information security

back to index

description: protecting information by mitigating information risks

217 results

pages: 302 words: 82,233

Beautiful security
by Andy Oram and John Viega
Published 15 Dec 2009

J IM R OUTH , CISM, has over 20 years of experience in information technology and information security as a practitioner, a management consultant, and a leader of technology functions and information security functions for global financial service firms. He is currently a managing director and chief information security officer for the Depository Trust & Clearing Corporation (DTCC). In this position, Jim designed and implemented an enterprise-wide information security program based on risk-management best practices and the COBIT and ISO 27001 standards. He implemented an innovative information security CONTRIBUTORS 263 risk-assessment process and a security program for software development that has been recognized as an industry leader.

Every CIO and CISO, asked to justify a security budget or particular security expenditure, knows that information security suffers from the inescapable problem of generating little or no direct revenue (an issue also addressed in detail by Peiter “Mudge” Zatko in Chapter 1, Psychological Security Traps). Many pundits have likened information security to an insurance policy: if everything goes well, you don’t even realize you have it. * Ibid. OH NO, HERE COME THE INFOSECURITY LAWYERS! 205 Information security now vies for the top spot in the priority list (and, therefore, for the budget dollars) of many IT departments. Consider information security management’s rating as the number-one technology initiative in a 2008 survey of Certified Information Technology Professionals.† In justifying expenditures for information security, however, this may be one of those rare situations where “lawyers are your friends.”

In determining the liability of the barge’s owners, Judge Learned Hand came up with the formulation B < P × L and stated “[i]f the probability be called P; the injury, L; and the burden, B; liability depends upon whether B is less than L multiplied by P: i.e., whether B is less than PL.”‡ In the context of information security, this could translate to the following analysis: if the burden on an organization to prevent an information security breach or lapse is less than the probability of that breach multiplied by the damages that could result, that organization should seriously consider taking on that burden (or a reasonable alternative approach). Mapping this to pragmatic and proactive information security, the simple shorthand of B < P × L can set the stage for a powerful argument for information security budgets. A company can get a very rough estimate of its security budget by taking a look at all of the threats in its threat and risk assessment (TRA) and ascertaining two things about each threat: the probability that an attack based on that threat will actually affect the business and the cost of the resulting attack.

Engineering Security
by Peter Gutmann

References [1] [2] [3] [4] [5] [6] “PKI Seeks a Trusting Relationship”, Audun Jøsang, Ingar Pedersen and Dean Povey, Proceedings of the 5th Australasian Conference on Information Security and Privacy (ACISP’00), Springer-Verlag LNCS No.1841, July 2000, p.191. “Advances and Remaining Challenges to Adoption of Public Key Infrastructure Technology”, United States General Accounting Office report GAO-01-277, February 2001. “Solution and Problems: (Why) It’s a long Way to Interoperability”, Jürgen Schwemmer, Datenschutz und Datensicherheit, No.9, 2001 (September 2001). “Prime-Time Player?”, Leo Pluswich and Darren Hartman, Information Security Magazine, March 2001. “PKI: An Insider View”, Ben Rothke, Information Security Magazine, October 2001.

[463] Joe Faulhaber, private communications, 2 January 2009. [464] Paul Heinz, private communications, 18 January 2010. [465] “Digital Deception: The Practice of Lying in the Digital Age”, Jeffrey Hancock, in “Deception: From Ancient Empires to Internet Dating”, Stanford University Press, 2009, p.109. [466] “Mobile Geräte programmieren”, Ulrich Breyman, Linux Technical Review, No.11 (2009), p.64. [467] “GlobalSign revokes cert of rogue security app: Certified malware exposes shortcomings of digital certificates”, John Leyden, 16 August 2008, http://www.theregister.co.uk/2008/08/16/certified_malware/. [468] “Phishing: Cutting the Identity Theft Line”, Rachael Lininger and Russell Vines, John Wiley and Sons, 2005. [469] “Corporate Identity Theft Used to Obtain Code Signing Certificate”, Jarno Niemelä, 25 August 2010, http://www.f-secure.com/weblog/archives/00002017.html. [470] “Re: [cryptography] How are expired code-signing certs revoked?”, Jon Callas, posting to the cryptography@randombit.net mailing list, message-ID 886A612C-A596-4111-A4AD-5999797F9420@callas.org, 18 December 2011. [471] “Why Information Security is Hard — An Economic Perspective”, Ross Anderson, Proceedings of the 17th Annual Computer Security Applications Conference (ACSAC’01), December 2001, p.358. [472] “The Economics of Information Security”, Ross Anderson and Tyler Moore, Science, Vol.314, No.5799 (27 October 2006), p.610. [473] “The DNS-Based Authentication of Named Entities (DANE) Transport Layer Security (TLS) Protocol: TLSA”, RFC 6698, Paul Hoffman and Jakob Schlyter, August 2012. [474] “Authenticated Names”, Stanley Chow, Christophe Gustave and Dmitri Vinokurov, Proceedings of the 2007 New Security Paradigms Workshop (NSPW’07), September 2007, p.23. [475] “Windows Logo Program: Overview”, http://www.microsoft.com/whdc/winlogo/default.mspx. [476] “What were the tests that WinG did to evaluate video cards?”

id=1234772.1234786. [370] “Mental Models of Home Computer Security”, Rick Wash, Symposium on Usable Privacy and Security (SOUPS’08), Poster Session, July 2008, http://cups.cs.cmu.edu/soups/2008/posters/wash.pdf. [371] “Folk Models of Home Computer Security”, Rick Wash, Proceedings of the 6th Symposium on Usable Privacy and Security (SOUPS’10), July 2010, to appear. [372] “The Commercial Malware Industry”, Peter Gutmann, presentation at Defcon 15, August 2007, https://www.defcon.org/images/defcon-15/dc15presentations/dc-15-gutmann.pdf, updated version at http://www.cs.auckland.ac.nz/~pgut001/pubs/malware_biz.pdf. [373] “Re: Zero Overhead Security”, Rick Wash, posting to the hcisec@yahoogroups.com mailing list, message-ID E0B6251B-FC4E-4FF79DFC-E751C0B25865@umich.edu, 29 September 2008. [374] “Risk”, John Adams, UCL Press, 1995. [375] “The Theory of Risk-Homeostasis: Implications for Safety and Health”, Gerald Wilde, Risk Analysis, Vol.2, No.4 (December 1982), p.209. [376] “Risk Homeostasis Theory and Traffic Accident Data” L.Evans, Risk Analysis, Vol.6, No.1 (March 1986), p.81. [377] “Notes on the Interpretation of Traffic Accident Data and of Risk Homeostasis Theory: A Reply to L. Evans”, Gerald Wilde, Risk Analysis, Vol.6, No.1 (March 1986), p.95. [378] “Risk Homeostasis as a Factor of Information Security”, Malcolm Pattinson, Proceedings of the 2nd Australian Information Security Management Conference (AISM’04), November 2004, p.64. [379] “Department of Homeland Security website hacked! Infected by massive attack sweeping the net”, Dan Goodin, 25 April 2008, http://www.theregister.co.uk/2008/04/25/mass_web_attack_grows/. [380] “Poisoned TV website adverts lead to PC and Mac scareware”, Sophos Labs, 21 February 2008, http://www.sophos.com/pressoffice/news/articles/2008/02/poisoned-adverts.html. [381] “Data theft scam targets Google ads”, Associated Press, 27 April 2007, http://www.msnbc.msn.com/id/18348120/. [382] “Malware delivered by Yahoo, Fox, Google ads”, Elinor Mills, 22 March 2010, http://news.cnet.com/8301-27080_3-20000898-245.html. [383] “Security Beliefs and Barriers for Novice Internet Users”, Steven Furnell, Valleria Tsaganidi and Andy Phippen, Computers & Security, Vol.27, No.7-8 (December 2008), p.235.

Applied Cryptography: Protocols, Algorithms, and Source Code in C
by Bruce Schneier
Published 10 Nov 1993

Kim, “Attacks on Tanaka’s Non–interactive Key Sharing Scheme,” Proceedings of the 1995 Symposium on Cryptography and Information Security (SCIS 95), Inuyama, Japan, 24–27 Jan 1995, pp. B3.4.1–4. 1229. S.J. Park, K.H. Lee, and D.H. Won, “An Entrusted Undeniable Signature,” Proceedings of the 1995 Japan–Korea Workshop on Information Security and Cryptography, Inuyama, Japan, 24–27 Jan 1995, pp. 120–126. 1230. S.J. Park, K.H. Lee, and D.H. Won, “A Practical Group Signature,” Proceedings of the 1995 Japan–Korea Workshop on Information Security and Cryptography, Inuyama, Japan, 24–27 Jan 1995, pp. 127–133. 1231. S.K. Park and K.W.

The Group shall be composed of six federal employees, three each selected by NIST and NSA and to be augmented as necessary by representatives of other agencies. Issues may be referred to the group by either the NSA Deputy Director for Information Security or the NIST Deputy Director or may be generated and addressed by the group upon approval by the NSA DDI or NIST Deputy Director. Within days of the referral of an issue to the Group by either the NSA Deputy Director for Information Security or the NIST Deputy Director, the Group will respond with a progress report and plan for further analysis, if any. 6. Exchange work plans on an annual basis on all research and development projects pertinent to protection of systems that process sensitive or other unclassified information, including trusted technology, for protecting the integrity and availability of data, telecommunications security and personal identification methods.

Export licenses are approved or denied based upon the type of equipment involved, the proposed end use and the end user. Our analysis indicates that the U.S. leads the world in the manufacture and export of information security technologies. Of those cryptologic products referred to NSA by the Department of State for export licenses, we consistently approve over 90%. Export licenses for information security products under the jurisdiction of the Department of Commerce are processed and approved without referral to NSA or DoD. This includes products using such techniques as the DSS and RSA which provide authentication and access control to computers or networks.

pages: 587 words: 117,894

Cybersecurity: What Everyone Needs to Know
by P. W. Singer and Allan Friedman
Published 3 Jan 2014

Building on its technical experience securing national defense networks, the NSA partnered with the private security training company SANS to develop critical security controls. They built a consortium of representatives from the defense and law enforcement communities, information security companies, and even representatives from the UK government’s information assurance agencies. This public-private partnership developed a set of 20 critical controls, which were then vetted by the larger information security community. These collectively built controls, which lay out the need for such measures as inventories of authorized devices and software, and proper maintenance and analysis of audit logs, give any and every individual organization a set of clear security goals to follow.

It has led to the creation of various new governmental offices and bureaucracies (the US Department of Homeland Security’s National Cyber Security Division has doubled or tripled in size every year since its inception). The same is true for armed forces around the globe like the US Cyber Command and the Chinese “Information Security Base” (xinxi baozhang jidi), new military units whose very mission is to fight and win wars in cyberspace. As we later consider, these aspects of “cyber stuff” raise very real risks, but how we perceive and respond to these risks may be even more crucial to the future, and not just of the Internet.

Not only must internal secrets and sensitive personal data be safeguarded, but transactional data can reveal important details about the relationships of firms or individuals. Confidentiality is supported by technical tools such as encryption and access control as well as legal protections. Integrity is the most subtle but maybe the most important part of the classic information security triumvirate. Integrity means that the system and the data in it have not been improperly altered or changed without authorization. It is not just a matter of trust. There must be confidence that the system will be both available and behave as expected. Integrity’s subtlety is what makes it a frequent target for the most sophisticated attackers.

pages: 328 words: 77,877

API Marketplace Engineering: Design, Build, and Run a Platform for External Developers
by Rennay Dorasamy
Published 2 Dec 2021

This is a significant game changer and although application teams may be satisfied by fronting the interfaces with an API Gateway, this has an enterprise-wide impact and will require participation from various teams – ranging from Information Security to Networks to Forensics, to name a few. Information Security signs off that customer or organization data is only released based on specific security authorization frameworks such as OAuth. It is important to highlight that the Information Security team is a key stakeholder of the API Marketplace and engagement should be ongoing. Information Security should approve every API product to ensure that the right level of information is provided to the right parties with the right level of security.

Infrastructure: Jan Jacobs, Tumelo Malete, George Phage, Maanda Ambani. External: Pieter Myburgh, Lovemore Nalube, Dylan Youens, George Nel, Hardus van der Berg, Akash Shaha, Loyiso Matymza, Damon Vrkoc, Kabelo Mokwana, Henry Oertel. Forensics: Justin Fairhurst. Business Analysis: Tshepo Mekgoe, Kerassa Pillay, Pravesh Mungaldave. Information Security: Phillip Gerber, Tian Gerber, Enzlin Burts. Network Security: Andre Jansen, Jared Camberg, Iaan Botha. Change and Release: Amanda Kopolo, Patiwe Singapi, Stephanie van Ross, Cecil Loots, Marty Dada, Liesl Moss. To the Apress team – Jonathan Gennick, Jill Balzano, Robert Stackowiak, Laura Berendson, and Welmoed Spahr – I cannot thank you enough for this opportunity of a lifetime.

Information Security should approve every API product to ensure that the right level of information is provided to the right parties with the right level of security. From a technical or development perspective, it may appear to be relatively easy to expose or update an API product to provide additional data. However, Information Security has a greater view regarding the sensitivity of data and, as essentially the guardians of enterprise and customer information, must always be consulted. The Network team will also have to determine how requests, now originating from the Internet, traverse the organization’s boundary and are routed to internal services. At this junction, it may be necessary to pause and reflect on the gravity of establishing an API Marketplace from the perspective of a Network Administrator.

pages: 448 words: 117,325

Click Here to Kill Everybody: Security and Survival in a Hyper-Connected World
by Bruce Schneier
Published 3 Sep 2018

Association for Computing Machinery (accessed 24 Apr 2018), “Skillsoft Learning Collections,” https://learning.acm.org/e-learning/skillsoft. (ISC)² (accessed 24 Apr 2018), “(ISC)² information security certifications,” https://www.isc2.org/Certifications. 140The International Organization for Standardization (ISO): International Organization for Standardization (accessed 24 Apr 2018), “ISO/IEC 27000 family: Information security management systems,” http://www.iso.org/iso/home/standards/management-standards/iso27001.htm. 141Various reports forecast 1.5 million: Julie Peeler and Angela Messer (17 Apr 2015), “(ISC)² study: Workforce shortfall due to hiring difficulties despite rising salaries, increased budgets and high job satisfaction rate,” (ISC)² Blog, http://blog.isc2.org/isc2_blog/2015/04/isc-study-workforce-shortfall-due-to-hiring-difficulties-despite-rising-salaries-increased-budgets-a.html.

Federal Bureau of Investigation (29 Dec 2014), “Most wanted talent: Seeking tech experts to become cyber special agents,” https://www.fbi.gov/news/stories/fbi-seeking-tech-experts-to-become-cyber-special-agents. 176The reality always falls short: Neil Robinson and Emma Disley (10 Sep 2010), “Incentives and challenges for information sharing in the context of network and information security,” European Network and Information Security Agency, https://www.enisa.europa.eu/publications/incentives-and-barriers-to-information-sharing/at_download/fullReport. 176This is rational: Lawrence A. Gordon, Martin P. Loeb, and William Lucyshyn (Feb 2003), “Sharing information on computer systems security: An economic analysis,” Journal of Accounting and Public Policy 22, no. 6, http://citeseerx.ist.psu.edu/viewdoc/download?

It corralled a wide variety of IoT devices into the world’s largest botnet, and while it was not used to spread ransomware, it could easily have done so. 5 Risks Are Becoming Catastrophic The trends in the previous four chapters are not new—not the technical realities, not the political and economic trends, nothing. What’s changing is how computers are being used in society: the magnitude of their decisions, the autonomy of their actions, and their interactions with the physical world. This increases the threat over several dimensions. INTEGRITY AND AVAILABILITY ATTACKS ARE INCREASING Information security is traditionally described as a triad consisting of confidentiality, integrity, and availability. You’ll see it called the “CIA triad,” which admittedly is confusing in the context of national security. But basically, the three things I can do with your data are steal a copy of it, modify it, or delete it.

pages: 446 words: 102,421

Network Security Through Data Analysis: Building Situational Awareness
by Michael S Collins
Published 23 Feb 2014

Anton Chuvakin, Logging and Log Management: The Authoritative Guide to Dealing with Syslog, Audit Logs, Alerts, and other IT ‘Noise’ (Syngress, 2012). Chapter 4. Data Storage for Analysis: Relational Databases, Big Data, and Other Options This chapter focuses on the mechanics of storing data for traffic analysis. Data storage points to the basic problem in information security analysis: information security events are scattered in a vast number of innocuous logfiles, and effective security analysis requires the ability to process large volumes of data quickly. There are a number of different approaches available for facilitating rapid data access, the major choices being flat files, traditional databases, and the emergent NoSQL paradigm.

For our purposes, situational awareness encompasses understanding the components that make up your network and how those components are used. This awareness is often radically different from how the network is configured and how the network was originally designed. To understand the importance of situational awareness in information security, I want you to think about your home, and I want you to count the number of web servers in your house. Did you include your wireless router? Your cable modem? Your printer? Did you consider the web interface to CUPS? How about your television set? To many IT managers, several of the devices listed didn’t even register as “web servers.”

All security systems ultimately depend on users recognizing the importance of security and accepting it as a necessary evil. Security rests on people: it rests on the individual users of a system obeying the rules, and it rests on analysts and monitors identifying when rules are broken. Security is only marginally a technical problem—information security involves endlessly creative people figuring out new ways to abuse technology, and against this constantly changing threat profile, you need cooperation from both your defenders and your users. Bad security policy will result in users increasingly evading detection in order to get their jobs done or just to blow off steam, and that adds additional work for your defenders.

pages: 570 words: 115,722

The Tangled Web: A Guide to Securing Modern Web Applications
by Michal Zalewski
Published 26 Nov 2011

I am also proud to be standing on the shoulders of giants. This book owes a lot to the research on browser security done by members of the information security community. Special credit goes to Adam Barth, Collin Jackson, Chris Evans, Jesse Ruderman, Billy Rios, and Eduardo Vela Nava for the advancement of our understanding of this field. Thank you all—and keep up the good work. * * * [1] Confused deputy problem is a generic concept in information security used to refer to a broad class of design or implementation flaws. The term describes any vector that allows the attacker to trick a program into misusing some “authority” (access privileges) to manipulate a resource in an unintended manner—presumably one that is beneficial to the attacker, however that benefit is defined.

Security in the World of Web Applications To provide proper context for the technical discussions later in the book, it seems prudent to first of all explain what the field of security engineering tries to achieve and then to outline why, in this otherwise well-studied context, web applications deserve special treatment. So, shall we? Information Security in a Nutshell On the face of it, the field of information security appears to be a mature, well-defined, and accomplished branch of computer science. Resident experts eagerly assert the importance of their area of expertise by pointing to large sets of neatly cataloged security flaws, invariably attributed to security-illiterate developers, while their fellow theoreticians note how all these problems would have been prevented by adhering to this year’s hottest security methodology.

—Collin Jackson, researcher at the Carnegie Mellon Web Security Group “Perhaps the most thorough and insightful treatise on the state of security for web-driven technologies to date. A must have!” —Mark Dowd, Azimuth Security, author of The Art of Software Security Assessment PRAISE FOR SILENCE ON THE WIRE BY MICHAL ZALEWSKI “One of the most innovative and original computing books available.” —Richard Bejtlich, TaoSecurity “For the pure information security specialist this book is pure gold.” —Mitch Tulloch, Windows Security “Zalewski’s explanations make it clear that he’s tops in the industry.” —Computerworld “The amount of detail is stunning for such a small volume and the examples are amazing. . . . You will definitely think different after reading this title.”

pages: 409 words: 112,055

The Fifth Domain: Defending Our Country, Our Companies, and Ourselves in the Age of Cyber Threats
by Richard A. Clarke and Robert K. Knake
Published 15 Jul 2019

