by “Chinese adversaries” against North American energy firms seemed intended to steal fracking technologies, reflecting fears by the Chinese government that the shale energy revolution will tip the global energy balance back in America’s favor.  “These facts are likely a significant motivation behind the wave of sophisticated attacks affecting firms that operate in natural gas, as well as industries that rely on natural gas as an input, including petrochemicals and steel-making,” the Critical Intelligence report said, adding that the attack on Telvent, and “numerous” North American pipeline operators may be related.

American intelligence experts believe that the primary reason China is deterred from conducting an attack on infrastructure in the United States is the simple economic fact that anything that hurts America’s financial markets or transportation systems would also have consequences for its own economy.

COMMENT:  The REASON for hacking U.S. systems is in reality irrelevant.  The ABILITY to hack our systems is, or should be, the point.  Hacking methods used for economic reasons can be use for more destructive reasons.

CYBERSECURITY - Social Networking Hacking

"Twitter Hackings Put Focus on Security for Brands" by TANZINA VEGA and NICOLE PERLROTH, New York Times 2/24/2013

Excerpt

While most Americans were winding up their holiday weekends last Monday, the phones at the Vancouver headquarters of HootSuite, a social media management company, began to ring.

Burger King’s Twitter account had just been hacked.  The company’s logo had been replaced by a McDonald’s logo, and rogue announcements began to appear.  One was that Burger King had been sold to a competitor; other posts were unprintable.

“Every time this happens, our sales phone lines light up,” said Ryan Holmes, the chief executive of HootSuite, which provides management and security tools for Twitter accounts, including the ability to prevent someone from gaining access to an account.  “For big brands, this is a huge liability,” he said, referring to the potential for being hacked.

What happened to Burger King — and, a day later, to Jeep — is every brand manager’s nightmare.  While many social media platforms began as a way for ordinary users to share vacation photos and status updates, they have now evolved into major advertising vehicles for brands, which can set up accounts free but have to pay for more sophisticated advertising products.

Burger King and Jeep, owned by Chrysler, are not alone.  Other prominent accounts have fallen victim to hacking, including those for NBC News, USA Today, Donald J. Trump, the Westboro Baptist Church and even the “hacktivist” group Anonymous.

Those episodes raised questions about the security of social media passwords and the ease of gaining access to brand-name accounts.  Logging on to Twitter is the same process for a company as for a consumer, requiring just a user name and one password.

Twitter, like Facebook, has steadily introduced a number of paid advertising options, raising the stakes for advertisers.  Brands that pay to advertise on Twitter are assigned a sales representative to help them manage their accounts, but they are not given any more layers of security than those for a typical user.

Ian Schafer, the founder and chief executive of Deep Focus, a digital advertising company that also fielded a few phone calls from clients concerned about the Burger King attack, argued that Twitter bore some responsibility.

“I think Twitter needs to step up its game in providing better security,” Mr. Schafer said.  In a memo to his staff about such attacks, he called on social networks like Facebook, Twitter, Pinterest “and anyone else serious about having brands on their platform” to “invest time in better understanding how brands operate day to day.”

“It’s also time for these platforms to use their influence to shape security standards on the Web,” he wrote.

The risk for Twitter is in offending potential business partners as the company tries to build its advertising dollars, which make up the bulk of its revenue.  In 2012, the company grew more than 100 percent, earning $288.3 million in global advertising revenue, according to eMarketer.

On Wednesday, it introduced a product that would allow advertisers to create and manage ads through third parties like HootSuite, Adobe and Salesforce.com.  Advertising is estimated to account for more than 90 percent of the company’s revenue.

“This is not something we take lightly,” said Jim Prosser, a Twitter spokesman, in an interview last month.  (The company declined to comment on the Burger King hacking, saying it did not discuss specific accounts.)  Mr. Prosser said Twitter had manual and automatic controls in place to identify malicious content and fake accounts, but acknowledged that the practice was more art than science.

Mr. Prosser said Twitter had taken an active role in combating the biggest sources of malicious content.

Last year, the company sued those responsible for five of the most-used spamming tools on the site.  “With this suit, we’re going straight to the source,” it said in a statement.  “We hope the suit acts as a deterrent to other spammers, demonstrating the strength of our commitment to keep them off Twitter.”

But security experts say, and the recent hacks of Burger King, Jeep and other brands have demonstrated, that Twitter could do more.

