Tag Archive for 2015

| March 5, 2015
Comments Off on Michigan Phone Spying Stalled

Michigan Phone Spying Stalled

Michigan Phone Spying StalledWarrantless cell-phone spying legislation has stalled in the Michigan House. MLive reports that House Bill 4006 has been pulled from the agenda for the second time in as many weeks. In a flash of rationality, Gideon D’Assandro, a spokesperson for the Republican majority, said new questions about jurisdiction and proposed immunity for wireless providers have popped up. D’Assandro told MLive, “… There’s still questions.

privacy proponentsThe legislation, sponsored by Republican Rep. Kurt Heise of Plymouth Township, has prompted push back from some conservative lawmakers and privacy proponents in the state Legislature after advancing out of committee last month. “It’s been a heated discussion, a passionate discussion, just about the civil liberty issues that are all wrapped up in this,” said Rep. Cindy Gamrat, R-Plainwell.

My concern is … we’re setting precedent authorizing government to access our technology devices, such as phones or computers or GPS in cars. Where do you end up drawing the line?

State Rep. Todd Courser, R-Lapeer, said he understands the value that location information could offer in some emergencies but made clear that he could not vote for the bill in its current form. He told MLive,

I think we also need to make sure we’re giving people the constitutional protections that are supposed to be afforded by our founding fathers.

In typical goobermental double-speak, Heise, the sponsor of the bill to legalize NSA-style phone snooping in Michigan told MLive that allowing warrantless access to private citizens’ phones could actually strengthen civil liberty protections. Heise even told MLive he does not think that notifications for cell phone owners who the State of Michigan snooped is necessary.

I am not a crook

Warrant-less access to private citizens phones could actually strengthen civil liberty protections

Of course, law enforcement groups and Verizon (VZ) indicated support for the proposal to gain even more access to citizens’ private information. As now written, the snooping does not require a warrant. All a police officer needs to access a private citizen’s phone records, is to have a note signed by a supervisor.

rb-

Get hold of your House Rep (contact info here) and tell them to keep NSA-style warrant-less phone spying out of Michigan and vote this bill down.

Stop the slide down the slippery slope, despite what the Koch Bros. and ALEC want.

Of course, the cops can just call their friends at Homeland Security and get the data and end-run the Constitution.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , ,
| March 3, 2015
Comments Off on New Authentication ‘Fingerprints’ How You Move

New Authentication ‘Fingerprints’ How You Move

New Authentication 'Fingerprints' How You MoveWe all know that passwords are hideous things. They take up to much time and are not that effective. In fact, Gartner (IT) says that password resets represent 30% of help desk calls. Readers of Bach Seat know that the most common hacked passwords change very little from year to year.

remembering effective passwords is difficultGenerating and remembering effective passwords is difficult and unnatural. A lot of us are awful at it and there’s almost no improvement in the list of most common passwords from year to year (as I most recently covered here). Meanwhile, computers improve their ability to crack passwords by brute force and cunning every year.

So where there is chaos this is profit. A new area of research is to replace passwords with a users’ behavior. Mark Stockley at Sophos’ Naked Security blog, reports that researchers at West Point are working to get rid of passwords. The Cadets are working to produce a new identity verification system based on users’ behavior, described as a next-generation biometric capability. The research is being developed as part the active authentication program run by DARPA.

Thnext generation biometric capabilitye article explains that authentication has traditionally relied on users producing one or more of the following: something you know (such as a password or PIN), something you have (such as a number from an RSA key) or something you are (such as your fingerprints or face.) The technology that West Point is working on called, behavior-based biometrics, adds another factor to the mix: something you do.

According to DARPA the first phase of the active authentication program will focus on biometrics that can be captured through existing technology, such as analyzing how the user handles a mouse or how they craft the language in an email. The contract document, reported by Yahoo Finance, describes the technology as a “cognitive fingerprint.”

cognitive fingerprint…when you interact with technology you do so in a pattern based on how your mind processes information, leaving behind a ‘cognitive fingerprint’

Cognitive fingerprints will offer significant advantages over existing forms of authentication. According to Sophos, the new technology has several advantages over passwords because they do not:

  • Require specialized hardware required by biometrics and
  • Rely on users remembering strong passwords, something humans are naturally bad at.

authenticate usersCognitive fingerprints should also give systems the ability to authenticate users continuously, keeping people logged in so long as they’re present and then logging them out as soon as they leave.

