Current Cyber News
Computer Languages to Substitute for Foreign Language Education?
Kentucky legislation that would let students use computer programming courses to satisfy foreign-language requirements in public schools moved forward in the Kentucky Senate on Thursday. Supporters said the measure, Senate Bill 16, would help prepare students for good-paying jobs in the computer industry. It passed the Senate Education Committee on a 10-1 vote. “This offers opportunity for students and flexibility for schools at a time when flexibility is vital,” said Sen. David Givens, a Republican from Greensburg who is sponsoring the bill. Kentucky students must earn 22 credits to graduate high school, but 15 of those credits represent requirements for math, science, social studies and English — and college prerequisites call on students to have two credits of foreign language, Givens said. Meanwhile, Givens pointed to national statistics showing that less than 2.4 percent of college students graduate with a degree in computer science despite a high demand in the market and jobs that start with $60,000 salaries. “We’ve got to make room in the curriculum and in the electives to try and drive computer programming closer to the start of that student’s high school studies,” he said.
National Institute of Standards and Technology(NIST) to Update Cyber Education Guidelines
The National Institute of Standards and Technology this spring will unveil updated guidance on role-based cybersecurity training, which will help government agencies as well as private businesses to protect information, NIST Computer Scientist Patricia Toth says. Toth is taking a lead role in developing the guidance, which will be known as Special Publication 800-16 Rev. 1. The guidance will focus on training tied to each individual's role within the organization, teaching them specifically what they need to do to help protect their organization's resources, she says. "One example might be someone who is doing incident response," she says in an interview with Information Security Media Group (transcript below). "They need to know very specifically, when an incident happens, how they need to report it, how they need to respond and what they need to do on their particular system to prevent any further damage." In the interview, Toth discusses: How the new guidance differs from the original document published more than 15 years ago; Differences between cybersecurity education and role-based training;
Challenges of determining whether the role-based training programs are effective.
"Target" Hackers Broke in via HVAC Company...( a case study for Social Engineering)
Last week, Target told reporters at The Wall Street Journal and Reuters that the initial intrusion into its systems was traced back to network credentials that were stolen from a third party vendor. Sources now tell KrebsOnSecurity that the vendor in question was a refrigeration, heating and air conditioning subcontractor that has worked at a number of locations at Target and other top retailers.
Sources close to the investigation said the attackers first broke into the retailer’s network on Nov. 15, 2013 using network credentials stolen from Fazio Mechanical Services, a Sharpsburg, Penn.-based provider of refrigeration and HVAC systems.
Hackers can use Snapchat to disable iPhones, researcher says
A cyber security researcher has discovered a vulnerability within the Snapchat mobile app that makes it possible for hackers to launch a denial-of-service attack that temporarily freezes a user's iPhone. Jaime Sanchez, who works as a cyber-security consultant for Telefonica, a major telecommunications company in Spain, said he and another researcher found a weakness in Snapchat’s system that allows hackers to send thousands of messages to individual users in a matter of seconds. Sanchez said he and the fellow researcher discovered the glitch on their own time. Flooding one user with so many messages can clog their account to the point that the Snapchat app causes the entire device to freeze and ultimately crash, or require that the user perform a hard reset.
National Guard Fights for Cyber Role
Chinese and Russian hackers have everybody running scared. So whatever else happens with the president’s budget request for fiscal year 2015, we know it will include more money for things cyber, from purely defensive network security to black-budget “offensive cyber weapons” such as the Stuxnet worm. But one big thing remains in doubt: the role of the National Guard. Cyber Command wants the Guard to help. Guard leaders want to help CYBERCOM. And the Army has at least considered a proposal to fund 390 positions in 10 new “Cyber Protection Teams” to be created in the Army National Guard. Whether this idea will get funded is being wrestled over behind locked doors and in the context of increasingly bitter fights between active-duty and reserve forces. The budgetary question marks loom so large that one senior official at the National Guard Bureau emailed a warning to the Adjutants General, the Guard commanders of every state, territory, and the District of Columbia: Don’t get out in front of what the federal budget will support.
Congress Must Make 'Unimaginable' Defense Budget Choices: HASC's Adam Smith
“I understand that a one percent cut in the COLA is not insubstantial. It is a decrease in what the increase in retirements is going to be,” he said. (Under the plan, benefits would not actually decrease below current levels, they just wouldn’t increase as quickly in the future — and fall behind inflation by certain measures). “If you’re not going to cut this, what are you going to cut?” Activists for veterans and military personnel have argued that changing promised benefits is a breach of faith that will undermine trust in the military and thus people’s willingness to join up and stay in, one reporter noted. “I don’t have sympathy for that argument,” Smith said. “Believe me, I think our military ought to be the best compensated, best taken care of military in the world — and I think itis.” “If we are going to deal [based] on what you were promised when you came in,” Smith said scathingly, “then let’s get rid of the [post-9/11] updated GI bill, let’s get rid of the yearly pay increases, let’s get rid of all the increase in combat pay, let’s get rid of all of the billions, the tens of billions of dollars that we added after you got recruited.”