“Twitter and other social media accounts are like catnip for script kiddies, hacktivists and serious cybercriminals alike,” said Mark Risher, chief executive at Impermium, a Silicon Valley start-up that aims to clean up social networks.  “Because of their deliberately easy access and liberal content policies, accounts on these networks prove irresistibly tempting.”

CYBERSECURITY - Executive Orders vs CISPA

"Obama's Cybersecurity Executive Order vs. CISPA: Which Approach Is Best?" by Chloe Albanesius, PCMag.com 2/13/2013

As part of his State of the Union speech last night, President Obama tipped an executive order that is intended to improve the security of Internet-based critical infrastructure.  But what does that order include?

Obama's plan would allow federal agencies to notify private companies if they detect any sort of cyber intrusion that would harm operations or the security of company data.

Specifically, the plan expands the Defense Industrial Base (DIB) information-sharing program to other federal agencies.  The DIB was put in place in 2011 and allows the Defense and Homeland Security Departments to share non-classified information about cybersecurity-related threats with DIB partner companies, like contractors.

But as we've seen with hacks of the Federal Reserve and the Department of Energy, defense-related agencies are not the only ones being targeted by hackers.  So the executive order "requires Federal agencies to produce unclassified reports of threats to U.S. companies and requires the reports to be shared in a timely manner," the White House said.  It also allows for "near real-time sharing of cyber threat information to assist participating critical infrastructure companies in their cyber protection efforts."

Obama has also ordered the National Institute of Standards and Technology (NIST) to develop a framework for handling cyber-security threats.  "NIST will work collaboratively with industry to develop the framework, relying on existing international standards, practices, and procedures that have proven to be effective," the White House said.

Given the rapid pace of technology, the recommendations will be technology neutral, the administration said.  Once they've been developed, DHS will work with other agencies to reach out to companies for voluntary implementation of the framework.

While sharing details about cyber attacks might seem like a no brainer, a major concern is how the data is handled.  If these threats deal with a credit card company or major social network, will your personal information be protected?

The White House insisted that the executive order includes "strong privacy and civil liberties protections."  Any type of information sharing will be based on the Fair Information Practice Principles (FIPP), a set of information-sharing principles developed by the FTC, as well as other applicable privacy and civil liberties policies, principles, and frameworks.

"Agencies will conduct regular assessments of privacy and civil liberties impacts of their activities and such assessments will be made public," the White House said.

Executive Order vs. CISPA

Last night, Obama called on Congress to do even more on cyber security.  Two members of the House, in fact, plan to re-introduce the controversial CISPA information-sharing bill today, but it has not secured the support of the White House.  A bill backed by the administration was introduced in the Senate last year, but did not make any major headway.

The main difference between the White House executive order and CISPA is that CISPA would allow private companies (like Facebook or Google) to share details about cyber attacks with the government, whereas the executive order is a one-way street, with the feds sharing information with the private sector.  CISPA opponents were concerned about immunity clauses that they said would incentivize companies to hand over customer information without hesitation.

As a result, the White House threatened to veto CISPA if it made it to President Obama's desk.  The White House Office of Management and Budget (OMB) released a statement that said the bill "departs from longstanding efforts to treat the Internet and cyberspace as civilian spheres."

In a statement last night, the ACLU issued its support for the executive order and warned against CISPA.  "The president's executive order rightly focuses on cybersecurity solutions that don't negatively impact civil liberties," said ACLU Legislative Counsel Michelle Richardson.  "For example, greasing the wheels of information sharing from the government to the private sector is a privacy-neutral way to distribute critical cyber information."

Broadband trade association USTelecom said the executive order "takes some important steps toward achieving policy goals that will help protect our nation from harmful threats," but said the issue should ultimately be handled by Congress - via bills like CISPA.

GAMING BUSINESS - From Valve Co-Founder

"Watch Gabe Newell Talk For An Hour About Making Video Games" by Kirk Hamilton, Kotaku 1/31/2013

Earlier this week, Valve co-founder Gabe Newell gave a talk at University of Texas at Austin about the business and art of making video games.  Today, the school has posted a full video of one of the talks.

Sit back, relax, and watch one of gaming's visionaries talk about how he does what he does, and how his company operates.