W., 6 Bush, George W., 6, 11, 88, 89, 96, 113, 130, 135, 156, 222, 228 California, 117, 123 cameras, 289–90 Carlin, John, 125 cars, driverless, 266–67, 269–70 Carter, Ash, 193, 225 Causes of War, The (Van Evera), 100 Center for Internet Security, 117 Center for Strategic and International Studies (CSIS), 89, 101, 110, 113 certified information security manager, 146 certified information system auditor, 146 certified information systems security professional, 146, 149 Chamber of Commerce, 44, 109–11, 113, 118 Chaudhuri, Swarat, 80 Chemical Facility Anti-Terrorism Standards, 114–15 Chen, Adrian, 219 Cheney, Dick, 275 chief information officers (CIOs), 72, 300 chief information security officers (CISOs), 5, 33, 40, 49, 56, 64, 65, 69, 72, 87, 151, 170, 177, 178, 244, 300 China, 5, 24, 28, 33–34, 39–41, 43, 46, 50, 97, 159–60, 166, 182, 187, 195, 196, 198, 214, 217, 241, 242, 248, 252, 272 5G and, 267–68 internet and Great Firewall of, 87, 205, 206, 208, 210, 211, 215 People’s Liberation Army, 26, 28, 176, 305 quantum computing and, 256, 259, 260, 262, 264 China Telecom, 119–20 CIA, 23–24, 37, 110, 124, 152, 173, 194 Citibank, 8, 38, 136, 284 civil service system, 171, 173 Clarke, Richard A., 3–4, 6, 10–11, 21, 59, 65, 89, 124–25, 156, 168, 220, 254, 291 Cyber War, 6–7, 13, 26, 37, 78, 192, 200 Warnings, 162, 223 CLEAR, 137 Clinton, Bill, 3–4, 6, 11, 88, 113, 168, 221 Clinton, Hillary, 223, 232–33 Clipper chip, 124 cloud, 5–6, 71–77, 104, 206, 215, 291–92, 298, 300 CLOUD Act, 214, 215 Cloudflare, 87, 119 Coats, Dan, 26, 159 Cole, Alma, 170 Columbia University, 102 Comey, James, 124, 125 Commerce Department, 88, 140 see also National Institute of Standards and Technology Comprehensive National Cyber Initiative, 96 CompTIA Security+ certification, 146 Computer Fraud and Abuse Act, 100 Congress, U.S., 99, 109, 114, 116–18, 124, 130, 144, 159, 165–66, 171, 172, 178, 196, 214, 228, 231–33, 259, 268–69 ReallyU and, 138, 140, 141 Senate, 78, 232 Conley, Caitlin, 225–26 Constitution, U.S., 94, 228 containers, 71, 77 contractors, 170–71, 174 Cook, Tim, 124, 125 Cornell University, 250 Council of Europe Convention on Cybercrime, 212–13, 216 credit cards, 286–87, 293 credit reporting, 284 CrowdStrike, 33, 34, 36, 46, 55, 60, 61, 67, 77, 83 cryptocurrencies, 6, 73, 289 Cyber Command, 23, 43, 97, 150–51, 173, 183, 184, 191–98, 220, 233, 300 CyberCorps, 168–70, 172–73, 177, 178 Cyber Defense Matrix, 65–67, 82 Cyber Independent Testing Lab, 82 cyber insurance, 5, 121–23 Cyber Operations Academy Course, 148 cyber resilience, 13–15, 42, 70–72, 82, 104, 105, 296–97 cybersecurity: AI in, 244–48, 252 apprenticeship programs for, 152–53 building in, 67, 72 center for policy on, 101 data on, 39–43, 72 information sharing in, 58–61, 95, 112 as part of national security, 90, 94 personal, 283–93 quantum computing and, 254 as shared responsibility between government and private sector, 10–13, 88–96, 105 spending on, 5, 91 venture capital investment in, see venture capital workforce for, 144–53, 167–78 Cybersecurity and Infrastructure Security Agency (CISA), 171–72, 177, 178, 300 Cybersecurity Talent Initiative, 152–53 Cyberseek, 145, 146 cyberspace, 6, 88, 208, 210 Cyber Threat Alliance, 61 cyber war, 7–10, 19, 182–84, 197–98, 221, 239, 296–97 AI in, 239–41 diplomacy and, 202–3 escalation of instability into, 28–29, 198 naming cyber warriors, 27–28 quantum computing and, 254, 263–64 Cyber War (Clarke and Knake), 6–7, 13, 26, 37, 78, 192, 200 Cyber War Risk Insurance Act (CWRIA), 123, 301 Cylance, 34, 55, 67, 83 Daniel, Michael, 61, 92–93, 205 Darktrace, 246 dark web, 38, 40, 41, 126 data, 257 AI and, 247–48, 251 backing up, 127, 291–92 on security, 39–43, 72 data lake, 247, 301 data mining, 243 DEF CON, 73, 102, 127 Defending Digital Democracy, 225–26 defense, see offense and defense Defense Advanced Research Projects Agency (DARPA), 12, 78, 249–50, 252, 301 Defense Cyber Crime Center, 198 Defense Department (DoD), 6, 27, 79, 81, 94–95, 132, 147, 149, 152, 165, 176, 181–203, 181–203, 221–22, 225, 229–30, 249 budget of, 201 clarity of mission in, 199–200 Cyber Command, see Cyber Command Cyber Strategy of, 181–82, 195 diplomacy and, 202–3 escalation dominance and, 202 five missions of, 184–92 National Security Agency, see National Security Agency and securing arsenal, 200–201 system failure capabilities and, 202 tabletop exercises and, 185–92, 198, 225–26 unity of command in, 198–99 defense industrial base (DIB), 49, 50, 184, 190, 301 Defense Information Systems Agency, 198 Defense Science Board, 190 Demchak, Chris, 120 Democratic Congressional Campaign Committee, 231–32, 302 Democratic National Committee, 26 Democratic Party, 11, 224 Deputies Committee, 222 Deputy Assistant Secretary of Defense (DASD), 198, 225 design basis threat, 115 “detect” function, 45, 66, 70–71 DevOps, 72, 80 Devost, Matt, 295 DiGiovanni, Frank, 143, 147–50, 153 Digital Resilience (Rothrock), 14 Dimon, Jamie, 91, 92, 191 diplomacy, 202–3, 218, 221 direct-recording electronic (DRE) machines, 230–31, 301 distributed denial-of-service (DDoS) attacks, 38, 73, 85–87, 118–19, 191, 215, 268, 276, 301 DLA Piper, 19, 37 Docker, 71, 77 domain names, 88 Domain Name System (DNS), 12, 118–20, 207, 210, 276, 301 Dornbush, Evan, 148, 149 driver’s licenses, 135–37 drones, 248–50 D-Trip, 231–32, 302 Dugan, Regina, 249 Duo, 131–33 Dyn, 276–77 Economist, 103, 181 economy, 8, 109–10 Edelman, David, 210 Einstein, Albert, 9, 256 Einstein program, 95, 96 elections, 219–35 Russia and, 26, 159, 160, 222–23, 227, 228, 230–35 of 2016, 26, 159, 160, 222–23, 227, 228, 230, 232–35 Electronic Frontier Foundation (EFF), 207, 208 Electronic Funds Transfer Act, 115 email, 46, 52–55, 59, 133, 288–89, 291 encryption, 10, 18, 96, 103, 124–25, 260–62, 291, 292, 302 Endgame, 251 endpoint detection and response (EDR), 55, 61, 83, 96–97, 149, 163, 175, 298 endpoints, 65, 245, 302 Energy Services Group, 272, 276 Equifax, 115–16, 284 Escalate, 149, 152 EternalBlue, 18, 22, 23 European Commission, 216 European Union (EU), 206–7, 211–12, 220–21 exploits, 21, 35, 51, 57–58, 302 Extended Area Protection and Survivability System, 190 Facebook, 67, 71, 91, 134, 209, 213, 221, 224, 231, 232, 285, 287–88, 292 Farook, Syed, 123–25 FATF-style regional bodies, 216 FBI, 22, 23, 43, 78, 93, 95, 98, 99, 124–25, 152 Federal Aviation Administration, 279 Federal Communications Commission (FCC), 120, 268–69 Federal Deposit Insurance Corporation, 115 Federal Energy Regulatory Commission (FERC), 158, 279 Federal Financial Institutions Examination Council, 114 Federal Trade Commission, 232 FedEx, 19, 37 Fierce Domain, A (Healey), 102 Financial Action Task Force (FATF), 216, 302 Financial Services Information Sharing and Analysis Center, 59–60 Financial Systemic Analysis & Resilience Center (FSARC), 60 Financial Times, 94 fingerprint readers, 131 FireEye, 34, 36, 53 firewalls, 70, 87, 159, 160 5G mobile telephony, 265–69, 280 Five Guys, 21–22 Fly, Jamie, 223 Food and Drug Administration (FDA), 275–76, 278–79 France, 25, 209 Friedman, Allan, 101 Gable, Jim, 258 Gagnon, Gary, 56–58 Gartner, Inc., 65, 274 gas industry, 272–73 Gates, Bill, 129–31, 133 Geist, Michael, 213 Germany, 209, 214, 215 Gibson, William, 3, 10, 208 Gillespie, Ed, 230 Global Information Assurance Certification, 146 glossary, 299–308 Goldsmith, Jack, 208 Google, 8, 52, 63–64, 74–76, 80, 81, 91, 132, 134, 138, 149, 153, 205, 209, 213, 232, 253, 258, 259, 261, 263 government, 24, 85–88, 109–28, 297 cloud and, 77 cybersecurity as shared responsibility between private sector and, 10–13, 88–96, 105 cybersecurity positions and, 153, 167–78 equities issue and, 21 identification and, 134, 135, 139–41 internet and, 12–13, 86, 88 and naming cyber warriors, 27–28 national security and, 88, 90, 153 Presidential Decision Directive 63 and, 10–11, 59, 89 regulation by, 109–20, 122–23, 139–40, 268–69, 278 smart cards and, 130 state, 117–18, 174–75, 177 Government Accountability Office (GAO), 175, 189, 200 Granholm, Jennifer, 155 Grant, Jeremy, 135, 136 Great Britain, 17–18, 25, 96, 211–12, 220–21 Group of 7, 216 GRU, 19–23, 25–26, 28, 165, 234, 277, 302 Guido, Dan, 81 hackers, 73, 78, 79, 127, 147–48, 251 Hagel, Chuck, 225 Harkins, Malcolm, 83 Harris, Kamala, 117 Harvard University, 44, 152 Belfer Center, 100, 225 Hayden, Michael, 35 Healey, Jason, 102–3 Health and Human Services Department (HHS), 40, 136 health care, 40–42, 83, 123 Hernandez, Steve, 170 Homeland Security, Department of (DHS), 6, 21, 86, 93, 95, 96, 109, 110, 113, 114, 136, 152, 168, 175, 191, 199 Cybersecurity and Infrastructure Security Agency, 171–72, 177, 178 Office of Cybersecurity and Communications, 151 power grid and, 158–59, 162 Homeland Security Council, 102 Homeland Security Policy Directive 7 (HSPD 7), 89 Homeland Security Presidential Directive 12, 130 Homer, Jonathan, 159 honeypots, 246, 303 Howard, Rick, 60–61 Huang Zhenyu, 28 Huawei, 267–68 IBM, 80, 251, 253, 258, 261 Idaho National Laboratory, 157 Idaho State University, 167–70 “identify” function, 45, 66, 70 identity, 133–34, 138 federated, 134 government and, 134, 135, 139–41 ID cards, 135, 137, 139, 140 identity and access management (IAM), 245, 303 personally identifiable information (PII), 115–16, 141, 283–84, 305 proofing, 133–36, 138, 140 see also authentication Immersive Labs, 149–50 industrial control systems (ICS), 163, 270, 271, 303 information sharing, 58–61, 95, 112 information sharing and analysis centers (ISACs), 11, 303 information technology (IT), 18, 36, 37, 50, 53, 54, 65, 66, 68, 70–72, 74, 75, 83, 87, 110, 173, 174, 243, 270, 303 cost of, 201 IT Services Agency proposal, 176–78 OT and, 273–74 Shadow, 72 spending on, 91 statewide departments, 174–75 infrastructure as a service, 75 Initial Occurrence Syndrome, 162, 223 Inskeep, Todd, 40, 45–46 intellectual property, 34, 42–43 “Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains” (Hutchins, Cloppert, and Amin), 49, 51, 52 intercontinental ballistic missile (ICBM), 166, 303 International Conference on Information Warfare, 49 International Strategy for Cyberspace, 205, 210, 295 internet, 8, 9, 11–13, 78, 86, 90, 91, 96, 120, 157, 205–11, 215, 293 government and, 12–13, 86, 88 Russia and, 206, 208, 210, 211, 219–20 Schengen Accord for, 205–18 Internet Corporation for Assigned Names and Numbers (ICANN), 12, 102, 210 Internet of Things (IoT), 265, 266, 268–70, 274–80, 289, 303 vehicles, 266–67, 269–70 Internet Research Agency, 219–20 Interpol, 161, 217 intrusion prevention systems (IPS), 70–71, 94–95, 244 iPhones, 36, 68, 124–25, 292 Iran, 5, 27, 28, 85–87, 98–99, 119, 120, 126, 163, 185–88, 191–96, 198, 208 nuclear program of, 20, 37–38, 85, 87, 97, 160, 193, 194, 270–71 IronNet, 93–94, 246 IRS, 136, 138–40 Islamic State in Syria (ISIS), 193, 201, 303–4 Israel, 23, 160, 185–86, 190, 192 Mossad, 44, 46 IT Services Agency (ITSA), 176–78 Jaffer, Jamil, 94 Janow, Merit, 102 Jenkins, Neil, 61 Joint Improvised Explosive Device Defeat Organization, 51 Joint Worldwide Intelligence Communications System, 189 Joyce, Rob, 73–74, 97 JPMorgan Chase, 9, 49–50, 85, 91–92, 94, 101, 136, 191 Justice Department (DOJ), 10, 12, 22, 27–28, 124, 125, 194, 217 Karagiannis, Konstantinos, 263 Kaspersky Anti-Virus, 22–23, 36 Kennan, George, 13 Kennedy, John F., 9 Kerry, John, 227–28 kill chain, 49–61, 70, 298 Knake, Robert K., 6, 61, 153, 286 Cyber War, 6–7, 13, 26, 37, 78, 192, 200 Koppel, Ted, 155–57 Kurtz, George, 34 Levy, Steven, 207 Lewis, Jim, 89 Lights Out (Koppel), 157 Livingston, John, 271–75 Lockheed Martin, 49–52 Long, Fan, 80 Longhorn, 24, 37 L0pht, 78, 79, 119 machine learning (ML), 42, 53, 80, 81, 243–52, 263–64, 304 see also artificial intelligence Madam Secretary, 157, 161 Maersk, 19, 29, 37 Malik, Tashfeen, 123–25 malware, 46, 53–55, 59–61, 79, 85, 86, 149, 304 managed security service provider (MSSP), 144, 229, 304 Manhattan Project, 9 Mansouri, Mohammad, 126 Markoff, Michele, 210 Marsh, Robert, 88–89 Martin, Harold, 22–23 Mastercard, 152, 153 Mattis, James, 195 McAfee, 33, 61, 67, 251, 288 McAuliffe, Terry, 230–31 McGeehan, Ryan, 71 McKinsey & Company, 8, 271 McLaughlin, Mark, 60–61 medical devices, 275–76, 278–79 Merck, 19, 29, 37 Metcalfe’s Law, 209–10, 245 Mickens, James, 44 microphones, 290 Microsoft, 8, 18, 20–22, 24, 36, 37, 44, 74–76, 81, 129, 131, 152, 213, 253, 261, 285 Windows, 18, 36, 79, 129, 190, 276, 288 military, 11–12, 13, 87, 95, 150, 161, 163, 181–203 Air Force, 50, 102, 166, 183 Army, 150, 170, 183, 195 cybersecurity training and, 143, 147–48 Navy, 95, 150, 163, 183, 189–90, 198, 200, 201 see also Defense Department Mirai, 119, 277 missiles, 165–66, 303 MIT, 80, 152, 169, 263 MITRE Corporation, 55–58, 60, 112 mobile devices, 289–90, 292 5G and, 265–69, 280 Mohammadi, Ehsan, 28 Mollenkopf, Steve, 265 Mondelēz, 19, 37, 121 Moore’s Law, 209–10 Morenets, Alexei, 28 Moss, Jeff, 127, 295 Mossad, 44, 46 Mueller, Robert, 161 multifactor authentication (MFA), 46, 129, 131–34, 137, 304 Murphy, Matt, 181 mutual legal assistance treaties, 215 NAFTA, 213 Nakasone, Paul, 233 NASA, 79, 169, 263 Nash, Lorina, 17 National Academy of Sciences, 3 National Cybersecurity Protection System, 96 National Cyber Strategy, 92, 182 National Defense Authorization Act, 195–96 National Institute of Standards and Technology (NIST), 64–65, 140, 261, 304 Cybersecurity Framework, 44–45, 66, 70, 111, 117 cybersecurity workforce crisis and, 144–45 National Plan for Information Systems Protection, 109 National Science Foundation, 168 national security, 88, 90, 94, 104–5, 153 National Security Agency (NSA), 18, 21–23, 35–37, 43, 68, 73, 93, 96, 103, 124, 125, 168, 189, 194, 200, 233, 254, 267 Tailored Access Operations, 73, 148, 307 National Security Council (NSC), 6, 89, 97, 102, 110, 111, 203, 222, 224 National Security Presidential Memorandum 13, 182, 196 National Strategy for Trusted Identities in Cyberspace (NSTIC), 111–12, 134–36, 138 National Strategy to Secure Cyberspace, 156 National Transportation Safety Board, 273 NATO, 221, 222, 225, 234 natural gas, 272–73 Navy, U.S., 95, 150, 163, 183, 189–90, 198, 200, 201 Navy Marine Corps Intranet, 27 NeSmith, Brian, 144 Netflix, 72, 76 Network Master, 246, 248, 252, 263, 264 neural networks, 80, 243–44 New York, 117, 123, 155–56, 174 New York Cyber Task Force, 75, 101–4 New York Times, 205 New York Times Magazine, 219 Niejelow, Alex, 153 Nikias, C.

Today, the market is (finally) growing and thriving, with almost $2 billion in premiums written in 2017. Long-standing problems created by government, such as barriers to information sharing, have been solved and companies are actually beginning to organize communities not only to share information, but also to provide mutual aid during crises. One chief information security officer (CISO) at a major bank we spoke with thinks that in five years his bank will largely be immune to cyberattacks as it upgrades from legacy systems that are inherently insecure to systems that are secure by design. Many leaders in Silicon Valley, where optimism is never in short supply, would tend to agree.

Staffing those firms with the limited supply of cybersecurity experts and software engineers has, in the words of Ackerman, “spread the peanut butter too thin” on too many pieces of bread. It also makes it difficult for the corporate buyer to sort through a sea of look-alike, sound-alike firms competing for the attention and dollars of chief information security officers. Many of the three thousand cybersecurity companies “are a feature, not a firm,” he said. They solve one narrow problem and really should be part of a platform company offering a mutually supporting mesh of integrated security products. In a rational world, many of the start-ups would be folded into larger companies, but the desire of VC investors to force their firm to someday become a billion-dollar unicorn prevents such needed consolidation.

pages: 395 words: 110,994

The Phoenix Project: A Novel About IT, DevOps, and Helping Your Business Win
by Gene Kim , Kevin Behr and George Spafford
Published 14 Jul 2013

A developer jamming in an urgent change so he could go on vacation—possibly as part of some urgent project being driven by John Pesche, our Chief Information Security Officer. Situations like this only reinforce my deep suspicion of developers: they’re often carelessly breaking things and then disappearing, leaving Operations to clean up the mess. The only thing more dangerous than a developer is a developer conspiring with Security. The two working together gives us means, motive, and opportunity. I’m guessing our CISO probably strong-armed a Development manager to do something, which resulted in a developer doing something else, which broke the payroll run. Information Security is always flashing their badges at people and making urgent demands, regardless of the consequences to the rest of the organization, which is why we don’t invite them to many meetings.

It’s possible—John routinely deals with some pretty powerful people, like Steve and the board as well as the internal and external auditors. However, I’m certain Steve didn’t mention either John or Information Security as reasons for their departure—only the need to focus on Phoenix. I look at Patty questioningly. She just rolls her eyes and then twirls her finger around her ear. Clearly, she thinks John’s theory is crazy. “Has Steve given you any insights on the new org structure?” I ask out of genuine curiosity—John is always complaining that information security was always prioritized too low. He’s been lobbying to become a peer of the CIO, saying it would resolve an inherent conflict of interest.

Tim says, “Good. Let’s move onto the sixteen significant deficiencies.” A half hour later, Tim is still droning on. I stare glumly at the huge stack of findings. Most of these issues are just like the huge, useless reports we get from Information Security, which is another reason why John has such a bad reputation. It’s the never-ending hamster wheel of pain: Information Security fills up people’s inboxes with never-ending lists of critical security remediation work, quarter after quarter. When Tim finally finishes, John volunteers, “We must get these vulnerable systems patched. My team has a lot of experience patching systems, if you require assistance.

pages: 383 words: 105,021

Dark Territory: The Secret History of Cyber War
by Fred Kaplan
Published 1 Mar 2016

Edgar, 251–52 HowlerMonkey, 136 Hussein, Saddam, 21, 22–23, 25, 74, 110, 132, 143, 145, 241 IBM Selectric typewriters, 16 Idaho National Laboratory, 167, 204 Information Assurance Directorate (NSA), 18, 34, 66, 68, 92–93, 128, 133, 181, 201, 234, 257, 260, 276, 293n Information Operations Center (IOC), 113, 134, 161 Information Operations Technology Center (IOTC), 124–26 information security, see cyber security “Information Security: Computer Attacks at Department of Defense Pose Increasing Risks” (GAO report), 47 Information Security Directorate (NSA), 177 Information Sharing and Analysis Centers (ISACs), 97, 104, 139, 176, 274 “Information Terrorism: Can You Trust Your Toaster?” (Devost), 273 information warfare, 41, 58, 119, 161, 169, 208, 289n and anti-Milosevic campaign, 112–18 China and, 224 command-control systems and, see counter command-control (counter-C2) warfare history of, 4, 219–20 and hunt for Serbian war criminals, 110–12 McConnell’s focus on, 31–32, 34–37 U.S. offensive operations in, 108–10; see also specific operations see also cyber attacks, cyber warfare infrastructure, 67 computer networks and, 41, 45, 52–55 cyber attacks on, 166–69, 174, 198, 212, 214, 215 as cyber attack targets, 104, 212 cyber security and, 186–89, 278, 280–84 Gates-Napolitano plan for protection of, 186–89 as targets of terrorist attacks, 39, 41, 42, 53 Infrastructure Protection Task Force: Moonlight Maze investigation of, 86 Solar Sunrise investigation of, 74–75 Inglis, John C.

Much of this hardware and software was used (or copied) in countries worldwide, including the targets of NSA surveillance; if it could easily be hacked, so much the better for surveillance. The NSA had two main directorates: Signals Intelligence and Information Security (later called Information Assurance). SIGINT was the active, glamorous side of the puzzle palace: engineers, cryptologists, and old-school spies, scooping up radio transmissions, tapping into circuits and cables, all aimed at intercepting and analyzing communications that affected national security. Information Security, or INFOSEC, tested the reliability and security of the hardware and software that the SIGINT teams used. But for much of the agency’s history, the two sides had no direct contact.

(Santa Monica: RAND Corporation, 1993), but their use of the phrase was more like what came to be called “netcentric warfare” or the “revolution in military affairs,” not “cyber war” as it later came to be understood. “may have experienced as many as 250,000 attacks”: General Accounting Office, “Information Security: Computer Attacks at Department of Defense Pose Increasing Risks” (GAO/AIMD-96-84), May 22, 1996. The report attributes the estimate to a study by the Pentagon’s Defense Information Security Agency. “Certain national infrastructures”: President Bill Clinton, Executive Order 13010, “Critical Infrastructure Protection,” July 15, 1996, http://fas.org/irp/offdocs/eo13010.htm. “We have not yet had a terrorist”: Jamie Gorelick, Security in Cyberspace: Hearings Before the Permanent Subcommittee on Investigations of the Comm. on Government Affairs. 104th Cong. (1996) (Statement of Jamie Gorelick, Deputy Attorney General of the United States.)

pages: 340 words: 96,149

@War: The Rise of the Military-Internet Complex
by Shane Harris
Published 14 Sep 2014

Today most large banks in the United States employ cyber security personnel trained to detect vulnerabilities in software and network configurations, analyze malware to understand how they work and what they’re designed to do, and respond to intrusions. Among the main pools of talent for the banks are the US military and intelligence agencies. The former chief information security officer for Bank of America was previously a senior technology official in the Office of the Director of National Intelligence who began his career as a cryptologic linguist in the air force. The chief information security officer at Wells Fargo served for twenty years in the navy, including stints as an information warfare officer, and later worked for the FBI. The chief information risk officer for JPMorgan Chase never worked in government, but he worked for a year at SAIC, which is largely supported by intelligence agency contracts and is often called “NSA West.”

The first blackout was the largest in North American history, covering a 93,000-square-mile area including Michigan, Ohio, New York, and parts of Canada. An estimated 50 million people were affected. The ensuing panic was so severe that President Bush addressed the nation to assure people the lights would come back on. Within twenty-four hours, power was mostly restored. One information security expert who was under contract to the government and large businesses, dissecting Chinese spyware and viruses found on their computers, claimed that in the second blackout, a Chinese hacker working for the People’s Liberation Army had attempted to case the network of a Florida utility and apparently made a mistake.

“Graduates of the program become invaluable to [the agency] as the solution to universal [computer network operations] problems,” says an NSA brochure, using the technical term for cyber offense. After less than two years Schuh joined the CIA, where he worked in the agency’s technical operations unit, which helps the NSA place surveillance equipment in hard-to-reach places. But soon he was off to the private sector, eventually winding up at Google, where he works as an information security engineer. Google has set up a team, which includes Schuh, devoted to finding security weaknesses and zero day exploits that could be used against Google’s customers and its products, such as its e-mail system and web browser. The company itself has been the target of sophisticated hacking campaigns, most notably one by a Chinese group in 2010, which broke in to a database of proprietary software code.

pages: 523 words: 154,042

Fancy Bear Goes Phishing: The Dark History of the Information Age, in Five Extraordinary Hacks
by Scott J. Shapiro

Rather, they are novel because they can do what bombs have never been able to do, namely, to affect the information security of the target. Malware can steal data; it can change data; it can block data. Fancy Bear implanted X-Agent on DNC servers, not Novichok nerve agent. The GRU wasn’t trying to destroy the DNC servers or its employees, as it tried to kill double agent Sergei Skripal. Fancy Bear was trying to steal information. Because cyberweapons enjoy a functional duality—they can affect physical and information security—it would be a mistake to apply the laws of war to all forms of cyber-conflict. If a state uses malware to produce destructive kinetic effects, then the traditional rules for war should apply.

Along with their software, vendors had to submit a highly formal, mathematical representation of their design and then provide logical proofs showing that the design was secure. They would hand this material over to the NSA’s National Computer Security Center for grading. The military would buy only from vendors who had received a high enough security rating from the NSA. In no other way, the military thought, could their information security needs be met. The story of the VAX VMM Security Kernel demonstrates the pitfalls of this strategy. In 1979, Major Roger Schell led a team to create an operating system that could withstand the NSA’s most rigorous tests and achieve the highest possible score from the NSA—an A1 rating. To do so, his team built the system in a secured laboratory that only the development group could enter.

Many Americans began to see the NSA as their adversary, not their protector. The Eye of Sauron had turned inward and was spying on their private communications. (The first Lord of the Rings movie was released three months after 9/11.) American demands for physical security had led to a loss in their information security. Trustworthy Computing In 2002, Bill Gates penned another memo, titled “Trustworthy Computing,” in which he expressed anxiety about the loss of consumer confidence in Microsoft. The rash of virus and worm attacks were making the company look bad. “Flaws in a single Microsoft product, service or policy not only affect the quality of our platform and services overall, but also our customers’ view of us as a company.”

pages: 299 words: 88,375

Gray Day: My Undercover Mission to Expose America's First Cyber Spy
by Eric O'Neill
Published 1 Mar 2019

Another three to the opposite side of the room from Hanssen’s office, where a separate Internet computer station waited. Eight steps in reverse to reach the closed door behind which I could hear the cinematic blades of The Mask of Zorro beat against each other. I was a fidgeter too. Another thing I had in common with the spy. I’d start at the beginning. I uncapped a red dry-erase marker and wrote “Information Security” in big letters on the massive whiteboard between my desk and the door to Hanssen’s office, just under the black words spelling out “Information Assurance Section.” The antiseptic smell of the red ink lingered. I stared at the phrase to pull it forward into my mind. Assurance is not the same as security.

We assure that information will be available, authentic, and confidential. We secure that same information by defending it from attack. Eventually, the term “cybersecurity” would come to encompass both of these poles. But at the time, most technology experts talked about information assurance and information security (INFOSEC) as mutually exclusive practices. I picked up a green pen and finished the full title of our small office in Room 9930. Information Assurance/Security Team. All that Hanssen had told me about the flaws in the ACS and Hanssen’s law flooded forward in my mind until I imagined the answer swimming just behind my eyes.

“All that comes back is a 65A and a bucketload of x’s, but that is enough.” He picked up the eraser. “Our mole now knows that the person he searched is compromised.” How many times had Hanssen searched his own name? “And I suppose he sells that information back to the Russians?” “Exactly.” Hanssen hefted the eraser and struck out my addition. “If information security is the best definition you can come up with, the future of the FBI is doomed.” I sucked down my exasperation. “It’s not my definition of information assurance. I’m working through the problem.” Hanssen tossed the eraser on my desk. “Try harder.” He looked at his watch. “I’m meeting my wife for the Right to Life March and won’t be back for a few hours.

pages: 168 words: 49,067

Becoming Data Literate: Building a great business, culture and leadership through data and analytics
by David Reed
Published 31 Aug 2021

Table 2.3: Data roles within conventional organisational structures Function Role Task Analytics Customer churn analyst Churn propensity modelling Customer management Retention manager Churn propensity modelling Marketing Customer marketing manager Churn propensity modelling Board Chief customer officer Creating single view of the customer Data management Customer database manager Creating single view of the customer Business intelligence Customer analyst Net customer figure report Finance Chief financial officer Net customer figure report Compliance KYC manager Identity validation Ecommerce Channel manager Identity validation Information security Information security officer Identity validation Customer experience Cx manager Behavioural modelling Data science Data scientist Behavioural modelling Centralisations of roles, for example into a data and analytics centre of excellence, removes role and task duplication while supporting multiple internal customers (see Table 2.4).

Table 2.4: Data roles within a centre of excellence: task-based view of customer data roles Task Role Function Customers Creating single view of the customer Customer database manager Data and analytics centre of excellence Marketing Net customer figure report Customer analyst Data and analytics centre of excellence Board, Marketing Churn propensity modelling Customer churn analyst Data and analytics centre of excellence Marketing Behavioural modelling Data scientist Data and analytics centre of excellence Cx management Identity validation Information security officer Information security Ecommerce The reality of multi-stakeholder data and analytics tasks Data and analytics tasks are rarely unique to a single function since the way in which data or models are defined, distributed and operationalised inevitably involves multiple roles.

In many ways, this forces the level of data-driven decisioning to consider each individual, rather than dealing in groups and averages, which is not necessarily what the data architecture or operating processes are able to support. Yet keeping skills, tech and data at the most advanced level is itself an ethical choice which proves beneficence – consider how failure to update core information security software led to data breaches at Sony and BA, for example. 3. Non-maleficence Probably the best-known example of any ethical principle is the pledge by medical practitioners to ‘do no harm’. Technologists have long tried to position their developments as inherently neutral and therefore unable to do harm in and of themselves, but only through the way they are deployed.