Nancy Gohring at FierceITSecurity recently wrote about a similar approach to user behavior authentication. Alohar Mobile, now owned by Alibaba, has figured out a way to use the sensors in mobile phones to create a profile of the unique way that you walk, using that “fingerprint” for authentication. Sam Liang, Alohar’s founder, and CEO has claimed, “We have a system that allows the payment system to use the location tracking and the motion sensor to authenticate and detect fraud.”

Alohar logoAccording to Ms. Gohring, Alohar’s patent describes a host of unique biometric pattern patterns the firm can collect from the phone’s accelerometer and gyroscope to identify the person using the phone. They include:

  • The speed/cadence/pace at which the mobile user normally walks
  • The ‘bounce’ of the mobile device in a person’s pocket, bag or purse as they walk or run
  • The motion pattern when a person reaches for their mobile device in a pocket
  • How the user moves the device to their ear
  • Even the angle they hold the mobile device.

collecting data about a user's movementsAfter collecting data about a user’s movements, the system would create a profile of the user. When the person tries to use the phone to buy something in a store, the system would compare the user’s profile against the recent movements of the person using the phone, making sure they match. If they don’t, the retailer can ask the user for other forms of identification. The system could work similarly for e-commerce transactions.

The patent describes other uses for the profiling system beyond authentication. The article claims the inventor describes a scenario where if a user often goes to an elementary school or a daycare center, the service could send targeted advertising or information about kid-related events to the user.

collect even more dataIn the future, Mr. Liang hopes to be able to collect even more data from more kinds of devices, like fitness trackers and health monitors. He told FierceITSecurity, “In the future, the phone will be able to tell, are you happy or depressed based on the way you walk, the speed you move around, the way you swing the phone,” he predicted.

rb-

Biometrics has been waiting in the wings as the Next Big Thing in authentication for years. Transparent, behavior-based biometrics like those being developed by Alohar and West Point could give the nudge that’s needed to push biometrics into the mainstream, but Sophos’ Stokely argues there are two major obstacles to the widespread adoption of biometrics.

  • You can’t change your biometrics – How do you change yourself if your biometric password is compromised?
  • For all the frustration that comes with remembering (and forgetting) our passwords, we know and feel, tangibly, that they’re under our control.

Behavior-based biometrics will happen invisibly, while convenient but it will require us to be comfortable ceding that feeling of control too, says Mr. Stockley.

Behavior-based biometrics will draw the ire of privacy advocates for its invisible, seamless identification and roots in the military, as it may allow for wider monitoring of society.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , ,
| February 26, 2015
Comments Off on Net Neutrality – We Win

Net Neutrality – We Win

Let the lawsuits begin!

Net Neutrality - We Win

In addition to the lawyers, lining up to squash Net Neutrality, Michigan’s own Fred Upton—who holds personal investments in AT&T, Comcast, and Verizon—has introduced anti-Net Neutrality legislation that eliminates the FCC’s authority to regulate internet service providers and could crush the agency’s ruling and allow AT&T (T), Comcast (CMCSA) and Verizon (VZ) to rule the Internet at our cost to grow their profits.

rb-

I have already seen an ad on BrightHouse cable from Broadband For America, (whose membership page is empty) claiming that the FCC ruling will force them to raise taxes. Here come more imaginary “Regulatory re-captureprofits fees.

For right now, this is a rare win for the 99% in post 9-11 ‘murica. Just follow the money.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , ,
| February 24, 2015
Comments Off on Quicken Fiber Coming to the D

Quicken Fiber Coming to the D

Quicken Fiber Coming to the DCrain’s Detroit Business is reporting that real estate mogul, Lebron James’ boss, founder and chairman of Quicken Loans Inc., Dan Gilbert announced the formation of a new Detroit-based high-speed Internet provider to bring service to downtown Detroit –  Rocket Fiber LLC. Mr. Gilbert (@cavsdan) tweeted:

Rocket Fiber LLCYes, it’s true @RocketFiber coming to downtown Detroit in near future. Fast as Google or faster. Details in a few weeks pic.twitter.com/fTPRSbauoN

Mr. Gilbert formed Rocket Fiber LLC in 2014. He called the company a “community investment initiative.” Matt Cullen, president and CEO of Rock Ventures, called the new network “the generational leap forward” – leapfrogging where the city is at this point. It’s starting in the downtown and hopefully spreading out to the neighborhoods. There is some interest along the riverfront.Fiber optic cable

The first wave of installations will happen in the downtown area between the Lodge on the west, I-375 to the east, and I-75 to the north. Rocket Fiber will expand services to residents and businesses in Midtown Detroit along the Woodward corridor.