(1:02:53)

COMMENT:  When Steam first 'hit the streets' back when Half-Life came out, I and many others, ranted about it.  That was because you actually had to be online to run a Steam game EVEN FOR SINGLE-PLAYER games.

Finally, Valve/Steam listened to what users were saying and Steam now has an Off-Line Mode.  So we can play Seam games WITHOUT being online.

CYBERWAR - New York Times Hacked by China

"New York Times Computer System Target of Lengthy Chinese Hacking Attack" PBS Newshour 1/31/2013

Excerpt

SUMMARY:  The New York Times fell victim to a four-month cyber attack by Chinese hackers who cracked passwords to more than 50 email accounts, including those of top reporters.  Ray Suarez talks with Times reporter Nicole Perlroth and Grady Summers, vice president of the cyber security company hired to investigate the attacks.

DRIVERS - Things to That Can Happen When Upgrading

This is about what potential glitches can happen when upgrading drivers.

For reference, my desktop system:

• WinXP SP3
• Pentium 4 Hyper Threading 3 GHz CPU (near Du Core performance)
• nVidia GeForce 7900 GS 512mb RAM
• 2 Gig RAM

I have 3 specific examples of what can happen with driver upgrades, these are games:

1. One of my favorite game series is "Thief" which is a stealth RPG.
   
   I loaded this series on an older system and had no problems. But when I upgraded my motherboard to what I have now (with P4 HT) the game had occasional crashes. Suspect the faster CPU speed was the problem.
   
   When I upgrade my nVidia drivers to the 300+ the game had constant crashes.
   
   
2. Next is the original Splinter Cell series (first 3 games).
   
   On my present system, with nVidia with drivers 200+, there was only a minor rendering problem. The second game had a scene where spotlights are sweeping the area. Originally you could actually see the spotlight beams, but with the nVidia 200+ drivers you could NOT see the beams.
   
   After upgrading to nVidia 300+ drivers, very frequent crashes.
   
   
3. Then there is the original Far Cry (aka Far Cry 1).
   
   Had no problems with the game until I upgraded to nVidia 300+ drivers. In scenes with outdoor views there were areas that were transparent. You see the sky where land should be.
   
   

Because of these issues I had to uninstall these games (sigh).

The problem in all these examples is the interface of the game engines with hardware and video drivers. Most of the problems were reported by other gamers. Also, I did try various tweaks to try to fix.

My research into tweaks for Far Cry 1 made me aware of something. The tweak guide and detailed listing of configuration entries that could be manually edited. BUT when I used nVidia Inspector to look at the calls for my card, many of the calls listed in the tweak guide were NOT there.

NOTE: nVidia Inspector latest version is 1.9.6.8. Use Google to find download, I use the Major Geeks site. Also the ZIP file is the entire utility, you make a folder and put all the files there then create a shortcut to run the EXE.

This tells me that nVidia drivers MAY not be fully backwards compatible. Newer drivers may not have older function calls.

This means that game engines that have hard-coded calls to specific functions MAY not work with newer video drivers.

Note that my system has no problems with 'newer' games like Skyrim or Far Cry 2.

This is just a reminder that upgrading drivers is not always smooth.

INTERNET - Child Protection From Apps Gathering Data

"How to Protect Against the Dangers of Mobile Apps That Gather Kids' Data" PBS Newshour 12/11/2012

Excerpt

RAY SUAREZ (Newshour): ...... new worries over the mobile apps kids are using, and what the apps disclose about their users.

It seems like everyone has them, the ubiquitous applications, apps, for short, on smartphones and tablets, including everything from instructive or educational materials to games.

Children of all ages, armed with these devices, are using apps and raising concerns over privacy.

The Federal Trade Commission is now investigating whether companies that make apps are violating the privacy rights of children by collecting personal data from mobile devices and sharing it with advertisers and databanks. These types of apps can detail a child's physical location or phone numbers of their friends, along with other information.

Yesterday, the FTC issued a new report documenting those concerns. It found, among 400 apps designed for kids, most failed to inform parents about the types of data that could be gathered and who would access it.

SECURITY - NASA Security Breach

"Stolen NASA Laptop Had Unencrypted Employee Data" by Mathew J. Schwartz, Information Week 11/15/2012

NASA is warning all employees and contractors that their personal information may have been compromised after a thief stole a NASA laptop and documents from an agency employee's locked car.