Spies, Lies, and Algorithms: The History and Future of American Intelligence
by Amy B. Zegart
Published 6 Nov 2021

Population estimate as of July 2019 from United States Census Bureau, “Los Angeles city, California,” QuickFacts, https://www.census.gov/quickfacts/losangelescitycalifornia (accessed November 18, 2020). 88. Information Security Oversight Office, “2013 Report to the President,” National Archives and Records Administration, https://www.archives.gov/files/isoo/reports/2013-annual-report.pdf, 6. 89. Information Security Oversight Office, “2016 Report to the President,” National Archives and Records Administration, https://www.archives.gov/files/isoo/reports/2016-annual-report.pdf, 4. Each time anyone with a clearance uses secret materials in another document format (like an email), that subsequent work product must also be classified in a process called a “derivative classification.”

Bradley, “Letter to the President,” August 16, 2019, https://www.archives.gov/files/isoo/images/2018-isoo-annual-report.pdf (accessed June 16, 2020). 90. From 1995 to 1999, the federal government declassified an average of 157 million pages annually. Information Security Oversight Office, “2009 Report to the President,” National Archives and Records Administration, March 31, 2010, https://www.archives.gov/files/isoo/reports/2009-annual-report.pdf (accessed June 16, 2020), 11. In 2017, by contrast, 46 million pages were declassified. Information Security Oversight Office, “2017 Report to the President,” National Archives and Records Administration, May 31, 2018, https://www.archives.gov/files/isoo/reports/2017-annual-report.pdf (accessed April 8, 2020), 14–15.

Information Security Oversight Office, “2017 Report to the President,” National Archives and Records Administration, May 31, 2018, https://www.archives.gov/files/isoo/reports/2017-annual-report.pdf (accessed April 8, 2020), 14–15. Figures exclude mandatory declassification review, which “provides for direct, specific review for declassification of information when requested.” Information Security Oversight Office, “2009 Report to the President,” 11. 91. Information Security Oversight Office, “2017 Report to the President,” 15. 92. Herbert Lin and Amy Zegart, “Introduction,” in Bytes, Bombs, and Spies (Washington, D.C.: Brookings Institution Press, 2019), 5. My Stanford colleague Herb Lin and I were so concerned that classification was impeding the development of strategic thinking in cyber, we asked United States Cyber Command to partner with us and hold a workshop bringing academics and policymakers together to examine the strategic dimensions of offensive cyber operations.

pages: 302 words: 85,877

Cult of the Dead Cow: How the Original Hacking Supergroup Might Just Save the World
by Joseph Menn
Published 3 Jun 2019

At the heart of that book was a true tale of Russian intelligence collaborating with criminal hackers, a scenario that went from shocking at the time of publication in 2010 to widely accepted today. Since then, many books have tackled the military-internet complex, intelligence gathering, and cyberwarfare, together with WikiLeaks, Edward Snowden, and the 2016 US election. Missing in all of them has been a compelling account of the people dedicated to information security who are out of the spotlight or even in the shadows, fighting to protect our personal data and freedom as well as our national security. In many cases, these people are more colorful than their adversaries. That is especially true of the people whose tale is told in this book: key members of the Cult of the Dead Cow, who have played a role in all of the major issues cited above.

When Edward Snowden leaked files showing that the NSA was collaborating closely with the big internet companies, especially to scoop up data on people in other countries, Stamos gave a heartfelt talk on ethics at the biggest hacking conference, Def Con. He declared that despite the lack of widely enforced moral codes, security experts should consider resigning their posts rather than violate human rights. For all the stridency, Yahoo hired Stamos as chief information security officer, part of the general public response by Silicon Valley giants to the exposure of complicity. He stayed until 2015, when he quietly quit over the company’s unannounced searches of all user email under a secret court order. Since then he had held the top security job at Facebook, trying to limit the damage of Russian hackers spreading hacked Democratic emails under false pretenses and fighting other battles against propaganda, despite lukewarm support from above.

“We were pirates, not mercenaries,” Beck said. “Pirates have a code.” They rejected illegal jobs and those that would have backfired on the customer. One of @stake’s main grown-ups, CEO Chris Darby, in 2006 became CEO of In-Q-Tel, the CIA-backed venture capital firm in Silicon Valley, and Dan Geer joined as chief information security officer even without an agency clearance. Darby later chaired Endgame, a defense contractor that sold millions of dollars’ worth of zero-days to the government before exiting the business after its exposure by hackers in 2011. On defense, Christien Rioux and Wysopal started Veracode, which analyzed programs for flaws using an automated system dreamed up by Christien in order to make his regular work easier.

pages: 562 words: 153,825

Dark Mirror: Edward Snowden and the Surveillance State
by Barton Gellman
Published 20 May 2020

Careful readers will know by now that the markings on this document stood for “communications intelligence” and “no foreign distribution.” The designation X1 was a claim of exemption from automatic declassification review after ten years. The governing rule at the time was Information Security Oversight Office, “ISOO Directive No. 1,” October 13, 1995, archived at https://fas.org/sgp/isoo/isoodir1.html. Updated rules, which ended the X-series exemptions, came in Information Security Oversight Office, “Marking Classified National Security Information,” December 2010, at www.archives.gov/files/isoo/training/marking-booklet.pdf. I am indebted to Steven Aftergood, author of the Secrecy News blog at the Federation of American Scientists, for explaining this to me.

I want to expatriate with flair and clandestine meetings!” The wish came true on August 26, 2006. Snowden added “STF,” or staff, to his email address, swapped a green contractor’s badge for a blue one, and received agency identification number 2339176. He was a full-time employee now, soon to be deployable as a telecommunications information security officer. The official designation was TISO, but agency folk, old-timers especially, called the job “commo.” Snowden swallowed a five-figure pay cut to take what he saw as a dream job. The CIA’s public affairs staff answers no questions about Snowden’s job duties or performance, leaving former officials to say what they like without accountability to the documentary record.

I don’t think I’m a bad-looking guy, but I’m not the kind of guy women message out of the blue and invite me to cuddle.” Soltani suspected an intelligence agency setup—“the Chinese government trying to get up on me” in an effort to elicit information about the NSA documents, or to steal the digital files. The two of us talked through a well-known information security scenario known as the evil maid attack, which relies on brief physical access to a computer to steal its encryption credentials. The Snowden files, as it happened, were at that time locked in a Washington Post vault room and kept separate from their keys, but outsiders would not know that.

pages: 363 words: 105,039

Sandworm: A New Era of Cyberwar and the Hunt for the Kremlin's Most Dangerous Hackers
by Andy Greenberg
Published 5 Nov 2019

After his family had gone to sleep, Yasinsky printed the code and laid the papers across his kitchen table and floor, crossing out lines of camouflaging characters and highlighting commands to see the malware’s true form. Yasinsky had been working in information security for twenty years. After a stint in the army, he’d spent thirteen years as an IT security analyst for Kyivstar, Ukraine’s largest telecommunications firm. He’d managed massive networks and fought off crews of sophisticated cybercriminal hackers. But he’d never analyzed such a well-concealed and highly targeted digital weapon. As a security researcher, Yasinsky had long prided himself on a dispassionate and scientific approach to the problems of information security, drilling into the practical details of digital defense rather than obsessing over the psychology of his adversary.

And that’s where the real toll of its outage would be felt. On the morning of the attack, Jacki Monson was sitting in a conference room in an office park in Roseville, California, a suburb of Sacramento. Monson served as the chief privacy and information security officer for Sutter Health, a network of more than twenty-four hospitals and clinics from Utah to Hawaii. Early that morning, she’d received a jarring message from Merck’s chief information security officer about the company’s crippling NotPetya infection, via a mailing list for the Health Care Industry Cybersecurity Task Force, a group created by the Obama administration to examine cybersecurity risks to medical organizations.

It would be primed to strike. 5 STARLIGHTMEDIA On a calm Sunday morning in October 2015, more than a year before Yasinsky would look out of his kitchen window at a blacked-out skyline, he sat near that same window in his family’s high-rise apartment in Kiev, sipping tea and eating a bowl of cornflakes. Suddenly his phone buzzed with a call from an IT administrator at work. Yasinsky was, at the time, employed as the director of information security at StarLightMedia, Ukraine’s largest TV broadcasting conglomerate. The night before, his colleague on the phone told him, two of StarLight’s servers had inexplicably gone off-line. The admin assured Yasinsky that it wasn’t an emergency. The machines had already been restored from backups. But as Yasinsky quizzed his colleague further about the server outage, one fact immediately made him feel uneasy.

pages: 443 words: 116,832

The Hacker and the State: Cyber Attacks and the New Normal of Geopolitics
by Ben Buchanan
Published 25 Feb 2020

Just as the United States holds a home-field advantage, thanks to geography and history, in passive collection, it also enjoys a natural edge when it comes to backdooring encryption. Much of the world’s cryptography is American-made, and NSA files indicate that the agency attempts “to leverage sensitive, co-operative relationships with specific industry partners.” It uses these relationships to gather “cryptographic details of commercial cryptographic information security systems” and to alter the systems in ways that benefit the agency. These modifications introduce weaknesses into the companies’ products with the aim “to make them exploitable” by the NSA’s cryptographers.2 When the agency cannot rely on a partnership, it tries to introduce weaknesses covertly.3 The right flaw in the right spot can offer dramatic geopolitical advantage; just a single tainted encrypted component, endowed with a backdoor known only to its creators, can render entire systems of encryption insecure.

For the definitive report on this series of intrusions and the failure to alert relevant authorities, see “Inquiry into Cyber Intrusions Affecting U.S. Transportation Command Contractors.” 40. Kim Zetter and Andy Greenberg, “Why the OPM Breach Is Such a Security and Privacy Debacle,” Wired, June 11, 2015; US Office of Personnel Management, “Federal Information Security Management Act Audit FY 2014: Final Audit Report,” Office of the Inspector General / Office of Audits Report Number 4A-CI-00-14-016, November 12, 2014, 10; Aliya Sternstein, “Here’s What OPM Told Congress the Last Time Hackers Breached Its Networks,” NextGov, June 15, 2015. 41. David Sanger, “Hackers Took Fingerprints of 5.6 Million U.S.

Waqas Amir, “Iran Hacked Vegas Casino Wiping Hard Drives, Shutting Down Email,” HackRead, December 19, 2014. 36. Elgin and Riley, “Now at the Sands Casino: An Iranian Hacker in Every Server.” 37. This account of the Sands operation is drawn from in-depth media reporting. Many details were confirmed by individuals in the information security community with direct knowledge of the case and the attackers. Jose Pagliery, “Iran Hacked an American Casino, U.S. Says,” CNN, February 27, 2015; Elgin and Riley, “Now at the Sands Casino: An Iranian Hacker in Every Server.” 38. Joseph Marks, “The Cybersecurity 202: Iran’s the Scariest Cyber Adversary, Former NSA Chief Says,” Washington Post, May 3, 2019. 39.

Active Measures: The Secret History of Disinformation and Political Warfare
by Thomas Rid

Committee staffers from both parties wanted me to help present to the American public the available forensic evidence that implicated Russia, evidence that at the time was still hotly contested among the wider public, and that, of course, the Russian government denied—as did the president of the United States. The situation was unprecedented. The other two witnesses were Keith Alexander, former head of the National Security Agency, and Kevin Mandia, CEO of FireEye, a leading information security firm. Just before the hearing began, a staffer brought us from the greenroom to the witness table. Everybody else was seated already. As we walked in, I looked at the row of senators in front of us. Most of the committee members were present. Their faces looked familiar. The room was crowded; press photographers, lying on the floor with cameras slung around their necks, were soon ushered out.

The movement’s breathless optimism expressed itself in slogans and themes: that information wanted to be free, sources open, anonymity protected, and personal secrets encrypted by default, yet government secrets could be exposed by whistle-blowers, preferably anonymously, on peer-to-peer networks. Much of this idealism was and is positive, and in many ways, activist projects have helped strengthen information security and internet freedom. And yet, at the fringes, this emerging subculture embraced a combination of radical transparency and radical anonymity, along with hacking-and-leaking, stealing-and-publishing—and thus created what had existed only temporarily before: the perfect cover for active measures, and not only thanks to the white noise of anonymous publication activity, from torrents to Twitter.

By 2013, only a few Cold War historians and veteran intelligence reporters remembered that Eastern bloc intelligence services had once perfected the art of semi-covert active measures enhanced by skillful falsifications, and that Congress had once held hearings on “the forgery offensive.” At the time of the Snowden leaks, Bruce Schneier was a widely respected cryptographer, an authority on information security, and a keen technical observer of NSA operations. In August 2014, Schneier used his popular online journal to take a close look at various recent NSA leaks and where they may have originated, concluding that the U.S. intelligence community now had “a third leaker.” (The FBI pursued a similar hypothesis.)

Demystifying Smart Cities
by Anders Lisdorf

While that seems like a lot of devices, it is not when we compare it to the total number of devices on the Internet, which is in the billions range already. Imagine if 100,000 devices can take down the Internet what a million or a billion can do. More and more companies and cities are employing a Chief Information Security Officer (CISO) to be responsible for having adequate policies and standard operating procedures in place. A huge part of his or her job is to gain control of the sprawling array of devices being used. The number of devices is increasing fast, but today this area is the wild west of IT. Whereas earlier the Internet used to be a wild and unregulated place, this is not the case to the same extent anymore.

Standards are important in order to inform people about what to do, since it is too much to expect every one developing solutions to be on top of what makes for good security. Types of security risks Classical security thinking divides security into three aspects that need to be handled:Confidentiality is the ability to protect the data in such a way that only authorized people will be able to access it. According to the Federal Information Security Management Act of 2002 (FISMA), it is defined as “Preserving authorized restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information....” A loss of confidentiality is therefore the unauthorized disclosure of information. In 2017 the credit rating agency Equifax was breached, and sensitive information about 146 million people’s financial situation was stolen.

Strogatz, Nature 393, 440–442 1998 https://web.archive.org/web/20140803231327/http://www.nyc.gov/html/doitt/downloads/pdf/payphone_rfi.pdf (October 2, 2019) the original RFI for what turned out to be LinkNYC from 2012 www1.nyc.gov/office-of-the-mayor/news/923-14/de-blasio-administration-winner-competition-replace-payphones-five-borough (October 2, 2019) press release of the winner of the LinkNYC bid www.citylab.com/life/2015/04/de-blasios-vision-for-new-york-broadband-for-all-by-2025/391092/ (October 2, 2019) an article about Mayor of New York Bill De Blasio’s plan for broadband for all in New York by 2025 www1.nyc.gov/site/doitt/agencies/nycwin.page (October 2, 2019) a description of The New York City Wireless Network, known as NYCWiN www.thethingsnetwork.org (October 5, 2019) a project dedicated to building LoRaWAN solutions Chapter 3 https://dyn.com/blog/dyn-analysis-summary-of-friday-october-21-attack/ (October 2, 2019) the official analysis of the Dyn attack on October 21 https://citiesfordigitalrights.org (October 2, 2019) the official site for the Cities for Digital Rights coalition www.theguardian.com/world/2018/jan/28/fitness-tracking-app-gives-away-location-of-secret-us-army-bases (October 2, 2019) an article about the Strava fitness tracking incident involving a US Army base https://en.wikipedia.org/wiki/Stuxnet (October 2, 2019) a description from Wikipedia of the Stuxnet worm https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.199.pdf (October 2, 2019) the official FIPS 199 standard for categorization of information and information systems https://en.wikipedia.org/wiki/Federal_Information_Security_Management_Act_of_2002 (October 2, 2019) a description of the FISMA framework from Wikipedia https://arrayofthings.github.io/ (October 2, 2019) the official site of the Array of Things project http://maps.nyc.gov/snow/# (October 2, 2019) the PlowNYC site where New Yorkers can track the progress of snow plows during wintertime Chapter 4 https://scijinks.gov/air-quality/ www.epa.gov/pm-pollution/particulate-matter-pm-basics (October 2, 2019) definition of what particulate matter is https://brightplanet.com/2013/06/twitter-firehose-vs-twitter-api-whats-the-difference-and-why-should-you-care/ (October 2, 2019) a description of how the Twitter Firehose works www.waze.com/ccp (October 2, 2019) official site of the Twitter Connected Citizens Program The NIST Definition of Cloud Computing , Peter M.

pages: 568 words: 164,014

Dawn of the Code War: America's Battle Against Russia, China, and the Rising Global Cyber Threat
by John P. Carlin and Garrett M. Graff
Published 15 Oct 2018

Whereas we tend to refer to cyber as encompassing both online offense and defense, both propaganda efforts and covert measures, Chinese strategists define the online realm in a subtly different—and broader—way, speaking of “network strategy” to refer specifically to technical online protections and “information security” to refer to a wide range of tools and operations aimed at influencing others online.19** Operation Allied Force, NATO’s air war in Yugoslavia, is largely forgotten in the United States, but it dramatically changed the approach of the Chinese military. On May 7, 1999, American B-2 stealth bombers accidentally hit the Chinese embassy in Belgrade, killing three, after US targeters mistook it for a warehouse.

He was a Buddhist scholar, publishing essays on the religion online and explaining how Buddhism provided a window on the life of hackers. He had also published two articles in 2008 about computer network exploitation techniques, identifying himself as a researcher affiliated with Shanghai Jiao Tong University’s Information Security Engineering Institute, which was headed by Peng Dequan, a former science and technology director at China’s lead foreign intelligence service, the Ministry of State Security.50 We knew a seemingly incredible amount about Yinan Peng—we had even seen him receive an email from known Chinese government hackers who were part of one of the related Comment Crew teams.51 But, at that time, even being able to trace back the attacks to an individual meant little to the US government—there was no tool in our toolbox to do anything with that information.

Amazingly, the hack continued undetected for nearly two more years, through at least November 2016.15 When the hack was finally caught and reported and the FBI case unfolded, investigators zeroed in on four specific suspects: two FSB officers, Dmitry Aleksandrovich Dokuchaev and Igor Anatolyevich Sushchin, and two criminal hackers, Karim Baratov and Alexsey Belan. Each of the four proved interesting in his own way: Dokuchaev was an officer with the FSB’s Second Division, the Center for Information Security, known as Center 18. It was the equivalent of the FBI’s Cyber Division, the unit tasked with fighting cybercrime. Dokuchaev had a unique background for an intelligence officer: He had spent a decade as a Russian hacker, stealing credit cards and purchasing technology such as “skimmers” and encoders that helped thieves mimic real credit cards with physical plastic.

pages: 392 words: 114,189

The Ransomware Hunting Team: A Band of Misfits' Improbable Crusade to Save the World From Cybercrime
by Renee Dudley and Daniel Golden
Published 24 Oct 2022

” * * * Sarah is her real name, but White isn’t. She adopted the alias to maintain her privacy and to protect herself against retaliation by ransomware gangs. As of the autumn of 2021, Sarah was in her fourth and final year at Royal Holloway, part of the University of London, majoring in computer science and information security. She didn’t take classes in her third year; instead, she earned school credit, and a salary, as a full-time software developer for Intel. She has also worked part-time for Emsisoft as a ransomware analyst since March 2016, when she was still in high school. Born in 1998, she’s petite, with shoulder-length light brown hair.

Extracting some of the longer keys in a reasonable amount of time required more computing capacity than Michael had at his disposal. By chance, Mission Health, a North Carolina hospital chain where Daniel Gallagher was in charge of cybersecurity, had just bought two high-powered servers. The chief information security officer allowed Daniel to use them to help the task force. “Hey, I got $10,000 servers sitting there that are just idle right now,” Daniel recalled messaging the other members. “Let’s put them to use.” Michael jumped on the offer and sent a script to Daniel. “OK, run this,” Michael told him.

“It was my initiative; I had to fight for the money,” he said. “I was moving data onto Amazon Web Services for four or five months before the attack, anticipating possible threats. You go to sleep every night knowing that something like this could happen.” In 2014, Gayle Guilford became the city’s first chief information security officer, with two part-time engineers on loan from other duties. She scrounged for funding and free expertise wherever she could find it. Whenever Phyllis Schneck, DHS’s cybersecurity chief, spoke at a public event, Gayle showed up. She waited until the talk was over, approached Schneck, proffered a business card, and said, “I know you do vulnerability assessments.

pages: 329 words: 95,309

Digital Bank: Strategies for Launching or Becoming a Digital Bank
by Chris Skinner
Published 27 Aug 2013

That’s the criminal’s job: to continually test and try to break the security of the bank. This means that the bank must therefore always be one step behind those who want to create cracks in their firewalls. That means continual renewal of information security policies, systems and infrastructures, and making sure that the bank keeps up with the best practices in securing their customer’s data. In conclusion, banks should place themselves firmly at the heart of information security and offer customers a secure data vault. This is the real opportunity for now and the future for financial organisations: to guarantee security of mobile transaction and mobile data.

Customers are more loyal to their mobile connections than their partners, so the question from the people side of change is two-fold: We need to break the shackles of being hamstrung by heritage. As many people tell me, the only place we engage with old technology is when we go to work. We need to work out how to keep our information secure as, right now, it’s not. We also need to analyse customer data to sell more and service better, but the customer doesn’t want to be digitally raped. We talk about permissions based marketing, but the customer wants to keep their privacy. However, conversely, the customer then goes onto Facebook and gives away their email, mobile, relationships and more.

If you give Google or PayPal the opportunity to become the secure financial data manager or the secure data vault of everything, then what is the role of the processor and the bank in that future? Surely this just gives the whole game away to someone else? This is why the focus upon data and data security is the key to the future. It is not a focus upon money and financial security, but data and information security that will differentiate the future winners and losers. In the meantime, banks have to transition from the old world of physical monetary security to this new world of electronic data security. There is a transition time between the old world and the new, and the question is for how long is this transition going to take place?

pages: 374 words: 94,508

Infonomics: How to Monetize, Manage, and Measure Information as an Asset for Competitive Advantage
by Douglas B. Laney
Published 4 Sep 2017

Yes, we data professionals have really just been improvising for decades. One of the key issues for chief data officers and those tasked with managing information as an asset is the lack of standards for information. In fact, the only standard related to information management is in the mouthful: “ISO/IEC 27001 Information technology—Security techniques—Information security management systems—Requirements,”1 Currently, this is the only widely accepted international standard which deals at all with managing information.2 The standard calls for the inventorying of all kinds of assets, including documenting their classification, owner, usage rules, labeling, control, and handling guidelines.3 Sure, the Institute of Electrical and Electronics Engineers (IEEE) has standards for information technology, the North Atlantic Treaty Organization (NATO) and the United Nations (UN) have standards for information sharing among military organizations and countries, various multinational industry associations such as the World Bank and the International Astronomical Union and have developed regulations for information sharing among member organizations, and various countries alone or together have laws and regulations for information handling.

Do information management departments or leaders have a global standard for information best practices? Do they have any kind of inventory standard for information assets? Do they have a standard way to document the contractual rights and privileges for information usage, or to track them (other than for information security or privacy regulations)? Is there a recognized standard for reporting on information utilization? At best, the answer to any of these is: hardly. Now, ask yourself: which is more critical to an organization, the customer information or the hardware upon which it resides? It’s no wonder why the ITAM conference attendees I met were dumbfounded when I mentioned no such standards or procedures exist for the management of information assets.

Justifying and Proving the Benefits of Information-Related Initiatives Various leading and trailing indicators, forecasting methods, and value determinations of IAM activities can and should be supported by a range of metrics. Whether it’s determining ROI or simply connecting the dots between information characteristics and business outcomes, quantifying information’s quality and valuation are critical. Improving Information Security Several years ago, I spoke with Carsten Casper, Gartner’s managing vice president of digital workplace security, about how organizations budget for data security if they don’t know the value of what they’re securing. He suggested that most employ one of two methods, either: 1) the “Keep up with the Joneses” method of spending what other organizations like their own do, or 2) waiting until some kind of catastrophic event like a breach, then spending enough to make sure that this or something like it doesn’t happen again.

pages: 1,380 words: 190,710

Building Secure and Reliable Systems: Best Practices for Designing, Implementing, and Maintaining Systems
by Heather Adkins , Betsy Beyer , Paul Blankinship , Ana Oprea , Piotr Lewandowski and Adam Stubblefield
Published 29 Mar 2020

The operational and organizational approaches to security in large enterprises have varied dramatically over the past 20 years. The most prominent instantiations include fully centralized chief information security officers and core infrastructure operations that encompass firewalls, directory services, proxies, and much more—teams that have grown to hundreds or thousands of employees. On the other end of the spectrum, federated business information security teams have either the line of business or technical expertise required to support or govern a named list of functions or business operations. Somewhere in the middle, committees, metrics, and regulatory requirements might govern security policies, and embedded Security Champions might either play a relationship management role or track issues for a named organizational unit.

This book is full of useful insights from cover to cover, and each example and anecdote is heavy with authenticity and the wisdom that comes from experimenting, failing and measuring real outcomes at scale. It is a must for anybody looking to build their systems the correct way from day one. Alex Stamos, Director of the Stanford Internet Observatory and former CISO of Facebook and Yahoo This book is a rare treat for industry veterans and novices alike: instead of teaching information security as a discipline of its own, the authors offer hard-wrought and richly illustrated advice for building software and operations that actually stood the test of time. In doing so, they make a compelling case for reliability, usability, and security going hand-in-hand as the entirely inseparable underpinnings of good system design.

In this chapter, we walk through debugging techniques and provide some strategies for what to do when you’re stuck. We then discuss the differences between debugging a system issue and investigating a security concern, and examine tradeoffs to take into account when deciding which logs to retain. Finally, we look at how to keep these valuable sources of information secure and reliable. In an ideal world, we would all build perfect systems, and our users would have only the best of intentions. In reality, you’ll encounter bugs and need to conduct security investigations. As you observe a system running in production over time, you’ll identify areas for improvement and places where you can streamline and optimize processes.

pages: 461 words: 125,845

This Machine Kills Secrets: Julian Assange, the Cypherpunks, and Their Fight to Empower Whistleblowers
by Andy Greenberg
Published 12 Sep 2012

Because as soon as we start to believe that maybe it’s not all black-and-white, that someone can do wrong for a good reason, that not every action of law is inherently infallible, it strikes a very dangerous precedent for the government the way it wants to operate today. After the documentary’s filming was completed in 2003, Hackers Wanted went unreleased for seven years until it was finally leaked in May of 2010 onto copyright-flouting BitTorrent file-sharing networks, where it became a modest hit in the world of hackers and information security. Lamo insists he wasn’t the source of the leak. When fans wrote to Lamo and the film’s director, Sam Bozzo, asking how they could support the film with donations, Lamo wrote on his Twitter feed on May 20 that donors should give their money instead to WikiLeaks, the whistleblower organization that one month before had released Manning’s Apache helicopter video to an explosive response.