Crain’s reports that construction is already happening on the “advanced fiber-optic network.” The system will use hard-wired fiber-optic lines that will be connected to buildings. Users will connect devices in their homes or businesses by either an Ethernet cable or WI-Fi. An outdoor Wi-Fi offering also will be available, Rock Ventures said.

Rocket FiberThe effort is not entirely altruistic. Undoubtedly part of the project will be to connect the Quicken campus downtown to the new Corktown technical center Bedrock is building at Rosa Parks and Porter which includes a 10,000-square-foot server room.

rb-

Mr. Gilbert is doing something ATT or Comcast could or would not do. – I worked on a job in the City to bring in 12 AT&T (T) POTS and Comcast (CMCSA) Business circuits.

Quicken Loans Data Center - Curbed– OMG – It took ATT a week to get the last three POTS lines in and Comcast projected 6 months to install a city block away from Ford Field and 100 yards from a known working drop. (and now they are going to stop service in Detroit). Thankfully 123.net was able to get the customer up, working on time and budget.  

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , , , ,
| February 19, 2015
Comments Off on Anthem Data Breach Allows Phish of US Cyber Forces

Anthem Data Breach Allows Phish of US Cyber Forces

Anthem Data Breach Allows Phish of US Cyber Forces– Updated 10/25/2018 – Anthem, Inc. has agreed to pay a $16 million HIPAA fine to the U.S. Department of Health and Human Service, Office for Civil Rights. The OCR found that the data breach between December 2, 2014, and January 27, 2015, cyber-attackers stole the electronic protected health information of almost 79 million people. The stolen information in the data breach included names, social security numbers, medical identification numbers, addresses, dates of birth, email addresses, and employment information.

The $16 million settlement is the largest HIPAA settlement.

Anthem Breach Allows Phish of US Cyber ForcesMany online believe that the Anthem (ANTM) hack was a strategic cyber-war strike by China. Stu Sjouwerman at CyberheistNews writes that PII thefts would normally be a Russian operation. However, the Anthem data breach appears to be a Chinese attack. CNN reports that Chinese hackers tend to target trade, economic, and national security secrets that could help the Chinese economy. Mr. Sjouwerman says he received an insider tip that most of the three-letter U.S. Government agencies have their employees insured through Anthem’s Blue Cross Blue Shield. Anthem also provided health insurance defense contractors Northrop Grumman and Boeing.

Anthem Bluse Cross logoKnowbe4’s Sjouwerman speculates that the Chinese now own the identities of all the people fighting them. The stolen data can now be used in a multitude of social engineering scenarios. Dmitri Alperovitch, co-founder of security firm CrowdStrike told CNN that the attack fit the profile of a hacking group believed to be Chinese government spies called “Deep Panda.”

The objective of the “Deep Panda” data breach according to the CrowdStrike CTO is to amass a large collection of Americans’ personal information to find citizens willing to spy for the Chinese and find potential U.S. spies operating in China. Mr. Alperovitch told CNN that’s why Chinese hackers broke into U.S. federal employee network last year. They also broke at least three hospital chains and two insurance providers the public hasn’t yet heard about.

PhishingKnowbe4 speculates that many people in the Government have steam coming out of their ears about the Anthem hack. Cyberwar has suddenly become very personal to them. This may be why President Obama recently signed an executive order that will nudge private companies to share data about cybersecurity threats between each other and with the federal government.

Apart from the cost of the Anthem data breach are likely to smash $100 million barrier, it’s surprising that Anthem did not encrypt SSN’s which allowed wholesale identity theft of thousands of American cyber-warriors.

Deep Panda is amassimg a large collection of Americans' personal informationCEO Sjouwerman explains that hackers are going after healthcare records because they are much more valuable. He points out that healthcare records stay active for several months after a hack, as opposed to credit card numbers which quickly get nixed after a few days. Since Anthem is a healthcare company, you would expect them to take HIPAA compliance to the max and even top the required controls with higher standards. As we all know, compliance does not equal security, but it establishes a baseline at the very least.

rb-

There is enough blame to go around.

Time to go back to a cash society and barter.

Say, Doc Johnson, I’ll trade you two chickens for measles vaccination.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , ,
« Older Entries   Recent Entries »