"On October 31, 2012, a NASA laptop and official NASA documents issued to a headquarters employee were stolen from the employee's locked vehicle. The laptop contained records of sensitive personally identifiable information (PII) for a large number of NASA employees, contractors and others," said Richard J. Keegan Jr., associate deputy administrator of NASA, in a notice sent to all employees.

The data on the laptop wasn't encrypted. "Although the laptop was password protected, it did not have whole disk encryption software, which means the information on the laptop could be accessible to unauthorized individuals," he said.

NASA doesn't yet know the full extent of the breach, presumably because the agency is still attempting to reconstruct and study everything that was on the stolen laptop. "Because of the amount of information that must be reviewed and validated electronically and manually, it may take up to 60 days for all individuals impacted by this breach to be identified and contacted," said Keegan.

In addition to now implementing full-disk encryption software for NASA laptops, Keegan said NASA will pay ID Experts to notify people who've been affected by the breach, and to provide identity theft and credit monitoring services. Anyone affected will be notified about the breach via a written, mailed letter -- but not by email or phone, he said.

Given the continuing increase in the number of data breaches affecting organizations, and the accompanying costs of notifying affected people and cleaning up the mess, surely technology-savvy NASA would have already required that all agency laptops be secured using full-disk encryption software?

In fact, that hasn't been the case, apparently owing to user resistance. An IT executive at Goddard Space Flight Center, for example, said that the facility recently implemented data-at-rest encryption on PCs. But some users aren't fans of the software, which they said interfered with some of the tools on their PCs.

In the wake of this breach, however, NASA administrator Charles F. Bolden Jr. and CIO Linda Cureton have ordered that "no NASA-issued laptops containing sensitive information can be removed from a NASA facility unless whole disk encryption software is enabled or the sensitive files are individually encrypted," said Keegan. "This applies to laptops containing PII, international traffic in arms regulations (ITAR) and export administration regulations (EAR) data, procurement and human resources information, and other sensitive but unclassified (SBU) data."

NASA facility CIOs have been ordered to add or enable encryption capabilities for the maximum number of laptops by November 21, 2012. By December 21, 2012, all laptops that leave NASA facilities must have encryption capabilities. In the meantime, employees who are telecommunicating or traveling "should use loaner laptops if their NASA-issued laptop contains unencrypted sensitive information," according to Keegan's communication.

Cureton's office will also review whether any further agency security policies need to be revised to help prevent future data breaches stemming from lost or stolen laptops.

A NASA spokeswoman didn't immediately respond to an emailed request for comment about what type of full-disk or file encryption technology the agency would be using, whether it planned to train all employees to determine what qualifies as "sensitive information" that must be encrypted -- or whether employees' compliance with the new policies would be monitored and enforced.

CYBERSECURITY - Chevron Infected by Stuxnet

"'The Worm Turns' As Chevron 'Infected' By Stuxnet Collateral Damage" by Tyler Durden, Zero Hedge 11/10/2012

"I don't think the US government even realized how far it had spread" is how the collateral damage from the Iran-attacking Stuxnet computer virus is described by Chevron. The sleep San-Ramon-based oil giant admitted this week that from 2010 on "we're finding it in our systems and so are other companies... so now we have to deal with it." It would seem that little consideration for just how viral this cyber warfare tactic has become and this news (reported by Russia Today) is the first time a US company has come clean about the accidental infection. Discovered in 2010, the Stuxnet worm was reported with all but certainty to be the creation of the United States, perhaps with the assistance of Israel, to set back Iran’s nuclear enrichment program as a preemptive measure against an eventual war. In a June 2012 article published by The New York Times, government agents with direct knowledge of Stuxnet claimed that first President George W. Bush, then Barack Obama, oversaw the deployment of the worm as part of a well-crafted cyberassault on Iran. On the record, the federal government maintains ignorance on the subject of Stuxnet, but perhaps Chevron sums up the impact of Stuxnet best (given the escalating Iranian enrichment program): "I think the downside of what they did is going to be far worse than what they actually accomplished."

Via Russia Today:

America’s cyberwar is already seeing collateral damage, and it’s hitting the country’s own billion-dollar companies. Oil giants Chevron say the Stuxnet computer virus made by the US to target Iran infected their systems as well.