Despite signing up a few major banks, Chaum’s crypto-currency never quite caught on, a result of what some say is bad luck and others say was Chaum’s overly controlling style of doing business, which may have quashed many of his company’s attempts to find mainstream partnerships. But few in the computer security world doubt Chaum’s sheer cryptographic brilliance—his patents range from physical locks to software security systems to anonymity and pseudonymity mechanisms that would secure his reputation as a computer science and information security powerhouse. Growing up and attending high school in an L.A. suburb, Chaum lived the rebellious life of a child who understands he is smarter than everyone he knows. He would show up for shop class and then play hooky the rest of the day, crossing town to sneak into computer science classes at UCLA.

In 2002, those gigs led Appelbaum to his first real job: an information technology administrator position at Greenpeace. It was a tougher and more practical education than anything he would have found at Santa Rosa Junior College. Appelbaum learned from a combative, grizzled Linux guru at the NGO who went by the hacker handle Shord. His mentor—and the rest of Greenpeace—took information security seriously. The group’s radical environmentalists often referenced the Rainbow Warrior, a ship Greenpeace used in its antiwhaling activities that was sabotaged and sunk by French intelligence agents in 1985, drowning one of the group’s photographers. “Greenpeace’s security issues are real,” says Appelbaum.

pages: 252 words: 75,349

Spam Nation: The Inside Story of Organized Cybercrime-From Global Epidemic to Your Front Door
by Brian Krebs
Published 18 Nov 2014

The rep points are awarded or subtracted by established forum members and moderators who have earned the right to bestow or revoke such status indicators. This system is remarkably effective at regulating the criminal acts of these crooks against each other. Aleksey Mikhaylov, a native Russian and information security expert who has exhaustively reviewed the documents, chats, and other material leaked from the Spamdot forum, said that the threat of a single negative post on the forum prompts these guys to amicably resolve issues worth tens of thousands of dollars. Access to the forum and their “standing” there preoccupies all of them.

According to the website of Russian software firm Digital Infinity Developers Group, Nechvolod was part of a team of elite programmers that could be hired out for jobs at diginf.ru. The Diginf Team page on that site (now defunct) listed Dmitry Nechvolod as an “administrator of UNIX-based systems,” an “administrator of Cisco routers,” and “a specialist in information security software.” Between Nechvolod’s expertise and that of his team, it is clear from reviewing their résumés that this group of programmers could hack their way in or around virtually any communications or security system. Nechvolod’s cadre maintained a core version of the Cutwail bot code and rented it out to other miscreants on underground forums, where the spamming system was known as “0bulk Psyche Evolution.”

Turns out, I burned my expensive Yamamoto shoes, not the ones I wore home from prison!” During his imprisonment, Vrublevsky signed a full confession stating that he masterminded the attack on Assist, Aeroflot’s credit card processor. Vrublevsky’s confession stated that he had instructed a ChronoPay employee—Maksim Permyakov, an information security specialist for the company—to deposit $20,000 in WebMoney payments into a purse owned by Igor A. Artimovich, the alleged Festi spam botmaster and a former employee of Sun Microsystems in Russia. Indeed, a lengthy email thread in the cache of messages leaked from ChronoPay details this exchange precisely.

pages: 266 words: 79,297

Forge Your Future with Open Source
by VM (Vicky) Brasseur

When you increase the font size, the interface is still readable and usable. There are many other interface elements you can test for accessibility. The WebAIM[90] project maintains resources and a handy list[91] to help you learn more about web accessibility. If you have experience or an interest in information security, you’ll find that your skills are in demand in FOSS projects. More experienced security specialists will be able to review project code to determine whether it leaks or exposes sensitive information or whether it performs adequate validation on all inputs. Less experienced security enthusiasts can be very helpful by performing manual input validation tests, or even automated fuzz testing, to test for vulnerabilities in the project’s interfaces.

This can lead to a lot of frustration and wasted time on all sides, but is relatively easy to avoid simply by taking a “read first, understand second, act third” approach. As you’re reading through the issue, if it appears to be reporting or is at all concerned with a matter of privacy or security, escalate it immediately. Security should never be taken lightly, and it’s always far better to be safe rather than sorry where information security (infosec) is involved. Even if you’re a seasoned infosec specialist, always notify the core project developers that there may be a security problem. This is not the sort of thing you want to surprise people with at the last moment. Notify the team and allow them to prepare to fix the issue, should it prove to be a legitimate concern.

Some common suffixes are -dev for lists dedicated to discussion about the technical development of the project, -user for questions and discussions about and by end users of the project, and -announce as a low-traffic list containing important announcements about things like new releases, conference information, security warnings, and similar things, but no discussions at all. Check the project’s documentation to see what mailing lists it offers and sign up only for those that are relevant to you. You can certainly sign up for all of them, but you may find you’re receiving a lot more email than you want or can handle.

pages: 434 words: 77,974

Mastering Blockchain: Unlocking the Power of Cryptocurrencies and Smart Contracts
by Lorne Lantz and Daniel Cawrey
Published 8 Dec 2020

It’s a fundamental shift in how financial services are provided, and this fluid situation leads to attackers constantly searching for exploits to profit from. Privacy Public blockchains like Bitcoin and Ethereum are not great when it comes to privacy. When thinking about decentralizing finance and the web, information security must be carefully considered. To conceal identity, a number of solutions are available. Different implementations will make different uses of these solutions, as privacy is an experimental (yet growing) area of blockchain technology. With Bitcoin and Ethereum, all transaction information is visible in the public blockchain, including the transaction amount and addresses of the sender and receiver.

Byzantine agreement, Other Concepts for Consensus Byzantine fault-tolerant agreement, RippleHotStuff algorithm, Borrowing from Existing Blockchains C Cardano, Blockchains to Watch Casper algorithm (proof-of-stake), Ethereum Scaling CCXT (CryptoCurrency eXchange Trading Library), Open Source Trading Tech cell phone porting attacks, Security Fundamentals central bank digital currencies (CBDCs), Central Bank Digital Currencies centralizationcaused by proof-of-work consensus on Bitcoin, Ripple and Stellar decentralization versus, Decentralization Versus Centralization distributed versus centralized versus decentralized systems, Distributed Versus Centralized Versus Decentralized-Bitcoin Predecessors Libra's centralization challenge, Novi centralized exchanges, Decentralized Exchange Contracts, The Role of Exchanges, Jurisdictiondecentralized exchanges versus, Decentralized Versus Centralized Exchanges-Scalabilitycustody and counterparty risk, Custody and counterparty risk exchange rate, Exchange rate infrastructure, Infrastructure Know Your Customer (KYC) rules, Know your customer scalability, Scalability token listing, Token listing infrastructure differences from decentralized exchanges, Decentralized Exchange Contracts CFTC (Commodity Futures Trading Commission), FinCEN Guidance and the Beginning of Regulation Chainalysis, Analytics channels (Lightning), Lightning Chaum, David, DigiCash Chia, Alternative methods Chicago Mercantile Exchange (CME), partnership with Royal Mint, The Royal Mint China, central bank cryptocurrency, China Coburn, Zachary, Skirting the Laws Coin ATM Radar website, Evolution of the Price of Bitcoin Coinbase, Wallet Types: Custodial Versus Noncustodial, Custody Coinbase Pro, ExchangesAPI example, BTC/USD ticker call, Exchange APIs and Trading Bots arbitrage trading on, Arbitrage Trading-Float Configuration 3 custody solutions, robust, Counterparty Risk example order book, Slippage coinbase transaction, Storing Data in a Chain of Blocks, The Coinbase TransactionBitcoin Genesis block, Achieving Consensus Coincheck, Coincheck CoinDesk, Information coins, DigiCash Coinye, More Altcoin Experiments cold storage wallets, Counterparty Risk cold wallets, Wallet Type Variations collisions, cryptographic hashes and, Hashes colored coins, NXT, Colored Coins and Tokens Commodity Exchange Act (CEA), Wash Trading Commodity Futures Trading Commission (CFTC), FinCEN Guidance and the Beginning of Regulation conferences on blockchain industry, Information confidential assets, Liquid confirmations, Confirmations confirmed transactions, Transactionsconfirmed by miner, Transaction life cycle confirmed by network on Bitcoin, Transaction life cycle consensus, Consensus-Alternative methodsAvalanche mechanism, Avalanche in Bitcoin network, Compelling Components-Generating transactions Corda, Corda consensus in decentralized systems, Distributed Versus Centralized Versus Decentralized Libra mechanism for, Borrowing from Existing Blockchains, How the Libra Protocol Works other concepts for, Other Concepts for Consensus proof-of-stake, Proof-of-Stake-Proof-of-Stake proof-of-work, Proof-of-Work-Confirmationsblock discovery, Block discovery confirmations by miners of block to include in blockchain, Confirmations mining process on Bitcoin, The mining process transaction life cycle, Transaction life cycle SCP protocol, Stellar XRP Consensus Protocol, Ripple ConsenSys, ConsenSysTruffle Suite tools for smart contracts, Authoring a smart contract contentious hard forks, Understanding Forks-Replay attacksreplay attacks vulnerability, Replay attacks Corda, Corda-Corda languageconsensus, Corda consensus how it works, How Corda works ledger, Corda ledger network, The Corda network programming language, Corda language Counterparty blockchain, Counterparty counterparty risk, Counterparty Riskon centralized versus decentralized exchanges, Custody and counterparty risk reduced, on decentralized exchanges, Decentralized Exchange Contracts cross-shard communication complexity, Other Altchain Solutions crypto laundering, The Evolution of Crypto Laundering-The Evolution of Crypto Launderinghow funds are laundered, The Evolution of Crypto Laundering cryptocurrencies, Cryptocurrency Fundamentals-Summaryadditional, Mastercoin introducing notion of, Mastercoin and Smart Contracts backing DAI multi-collateral token, DAI and blockchain, leading to new platforms for the web, Web 3.0 blockchain systems and unit of account, Storing Data in a Chain of Blocks consensus, Consensus-Alternative methodsother concepts for, Other Concepts for Consensus proof-of-stake, Proof-of-Stake-Proof-of-Stake proof-of-work, Proof-of-Work-Confirmations cryptographic hashes, Hashes-Custody: Who Holds the Keys custody, Custody: Who Holds the Keys-Security Fundamentals ICOs or fundraising for projects, Use Cases: ICOs illegal uses of, Catch Me If You Can methods of buying and selling, Evolution of the Price of Bitcoin mining, Mining-Block Generation privacy-focused, Privacy-Focused Cryptocurrencies public and private keys in systems, Public and Private Keys in Cryptocurrency Systems-Public and Private Keys in Cryptocurrency Systems regulatory bodies in the US, FinCEN Guidance and the Beginning of Regulation security, Security Fundamentals-Recovery Seed stablecoins based on, Crypto-Based Stablecoins-Tether stakeholders in ecosystem, Stakeholders-Informationanalytics services, Analytics brokerages, Brokerages custody solutions, Custody exchanges, Exchanges information services, Information theft from ownersexchange hacks, Exchange Hacks-NiceHash other hacks, Other Hacks-Summary transactions in, Transactions-Bitcoin Transaction Security UTXO model for Bitcoin transactions, The UTXO Model-The UTXO Model cryptocurrency ATMs, Evolution of the Price of Bitcoin CryptoCurrency eXchange Trading Library (CCXT), Open Source Trading Tech cryptographyBitcoin's use on transactions, Introducing the Timestamp Server cryptographic hashes, Hashes-Custody: Who Holds the Keys ECDSA encryption, signing and verifying transactions, Signing and Validating Transactions enabling proof-of-work on Hashcash, Hashcash public/private key, Bitcoin's use of, Public/private key cryptography-Generating keys use by DigiCash, DigiCash CryptoKitties, ERC-721-ERC-777causing scaling problems on Ethereum, Challenges in Developing Dapps digital cats as nonfungible tokens, Fungible and Nonfungible Tokens CryptoLocker and ransomware, CryptoLocker and Ransomware CryptoNote protocol, Monero currencies, exchanges for, Exchanges(see also exchanges) custodial wallets, Wallet Types: Custodial Versus Noncustodial(see also wallets) custody, Custody: Who Holds the Keys-Security Fundamentalscounterparty risk with exchanges, Counterparty Risk, Custody and counterparty risk crypto custody solutions, Custody custody providers, Counterparty Risk cyberbucks, DigiCash D DAGs (directed acyclic graphs), DAGs DAI stablecoin, DAIsavings rates for, Savings Dai, Wei, B-Money DAML, DAML DAOs (decentralized autonomous organizations), Decentralized Autonomous Organizations-Other Ethereum forks, Important DefinitionsThe DAO project on Ethereum, Initial Coin Offerings dapps (see decentralized applications) Dash, Dash database management systems (DBMSs), Databases and Ledgers databasesbackend/database differences between centralized exchanges and Uniswap, Infrastructure and ledgers, Databases and Ledgers decentralizationversus centralization, Decentralization Versus Centralization decentralizing the web, Web 3.0 distributed versus centralized versus decentralized systems, Distributed Versus Centralized Versus Decentralized-Bitcoin Predecessors decentralized applications (dapps), Ether and Gas, Decentralized Applications (Dapps)-Challenges in Developing Dappsbuilding decentralized web frameworks, Web 3.0 challenges in developing, Challenges in Developing Dapps Corda, Corda language running on top of a blockchain, Deploying and Executing Smart Contracts in Ethereum use cases, Use Cases decentralized autonomous organizations (DAOs), Decentralized Autonomous Organizations-Other Ethereum forks, Important DefinitionsThe DAO project on Ethereum, Initial Coin Offerings decentralized exchange contracts, Decentralized Exchange Contracts-Summary decentralized exchanges, The Role of Exchanges, Decentralized Exchanges-Scalabilityversus centralized exchanges, Decentralized Versus Centralized Exchanges-Scalabilitycustody and counterparty risk, Custody and counterparty risk exchange rate, Exchange rate infrastructure, Infrastructure Know Your Customer (KYC) rules, Know your customer scalability, Scalability token listing, Token listing decentralized finance (DeFi), Decentralizing Finance and the Web-Derivativesflash loans, Flash Loans-The Fulcrum Exploitcreating the flash loan smart contract, Creating a Flash Loan Contract-Deploying the Contract deploying the contract, Deploying the Contract executing a loan, Executing a Flash Loan-Executing a Flash Loan Fulcrum attack, The Fulcrum Exploit important definitions, Important Definitions privacy and information security, Privacy-Ring Signaturesring signatures, Ring Signatures Zcash, Zcash zero-knowledge proof, Zero-Knowledge Proof zk-SNARKs, zk-SNARKs redistribution of trust, Redistribution of Trust-Naming Servicesidentity and dangers of hacking, Identity and the Dangers of Hacking naming services, Naming Services services, DeFi Services-Derivativesderivatives, Derivatives lending, Lending savings, Savings stablecoins, Stablecoins-KYC and pseudonymity traditional versus decentralized financial system, Decentralizing Finance DeFI Pulse website, DeFi Services delegated proof-of-stake, Alternative methods deposit contracts, Ethereum Scaling depth charts, Depth Chartssell wall on, Whales derivatives, Derivativesin decentralized finance, Derivatives derivatives exchanges, The Role of Exchanges desktop wallets, Wallet Type Variations DEXes (see decentralized exchanges; exchanges) dictionary attacks on passwords, Zero-Knowledge Proof difficulty of discovering valid block hash, Block discovery DigiCash, DigiCash digital bonds, Banking digital money, Bitcoin Predecessors(see also cryptocurrencies) creation of, in B-Money, B-Money use of hashing to limit double spend, Hashcash digital signaturesmultisignature system, Hash Time Locked Contracts, Lightning Schnorr algorithm, Privacy signing transactions, Signing and Validating Transactions Digix, Digix directed acyclic graphs (DAGs), DAGs disintermediation, Identity and the Dangers of Hacking distributed ledger technology (DLT), Databases and Ledgers distributed systems, Decentralized Applications (Dapps)Bitcoin, Compelling Components distributed versus centralized versus decentralized systems, Distributed Versus Centralized Versus Decentralized-Bitcoin Predecessors Dogecoin, More Altcoin Experiments Domain Name System (DNS), decentralized version of, Altcoins dot-com crash, Tulip Mania or the internet?

Gox-Bitfinex multisignature wallet contracts, Multisignature Contracts-Multisignature Contracts N Namecoin, Altcoins naming services, Naming Services network hash rate, Block discovery networkscentralized versus decentralized versus distributed design, Distributed Versus Centralized Versus Decentralized Corda, The Corda networknodes having visibility into transactions, Corda ledger DAG design, DAGs Libra's centralization challenge, Novi transactions confirmed by network on Bitcoin, Transaction life cycle New York Department of Financial Services (NYDFS), FinCEN Guidance and the Beginning of Regulation NiceHash, NiceHash Nightfall blockchain, Nightfall nodes, Distributed Versus Centralized Versus Decentralizedin Avalance consensus mechanism, Avalanche Libra, validator and full nodes, How the Libra Protocol Works Lightning, Lightning nodes and wallets in proof-of-stake networks, Proof-of-Stake nonces, The mining processin block discovery on Bitcoin, The mining process running out of nonce space or overflow, The mining process in Satoshi Nakamoto's whitepaper, The Whitepaper noncustodial wallets, Wallet Types: Custodial Versus Noncustodial(see also wallets) nonfungible tokens, Fungible and Nonfungible TokensERC-721 standard for, ERC-721 Nothing-at-Stake problem, Proof-of-Stake Novi wallet, Novi NuBits, NuBits NXT blockchain, NXT O oligarchical model dominating the web, Web 3.0 Omni Core, Understanding Omni Layerlimitations of, Deploying and Executing Smart Contracts in Ethereum Omni Layer, Understanding Omni Layer-Adding custom logicadding custom logical operations to Bitcoin, Adding custom logic-Adding custom logic how it works, How Omni Layer works limitations of, Deploying and Executing Smart Contracts in Ethereum technical stack, overview of, Understanding Omni Layer Tether project built on, Tether opcodes, Gas and Pricing Open Systems Interconnection (OSI) model, The More Things Change operating system platform (EOS), Blockchains to Watch operators, ERC-777, ERC-1155 Optimistic Rollups, Other Altchain Solutions, Lightning nodes and wallets options, Derivatives OP_RETURN field, Adding custom logictranslation of metadata in, Adding custom logic Oracle, Blockchain Platform, Blockchain as a Service oracles, Important Definitionsmanipulation in Fulcrum attack, The Fulcrum Exploit order books, Order Booksthin, slippages and, Slippage over-the-counter (OTC) market, Slippage P paper wallets, Wallet Type Variations Parity, Parity Parity hack (2017), Parity participants, Participants passwordssecurity vulnerabilities, Zero-Knowledge Proof Thinbus Secure Remote Password protocol, Zero-Knowledge Proof pay-to-play, Tools for fundamental analysis payment channels, Lightningnode dropping or losing connection to, Lightning nodes and wallets opening by sending funding transaction, Funding transactions withdrawing funds from, Off-chain transactions payment systemsLibra, Borrowing from Existing Blockchains permissioned ledger uses of blockchain, Payments physical cash versus digital, Electronic Systems and Trust Permacoin, Alternative methods permissioned ledger uses of blockchain, Permissioned Ledger Uses-Paymentsbanking, Banking central bank digital currencies, Central Bank Digital Currencies gaming, Gaming health care, Health Care Internet of Things, Internet of Things IT systems, IT payments systems, Payments permissioned ledgers, Databases and Ledgers permissionless ledgers, Databases and Ledgers person-to-person trading of cryptocurrency, Evolution of the Price of Bitcoin phishing attacks, Security Fundamentals Plasma implementation of sidechains, Other Altchain Solutions Ponzi schemes in cryptocurrency, Skirting the Laws PotCoin, More Altcoin Experiments precompilation of zk-SNARKs, zk-SNARKs preminingissues with, Litecoin premined altcoin, Ixcoin, Altcoins prices (gas), Gas and Pricing Primecoin, Altcoins privacyand censorship resistance with dapps, Use Cases Ethereum-based privacy implementations, Ethereum-Based Privacy Implementations future developments in blockchains, Privacy information security in decentralizing finance and the web, Privacy-Ring Signaturesring signatures, Ring Signatures Zcash, Zcash zero-knowledge proof, Zero-Knowledge Proof zk-SNARKs, zk-SNARKs insufficient anonymity on Bitcoin, The Evolution of Crypto Laundering paired with scalability, Mimblewimble blockchain protocol, Mimblewimble, Beam, and Grin privacy-focused blockchains, PrivacyMonero, Blockchains to Watch-How Monero Works Zcash, Zcash privacy-focused cryptocurrencies, Privacy-Focused CryptocurrenciesDash, Dash Monero, Monero Zcash, Zcash private blockchain networks, Privacy private blockchains, The Enterprise Ethereum Alliance private keys, Public/private key cryptography(see also public/private key cryptography) products/services, buying or selling, Evolution of the Price of Bitcoin proof-of-history, Alternative methods proof-of-stake, Proof-of-Stake-Proof-of-StakeByzantine fault-tolerant algorithm, HotStuff, Borrowing from Existing Blockchains Casper algorithm in Ethereum 2.0, Ethereum Scaling proof-of-stake velocity, More Altcoin Experiments proof-of-storage, Alternative methods proof-of-work, Block Generation, Proof-of-Work-Confirmationsbit gold's client puzzle function type, Bit Gold block discovery, Block discovery confirmations by miners of blocks to include in blockchain, Confirmations criticisms of, Proof-of-Stake, Ripple and Stellar CryptoNote protocol, Monero Ethereum's Ethash protocol, Ethereum: Taking Mastercoin to the Next Level longest chain rule, The mining process mining process for block discovery on Bitcoin, The mining process mining process on Bitcoin, The mining process in Satoshi Nakamoto's whitepaper, The Whitepaper transaction life cycle, Transaction life cycle use by B-Money, B-Money use by Hashcash, Hashcash X11 ASIC-resistant, Dash protocols, Electronic Systems and Trust pseudonimity, KYC rules and, KYC and pseudonymity public keys, Public/private key cryptography(see also public/private key cryptography) public/private key cryptographyBitcoin's use of, Public/private key cryptography examples of public and private keys, Naming Services generating keys, Generating keys private key storage for digital wallets, Authoring a smart contract private keys for wallets, Private Keys public and private keys in cryptocurrency systems, Public and Private Keys in Cryptocurrency Systems-Public and Private Keys in Cryptocurrency Systems unauthorized access to private key, Bitcoin Transaction Security use in controlling access to personal information, Identity and the Dangers of Hacking pull transactions, Bitcoin Transaction Security, ERC-777 push transactions, Bitcoin Transaction Security, ERC-777 Q Quantum Ledger Database (QLDB), Blockchain as a Service Quorum blockchain, Quorum, JPMorgan R ransomware, CryptoLocker and, CryptoLocker and Ransomware rate limiting, Exchange Risk, Rate Limiting real estate transactions, using tokens on a blockchain, Tokens on the Ethereum Platform recovery seed, Recovery Seed recursive call vulnerability, Forking Ethereum and the creation of Ethereum Classic regulationof cryptocurrency exchanges, Jurisdiction FATF and the Travel Rule, The FATF and the Travel Rule FinCEN guidance and beginnings of, FinCEN Guidance and the Beginning of Regulation-FinCEN Guidance and the Beginning of Regulation regulatory challenges in cryptocurrency market, Regulatory Challenges-Basic Mistakes regulatory issues with ICOs, Tokenize Everything regulatory arbitrage, Avoiding Scrutiny: Regulatory Arbitrage-Crypto-Based StablecoinsICOs as example of, Initial Coin Offerings relational databases, Databases and Ledgers replay attacks, Replay attacksprotecting against, on Ethereum and Ethereum Classic, The Ethereum Classic Fork replication systems, Databases and Ledgers REST APIsEthereum network, Interacting with Code WebSocket versus, REST Versus WebSocket ring confidential transactions, Blockchains to Watch, How Monero Works ring signatures, Monero, Ring Signatures, Blockchains to Watchhiding public address of sender on Monero, How Monero Works Ripple, Other Concepts for Consensus, Rippleblock times, Float Configuration 2 Robinhood mobile app, Brokerages Rollups, Zero Knowledge (ZK) and Optimistic, Other Altchain Solutions, Lightning nodes and wallets Royal Mint, The Royal Mint S Santander, blockchain-issued bonds, Banking SAP, Blockchain as a Service, Blockchain as a Service satoshi, Gas and Pricing Satoshi Nakamotobitcoin address related to, The Evolution of Crypto Laundering efforts to establish identity of, Storing Data in a Chain of Blocks identity, guesses at, Bahamas Satoshi's Vision group (Bitcoin SV), The Bitcoin Cash Fork whitepaper, The Whitepaper savings services (DeFi), Savings scalabilitycentralized versus decentralized exchanges, Scalability discontent over Bitcoin network's scaling, The Bitcoin Cash Fork EOS solution to blockchain issues, Tokenize Everything privacy paired with, Mimblewimble blockchain potocol, Mimblewimble, Beam, and Grin Scalable Transparent ARguments of Knowledge (STARKs), STARKs scaling blockchains, Scaling Blockchains-Other Altchain Solutions, The Scaling Problem-Ethereum ScalingAvalanche consensus mechanism, Avalanche DAG network design, DAGs Ethereum, Ethereum Scaling-Ethereum Scaling Lightning solution, Lightning, Lightning-Lightning nodes and wallets Liquid multisignature wallet, Liquid other altchain solutions, Other Altchain Solutions SegWit, SegWit sharding, Sharding sidechains, Sidechains STARKs, STARKs Schnorr algorithm, Privacy Scott, Mark, Skirting the Laws SCP consensus protocol, Stellar scripted money, Improving Bitcoin’s Limited Functionality Scrypt mining, Altcoins, Litecoin Secret Network, Privacy securitiestokens proposed in ICOs, Different Token Types unregistered securities offerings, Skirting the Laws Securities and Exchange Commission (SEC), FinCEN Guidance and the Beginning of Regulation securityBitcoin transaction security, Bitcoin Transaction Security custody infrastructure for exchanges, Counterparty Risk detection of blockchain tampering with Merkle roots, The Merkle Root early vulnerability on Bitcoin, An Early Vulnerability exchanges taking care of private keys, Counterparty Risk flash loans exploiting vulnerabilities in DeFi platforms, The Fulcrum Exploit fundamentals for cryptocurrencies, Security Fundamentals-Recovery Seed identity and dangers of hacking, Identity and the Dangers of Hacking information security in decentralizing finance and the web, Privacy Lightning Network vulnerabilities, Lightning proof-of-stake consensus algorithm, criticisms of, Proof-of-Stake recursive call vulnerability, Forking Ethereum and the creation of Ethereum Classic replay attacks vulnerability, Replay attacks, The Ethereum Classic Fork sharding, vulnerabilities with, Other Altchain Solutions theft of cryptocurrencies in exchange hacks, Exchange Hacks-NiceHash theft of cryptocurrencies in other hacks, Other Hacks-Summary transaction malleability vulnerability, Lightning nodes and wallets security token offerings (STOs), Different Token Types security tokens, Token Economics seeds (recovery), Recovery Seedstorage of, Authoring a smart contract SegWit (Segregated Witness), SegWit, Lightning nodes and wallets self-sovereign identity, Identity and the Dangers of Hacking SHA-256 hash algorithm, Introducing the Timestamp Server, Hashes SHA256 and RIPEMD160 functions, Generating keys shadow market for disinformation, Tools for fundamental analysis sharding, Other Altchain Solutions, Shardingin Ethereum 2.0, Ethereum Scaling Shavers, Trendon, Skirting the Laws Shrem, Charlie, Skirting the Laws sidechains, Other Altchain Solutions, SidechainsLiquid technology and, Liquid Optimistic Rollups and, Lightning nodes and wallets Silk Road, Catch Me If You Cancriminal investigation tracking bitcoin address to operator, The Evolution of Crypto Laundering provision of bitcoin to users without KYC/AML, Skirting the Laws SIM swapping, SIM Swapping-SIM Swapping Singapore, regulatory arbitrage, Singapore single-shard takeover attacks, Other Altchain Solutions slashing algorithms, Proof-of-Stake slippage, Slippage smart contracts, Mastercoin and Smart ContractsDAML language for distributed applications, DAML for decentralized exchanges, Decentralized Exchange Contracts, Custody and counterparty risk deploying and executing in Ethereum, Deploying and Executing Smart Contracts in Ethereum-Interacting with Codeauthoring a smart contract, Authoring a smart contract deployment, Deploying a smart contract-Deploying a smart contract Ethereum Virtual Machine (EVM), The Ethereum Virtual Machine executing a smart contract, Executing a smart contract gas and pricing, Gas and Pricing interacting with a smart contract, Interacting with a smart contract programmatically interacting with Ethereum, Interacting with Code reading a smart contract, Reading a smart contract writing a smart contract, Writing a smart contract deployment for dapps, Challenges in Developing Dapps EOS platform, Blockchains to Watch ERC-20 compliantevents supported by, ERC-20 example of, ERC-20-ERC-20 methods implemented, ERC-20 ERC-compliant, library of, Decentralized Exchange Contracts flash loanscreating the contract, Creating a Flash Loan Contract-Deploying the Contract deploying the contract, Deploying the Contract manipulation of oracles in Fulcrum attack, The Fulcrum Exploit steps in process, Flash Loans Libra support for, Borrowing from Existing Blockchains Omni Layer providing, Understanding Omni Layer publicly viewable record of method call to Uniswap smart contract, Custody and counterparty risk-Exchange rate sending tokens to via push and pull transactions, ERC-777 third-party auditors of, Fungible and Nonfungible Tokens Uniswap contract viewable on Ethereum, Infrastructure social media, campaigns to influence cryptocurrencies, Tools for fundamental analysis soft forks, Understanding Forks software development, changes from use of cryptcurrency and blockchain, Web 3.0 software forks, Understanding Forks software wallets, Wallets Solidcoin, Altcoins Solidity language, Authoring a smart contract South Korean exchanges, Regulatory Challenges speculation in cryptocurrency, Market Infrastructure, Tulip Mania or the internet?