Cryptography Breakthrough Could Make Software Unhackable
Precisely because of obfuscation’s power, many computer scientists, including Sahai and his colleagues, thought it was impossible. “We were convinced it was too powerful to exist,” he said. Their earliest research findings seemed to confirm this, showing that the most natural form of obfuscation is indeed impossible to achieve for all programs.
Then, on July 20, 2013, Sahai and five co-authors posted a paper on the Cryptology ePrint Archive demonstrating a candidate protocol for a kind of obfuscation known as “indistinguishability obfuscation.” Two days later, Sahai and one of his co-authors, Brent Waters, of the University of Texas, Austin, posted a second paper that suggested, together with the first paper, that this somewhat arcane form of obfuscation may possess much of the power cryptographers have dreamed of. “This is the first serious positive result” when it comes to trying to find a universal obfuscator, said Boaz Barak, of Microsoft Research in Cambridge, Mass. “The cryptography community is very excited.”
Internet Anti-NSA Protest Starts Tuesday
Circle Feb. 11 on your calendar. You're going to notice something a little different when browsing the Internet that day. Thousands of civil-liberty and online-freedom groups and websites will take to the digital streets next week to wage a coordinated war against the National Security Agency's spying powers, a battle strike reminiscent of a virtual protest that two years ago killed an online piracy bill. Billing the protest as "The Day We Fight Back," organizers are promising banners will be prominently displayed on websites across the Internet urging users to engage in viral activity expressing their opposition to the NSA. Additionally, those banners will ask readers to flood the telephone lines and email in-boxes of congressional offices to voice their support of the Freedom Act, a bill in Congress that aims to restrict the government's surveillance authority. The roster of participating groups, which organizers say now tops 4,000, includes the American Civil Liberties Union, reddit, Tumblr, Mozilla, DailyKos, and Amnesty International.
Nine Factors Creating a ‘Perfect Storm’ Driving the Internet of Things to $14.4 trillion (special thanks to LCDR Connett)
The Industrial Internet Of Things
What role will humans play?
Finally ... an example
Protests, Blocking Google Buses: What the Hell is Up with Silicon Valley
Silicon Valley can’t afford to ignore its haters. Even just the image of arrogance could kill the industry — and future innovation. Silicon Valley is always selling the next category, the new frontier, the thing you’ll need tomorrow but can’t even imagine wanting today. A computer in your home. The Internet in your pocket. Your music in the cloud. A smartphone on your wrist or face. Unlike any other industry, tech relies on not merely trust but faith that a leap into the unknown, into breaking routines, will be rewarded. Since business models of tech companies are built on monetizing data that users freely supply, losing the trust and optimism of customers wouldn’t just mean failing to sell the next big thing … it could mean failing to make it. Read WIRED editor Bill Wasik’s argument here.
Google's New A.I. Ethics Board... (Fear of the Machine?)
In 2011, the co-founder of DeepMind, the artificial intelligence company acquired this week by Google, made an ominous prediction more befitting a ranting survivalist than an award-winning computer scientist. “Eventually, I think human extinction will probably occur, and technology will likely play a part in this,” DeepMind’s Shane Legg said in an interview with Alexander Kruel. Among all forms of technology that could wipe out the human species, he singled out artificial intelligence, or AI, as the “number 1 risk for this century.” Google’s acquisition of DeepMind came with an estimated $400 million price tag and an unusual stipulation that adds extra gravity -- and a dose of reality -- to Legg’s warning: Google agreed to create an AI safety and ethics review board to ensure this technology is developed safely, as The Information first reported and The Huffington Post confirmed. (A Google spokesman said that DeepMind had been acquired, but declined to comment further.) Even for a company that predictably pursues unpredictable projects (see: Internet-deploying balloons), an AI ethics board marks a surprising first for Google, and has some people questioning why Google is so concerned with the morality of thistechnology, as opposed to, say, the ethics of reading your email.
Work Place Monitoring... How your boss can keep you on a leash
If you're a person who hates it when your supervisor looks over your shoulder at work, you may want to stop reading this column right now. Because what follows is only going to depress you. Hitachi, the big electronics company based in Japan, is manufacturing and selling to corporations a device intended to increase efficiency in the workplace. It has a rather bland and generic-sounding name: the Hitachi Business Microscope. But what it is capable of doing ... well, just imagine being followed around the office or the factory all day by the snoopiest boss in the world. Even into the restroom. And, the thing is, once you hear about it, you just know that, from a management point of view, it is an innovation of absolute genius. Here's how it works: The device looks like an employee ID badge that most companies issue. Workers are instructed to wear it in the office. Embedded inside each badge, according to Hitachi, are "infrared sensors, an accelerometer, a microphone sensor and a wireless communication device." Hitachi says that the badges record and transmit to management "who talks to whom, how often, where and how energetically." It tracks everything. If you get up to walk around the office a lot, the badge sends information to management about how often you do it, and where you go. If you stop to talk with people throughout the day, the badge transmits who you're talking to (by reading your co-workers' badges), and for how long. Do you contribute at meetings, or just sit there? Either way, the badge tells your bosses.