California-based Chevron, a Fortune 500 company that’s among the biggest corporations in the world, admits this week that they discovered the Stuxnet worm on their systems back in 2010. Up until now, Chevron managed to make their finding a well-kept secret, and their disclosure published by the Wall Street Journal on Thursday marks the first time a US company has come clean about being infected by the virus intended for Iran’s nuclear enrichment program. Mark Koelmel of the company’s earth sciences department says that they are likely to not be the last, though.

“We’re finding it in our systems and so are other companies,” says Koelmel. “So now we have to deal with this.”

Koelmel claims that the virus did not have any adverse effects on his company, which generated a quarter of a trillion dollars in revenue during 2011. As soon as Chevron identified the infection, it was taken care of immediately, he says. Other accidental targets might not be so lucky though, and the computer worm’s complex coding means it might be a while before anyone else becomes aware of the damage.

“I don’t think the US government even realized how far it had spread,” Koelmel adds.

Discovered in 2010, the Stuxnet worm was reported with all but certainty to be the creation of the United States, perhaps with the assistance of Israel, to set back Iran’s nuclear enrichment program as a preemptive measure against an eventual war. Only as recently as this June, however, American officials with direct knowledge of the worm went public with Uncle Sam’s involvement.

In a June 2012 article published by The New York Times, government agents with direct knowledge of Stuxnet claimed that first President George W. Bush, then Barack Obama, oversaw the deployment of the worm as part of a well-crafted cyberassault on Iran. Coupled with another malicious program named Flame and perhaps many more, Stuxnet was waged against Iran as part of an initiative given the codename “Olympic Games.” Rather than solely stealing intelligence through use of computer coding, the endeavor was believed to be the first cyberattack that intended to cause actual hard damage.

“Previous cyberattacks had effects limited to other computers,” Michael Hayden, the former chief of the CIA, explained to the Times earlier this year. “This is the first attack of a major nature in which a cyberattack was used to effect physical destruction.”

On the record, the federal government maintains ignorance on the subject of Stuxnet. With American companies perhaps soon coming out of the woodwork to discuss how they were hit, though, the White House may have to finally admit that they’ve had direct involvement.

After the Times published their expose in June, Senator Dianne Feinstein, chairwoman of Intelligence Committee, called for an investigation to track down how the media was first made aware of America’s involvement in Olympic Games.

"I am deeply disturbed by the continuing leaks of classified information to the media, most recently regarding alleged cyber efforts targeting Iran's nuclear program,” Feinstein said through a statement at the time. “I made it clear that disclosures of this type endanger American lives and undermine America's national security."

When Feinstein spoke to DC’s The Hill newspaper, she said, "the leak about the attack on Iran's nuclear program could 'to some extent' provide justification for copycat attacks against the United States." According to the chairwoman, "This is like an avalanche. It is very detrimental and, candidly, I found it very concerning. There's no question that this kind of thing hurts our country."

Just last month, a shadowy Iranian-based hacking group called The Qassam Cyber Fighters took credit for launching a cyberattack on the servers of Capital One Financial Corp. and BB&T Corp., two of the biggest names in the American banking industry. Days earlier, Google informed some of its American users that they may be targeted in a state-sponsored cyberattack from abroad, and computer experts insist that these assaults will only intensify over time.

“We absolutely have seen more activity from the Middle East, and in particular Iran has been increasingly active as they build up their cyber capabilities,” CrowdStrike Security President George Kurtz told the Times.

Speaking of the accidental impact Stuxnet could soon have in the US, Chevron’s Koelmel tells the Journal, "I think the downside of what they did is going to be far worse than what they actually accomplished.”

TECHNOLOGY - Photovoltaic Glass

Photovoltaic Glass
From Corning

WINDOWS - Microsoft's Shift Towards Tablets

"With Windows 8, Microsoft Makes Big Shift Away From PCs Towards Tablets" PBS Newshour 10/26/2012

Excerpt

SUMMARY: Microsoft has revealed its biggest makeover so far to the operating system found on nine out of every 10 computers in the world. Ray Suarez talks to Forrester Research's Charles Golvin about how Microsoft's decision to focus on tablet-style computers will impact consumers and the greater tech industry.

JUDY WOODRUFF (Newshour): For more than two decades, Microsoft has been a dominant force in the worlds of business and technology. But its position has been challenged and, in some ways, surpassed by Apple, Google and others in recent years. Some question its ability to innovate.

Now Microsoft is facing a pivotal moment and a crucial test, as Ray Suarez reports.