pages: 345 words: 105,722

The Hacker Crackdown
by Bruce Sterling
Published 15 Mar 1992

Whole Earth 'Lectronic Link computer conference (WELL) goes on-line. 1986 Computer Fraud and Abuse Act passed. 1986 Electronic Communications Privacy Act passed. 1987 Chicago prosecutors form Computer Fraud and Abuse Task Force. 1988 July. Secret Service covertly videotapes "SummerCon" hacker convention. September. "Prophet" cracks BellSouth AIMSX computer network and downloads E911 Document to his own computer and to Jolnet. September. AT&T Corporate Information Security informed of Prophet's action. October. Bellcore Security informed of Prophet's action. 1989 January. Prophet uploads E911 Document to Knight Lightning. February 25. Knight Lightning publishes E911 Document in PHRACK electronic newsletter. May. Chicago Task Force raids and arrests "Kyrie."

He was not a voice-communications man, and knew little about the ins and outs of the Baby Bells, but he certainly knew what the 911 System was, and he was angry to see confidential data about it in the hands of a nogoodnik. This was clearly a matter for telco security. So, on September 21, 1988, Boykin made yet ANOTHER copy of the E911 Document and passed this one along to a professional acquaintance of his, one Jerome Dalton, from AT&T Corporate Information Security. Jerry Dalton was the very fellow who would later raid Terminus's house. From AT&T's security division, the E911 Document went to Bellcore. Bellcore (or BELL COmmunications REsearch) had once been the central laboratory of the Bell System. Bell Labs employees had invented the UNIX operating system.

Prophet's illicit copy, at home on his own computer in Decatur, Georgia. 2. Prophet's back-up copy, stored on Rich Andrew's Jolnet machine in the basement of Rich Andrews' house near Joliet Illinois. 3. Charles Boykin's copy on "Killer" in Dallas, Texas, sent by Rich Andrews from Joliet. 4. Jerry Dalton's copy at AT&T Corporate Information Security in New Jersey, sent from Charles Boykin in Dallas. 5. Henry Kluepfel's copy at Bellcore security headquarters in New Jersey, sent by Dalton. 6. Knight Lightning's copy, sent by Prophet from Rich Andrews' machine, and now in Columbia, Missouri. We can see that the "security" situation of this proprietary document, once dug out of AIMSX, swiftly became bizarre.

pages: 181 words: 52,147

The Driver in the Driverless Car: How Our Technology Choices Will Create the Future
by Vivek Wadhwa and Alex Salkever
Published 2 Apr 2017

“FAQ about cyber attack on VTech Learning Lodge,” VTech 8 August 2016, https://www.vtech.com/en/press_release/2015/faq-about-data-breach-on-vtech-learning-lodge (accessed 21 October 2016). 8. PwC, Managing Cyber Risks in an Interconnected World: Key findings from The Global State of Information Security® Survey 2015, PwC 2014, http://www.pwc.com/gx/en/consulting-services/information-security-survey/assets/the-global-state-of-information-security-survey-2015.pdf (accessed 21 October 2016). 9. “Equipment Authorization Approval Guide,” Federal Communications Commission 21 October 2015, https://www.fcc.gov/engineering-technology/laboratory-division/general/equipment-authorization (accessed 21 October 2016).

pages: 309 words: 54,839

Attack of the 50 Foot Blockchain: Bitcoin, Blockchain, Ethereum & Smart Contracts
by David Gerard
Published 23 Jul 2017

[374] “From shore to plate: Tracking tuna on the blockchain”. Provenance, 15 July 2016. [375] Matt Levine. “Executive Pay and Blood Trouble”. Bloomberg View, 11 July 2016. [376] The only useful past work on this I’ve found: “Distributed Ledger Technology & Cybersecurity: Improving information security in the financial sector”. European Union Agency for Network and Information Security, 18 January 2017. My only qualms are that it uses as references Zero Hedge and Breitbart News. [377] Vitalik Buterin. “On Public and Private Blockchains”. Ethereum Blog, 7 August 2015. [378] Izabella Kaminska. “Exposing the ‘If we call it a blockchain, perhaps it won’t be deemed a cartel?’

(archive) [152] “Craig Steven Wright”. LinkedIn. Archive as of 9 December 2015. [153] “Craig Steven Wright claims to be Satoshi Nakamoto. Is he?” The Economist, 2 May 2016. [154] Craig S. Wright. “The quantification of information systems risk: A look at quantitative responses to information security issues” (doctoral thesis). Charles Sturt University, February 2017. [155] “craig-wright-cpunks-1996.txt”. Cryptome. [156] Craig Wright. “Looking for people interested in starting a new revolution in payments”. Cracked, inSecure and Generally Broken (blog), 4 February 2011. (archive) [157] Craig S.

pages: 598 words: 134,339

Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World
by Bruce Schneier
Published 2 Mar 2015

It’s easier to break things: Ross Anderson (2 Oct 2001), “Why information security is hard: An economic perspective,” University of Cambridge Computer Laboratory, http://www.acsac.org/2001/papers/110.pdf. Matthew Miller, Jon Brickey, and Gregory Conti (29 Nov 2012), “Why your intuition about cyber warfare is probably wrong,” Small Wars Journal, http://smallwarsjournal.com/jrnl/art/why-your-intuition-about-cyber-warfare-is-probably-wrong. Complexity is the worst enemy: Bruce Schneier (19 Nov 1999), “A plea for simplicity: You can’t secure what you don’t understand,” Information Security, https://www.schneier.com/essay-018.html.

Reveron (Summer 2008), “Counterterrorism and intelligence cooperation,” Journal of Global Change and Governance 1, http://www.globalaffairsjournal.com/archive/Summer08/REVERON.pdf. It makes the best sense to join: Ross Anderson (23–24 Jun 2014), “Privacy versus government surveillance: Where network effects meet public choice,” 13th Annual Workshop on the Economics of Information Security, Pennsylvania State University, http://weis2014.econinfosec.org/papers/Anderson-WEIS2014.pdf. the Five Eyes: Nick Perry and Paisley Dodds (16 Jul 2013), “5-nation spy alliance too vital for leaks to harm,” Associated Press, http://bigstory.ap.org/article/experts-say-us-spy-alliance-will-survive-snowden.

Bailey, and Samer Faraj (Mar 2000), “The role of intermediaries in the development of trust on the WWW: The use and prominence of trusted third parties and privacy statements,” Journal of Computer-Mediated Communication 5, http://onlinelibrary.wiley.com/doi/10.1111/j.1083-6101.2000.tb00342.x/full. customers were willing to pay more: Janice Y. Tsai et al. (Jun 2007), “The effect of online privacy information on purchasing behavior: An experimental study,” 6th Workshop on the Economics of Information Security (WEIS), Pittsburgh, Pennsylvania, http://weis2007.econinfosec.org/papers/57.pdf. there are exceptions: Cadie Thompson (7 Mar 2014), “Want privacy online? Start-ups bet users are ready to pay,” NBC News, http://www.nbcnews.com/tech/security/want-privacy-online-start-ups-bet-users-are-ready-pay-n47186.

pages: 282 words: 92,998

Cyber War: The Next Threat to National Security and What to Do About It
by Richard A. Clarke and Robert Knake
Published 15 Dec 2010

The crowd are hackers, and in 2009 over four thousand of them showed up for the Black Hat conference, enough information technology skill in one place to wage cyber war on a massive scale. Despite the name, Black Hat is actually now a gathering of “white hat,” or “ethical,” hackers, people who are or work for chief information officers (CIOs) or chief information security officers (CISOs) at banks, pharmaceutical firms, universities, government agencies, almost every imaginable kind of large (and many medium-sized) company. The name Black Hat derives from the fact that the highlights of the show every year are announcements by hackers that they’ve figured out new ways to make popular software applications do things they were not designed to do.

Resilience is the concept that accepts that a disruptive or even destructive attack will occur and advocates planning in advance for how to recover from such devastation. The fourth consensus observation was that there really should be no connectivity between utility networks and the Internet. The idea of separating “critical infrastructure” from the open-to-anyone Internet seemed pretty obvious to the seasoned group of information security specialists. In a ballroom down the hall, however, the Obama Administration’s ideas about a Smart Electric Grid were being flayed by several hundred other security specialists, precisely because the plans would make the electric power grid, that sine qua non for all the other infrastructure, even more vulnerable to unauthorized penetration and disruption from the anonymous creatures who prowl the Internet.

Government officials will tell you that the private sector wants it that way, wants to keep the government out of their systems. After all, they are right that no one in government would know how to run a big bank’s networks, or a railroad’s, or a power grid’s. When you talk to CEOs and the other C-level types in big companies (chief operating officers, chief security officers, chief information officers, chief information security officers), they all say pretty much the same things: we will spend enough on computer security to protect against the day-to-day threat of cyber crime. We cannot, they say, be expected to know how to, or spend the money to, defend against a nation-state attack in a cyber war. Then they usually add words to the effect of, “Defending against other nations’ militaries is the government’s job, it’s what we pay taxes for.”

pages: 346 words: 102,666

Infomocracy: A Novel
by Malka Older
Published 7 Jun 2016

“They weren’t orders, just suggestions,” Mishima says, but she knows it sounds argumentative, and she manages to keep her mouth shut while the high muckamuck gives her a brief review of chain of command and then unceremoniously dismisses her. At least she knows she’s still too valuable to fire. CHAPTER 16 By the time Suzuki gets back to him, Ken’s already in Chennai. “No, no, I’m fine,” he says, brushing off Ken’s concern. “Really, Information security did a great job. So, down to business! I’ve been meaning to tell you what excellent work that was in Lima.” Ken refrains from mentioning that Lima was a continent and a half ago. “It was so clear,” Ken agrees. “What more could we want?” “Our person in Okinawa got some damning recordings of Liberty too; at this point, we have everything we need on them.

She shuffles into the room in a toe-to-heel formal stance, then hears the whoosh and hiss of a flamethrower and speeds up. She finds herself in a large space, with a couple of desks facing each other in the middle and a row of doors along the back wall. Her attention is immediately grabbed by the combat. The Information security team wears dark blue body armor with complicated iridescent armbands that are near impossible to forge, so the strategic situation is obvious at a glance: four baddies against a pair of InfoSec, now joined by Mazen. Three of the bad guys brandish katanas against an Information fighter who has gotten his own flamethrower out and is waving it between them, holding them off as he backs toward the door.

Once we free the prisoners, they can tell us more.” “Prisoners?” Mishima looks up, and it clicks: the doors along the back wall lead to holding cells. She had known, somewhere in the back of her mind, that the Tokyo hub had detention facilities, but they are so rarely used that she had forgotten until now. Two of the Information security officers are fiddling with the locks. She turns her focus back to stabilizing the man she maimed. They want all the intel they can get out of these guys. CHAPTER 23 The main Information hub for New York City is in the heart of the Bronx, which seemed inconvenient for many years until seawater started to eat away at the edges of Manhattan, and then seemed prescient.

pages: 565 words: 151,129

The Zero Marginal Cost Society: The Internet of Things, the Collaborative Commons, and the Eclipse of Capitalism
by Jeremy Rifkin
Published 31 Mar 2014

In 2012, the Commission held an intensive three month consultation, bringing together more than 600 leaders from business associations, civil society organizations, and academia, in search of a policy approach that will “foster a dynamic development of the Internet of Things in the digital single market while ensuring appropriate protection and trust of EU citizens.”21 The Commission established a broad principle to guide all future developments of the Internet of Things: In general, we consider that privacy & data protection and information security are complimentary requirements for IoT services. In particular, information security is regarded as preserving the confidentiality, integrity and availability (CIA) of information. We also consider that information security is perceived as a basic requirement in the provision of IoT services for the industry, both with a view to ensure information security for the organization itself, but also for the benefit of citizens.22 To advance these protections and safeguards, the Commission proposed that mechanisms be put in place to ensure that no unwanted processing of personal data takes place and that individuals are informed of the processing, its purposes, the identity of the processor and how to exercise their rights.

“Conclusions of the Internet of Things Public Consultation,” Digital Agenda for Europe, A Europe 2020 Initiative, February 28, 2013, http://ec.europa.eu/digital-agenda/en/news/conclu sions-internet-things-public-consultation (accessed March 21, 2013). 22. “Internet of Things Factsheet Privacy and Security: IoT Privacy, Data Protection, Information Security,” Digital Agenda for Europe, A Europe 2020 Initiative (February 28, 2013): 1, http://ec.europa.eu/digital-agenda/en/news/conclusions-internet-things-public-consultation (accessed March 21. 2013). 23. Ibid., 5. 24. Ibid., 7. 25. “The Internet of Things Business Index,” 11. 26.

pages: 394 words: 117,982

The Perfect Weapon: War, Sabotage, and Fear in the Cyber Age
by David E. Sanger
Published 18 Jun 2018

documented in a series of reports: US House of Representatives, “The OPM Data Breach: How the Government Jeopardized Our National Security for More than a Generation,” Committee on Oversight and Government Reform, September 7, 2016, oversight.house.gov/wp-content/uploads/2016/09/The-OPM-Data-Breach-How-the-Government-Jeopardized-Our-National-Security-for-More-than-a-Generation.pdf. problems were so acute: U.S. Office of Personnel Management Office of the Inspector General Office of Audits, “Federal Information Security Management Act Audit FY 2014,” November 12, 2014, www.opm.gov/our-inspector-general/reports/2014/federal-information-security-management-act-audit-fy-2014-4a-ci-00-14-016.pdf. shutting down the system was not an option: “Statement of the Honorable Katherine Archuleta,” Hearing before the Senate Committee on Homeland Security and Governmental Affairs, June 25, 2015.

With just a bit of exploration, the Chinese hacking team discovered that the data were being kept at the Department of the Interior—completely unencrypted—because it had spare digital storage space. That meant the records were stored in the same systems used by the national parks for tracking buffalo migration, or managing fishing stocks on federal lands. This was the least of the problems with OPM’s information-security infrastructure. The agency’s IT security environment was appallingly inadequate, as the OPM’s inspector general—the department’s independent watchdog—had documented in a series of reports dating back to 2005. The system itself was outdated, but management made it even worse—they failed to follow nationwide government policy on security protocols, neglected to maintain their systems properly, and ignored advice on best practices.

It was good timing; the Russians were coming. * * * — “Why don’t you come up and we’ll do a little health check?” That was the seemingly benign invitation that Shawn Henry—a former FBI cyber expert whom CrowdStrike had recruited to serve as their chief security officer and president of their information security team—received from Michael Susman that April. Susman had prosecuted cybercrimes for the Justice Department, then moved to Perkins Coie, a law firm that counted both the Hillary Clinton campaign and the DNC among its clients. CrowdStrike was accustomed to such calls, and soon their forensic engineers were tapped into the computers at the DNC, scanning them for signatures of known bad actors in cyberspace.

The Code Book: The Science of Secrecy From Ancient Egypt to Quantum Cryptography
by Simon Singh
Published 1 Jan 1999

I would like to thank Whitfield Diffie and Martin Hellman, who took the time to describe their work to me while I was in sunny California. Similarly, Clifford Cocks, Malcolm Williamson and Richard Walton were enormously helpful during my visit to cloudy Cheltenham. In particular, I am grateful to the Information Security Group at Royal Holloway College, London, who allowed me to attend the M.Sc. course on information security. Professor Fred Piper, Simon Blackburn, Jonathan Tuliani, and Fauzan Mirza all taught me valuable lessons about codes and ciphers. While I was in Virginia, I was fortunate to be given a guided tour of the Beale treasure trail by Peter Viemeister, an expert on the mystery.

Despite the failure of clipper and capstone, many governments remain convinced that key escrow can be made to work, as long as the keys are sufficiently well protected from criminals and as long as there are safeguards to reassure the public that the system is not open to government abuse. Louis J. Freeh, Director of the FBI, said in 1996: “The law enforcement community fully supports a balanced encryption policy … Key escrow is not just the only solution; it is, in fact, a very good solution because it effectively balances fundamental societal concerns involving privacy, information security, electronic commerce, public safety, and national security.” Although the U.S. Government has backtracked on its escrow proposals, many suspect that it will attempt to reintroduce an alternative form of key escrow at some time in the future. Having witnessed the failure of optional escrow, governments might even consider compulsory escrow.

The latter has only one setting, but has a second window that shows the scramblers moving and the subsequent effect on the electrical path. Phil Zimmermann and PGP http://www.nai.com/products/security/phil/phil.asp Electronic Frontier Foundation http://www.eff.org/ An organization devoted to protecting rights and promoting freedom on the Internet. Centre for Quantum Computation http://www.qubit.org/ Information Security Group, Royal Holloway College http://isg.rhbnc.ac.uk/ National Cryptologic Museum http://www.nsa.gov:8080/museum/ American Cryptogram Association (ACA) http://www.und.nodak.edu/org/crypto/crypto/ An association which specializes in setting and solving cipher puzzles. Cryptologia http://www.dean.usma.edu/math/ resource/pubs/cryptolo/index.htm A quarterly journal devoted to all aspects of cryptology.

The Future of Technology
by Tom Standage
Published 31 Aug 2005

The dismal science of security But there are other, more subtle ways in which management and security interact. “More than anything else, information security is about work flow,” says Ross Anderson of Cambridge University’s Computer Laboratory. The way to improve security, he says, is to think about people and processes rather than to buy a shiny new box. Mr Anderson is one of a growing number of computer scientists who are applying ideas from economic theory to information security. Insecurity, he says, “is often due to perverse incentives, rather than to the lack of suitable technical protection mechanisms.”

By contrast, in high-security environments such as military facilities or intelligence organisations, where a security breach would have serious consequences, the use of expensive security technology may be justified. In some situations, however, the right response may be to do nothing at all. Standards stuff That different organisations have different security needs is explicitly recognised in the iso 17799, an international standard for “best practices in information security” that was introduced by the International Organisation for Standardisation in 2000. Risk analysis is a basic 71 THE FUTURE OF TECHNOLOGY requirement of the standard, as is the establishment of a security policy. But, says Geoff Davies of i-Sec, a British security consultancy, “an industrial firm and a bank with iso 17799 certification will have totally different systems.”

It would be better to step up intelligence gathering by humans. The second area where security technology could do more harm than good is in the world of business. Technology introduced to improve security often seems to have the side-effect of reinforcing the market dominance of the firm pushing it. “Information-security technologies are more and more used in struggles between one company and another,” says Mr Anderson. “Vendors will build in things that they claim are security mechanisms but are actually there for anti-competitive reasons.” One highly controversial example is Palladium, Microsoft’s proposed technology for fencing off secure areas inside a computer.

pages: 338 words: 92,465

Reskilling America: Learning to Labor in the Twenty-First Century
by Katherine S. Newman and Hella Winston
Published 18 Apr 2016

Notably, the demand for IT jobs is high in the finance and insurance sectors, at two times greater than national demand. In ten middle-skill technology occupations, which include those for information security analysts and help desk or entry-level computer support, median hourly salaries range from $26 to $56. These jobs are in high demand in New York City, ranging from twenty-five hundred postings for information security analysts to more than fifty-one hundred postings for computer user support specialists. Entry-level IT support roles, such as help desk or entry-level computer support, account for over half (57 percent) of middle-skill IT jobs in New York.

Workers without a college degree represent 80 percent of total employment in travel.13 In 2012, in New York City alone, there were 363,050 hospitality and leisure jobs, a 27.4 percent increase since 2006.14 The leisure and hospitality sector is expected to produce 3.3 million jobs between 2010 and 2023.15 Information Technology While IT has a much larger share of workers with advanced degrees (66 percent) than workers with an associate’s degrees or some college/training (28 percent),16 there are a number of IT occupations—including for network and computer system administrators and information security analysts—for which less than four years of postsecondary education is acceptable. “Available tech jobs aren’t just for people with bachelor’s degrees,” said Hagos Mehreteab, head of talent acquisition of AppNexus. “New York City’s technology sector also desperately needs people that have specialized skills training and the motivation and passion for learning new things.”17 New York City’s technology sector comprises nearly sixty-six thousand jobs and is expected to grow by 15 percent over the next five years.

Alpha Girls: The Women Upstarts Who Took on Silicon Valley's Male Culture and Made the Deals of a Lifetime
by Julian Guthrie
Published 15 Nov 2019

He’d kicked around several concepts for a new approach to online security and had landed on an idea that felt big enough and important enough to pursue. The name for his new company was WebCohort. Theresia had arranged to take Shlomo around to a handful of Wall Street banks while she was in New York, to meet with chief information security officers to gauge their interest and solicit feedback on his idea. The bank security officers were happy to meet with Shlomo, given that he had already built Check Point into a multibillion-dollar public company. After the board meeting, Theresia and Shlomo headed to their first stop, Goldman Sachs.

Shlomo had landed on the idea after reading a report on the growth of Web application servers, which host a combination of files and programs to implement applications accessed remotely. Shlomo realized that security would be needed to protect the server and keep the Web applications secure. Theresia told the information security officers, “Your crown jewels—your database—are only one, two clicks away from hackers.” Hackers could easily create fake log-in credentials, she said, that would take them straight to the bank’s Web server and data server and into customer accounts and records. Shlomo added, “That’s where everything personal is, including all your credit card info.

The hackers who penetrate applications are interested in the data and the database, and they get in using sequel queries,” or sequel injection attacks. “The Web applications are the front door to this data.” After Goldman Sachs, Theresia and Shlomo went to see executives at several other banks, including J.P. Morgan and Citibank. As they asked the information security chiefs about their systems and needs, their interest in what Shlomo was proposing ranged from enthusiastic to tepid. But most of the responses were favorable, no mean feat given the tough economic times, when budgets were tight. “We had enough good hits that I feel encouraged,” Shlomo said after the meetings.

pages: 317 words: 98,745

Black Code: Inside the Battle for Cyberspace
by Ronald J. Deibert
Published 13 May 2013

According to a 2010 White Paper published by the Chinese government: No organization or individual may produce, duplicate, announce or disseminate information having the following contents: being against the cardinal principles set forth in the Constitution; endangering state security, divulging state secrets, subverting state power and jeopardizing national unification; damaging state honor and interests; instigating ethnic hatred or discrimination and jeopardizing ethnic unity; jeopardizing state religious policy, propagating heretical or superstitious ideas; spreading rumors, disrupting social order and stability; disseminating obscenity, pornography, gambling, violence, brutality and terror or abetting crime; humiliating or slandering others, trespassing on the lawful rights and interests of others; and other contents forbidden by laws and administrative regulations. These regulations are the legal basis for the protection of Internet information security within the territory of the People’s Republic of China. All Chinese citizens, foreign citizens, legal persons and other organizations within the territory of China must obey these provisions. (If the Puritans suffered from a profound fear that someone, somewhere was having a good time, given these “provisions” what can we say about the Chinese government?)

A week before Facebook released the identities of the Koobface perpetrators, Dancho Danchev independently released the identity of the leader of Koobface, Anton Nikolaevich Korotchenko of St. Petersburg, in “Who’s Behind the Koobface Botnet? – An OSINT Analysis,” Dancho Danchev’s Blog – Mind Streams of Information Security Knowledge, January 9, 2012, http​://d​danche​v.bl​ogspo​t.ca​/2​012​/0​1/​who​s-beh​ind-koo​bfac​e-bot​net-os​int.ht​ml. The public exposure and the release of the Sophos report led to immediate action by Koobface: its command-and-control servers stopped responding, and the gang started removing traces of themselves off the Net.

See Eric Chien and Gavin O’Gorman, “The Nitro Attacks: Stealing Secrets from the Chemical Industry,” Symantec Security Response, http:/​/www.sym​antec.com​/conte​nt/en/u​s/enter​prise/​media​/securit​y_resp​onse/w​hitepap​ers/t​he_nit​ro_at​tacks​.pdf; and “Nitro Attackers Have Some Gall,” Symantec, December 12, 2011, http​://​www.sy​mante​c.com​/​conn​ect​/​blo​gs​/​nit​ro-at​tack​ers-ha​ve-s​ome-g​all. 9 in 2009, Koobface left a Christmas greeting for security researchers: The greeting can be found at Dancho Danchev, “The Koobface Gang Wishes the Industry ’Happy Holidays,” Dancho Danchev’s Blog – Mind Streams of Information Security Knowledge, December 26, 2009, http​://​ddanc​hev.​blog​spot​.ca​/​20​09​/​12​/​koob​face​-ga​ng-​wish​es-​indu​str​y​-ha​pp​y.html. 9: DIGITALLY ARMED AND DANGEROUS 1 the SEA boasted about it on their Arabic Facebook page: The Syrian Electronic Army (SEA) is an open and organized pro-government computer attack group that is actively targeting political opposition and Western websites.

pages: 651 words: 186,130

This Is How They Tell Me the World Ends: The Cyberweapons Arms Race
by Nicole Perlroth
Published 9 Feb 2021

I memorized bylines and imagined Times reporters being greeted like emissaries from the Lord himself. Not so in cybersecurity. Most people treated me like a child—the less I knew, they told me, the better. Also, as many, many men on Twitter regularly point out to me, nobody in cybersecurity actually uses “cyber” anymore. It’s “information security,” or preferably “infosec.” More than a few times, after introducing myself as a cybersecurity reporter at a hacking conference, I was told to GTFO. (Dear reader, I leave the deciphering of that code to you.) As it turns out, introducing yourself as “cyber” anything is the quickest way to the door.

He’d neglected to mention that the entrance to the trailer was four feet off the ground. The analysts scavenged the lot for cinder blocks and empty wire spools to get themselves up and in. Deeley didn’t bother with niceties. “We’re meeting here in this fucking shithole because I don’t want any rubberneckers in OPS3 [the main information security building] getting curious. You’ve all been told this project is VRK [very restricted knowledge], right?” The analysts nodded and murmured “yes” in agreement. Their supervisors had instructed them to mention their task to no one, not their colleagues, not their spouses, not even their dogs.

With so many new blips popping up on Google’s screens that December, it was simply human nature to prefer the simple, benevolent explanation—a disoriented intern—to the reality, an imminent nation-state attack. “We weren’t trained to think about spies,” Heather Adkins, the freckled, thirtysomething director of Google’s information security team, would later recall. That Monday afternoon, Adkins was just wrapping up another Google meeting about China. The company had tiptoed into the Chinese market three years earlier and was still struggling to navigate Beijing’s draconian censorship rules. Adkins was something of an anomaly among the mostly male, testosterone-fueled coders she managed.

pages: 224 words: 45,431

Python Web Penetration Testing Cookbook
by Cameron Buchanan , Terry Ip , Andrew Mabbitt , Benjamin May and Dave Mound
Published 28 Jun 2015

He has a broad interest in security across all aspects of the technology field, from reverse engineering embedded devices to hacking with Python and participating in CTFs. He is a husband and a father. Dave Mound is a security consultant. He is a Microsoft Certified Application Developer but spends more time developing Python programs these days. He has been studying information security since 1994 and holds the following qualifications: C|EH, SSCP, and MCAD. He recently studied for OSCP certification but is still to appear for the exam. He enjoys talking and presenting and is keen to pass on his skills to other members of the cyber security community. When not attached to a keyboard, he can be found tinkering with his 1978 Chevrolet Camaro.

He's been programming since he was 9 and has built a wide variety of software, from those meant to run on a calculator to those intended for deployment in multiple data centers around the world. Trained as a Microsoft Certified System Engineer and certified by Linux Professional Institute, he has also dabbled in reverse engineering, information security, hardware programming, and web development. His current interests lie in developing cryptographic peer-to-peer trustless systems, polishing his penetration testing skills, learning new languages (both human and computer), and playing table tennis. Matt Watkins is a final year computer networks and cyber security student.

pages: 372 words: 100,947

An Ugly Truth: Inside Facebook's Battle for Domination
by Sheera Frenkel and Cecilia Kang
Published 12 Jul 2021

Wasserman Schultz was forced to resign: Jonathan Martin and Alan Rappeport, “Debbie Wasserman Schultz to Resign D.N.C. Post,” New York Times, July 24, 2016. 5. The Podesta emails, which highlighted mudslinging: Scott Detrow, “What’s in the Latest WikiLeaks Dump of Clinton Campaign Emails,” NPR, October 12, 2016. 6. Stamos was Yahoo’s information security officer: Arik Hesseldahl, “Yahoo to Name TrustyCon Founder Alex Stamos as Next Chief Information Security Officer,” Vox, February 28, 2014. 7. he discovered that the vulnerability: Joseph Menn, “Yahoo Scanned Customer Emails for U.S. Intelligence,” Reuters, October 4, 2016. 8. “Russia, if you’re listening”: Michael S. Schmidt, “Trump Invited the Russians to Hack Clinton.

In April 2015, he threw open the doors of the company’s offices in downtown San Francisco and invited several hundred journalists, cybersecurity experts, and academics to a conference he had named an “un-conference.” The gathering was intended to point out failures to protect internet users, rather than to celebrate the newest technology often promoted at cybersecurity conferences. At the time, Stamos was Yahoo’s information security officer and one of the youngest and most high-profile cybersecurity experts in Silicon Valley.6 He had grown up in California’s hacker community, a precocious coder with a degree in electrical engineering and computer science from the University of California, Berkeley. By age thirty-five, he had started and sold a successful cybersecurity company, iSEC Partners.

pages: 898 words: 236,779

Digital Empires: The Global Battle to Regulate Technology
by Anu Bradford
Published 25 Sep 2023

As a result, the Chinese government has consistently advocated for a state-centric international internet governance model that would reserve a prominent role for the UN—a forum where states play a dominant role.64 For example, in 2011, China—together with Russia—called for the UN General Assembly to adopt an “international code of conduct for information security.”65 The proposed code focused on norms deterring cyberattacks while also affirming the sovereign right of states across all internet-related public policy issues. The Code was updated and resubmitted to the UN in 2015 by the Shanghai Cooperation Organization, which is a Eurasian political, economic, and security alliance composed of China, Kazakhstan, Kyrgyzstan, Russia, Tajikistan, and Uzbekistan (at the time).

Russia’s turn to digital authoritarianism has also paved way for greater cooperation with China. With shared goals, China and Russia have collaborated on a joint internet governance agenda. They share a resentment of the US’s role in global digital governance. Olga Melnikova, the head of the Department of International Information Security of the Ministry of Foreign Affairs of Russia, expressed these sentiments in her July 2021 comments, noting how “both Moscow and Beijing oppose Washington’s global domination, including in the digital space.”122 The two countries signed a bilateral cooperation treaty on cybersecurity in 2015.123 There have also been media reports that the two countries planned to sign an international treaty on managing illegal online content in 2019.

(Dec. 7, 2021), https://interaffairs.ru/news/show/30759 (translation by Google Translate). 123.Zhonghua Renmin Gongheguo Zhengfu he Eluosi Lianbang Zhengfu Guanyu zai Baozhang Guoji Xinxi Anquan Lingyu Hezuo Xieding (中华人民共和国政府和俄罗斯联邦政府关于在保障国际信息安全领域合作协定) [Agreement Between the Government of the Russian Federation and the Government of the People’s Republic of China on Cooperation in Ensuring International Information Security], Russ.-China, May 8, 2015. See Valentin Weber, The Sinicization of Russia’s Cyber Sovereignty Model, Council on Foreign Rel. (April 1, 2020), https://www.cfr.org/blog/sinicization-russias-cyber-sovereignty-model. 124.Miranda Lupion, Sino-Russian Advocacy for “Internet Sovereignty” and State-Led Internet Governance, in Digital Silk Road in Central Asia: Present and Future 9, 11 (Nargis Kassenova & Brendan Duprey eds., 2021), https://daviscenter.fas.harvard.edu/sites/default/files/files/2021-06/Digital_Silk_Road_Report.pdf. 125.Weber, supra note 123. 126.See generally Dennis Broeders, Liisi Adamson, & Rogier Creemers, The Hague Program for Cyber Norms, A Coalition of the Unwilling?

pages: 502 words: 107,657

Predictive Analytics: The Power to Predict Who Will Click, Buy, Lie, or Die
by Eric Siegel
Published 19 Feb 2013

And so, beyond storing and indexing a table of “signatures” that betray the perpetration of known fraud schemes, the modeling process generates detection schemes that cast a wider net. It predicts forthcoming forms of fraud by generalizing from previously observed examples. This is the defining characteristic of a learning system. This Means War It’s a war like any other. In fact, cyber warfare itself follows the same rules. PA bolsters information security by detecting hackers and viruses that exploit online weaknesses, such as system bugs or other vulnerabilities. After all, the Internet’s underlying networking technology, TCP/IP, is a platform originally designed only for interactions between mutually entrusted parties. As the broad, commercial system it evolved to be, the Internet is, underneath the hood, something of a slapped-together hack with regard to security.

KDnuggets. www.kdnuggets.com/2012/01/wcai-research-opportunity-siriusxm-predicting-customer-acquisition-retention.html. EMVIC 2012: “The First Eye Movement Identification and Verification Competition.” www.emvic.org/. Aspiring Minds Machine Learning Competition. www.aspiringminds.in/mlCompetition/. Information Security Amazon Data Security Competition. https://sites.google.com/site/amazonaccessdatacompetition/. Approaches to the Netflix Prize: Clive Thompson, “If You Liked This, You’re Sure to Love That,” New York Times, November 21, 2008. www.nytimes.com/2008/11/23/magazine/23Netflix-t.html. Regarding collaboration rather than competition on the Netflix Prize: Jordan Ellenberg, “This Psychologist Might Outsmart the Math Brains Competing for the Netflix Prize,” Wired, February 25, 2008. www.wired.com/techbiz/media/magazine/16-03/mf_netflix.

Chicago Police Department: Megan A. Alderden and Timothy A. Lavery, “Predicting Homicide Clearances in Chicago: Investigating Disparities in Predictors across Different Types of Homicide,” Sage Journals Homicide Studies, May 5, 2007. http://hsx.sagepub.com/content/11/2/115.abstract. Amazon.com: Amazon Information Security Data Science Competition. http://sites.google.com/site/amazonaccessdatacompetition. Researchers (hacker and virus detection): Chih-Fong Tsai, Yu-Feng Hsu, Chia-Ying Lin, and Wei-Yang Lin, “Intrusion Detection by Machine Learning: A Review.” ScienceDirect Online, May 29, 2009. www.sciencedirect.com/science/article/pii/S0957417409004801.

pages: 412 words: 104,864

Silence on the Wire: A Field Guide to Passive Reconnaissance and Indirect Attacks
by Michal Zalewski
Published 4 Apr 2005

In SotW, Michal has provocatively chosen to leave out all the well known yet highly dangerous and widespread vulnerabilities and attacks being discussed and worked on today by most in the information security community. He will teach you about subtle keystroke timing attacks, but you will not be reminded that “trojan horse” software with key logging capabilities is currently both more common and easier to use than any of such attacks could ever be. Why mention keystroke timings while leaving the trojans out? Because timing attacks are largely underappreciated and misunderstood even by information security professionals, whereas trojans are a widely known and obvious threat. Vulnerability to timing attacks is a property of the design of many components involved, whereas to implant a trojan requires either a software bug or an end-user error.

It uses a traditional “one can talk, others listen” media access control scheme, the only difference being that instead of a pair of wires, the carrier of the signal is now just a designated radio frequency. Which brings us to 802.11’s first problem. In May 2004, the Queensland University of Technology’s Information Security Research Centre (ISRC) announced its findings that any 802.11 network in any enterprise could be brought to a grinding halt in a matter of seconds simply by transmitting a signal that inhibits other parties from trying to talk. Naturally, the same is true for Ethernet, except that you must be able to connect to a network plug first, which of course makes the attacker much easier to track and the problem easier to solve.

Digital Accounting: The Effects of the Internet and Erp on Accounting
by Ashutosh Deshmukh
Published 13 Dec 2005

If the same username and password is used at every site, that can become a security risk. These Web sites also have different forms to fill in and different information is asked for. A few online merchants have simplified the process; for example, Amazon.com’s single-click system. Electronic wallets simplify the online shopping process by storing necessary information securely and making it accessible. There are two types of electronic wallets — client side and server side. Client-side electronic wallets need to be downloaded and installed on the consumer’s machine. Such installation ensures security of the information, since the information is stored on the individual machine.

Appropriate physical security for computing facilities also prevents social engineering attempts. Standard security precautions are simple, though are frequently ignored in favor of expediency. Standard security techniques against social engineering are examined in a later section. A global information security survey carried out by InformationWeek in 2002 found the following reasons for network break-ins. The reasons are arranged in descending order of importance. The listing of reasons highlights the role of human error in network breakins. • Known operating system vulnerability • Known application vulnerability • Use of valid user account • Unintended misconfiguration or human error • Poor access control • External denial of service attack • Exploited unknown vulnerability • Guessed passwords The validity of transactions over the Internet is a legal issue.

Certification BNS – Brainbench Network Security Certification CCISM – Certified Counterespionage and Security Manager CIA – Certified Internal Auditor CCSA – Certification in Control Self-Assessment CFE – Certified Fraud Examiner CISA – Certified Information Systems Auditor CISSP –Certified Information Systems Security Professional SSCP – System Security Certified Practitioner CPP – Certified Protection Professional CWP – Certified Web Professional GIAC – Global Information Assurance Certification SCNA – Security Certified Network Architect SCNP – Security Certified Network Professional Organization Area Brainbench Network security Espionage Research Institute Counterespionage and information security Institute of Internal Auditors Association of Certified Fraud Examiners Information Systems Audit and Control Association (ISC)2 – International Information Systems Security Certification Consortium, Inc. American Society for Industrial Security International Webmasters Association SANS Institute Security Certified Program Security Certified Program Internal auditing Control self-assessment White collar crime IS audit, control, and security Network and system security Technical and procedural security topics and technologies Web security Technical knowledge of information systems and networks Network security Network security logic.

Smart Grid Standards
by Takuro Sato
Published 17 Nov 2015

He is the leader of several projects of the National Natural Science Foundation of China (NSFC) in the field of Smart Grid, and the Vice Leader of a Foundation Project of National 863 Plan of China. He is the Vice Dean of Standardization Research Institute for Campus Card of Education Management Information Center, Ministry of Education, China. His research interests include information security, Smart Grid, and software engineering. He has published two books, obtained five patents, and published numerous papers in top Chinese journals and related SCI/EI international journals as well as conferences. He is a senior member of the Chinese Electrotechnical Society. He is also a member of IEEE.

Supports Open and Interoperable Standards The standards should be developed and maintained through a collaborative process that is open to participation by all relevant groups and not dominated by or under the control of a single organization. Two or more HANs are able to directly exchange information securely and seamlessly. 5.4.3.2 Architecture In HAN SRS, no specific requirement is given regarding the HAN architecture. The HAN architecture allows for more than one ESI in consumer premises, which provides a particular logical function in the HAN. Utility ESI is important because it provides the real-time energy-usage information from the AMI meter to HAN devices and is protected with cryptographic methods.

It enables two devices from different vendors to work together. In fact, interoperability does not have one formally established definition. The most concrete definition of interoperability is mentioned in [1] as “the capability of two or more networks, systems, devices, applications, or components to exchange and readily use information securely, effectively, and with little or no inconvenience to the user.” There are many elements in interoperable equipment that coordinate and work together technically to perform useful work. This explanation provides a solid starting point for the consideration of interoperability in the Smart Grid’s standards development process.

The Fugitive Game: Online With Kevin Mitnick
by Jonathan Littman
Published 1 Jan 1996

I ask, referring to the bank executive. "Sandy. One of the past presidents of information security, Security Pacific." Now I can hear Mitnick tapping away on his keyboard. "You're logging in while we're speaking. You're multiprocessing?" "I'm reading your e-mail," Mitnick teases. "It's probably pretty boring today. So what were you going to do at the bank?" "I was going to be writing policies, I was learning about banking security systems." "So you would eventually have been doing security?" "They were hiring me into the information security department as a security analyst. I told Lenny [an old accomplice] if I get the job I'm not going to hack anymore.

I told Lenny [an old accomplice] if I get the job I'm not going to hack anymore. I met the president, Ed, the president of the area," Mitnick recalls nostalgically. "Three interviews. Then, she [Sandy, the president of information security] called me." Mitnick, half laughing, mimicks how the bank vice president asked him if he had ever "dug in anyone's garbage cans." Mitnick says he joked that was only when he was "looking for food." An hour later personnel called and told him his references didn't check out. The incident happened years ago, but Mitnick's bitterness makes it sound like yesterday. "Lewis was one of the references, but they were all legit.

pages: 240 words: 65,363

Think Like a Freak
by Steven D. Levitt and Stephen J. Dubner
Published 11 May 2014

See also: Eli Sa’adi, The Ayalon Institute: Kibbutzim Hill—Rehovot (pamphlet, available on-site). 154 WHY DO NIGERIAN SCAMMERS SAY THEY ARE FROM NIGERIA? This section was drawn from author interviews with Cormac Herley and from Herley’s fascinating paper “Why Do Nigerian Scammers Say They Are from Nigeria?,” Workshop on Economics of Information Security, Berlin, June 2012. Thanks to Nathan Myhrvold for bringing Herley’s paper to our attention. / 154 Dear Sir/Madam, TOP SECRET: This letter is a mashup of various scam e-mails, a catalog of which can be found at 419eater.com, a community of scam baiters. Our letter draws heavily on one letter in a 419eater.com thread entitled “A Convent Schoolgirl Goes Missing in Africa.” / 157 Firm numbers are hard to come by: For overall fraud amount, see Ross Anderson, et al., “Measuring the Cost of Cybercrime,” paper presented at the Workshop on the Economics of Information Security, Berlin, Germany, June 26, 2012; and Internet Crime Complaint Center, “2012 Internet Crime Report,” 2013. / 157 One California victim lost $5 million: See Onell R.

Our letter draws heavily on one letter in a 419eater.com thread entitled “A Convent Schoolgirl Goes Missing in Africa.” / 157 Firm numbers are hard to come by: For overall fraud amount, see Ross Anderson, et al., “Measuring the Cost of Cybercrime,” paper presented at the Workshop on the Economics of Information Security, Berlin, Germany, June 26, 2012; and Internet Crime Complaint Center, “2012 Internet Crime Report,” 2013. / 157 One California victim lost $5 million: See Onell R. Soto, “Fight to Get Money Back a Loss,” San Diego Union-Tribune, August 14, 2004. / 158 Roughly 95 percent of the burglar alarms . . . are false alarms: See Stephen J.

pages: 52 words: 13,257

Bitcoin Internals: A Technical Guide to Bitcoin
by Chris Clark
Published 16 Jun 2013

[8] Satoshi Nakamoto, e-mail to cryptography@metzdowd.com mailing list, November 14, 2008. http://www.mail-archive.com/cryptography@metzdowd.com/msg10001.html [9] Adrianne Jeffries, "Four years and $100 million later, Bitcoin’s mysterious creator remains anonymous," The Verge, May 6, 2013. http://www.theverge.com/2013/5/6/4295028/report-satoshi-nakamoto [10] Timothy Lee, "An Illustrated History Of Bitcoin Crashes," Forbes, April 11, 2013. http://www.forbes.com/sites/timothylee/2013/04/11/an-illustrated-history-of-bitcoin-crashes/ [11] Laurie Law, Susan Sabett, Jerry Solinas, "How to make a mint: the cryptography of anonymous electronic cash," National Security Agency, Office of Information Security Research and Technology, Cryptology Division, June 18, 1996. http://groups.csail.mit.edu/mac/classes/6.805/articles/money/nsamint/nsamint.htm [12] David Chaum, "Blind signatures for untraceable payments," Advances in Cryptology Proceedings of Crypto 82 (3) (1983): 199-203. [13] David Chaum, Amos Fiat, Moni Naor, "Untraceable Electronic Cash," CRYPTO ’88 Proceedings on Advances in cryptology (1990): 319-327. http://citeseerx.ist.psu.edu/viewdoc/summary?

pages: 254 words: 76,064

Whiplash: How to Survive Our Faster Future
by Joi Ito and Jeff Howe
Published 6 Dec 2016

The PLCs, programmable logic controllers, that controlled the turbines not only lacked a mechanism to detect malicious code designed to alter the behavior of the motors, but also had no means of detecting attempts to avoid detection by faking the data displayed to the system. Once Stuxnet bypassed the walls used to maintain security at the nuclear facilities, it never encountered another defensive measure. This failure of imagination, this inability to resist the allure of the impervious defense, is hardly limited to Iran or even nuclear plants. The information security field is littered with Maginot Lines, despite their repeated failures to keep the bad guys at bay. Today when we think about cybersecurity we immediately think about computers and their vulnerabilities, but cybersecurity evolved from the basic need of protecting information—a need that dates back to the earliest days of written language.

In the perpetual game of cyber offense vs. cyber defense, offense has been winning, but lately it’s become a rout. Some eight hundred million credit card numbers were stolen in 2013, three times the number taken in 2012.10 This gargantuan figure—representing over 10 percent of the world’s population—still does sparse justice to the breadth and severity of the problem. Try this, from the chief information security officer of a Fortune 500 company: “Our operating assumption is that within ten minutes of booting up a new server it’s been ‘owned,’” industry parlance for successfully infiltrating a device. The unifying theme in the cryptography example, Stuxnet, and the current state of cyber security is not that we are bad at creating strong systems, but rather that we aren’t always quick enough to adopt new defensive strategies as our attackers adapt.

pages: 372 words: 67,140

Jenkins Continuous Integration Cookbook
by Alan Berg
Published 15 Mar 2012

Add the following details:User Search Base:ou=people,ou=mycompany,dc=nodomain User Search filter:uid={0} Group Search base:ou=groups,ou=mycompany,dc=nodomain How it works... The test LDAP server supports anonymous binding — you can search the server without authenticating. Most LDAP servers allow this approach. However, some servers are configured to enforce specific information security policies. For example, your policy might enforce being able anonymously to verify that a user's record exists, but you may not be able to retrieve specific attributes, such as their e-mail or postal address. Anonymous binding simplifies configuration, otherwise you will need to add account details for a user in LDAP with the rights to perform the searches.

The two main errors consistently made are: Misconfigured DN: A misconfigured DN for either User Search Base or Group Search Base will have the relevant log entry similar to the following:org.acegisecurity.AuthenticationServiceException: LdapCallback;[LDAP: error code 32 - No Such Object]; nested exception is javax.naming.NameNotFoundException: [LDAP: error code 32 - No Such Object]; remaining name 'ou=people,dc=mycompany ,dc=nodomain' Bad Credentials: If the user does not exist in LDAP, you have either typed in the wrong password or you have accidently searched the wrong part of the LDAP tree; the log error will start with the following text:org.acegisecurity.BadCredentialsException: Bad credentials Searching Applications retrieve information from LDAP in a number of ways: Anonymously for generic information. This approach works only for information that is exposed to the world. However, the LDAP server can limit the search queries to specific IP addresses as well. The application will then be dependent on the attributes that your organization is prepared to disclose. If the information security policy changes, the risk is that your application might break accidently. Self-bind: The application binds as a user and then searches with the user's rights. This approach is the cleanest. However, it is not always clear in the logging whether the application is behind these actions. Using an application-specific admin account with many rights: The account gets all the information that your application requires, but if disclosed to the wrong people, can cause significant issues quickly.

pages: 468 words: 137,055

Crypto: How the Code Rebels Beat the Government Saving Privacy in the Digital Age
by Steven Levy
Published 15 Jan 2002

He went to another friend, Lew Morris, who was an early participant in Sun Microsystems, and they began to explore the idea of making a business out of it. They wrote a business plan, and started making the rounds of venture capitalists. This was in 1984, about the same time that RSA was going through its roughest period. Omura and Morris didn’t find the going any easier. “The venture community then couldn’t have cared less about information security,” says Omura. It was only through a private referral that the business plan fell into the hands of Jim Simons, who was not only a mathematician and cryptographer (he’d been one of the early reviewers of Lucifer) but dabbled in venture capital as well. He agreed to help put the newly dubbed Cylink company on its feet.

That organization, the research arm of Congress, undertook a comprehensive examination of the national crypto policy, and recruited a panel of experts from all sides of the issue, including former cabinet members, officials from the NSA, and critics from business and academia like Ray Ozzie and Marty Hellman. Their report, “Cryptography’s Role in Securing the Information Society,” was a surprisingly strong criticism of government policy, and recommended continued freedom for domestic encryption, relaxed export controls, and, above all, “a mechanism to promote information security in the private sector.” In other words, more crypto. Perhaps the most interesting observation of the study came as a result of the classified briefings its members had received. (Three of the sixteen members declined clearances and did not attend.) Though they could not of course reveal what they had heard in the briefings, they could—and did—evaluate the importance of that secret knowledge in determining national policy.

Page 128 Diffie later recounted Diffie, “The First Ten Years of Public Key Cryptography,” op. cit. 129 seen this territory Diffie, Privacy on the Line, p. 283. Patents and Keys Page 157 Project Overtake Bob Davis, “A Supersecret Agency Finds Selling Secrecy to Others Isn’t Easy,” Wall Street Journal, March 28, 1988. 158 public interview The official was David McMais, chief of staff for information security. 165 “mental poker” A. Shamir, R. A. Rivest, and L. Adleman, “Mental Poker,” MIT/LCS Technical Memo 125, February 1979. 165 “secret sharing” A. Shamir, “How to Share a Secret,” Communications of the ACM, Vol. 24, No. 11, November 1979, pp. 612–13. Shamir and G. R. Blakley are generally granted shared credit for the innovation. 166 Mafia-owned store A.

pages: 689 words: 134,457

When McKinsey Comes to Town: The Hidden Influence of the World's Most Powerful Consulting Firm
by Walt Bogdanich and Michael Forsythe
Published 3 Oct 2022

But according to one former McKinsey employee familiar with the firm’s work in Saudi Arabia, it wasn’t for lack of trying. McKinsey had pitched for such work but lost out. “It went to BCG,” the person said. In 2019 internal records show that McKinsey took on work for a government-owned company, the Al-Elm Information Security Company, which contracts with the Interior and Justice Ministries. McKinsey said it doesn’t do work for these ministries and doesn’t advise private companies “as to how to engage with these ministries.” “I feel so naive now looking back,” a former McKinsey consultant involved in the Saudi work on sentiment analysis said via a secure messaging system.

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A AAA insurance, 197 ABC TV, 68, 111 Abdulaziz, Omar, 252–56 Abdullah, King of Saudi Arabia, 246 Accelerating Claims Excellence, 197 addiction, 110–12, 114, 125, 127, 131–44, 278 aducanumab (Aduhelm), 67–69 aerospace industry, 102 Aetna, 53 Affordable Care Act (ACA, 2010), 62–63, 65, 273 Afghanistan War, 155–56 Africa, 101 African National Congress (ANC), 224–25 Afrika Korps, 258 Agarwal, Vishal, 166–67 AIG, 172, 188, 190 Aitken, Christopher, 12, 15 Alattas, Ahmad, 252 Albemarle, 158 Alberta, 164 Alcoa, 4 Aldridge, Jason, 191–92, 194, 203 Al-Elm Information Security Company, 256 Alexander, Caleb, 145 Al-Jubeir, Adel, 248 Al-Jubeir, Mazen, 248 Alkhedheiri, Sarah, 248 Allison, Andy, 61 Allstate, 191–95, 197–203, 212 Altria (formerly Philip Morris), 119–20, 125–27, 129 Altuve, José, 220 Alzheimer’s, 67–68 amaBhungane, 237, 279 American Academy of Pediatrics, 124, 129 American Express, 18, 40 American Journal of Public Health, 119, 132 American League, 216–20 Ameriquest, 187 Anderson, Roger, 175 Antarctica, 152 Anthem, 56 apartheid, 224 Apgar, Sandy, 243 Apple, 98, 100 Arab oil embargo (1973), 243 Arab Spring (2011–12), 245, 251 Aramco, 156, 163, 243–44, 247–48 Aris, Stephen, 261 Arkansas Medicaid program, 18, 57, 60–62 Arlington National Cemetery, 155 Arrizola, Jonathan, 6 Arrizola, Whitney, 6 Arrow, Kenneth, 264 Arthur Andersen, 205 Asia, 101, 164–65, 168–69, 185 Aspen Consensus, 154–55 Aspen Ideas Festival, 149–51, 153–55, 160, 166 Assan, Jeff, 220 “asset light” approach, 207 Associated Press, 105 AT&T, 47–48 Athletic, The, 211, 218–19 Atlantic, The, 38 Atlas Shrugged (Rand), 9 AT Medics, 274 Attenborough, David, 150 austerity, 266, 271 “Austerity Measures in Saudi Arabia” report, 252–55 Australia, 23, 151, 156–62, 166, 168 authoritarian governments, 25, 74, 108, 257, 279.

See also specific companies Mandela, Nelson, 224, 225 Manfred, Rob, 219–21 Mango, Paul, 65–66 Manners, Michael, 192, 194 Manufacturing Jobs Initiative, 8 Mao Zedong, 92, 100, 104 Market Unbound (Farrell), 186 Markovits, Daniel, 38 Marks, Peter, 68–69 Marlboro cigarettes, 114, 120 Marshall Field’s, 34 Massachusetts, 148 Massachusetts General Hospital, 123 Massachusetts Institute of Technology (MIT), 211 Masters, Adrian, 267 Masters of the Universe (documentary), 261 maternal mortality rates, 259 matrix management, 175–79 Mayer Brown law firm, 184 McCall, Billy, 6, 7–9 McCollom, James P., 177, 179 McDonald, Duff, 19, 38–39, 209 McDonald’s, 98 McKinsey, James O., 3–4, 19, 34, 174 McKinsey & Company Abdulaziz suit vs., 255–56 ACA and, 62–65 accountability and, 16, 25, 28, 236–41, 277 addictive products and, 129, 278 Al-Elm Information Security and, 256–57 Allstate and, 192–203, 212 alumni network, 17–18, 22, 38, 93, 161, 272 Alzheimer’s drug approval and, 67–68 Aramco and, 243–44, 247–48 Arkansas Medicaid program and, 57, 60–62 Aspen Ideas Festival and, 149–51, 153–55 AT&T and, 48–49 at-risk contracts and, 232–34 Australian Green Team and, 159 autocratic states and, 25–28, 74, 108–9, 279 China, 92–109, 257 Russia, 108, 257 Saudi Arabia, 108, 243–57 Ukraine, 257, 279 auto industry and, 29, 32–33, 37 auto insurance and, 191–94 auto loans and, 172, 182, 182–84 Azar as HHS and, 146–47 banks as clients and, 172–89 matrix management, 175–79 securitization of credit, 182–89 BCG as rival of, 246, 248–49 Belt and Road strategy and, 101–3 Britain and Chairman’s Dinners, 262 “clubbable” consultants, 260–61, 275 Health and Social Care Act, 271–74 manufacturers in, 261–62 NHS cost-cutting, 259, 262, 264–75, 280 rail privatization, 263–65 steel privatization, 261 Budlender report and, 236–38 Buttigieg as consultant for, 26–27, 76 campaign contributions and, 65–66 carbon emissions and messaging by, 150–55, 159, 161–62, 164–70 CBP and, 83, 87 Centene purchase of AT Medics and, 274 Center for Drug Evaluation and Research and, 141–42, 145–46 Center for Societal Benefit Through Healthcare created by, 144 Chase as client of, 177–78, 180 Chevron and, 163 China and, 26, 46, 91–109, 165–66, 257, 279 consultants and, 95–103 financial crisis of 2007–10 and, 189 Muslim Uyghur detentions and, 105–6 SOEs and, 26, 91–93, 96–102, 107–8 Chinese copycat of, 99 client and billing lists and, 55, 107–8, 162–63, 168, 278, 280 client interests and, 18–19, 22, 24–25 clients and regulators both represented by, 22–23 clients competing in same market and, 22–23, 278, 281 client selection democracy index, 108–9 harms and, 25–28, 30–31, 143, 154, 161, 278 new oversight of 2019, 257 public-sector work, 242 values of, 18, 23–31, 108–9, 161–62 climate change and, 150–55, 166–69 CMS contract and, 70 coal-mining clients of, 28, 156–58, 160–69 companies acquired by, 30 compensation system of, 180–81 confidentiality and, 18, 22–23, 25, 28–29, 59, 66–67, 69–70, 83–84, 107–8, 168–69, 239, 278, 281 conflicts of interest and, 22, 35, 55–56, 59, 61–62, 66, 68, 74, 120, 123–29, 145–46, 238, 272, 278, 281 consultants advancement by, 21–22, 28, 38, 160 ability to do good, 20–21, 25 ability to opt out on ethical grounds, 28, 78, 158–60 China-based, 95–98, 103, 108 earnings and investments by, 180 number of, 22, 30–31 “on the beach” status, 22, 158–60 recruitment and training, 17, 19–22, 25, 28–31, 152–53, 161–63, 167, 249 up-or-out policy and, 38, 207 consultants’ dissent and, 24–28, 31, 278 disallowed in Saudi Arabia, 249–50 Edstrom, 160–62, 167 Elfenbein, 83–85, 88–90 ICE revelations and, 76–79, 83–90 Naveed, 169–70 opioid work and, 148 polluting clients and, 155–63, 167–70 Continental Illinois collapse and, 177–80, 186 corporate downsizing and, 33, 36–39 COVID-19 and, 71–73, 274–75 data analytics and, 204–22 athlete injury prediction, 210–12 Houston Astros, 204–6, 212–22 prescriptions, 130–31, 139–40 Davos and, 149–50 Disneyland and, 9–16, 281 Earth Day and, 168 Elixir bought by, 249–50 employee layoffs by clients of, 27–29, 34, 37–41, 44–46, 48–49 Enron and, 25, 42, 173, 187, 190, 204–9 environmentally focused work of, 152, 158–61, 165, 170 Eskom and Trillian and, 231–37, 239–42 executive compensation vs. worker wages and, 32–35, 41–43, 50, 180–81, 194, 198 FARA filings and, 246 FDA as client of, 22, 66–70, 145–46, 281 cigarettes and, 73, 120–22 contracts awarded 2008–2021, 145–46 e-cigarettes and vaping, 122–29 fees, 66, 68, 120, 145–46 no-bid contracts, 69–70 opioids and, 132, 134, 137, 141–42, 144–47, 280 pharmaceutical clients and, 22, 66–69, 141, 145–47, 281 federal contracts COVID-19, 71–73 GSA, 69–70 health-care industry, 65–72 ICE, 74–90 Federal Reserve report on, 186 financial industry and, 171–90 deregulation, 171–74 financial crisis of 2008–10 and, 173–74, 176–77, 188–90, 265 Financial Institutions Group, 180 financialization and, 180, 194, 196–97 foreign governments as clients of, 18 Britain, 258–75 corruption and, 25–28, 279 secrecy and, 239 Saudi Arabia, 108, 243–57, 279–80 South Africa, 223–42 fossil fuel companies and, 26, 156–59, 162–64, 166, 168 founding of, 3–4, 19, 159 Gary, Indiana, and, 1–9 George Floyd protests and, 107 globalization and, 41, 43, 189 Global Energy and Materials team, 166 global reach of, 18, 20, 39, 43, 94, 97, 189–90 GM and, 32–33, 37, 260 gold-mining clients of, 162 greenwashing and, 162, 165, 169 GSA on federal contracts with, 69–71 health-care benefits by clients of, 45–47 health-care industry clients of, 61–66, 148, 280 ACA and, 62–65 Centene, 274 NHS overhaul and, 259, 262, 264–75 state and federal clients and, 51–73, 280 home mortgage lending and, 181–82, 187–89 homeowners’ insurance, 194, 199–200 human rights and, 31, 99–101, 104–7 Chinese Uyghurs, 100, 104–6, 160 Hong Kong protests, 106–7 Moscow protests, 31 ICE and, 26, 74–90, 279 Illinois Medicaid program and, 51–57, 61 inequality and, 27–28, 32–50, 147–48, 278 influence and status of, 17–23, 28, 30, 64, 199, 278 insurance claims payouts and, 180, 191–203 Interior Department contract and, 70 job security and loyalty downplayed by, 37–38, 44–45 Johnson & Johnson as client of, 133–35 Juul as client of, 123–29 Khashoggi murder and, 253–54, 256–57 Made in China 2025 and, 102–3 maintenance cuts advised by, 1–16, 264, 280–81 Malaysia and, 26, 102 management philosophy and, 2–3, 17–18 shift to strategic planning, 36–37 management structure and style of, 26, 121, 278 managing partners Barton, 63, 86, 99, 101–2, 106, 165, 238, 241, 257, 272 Bower, 19, 32–33 Daniel, 98, 181 Davis, 98, 241, 249 Gupta, 39, 206 Sneader, 29–31, 74–75, 86, 90, 106–7, 143, 168, 239, 241, 254, 255, 257 Strenfels, 127–30, 168–70 Marshall Field’s and, 34 Massachusetts future of work study and, 148 matrix management and, 175–79, 260 media exposés of, 23, 25–28, 74–76, 79–85, 107–8, 133, 146, 148, 168–69, 257 Missouri Medicaid program and, 57–61 MLB review by, 221 Monitor as client of, 266–69 multinationals and, 95–96, 98–99 New York City contracts and, 225 New York Knicks and, 211 NOAA contract and, 70 nondisclosure agreements and, 27, 278 oil and gas companies and, 155–58, 162–64, 166 Aramco, 156, 243–44, 248 BP, 164 Chevron, 163–64 China and, 99 Enron and, 206–9 ExxonMobil, 20, 156–57, 163 Gazprom, 163, 257 PDVSA, 156 Pemex, 156 Royal Dutch Shell, 156, 163, 260–61 Texaco, 156–57 outsourcing and offshoring and, 33, 39–46, 49–50 partners compensation of, 18, 135 election of, 22 number of, 30 Peters’s critique of, 27–28, 36–37, 179 pharmaceutical companies and, 20, 22, 73, 281 FDA and, 66–69 opioids and, 26–27, 74, 109, 130–48, 280 opioid settlement and, 143, 148 polluters as clients of, 162, 164–70, 278 profit maximization and, 35–39, 198 public scrutiny of, 25–28, 74, 107, 148, 277–78 public-sector practice begun, 94 Purdue Pharma and, 109, 131–45, 148, 280 QuantumBlack bought by, 210–12 Railtrack maintenance and, 263–64 revenues and profits of, 24, 242, 257 Rice as consultant for, 224 Russia and, 26, 31, 108, 257 Saudi Arabia and, 108, 243–57, 279–80 consultants hired in, 248 ministries as clients of, 243–45, 249–51, 256 NEOM project and, 247, 256 purge of 2017 and, 250 sentiment analysis and, 251–57 “Saudi Arabia Beyond Oil” report and, 247–48 Saudi Center for International Strategic Partnerships and, 247 Seafirst and, 177–78, 180 secrecy and, 18, 25, 27, 54–58, 107, 111–12, 120, 136, 162, 168, 256–57, 277–78 securitization of credit and, 172 Enron and, 187, 207–9 financial crisis and, 188–90 launched by Bryan, 182–87, 189–90 Shanghai urban planning and, 99 shareholder profits and stock prices and, 24, 27–28, 36, 38–39, 42–43, 49–50, 198 shell companies and, 18 smart cities and, 103–4 South Africa and, 26, 30, 74, 223–42, 250, 257, 279–80 state capture investigations and, 236–42 South African Airways and Regiments and, 239–40 sovereign wealth funds and, 18, 165, 257 sports and, 209–22 steel industry and British, 261 coking coal and, 164–66 maintenance and safety in, 1–9, 280–81 U.S. steel, 1–10, 16, 280–81 St.

pages: 677 words: 206,548

Future Crimes: Everything Is Connected, Everyone Is Vulnerable and What We Can Do About It
by Marc Goodman
Published 24 Feb 2015

Though TJX reached a settlement with Visa, MasterCard, and its customers in the amount of $256 million, many analysts believe the true costs could easily have been closer to $1 billion. One of the most authoritative sources for research on the cost of data breaches comes from the Ponemon Institute, which conducts independent research on data protection and information security policy. In calculating cybersecurity breaches, it notes it is important to extend the loss analysis well beyond direct consumer theft amounts. For example, the victim company targeted in the attacks, such as TJX, must spend handsomely on detecting the breach, containing the attackers, investigating the matter, identifying the perpetrators, and repairing and recovering its computer network.

He maintains so-called bulletproof untraceable computer servers and contracts with crooked Internet service provider hosting companies to ensure his crimeware remains beyond the reach of global law enforcement. The CIO helps maintain “customer” databases and botnet armies and is responsible for information security, including the management of “proxy networks” that preserve his employees’ activities and ensure that they cannot be traced. The CIO also handles the encryption of corporate criminal data, ensuring it is unreadable and unusable by either the authorities or competitor criminal hacking organizations.

Needless to say, Crime, Inc. too is eager to learn what your outlets know: you may find that with each new Wi-Fi lightbulb and door lock you buy, you are unwittingly providing hackers all they need to find new ways to haunt your house from afar. Business Attacks and Building Hacks Businesses too are jumping on the IoT bandwagon to further drive cost savings, and though the majority of corporations do have chief information security officers, the technological battleground that is the office is proving extremely difficult to navigate. Unbeknownst to most, since 2002, nearly all photocopiers have come with internal hard drives that store every document copied or scanned. Because many of these devices are leased or eventually sold, the data they contain is wide open for pilfering, as a CBS News investigative report demonstrated.

pages: 80 words: 21,077

Stake Hodler Capitalism: Blockchain and DeFi
by Amr Hazem Wahba Metwaly
Published 21 Mar 2021

More generally, encryption is creating and analyzing a protocol that prevents third parties or the public from reading or accessing data stored or transferred through a communication medium. The human-readable format for the DeFinition of encryption is a BlackBox that you enter a piece of data to and use a key to encode it, and this process can't be reversed except with a unique key that two or more parties can share. At the heart of modern encryption are various aspects of information security such as data confidentiality, integrity, authenticity, and non-denial. Modern cryptography is at the intersection of mathematics, computer science, electrical engineering, communications, and physics. Cryptographic applications include e-commerce, chip-based debit cards, digital currencies, computer cryptography, and military communications.

pages: 295 words: 84,843

There's a War Going on but No One Can See It
by Huib Modderkolk
Published 1 Sep 2021

Those were the days of the first Macs and the fall of the Berlin Wall. When he joined the team at GovCERT in 2007, it was a rather stuffy organisation tasked with drafting security recommendations for Dutch government ministries. Aart Jochem was a serious, level-headed professional. Colleagues liked his affability, innovative drive and terrific knowledge of information security. And that he’d held on to the idealism of the eighties and nineties, believing technology exists to give the people more freedom. In the four years, eight months and thirty days Jochem had worked at GovCERT, he never felt things were sliding beyond his control − until the evening of 31 August 2011.

For the CIA it was golden opportunity, because rarely were all these analysts physically present in one place. Some would also be attending the RSA Conference afterwards at the RAI convention centre, just south of the city centre, where in hall G107 – one of the smaller halls – the team’s Romanian leader Costin Raiu would be debating a new and ‘controversial’ issue in information security, known as advanced persistent threats. Were APTs a serious menace? Or a security hype? More important for the CIA was the three-day gathering that twelve people from Kaspersky would be holding on their own. Initially, the AIVD and CIA considered bugging their hotel conference room, but that plan was aborted as being too complicated.

Mastering Blockchain, Second Edition
by Imran Bashir
Published 28 Mar 2018

Get in touch with us at service@packtpub.com for more details. At www.PacktPub.com, you can also read a collection of free technical articles, sign up for a range of free newsletters, and receive exclusive discounts and offers on Packt books and eBooks. Contributors About the author Imran Bashir has an M.Sc. in Information Security from Royal Holloway, University of London, and has a background in software development, solution architecture, infrastructure management, and IT service management. He is also a member of the Institute of Electrical and Electronics Engineers (IEEE) and the British Computer Society (BCS). Imran has sixteen years' of experience in the public and financial sectors.

If you are running a version other than 1.0.2g, the examples may still work but that is not guaranteed, as older versions lack the features used in the examples and newer versions may not be backward compatible with version 1.0.2g. In the sections that follow, the theoretical foundations of cryptography are first discussed and then a series of relevant practical experiments will be presented. Introduction Cryptography is the science of making information secure in the presence of adversaries. It does so under the assumption that limitless resources are available to adversaries. Ciphers are algorithms used to encrypt or decrypt data, so that if intercepted by an adversary, the data is meaningless to them without decryption, which requires a secret key.

This trend is expected to grow as ample efforts discussed previously in this chapter are being made to improve the technology and address any technical limitations such as scalability and privacy. Security is also another general concern which has been highlighted by many researchers and is especially applicable to the finance and health sectors. A report by the European Union Agency for Network and Information Security (ENISA) has highlighted distributed ledger specific concerns that should be addressed. The report is available at https://www.enisa.europa.eu/news/enisa-news/enisa-report-on-blockchain-technology-and-security. Some concerns highlighted in the report include smart contract management, key management, Anti Money Laundering (AML), and anti-fraud tools.

pages: 342 words: 95,013

The Zenith Angle
by Bruce Sterling
Published 27 Apr 2004

Another tough break: there was no wireless signal for his laptop’s Wi-Fi card, either. As Van was accustoming himself to complete defeat, the overhead light poles winked out. How very bright a million stars were in the mountains, suddenly. Van opened his laptop. The federal dot-pdf on his screen was horribly titled “Draft Reporting Instructions for the Government Information Security Reform Act and Updated Guidance on Security Plans of Action and Milestones.” Van did not have to read any more of this awful document, though. Instead, his computer was going to give him enough light and heat to survive the night. Van dug in his pack and wrapped himself in a four-dollar NASA surplus astronaut blanket.

The very kind of thing that Delta Force liked to carry way behind the lines of enemies (and allies). Wi-Fi was just getting started, and when Van thought about it, it filled him with chills. Wi-Fi carried data that was fast, cheap, anonymous, wide-open, wireless, portable, great big bleeding menaces to data protection, to intellectual property, to information security, sold in shrink-wrap packs as if they were bubble gum . . . Wi-Fi was a nightmare. The stuff coming down the pike was worse. It was like it was evolving on purpose to make a secure life impossible. Van shifted Ted from his right hip to his left. Someone tapped Van’s shoulder. It was Tony.

pages: 260 words: 40,943

Hacking Exposed: Network Security Secrets and Solutions
by Stuart McClure , Joel Scambray and George Kurtz
Published 15 Feb 2001

Consider using a toll-free number or a number that is not in your organization’s phone exchange. In addition, we have seen several organizations list a fictitious administrative contact, hoping to trip up a would-be social engineer. If any employee receives an email or calls to or from the fictitious contact, it may tip off the information security department that there is a potential problem. Another hazard with domain registration arises from the way that some registrars allow updates. For example, the current Network Solutions implementation allows automated online changes to domain information. Network Solutions authenticates the domain registrant’s identity through three different methods: the FROM field in an email, a password, or via a Pretty Good Privacy (PGP) key.

Webhits lends “hit highlighting” functionality to Index Server, which shows the exact portions of a document that satisfy an Index Server query. Webhits is invoked by requesting .htw files, and several vulnerabilities are associated with Webhits functionality. Each of them was discovered by David Litchfield while working at Cerberus Information Security. ▼ The first .htw attack works by using an existing .htw sample file to view the source of other files, even those outside of Webroot. These samples are optionally installed on IIS 4, not 5. A sample attack might look like this: http://victim.com/iissamples/issamples/oop/qfullhit.htw? CiWebHitsFile=/../..

Data and the City
by Rob Kitchin,Tracey P. Lauriault,Gavin McArdle
Published 2 Aug 2017

For data, provenance has many related meanings, but broadly refers to ‘information about the origin, context, or history of the data’ (Cheney et al. 2009: 959). The US Department of Homeland Security (2009) has identified data provenance as one of the ‘hardest and most critical challenges that must be addressed’ for information security (INFOSEC Research Council 2005), one whose solution would significantly improve the nation’s national information security infrastructure. This understanding of data provenance conceptualizes it as a technical question about metadata, one that presumes a technical solution is not only possible, but desirable, not only for data practitioners, but as a general good for everyone.

pages: 324 words: 96,491

Messing With the Enemy: Surviving in a Social Media World of Hackers, Terrorists, Russians, and Fake News
by Clint Watts
Published 28 May 2018

They employed hashtags to signal major releases and even paid spammers to send out tweets on their behalf. They launched campaigns on Twitter in concert with distribution on Facebook and on a host of other social media applications. ISIS also upgraded its social media teams by pairing them with hackers, who formed a kind of technical brigade. The technical brigade worked on hacking and information security for the group. Together, the teams found workarounds to avoid Twitter’s shutdowns and maximized support from its online fan base. Social bots promoting ISIS appeared, and ISIS and its supporters worked continuously to avoid Twitter’s controls and account closures. Twitter’s closures ultimately became an exhausting battle for ISIS, so the group moved its operations to the social media platform Telegram, whose encryption and more closed network blended the terrorist forums of the old internet with new social media applications.

Kristinn Hrafnsson, another WikiLeaks spokesperson, repeated the warning on October 26, 2010: “Russians are going to find out a lot of interesting facts about their country.”6 Audiences and journalists waited in anticipation for the Russia bombshells, but they never came. The following day, October 27, 2010, an unnamed official at the FSB’s Center for Information Security, Russia’s internal intelligence arm, issued a statement: “It’s essential to remember that given the will and the relevant orders, [WikiLeaks] can be made inaccessible forever.”7 The Russian secrets never surfaced at WikiLeaks, and instead Assange’s next posting, on November 28, 2010, showcased U.S.

pages: 419 words: 102,488

Chaos Engineering: System Resiliency in Practice
by Casey Rosenthal and Nora Jones
Published 27 Apr 2020

Large-scale coordinated events occur throughout the year and teams proactively test their systems and themselves regularly. Some level of participation in DiRT is mandatory from SRE teams and highly encouraged for service owners everywhere in the company. A significant portion of participation comes from more than just software engineering and SRE organizations: physical security, information security, datacenter operations, communications, facilities, IT, human resources, and finance business units have all designed and executed DiRT tests. There has been a focus in recent years on providing a standardized suite of automated tests for network and software systems. Engineers can use pre-constructed automated tests out of the box to verify their system’s behavior given failures in shared infrastructure and storage systems.

Failure to correctly implement basic configurations and appropriate technical controls lead the pack of contributing factors to security incidents.2 Organizations are being asked to do so much with so few resources, just to maintain the security status quo. All the while there is a conflict in the way we approach security engineering and the way systems are being built in tandem. The need to think differently about information security is paramount as the movement toward complex, distributed systems threatens the ability of security to keep pace. Engineering practices have reached a state where the systems we are designing are impossible for the human mind to mentally model. Our systems are now vastly distributed and operationally ephemeral.

pages: 178 words: 33,275

Ansible Playbook Essentials
by Gourav Shah
Published 29 Jul 2015

Ansible-playbooks, being a source code, are most commonly stored in version control repositories such as a git, which makes it even more difficult to protect this sensitive information in a collaborative environment. Starting with version 1.5, Ansible provides a solution called vault to store and retrieve such sensitive information securely, using proven encryption technologies. The objective of using vault is to encrypt data that can then be stored and shared freely with a version control system, such as git, without the values being compromised. In this chapter, we will learn about the following topics: Understanding the Ansible-vault Securing data using the Ansible-vault Encryption, decryption, and rekeying operations Ansible-vault Ansible provides a utility named Ansible-vault, which as the name suggests, lets you manage data securely.

pages: 416 words: 106,582

This Will Make You Smarter: 150 New Scientific Concepts to Improve Your Thinking
by John Brockman
Published 14 Feb 2012

To get a more concrete sense of some of the underlying design issues, it helps to walk through an example in a little detail—a basic kind of situation, in which we try to achieve a desired outcome with information and actions that are divided among multiple participants. The example is the problem of sharing information securely: Imagine trying to back up a sensitive database on multiple computers while protecting the data so that it can be reconstructed only if a majority of the backup computers cooperate. But since the question of secure information-sharing ultimately has nothing specifically to do with computers or the Internet, let’s formulate it instead using a story about a band of pirates and a buried treasure.

Risk literacy should be taught beginning in elementary school. Let’s dare to know—risks and responsibilities are chances to be taken, not avoided. Science Versus Theater Ross Anderson Professor of security engineering, University of Cambridge Computer Laboratory; researcher in the economics and psychology of information security Modern societies waste billions on protective measures whose real aim is to reassure rather than to reduce risk. Those of us who work in security engineering refer to this as “security theater,” and there are examples all around us. We’re searched going into buildings that no terrorist would attack.

pages: 629 words: 109,663

Docker in Action
by Jeff Nickoloff and Stephen Kuenzli
Published 10 Dec 2019

They bring their own nuances, benefits, and required skillsets. Their use can be more than worth the effort. Support for each varies by Linux distribution, so you may be in for a bit of work. But once you’ve adjusted your host configuration, the Docker integration is simpler. Security research The information security space is complicated and constantly evolving. It’s easy to feel overwhelmed when reading through open conversations between InfoSec professionals. These are often highly skilled people with long memories and very different contexts from developers or general users. If you can take away any one thing from open InfoSec conversations, it is that balancing system security with user needs is complex.

For example, if you use Docker to distribute cryptographic material, confidentiality will be a major concern. Artifact integrity and confidentiality features vary across the spectrum. Overall, the out-of-the-box distribution security features won’t provide the tightest confidentiality or integrity. If that’s one of your needs, an information security professional will need to implement and review a solution. Expertise The last thing to consider when choosing a distribution method is the level of expertise required. Using hosted methods can be simple and requires little more than a mechanical understanding of the tools. Building custom image or image source-distribution pipelines requires expertise with a suite of related technologies.

pages: 409 words: 105,551

Team of Teams: New Rules of Engagement for a Complex World
by General Stanley McChrystal , Tantum Collins , David Silverman and Chris Fussell
Published 11 May 2015

An investigation identified the soldier, who by then had been demoted to private first class, as Bradley Manning.* A Fox News op-ed asked with outrage how “all this leaked information was the work of a single 22-year-old enlisted man in the Army.” The author was incredulous: “How could one individual gain such access to all that classified material? Clearly we have grossly under-prioritized information security.” Since The 9/11 Commission Report famously concluded that the U.S. intelligence community had all the pieces of the puzzle but had failed to put them together and protect the country, the national security community has seen a gradual but undeniable paradigm shift toward greater information sharing.

Since The 9/11 Commission Report famously concluded that the U.S. intelligence community had all the pieces of the puzzle but had failed to put them together and protect the country, the national security community has seen a gradual but undeniable paradigm shift toward greater information sharing. Ten years after September 11, fact finders for the Senate Committee on Homeland Security and Government Affairs reported, “the attacks on 9/11 showed all of us that the Cold War ‘need to know’ system for managing classified and sensitive information drove a culture of information security that resulted in countless stovepipes and secretive pockets of the nation’s most valuable information.” At the same time, the national security apparatus has ballooned in size. As of this writing, 854,000 people hold clearance at the top secret level and a third of them are private contractors.

pages: 324 words: 106,699

Permanent Record
by Edward Snowden
Published 16 Sep 2019

A double-tap meant to incapacitate, followed by an aimed shot meant to execute. I was there as a member of class 6-06 of the BTTP, the Basic Telecommunications Training Program, whose intentionally beige name disguises one of the most classified and unusual curricula in existence. The purpose of the program is to train TISOs (Technical Information Security Officers)—the CIA’s cadre of elite “communicators,” or, less formally, “commo guys.” A TISO is trained to be a jack-of-all-trades, a one-person replacement for previous generations’ specialized roles of code clerk, radioman, electrician, mechanic, physical and digital security adviser, and computer technician.

While I was setting up the projector so I could share slides showing how easy it was to run a Tor server to help, for example, the citizens of Iran—but also the citizens of Australia, the UK, and the States—my students drifted in, a diverse crew of strangers and a few new friends I’d only met online. All in all, I’d say about twenty people showed up that December night to learn from me and my co-lecturer, Runa Sandvik, a bright young Norwegian woman from the Tor Project. (Runa would go on to work as the senior director of information security for the New York Times, which would sponsor her later CryptoParties.) What united our audience wasn’t an interest in Tor, or even a fear of being spied on as much as a desire to re-establish a sense of control over the private spaces in their lives. There were some grandparent types who’d wandered in off the street, a local journalist covering the Hawaiian “Occupy!”

pages: 338 words: 104,815

Nobody's Fool: Why We Get Taken in and What We Can Do About It
by Daniel Simons and Christopher Chabris
Published 10 Jul 2023

In the end, he didn’t respond because he was sure that at some point before receiving the investment, he would be asked to help these rich folks pay some minor expenses, probably because their overseas funds had all been frozen by sanctions—except, somehow, the €200 million “investment.” Unlike many phishing attempts that superficially mimic the appearance of legitimate queries, these “out of the blue” emails make transparently ridiculous pitches. That seems counterproductive, which is why the information security researcher Cormac Herley asked in the title of a 2012 paper, “Why Do Nigerian Scammers Say They Are from Nigeria?”8 Herley explained that the obviousness is the point. It costs the scammers virtually nothing to spam the world, but it costs them a lot to conduct all the follow-up necessary to reel a victim in.

Kouwenhoven and W. Heck, “Separated from the Netherlands, with 1.5 Million Euros Added,” NRC, April 21, 2022 [https://www.nrc.nl/nieuws/2022/04/21/losgemaakt-van-nederland-met-15-miljoen-euro-toe-a4116891]. 8. C. Herley, “Why Do Nigerian Scammers Say They Are from Nigeria?,” Proceedings of the Workshop on Information Security, Berlin, June 25–26, 2012 [https://www.microsoft.com/en-us/research/wp-content/uploads/2016/02/WhyFromNigeria.pdf]. 9. G. B. Trudeau, Doonesbury, January 27, 1985 [https://www.gocomics.com/doonesbury/1985/01/27]. 10. Raniere was sentenced to 120 years in prison after convictions for racketeering, racketeering conspiracy, sex trafficking, attempted sex trafficking, sex trafficking conspiracy, forced labor conspiracy, and wire fraud conspiracy [https://www.justice.gov/usao-edny/pr/nxivm-leader-keith-raniere-sentenced-120-years-prison-racketeering-and-sex-trafficking].

pages: 266 words: 38,397

Mastering Ember.js
by Mitchel Kelonye
Published 19 Oct 2014

James A Rosen is a senior user happiness engineer at Zendesk. He writes Ruby and JavaScript and is currently working on improving performance, scalability, and developer happiness on large-scale distributed web applications. He holds a BS degree in Computer Science and Music from Washington University in St. Louis and an MS degree in Information Security Policy and Management from Carnegie Mellon University. He has written for the Zendesk Developers blog and contributed to technical books, including editing Understanding the Four Rules of Simple Design, Corey Haines. www.PacktPub.com Support files, eBooks, discount offers, and more For support files and downloads related to your book, please visit www.PacktPub.com.

pages: 161 words: 39,526

Applied Artificial Intelligence: A Handbook for Business Leaders
by Mariya Yao , Adelyn Zhou and Marlene Jia
Published 1 Jun 2018

Other Important Roles The roles that we highlighted tend to be executives with sufficient technical expertise, organizational resources, and enterprise clout to lead major AI initiatives. However, successful investments can be led by a myriad of roles including Chief Digital Officers, Chief Security Officers / Chief Information Security Officers, Chief Risk Officers, Chief Innovation Officers, Chief Science Officers, Chief Strategy Officers, etc. The exact scope and role of these positions in the C-Suite hierarchy can vary widely across organizations, so you’ll need to clarify their responsibilities within your own organization before pitching them to be your champion.

pages: 124 words: 37,476

Korea--Culture Smart!
by Culture Smart!
Published 15 Jun 201

Smartphones are used for activities such as banking, making payments, including public travel passes and bills, and communications. The “digital wallet” is the new norm, and cash rarely changes hands. Samsung has invented a payment app for public use called Samsung Pay. This stores personal banking information securely and allows personal payments to be made in real-time. Payment for taxi rides, public transportation, and utility bills can be transacted with the press of a button. The downside is that it is a built-in app exclusively for Samsung cell phones. However, there are alternatives. Kakaotalk is a communication app developed primarily to offer most of the services that Samsung Pay provides.

pages: 440 words: 117,978

Cuckoo's Egg
by Clifford Stoll
Published 2 Jan 1989

Aletha didn’t care about computers, but had a wary eye for problems on the horizon. She wasted no time in calling the FBI. Our local FBI office didn’t raise an eyebrow. Fred Wyniken, special agent with the Oakland resident agency, asked incredulously, “You’re calling us because you’ve lost seventy-five cents in computer time?” Aletha tried explaining information security, and the value of our data. Wyniken interrupted and said, “Look, if you can demonstrate a loss of more than a million dollars, or that someone’s prying through classified data, then we’ll open an investigation. Until then, leave us alone.” Right. Depending on how you looked at it, our data was worth either nothing or zillions of dollars.

“OK,” Ann replied, “it’s not within my command.” I didn’t like leaving Berkeley, partly because I missed my sweetheart, but also because it left the hacker unwatched. I was to talk to the NTISSIC, a governmental organization whose acronym has never been decoded. Bob Morris said they set policy for telecommunications and information security, so I could guess some of the letters. “While you’re in the area,” Teejay said, “how about stopping by our headquarters in Langley?” Me? Visit the CIA? I’m in way over my head now. Meeting the spooks on their own ground. I could just imagine it: hundreds of spies in trench coats, skulking around hallways.

pages: 420 words: 119,928

The Three-Body Problem (Remembrance of Earth's Past)
by Cixin Liu
Published 11 Nov 2014

Wang glanced at his watch: It was three in the morning. Wang arrived at Da Shi’s chaotic office and saw that it was already filled with a dense cloud of cigarette smoke. A young woman police officer who shared the office fanned the smoke away from her nose with a notebook. Da Shi introduced her as Xu Bingbing, a computer specialist from the Information Security Division. The third person in the office surprised Wang. It was Wei Cheng, the reclusive, mysterious husband of Shen Yufei from the Frontiers of Science. Wei’s hair was a mess. He looked up at Wang, but seemed to have forgotten they had met. “I’m sorry to bother you, but at least it looks like you weren’t asleep,” Da Shi said.

I’ll leave the paperwork until tomorrow, because we have to move right away.” He turned to Wang. “No rest for the weary. I have to ask you to come and advise me some more.” Then he turned to Xu Bingbing, who’d been silent the whole time. “Bingbing, right now I have only two men on duty, and that’s not enough. I know the Information Security Division isn’t used to fieldwork, but I need you to come along.” Xu nodded, glad to leave the smoke-filled office. * * * In addition to Da Shi and Xu, the team for conducting the search consisted of Wang Miao, Wei Cheng, and two other officers from the Criminal Division. The six of them rode through the predawn darkness in two police cars, heading toward Wei’s neighborhood at the edge of the city.

pages: 395 words: 116,675

The Evolution of Everything: How New Ideas Emerge
by Matt Ridley

While there are plenty of us who would like to see abusive internet commentators stripped of their anonymity, so would the leaders of repressive regimes like to see dissidents exposed. Russian President Vladimir Putin has been explicit that his goal is ‘establishing international control over the Internet’ through the ITU. In 2011 Russia joined with China, Tajikistan and Uzbekistan to propose an ‘International Code of Conduct for Information Security’ to the UN General Assembly. The issue came to a head at a meeting of the ITU in Dubai in December 2012, where member countries voted by eighty-nine to fifty-five to give the United Nations agency unprecedented power over the internet, with Russia, China, Saudi Arabia, Algeria and Iran leading the charge for regulation.

‘Mahatma’ 178 Garzik, Jeff 312 Gas Research Institute 136 Gassendi, Pierre 12, 13 Gates, Bill 222 Gaua 81 Gazzaniga, Michael 144, 147 GCHQ 303 genes: background 59–61; function of 65; and the genome 62–4; and junk or surplus DNA 66–72; mutation 72–5; selfish gene 66, 68 Genghis Khan 87, 223 geology 17 George III 245 Georgia Inst. of Technology 272 German Society for Racial Hygiene 198, 202 Germany 12, 29, 101, 122, 138, 231, 243, 247, 251, 253, 318 Ghana 181, 229 Giaever, Ivar 273 Gilder, George 287 Gilfillan, Colum 127 Gladstone, William Ewart 246 Glaeser, Edward 92 Glasgow University 22, 25 Glass-Steagall Act 287 global warming 271–6 Glorious Revolution (England) 243 Gobi desert 92 Goddard, Robert 138 Godkin, Ed 250 Goethe, Charles 202 Goethe, Johann Wolfgang von 248 Goldberg, Jonah 252; Liberal Fascism 199, 251 Goldman Sachs 3 Goldsmith, Sir Edward 211 Goodenough, Oliver 36 Google 120, 130, 132, 188 Gore, A1205, 211, 273, 274 Gosling, Raymond 121 Gottlieb, Anthony 41 Gottlieb, Richard 11 Gould, Stephen Jay 38, 53, 69 government: commerce and freedom 243–4; counterrevolution of 247–50; definition 236; free trade and free thinking 244–6; as God 254–5; and the Levellers 241–2; liberal fascism 250–2; libertarian revival 252–3; prison system 237–8; and protection rackets 238–41; and the wild west 235–6 Grant, Madison 202; The Passing of the Great Race 200–1 Graur, Dan 71, 72 Gray, Asa 44; Descent of Man 44–5 Gray, Elisha 119 Great Depression 105, 125, 318 Great Recession (2008–09) 97, 297 Greece 259 Green, David 115 Green, Paul 226 Green Revolution 208, 210 Greenblatt, Stephen 9, 11n Greenhalgh, Susan 212; Just One Child 210–11 Greenspan Put 289 Gregory, Ryan 71 Gregory VII, Pope 239 Gresham’s Law 279 Guardian (newspaper) 53 Gulf War 298 Gutenberg, Johannes 220 Hadiths 262 Haeckel, Ernst 197, 198 Hahnemann, Samuel 271 Haig, David 57 Hailey, Malcolm, Lord 231 Hailo 109 Haiti 207 Hamel, Gary 224 Hamilton, Alexander 244 Hannan, Daniel 35, 242, 315 Hannauer, Nick 107 Hansen, Alvin 105 Hanson, Earl Parker, New Worlds Emerging 209 Harford, Tim, Adapt: Why Success Always Starts With Failure 127, 255 Harriman, E.H. 200 Harris, Judith Rich 155–6, 158–65, 169; The Nurture Assumption 160–1 Harris, Sam 147, 148, 149–50, 151, 152 Harvard Business Review 224 Harvard University 9, 28, 57, 155, 159, 300 Hayek, Friedrich 35, 102, 128, 133, 230, 232, 243; The Constitution of Liberty 300; The Road to Serfdom 253 Haynes, John Dylan 146–7 Hazlett, Tom 223 Heidegger, Martin 201 Helsinki 211, 212 Henrich, Joe 89 Henry II 34 Henry VII 240 Henry the Navigator, Prince 134 Heraclius 262 Heritage Foundation 241 Higgs, Robert 240 Hill, P.J. 235–6 Hines, Melissa 169 Hitler, Adolf 198, 201, 217, 251, 252, 253; Mein Kampf 252 Hobbes, Thomas 8, 12, 197–8, 243 Holdren, John 208 Holland 142 Holland, Tom, In the Shadow of the Sword 261–2 Holocaust 214 Hong Kong 31, 92, 97, 101, 190, 191, 233–4 Hood, Bruce 148; The Self Illusion 145 Horgan, John 60 Hortlund, Per 284 ‘How Aid Underwrites Repression in Ethiopia’ (2010) 232 Howard, John 273 Hu Yaobang 212 Human Genome Project 64 Human Rights Watch 232 Hume, David 20, 21–2, 40–1, 54, 276; Concerning Natural Religion 39–40; Natural History of Religion 257 Humphrey, Nick 144, 154 Hussein, Saddam 298 Hutcheson, Francis 22, 25 Hutchinson, Allan 33 Hutton, James 17 Huxley, Aldous, Brave New World 167 Huxley, Julian 205, 211 Hyderabad 181 Ibsen, Henrik 249 Iceland 32 Iliad 87 Immigration Act (US, 1924) 201 Incas 86, 259 India 34, 87, 108, 125, 177–8, 181, 183, 196, 204, 206, 213, 214, 258, 259 Industrial (R)evolution 63, 104, 108,109–10, 135, 220, 248, 254–5, 277 Infoseek (search engine) 120 Intel 223 Intergovernmental Panel on Climate Change (IPCC) 273–4 International Code of Conduct for Information Security 305 International Federation of Eugenics Organisations 202 International Monetary Fund (IMF) 286 International Telecommunications Union (ITU) 305 internet: balkanisation of the web 302–6; and bitcoin 308–12; and blockchains 306–9, 313–14; central committee of 305–6; complexity of 300–1; emergence of 299–300; individuals associated with 301–2; and politics 314–16 Internet Corporation for Assigned Names and Numbers (ICANN) 305–6 Iraq 32, 255 Ireland 213, 246 Irish Republican Army (IRA) 240 Islam 259, 260, 262–3 Islamabad 92 Islamic State 240 Israel, Paul 119 Italian city states 101 Italy 34, 247, 251 Ive, Sir Jonathan 319 Jablonka, Eva 56, 57 Jackson, Doug 309 Jacobs, Jane 92 Jagger, Bianca 211 Jainism 260 Japan, Japanese 32, 122, 125, 231, 232, 288 Jefferson, Thomas 15, 20, 114, 244 Jehovah 13, 276 Jerome, St 11 Jesus Christ 8, 9, 88, 257, 258, 263, 266 Jevons, William Stanley 63, 106 Jews 29, 142, 197, 202–3, 257 Jobs, Steve 119, 222 Johnson, Boris 166; The Churchill Factor: How One Man Made History 217 Johnson, Lyndon B. 206, 207, 289 Johnson, Steven Berlin 220; Where Good Ideas Come From: The Natural History of Innovation 127 Jones, Judge John 49, 50, 51 Jonson, Ben 15 J.P.

pages: 397 words: 110,222

Habeas Data: Privacy vs. The Rise of Surveillance Tech
by Cyrus Farivar
Published 7 May 2018

“I didn’t like the idea that Google was going to be profiling people’s private messages for advertising,” Levison said. “I was creating the type of service that I wanted to use myself. It was developed with the type of features that I would choose to use. You have to remember, I was involved in that information security community and I wanted to build the type of service that my friends couldn’t break into.” Early on, Levison offered TLS support, and thought user-level encryption was a way to secure himself against NSLs. “I knew about the PATRIOT Act, I remember thinking that it was slightly too aggressive, that the pendulum had swung too far,” he said.

Available at: https://arstechnica.com/​tech-policy/​2015/​03/​we-know-where-youve-been-ars-acquires-4-6m-license-plate-scans-from-the-cops/​. In the latter half of the twentieth century: Luisa Parraguez Kobek and Erick Caldera, “Cyber Security and Habeas Data: The Latin American Response to Information Security and Data Protection,” Oasis 24 (July–December 2016), pp. 109–128. Available at: http://revistas.uexternado.edu.co/​index.php/​oasis/​article/​view/​4679/​5673. However, there is a historical skepticism: Ellen M. Kirsh, David W. Phillips, and Donna E. McIntyre, “Recommendations for the Evolution of Cyberlaw,” Journal of Computer-Mediated Communication 2 (September 1996).

pages: 444 words: 118,393

The Nature of Software Development: Keep It Simple, Make It Valuable, Build It Piece by Piece
by Ron Jeffries
Published 14 Aug 2015

The overwhelming majority of malicious users are known as “script kiddies.” Don’t let the diminutive name fool you. Script kiddies are dangerous because of their sheer numbers. Although the odds are low that you will be targeted by a true cracker, your systems are probably being probed by script kiddies right now. This book is not about information security or online warfare. A robust approach to defense and deterrence is beyond my scope. I will restrict my discussion to the intersection of security and stability as it pertains to system and software architecture. The primary risk to stability is the now-classic distributed denial-of-service (DDoS) attack.

(Note that MongoDB, the company, has a thorough guide for securing the database;[61] it’s unfortunate that the default installation at the time was not secured.) Remember the install script is the first step in installation, not the last. Another common security misconfiguration relates to servers listening too broadly. We first encountered this in ​Programming for Multiple Networks​. You can improve information security right away by splitting internal traffic onto its own NIC separate from public-facing traffic. Security professionals talk about the “attack surface,” meaning the sum of all IP addresses, ports, and protocols reachable to attackers. Split those admin interfaces to reduce the attack surface.

Google AdWords
by Anastasia Holdren
Published 4 Nov 2011

Rules About Ad Functionality Malware (malicious software) Advertisers cannot promote software that steals, spams, commits fraud, disrupts usage, or the like. Malicious or not, advertisers cannot trick people into installing software. Deception Advertisers cannot promote products or services that mislead people for financial gain. AdWords also prohibits deceptive practices like phishing. Personal information security Advertisers must use secure servers when collecting personal or financial information. In addition, advertisers must clearly disclose when they do this and request permission from visitors. Sites collecting payment or financial information must disclose prices and billing practices in an easy-to-understand way.

pages: 133 words: 42,254

Big Data Analytics: Turning Big Data Into Big Money
by Frank J. Ohlhorst
Published 28 Nov 2012

Thinking through such tactics will lead you to consider protecting phone lists, shredding the papers in the recycling bins, convening an internal council to approve your R&D scientists’ publications, and coming up with other worthwhile ideas for your particular business. These guidelines can be applied to almost any information security paradigm that is geared toward protecting IP. The same guidelines can be used when designing IP protection for a Big Data platform. Chapter 8 The Evolution of Big Data To truly understand the implications of Big Data analytics, one has to reach back into the annals of computing history, specifically business intelligence (BI) and scientific computing.

pages: 159 words: 42,401

Snowden's Box: Trust in the Age of Surveillance
by Jessica Bruder and Dale Maharidge
Published 29 Mar 2020

To anyone else, the encrypted email would look like an inscrutable string of nonsense, something like this: Less than a month after Micah launched the Freedom of the Press Foundation’s website, he received an encrypted email from an anonymous source. This triggered a sequence of events Micah would later recount at the Intercept. Decrypted, the email read: From: anon108@XXXXX To: Micah Lee Date: Fri, 11 Jan 2013 Micah, I’m a friend. I need to get information securely to Laura Poitras and her alone, but I can’t find an email/gpg key for her. Can you help? Micah didn’t know it at the time, but a month earlier the same mysterious source had contacted another Freedom of the Press Foundation board member: Glenn Greenwald. The source wanted to have a private conversation with him and urged him to set up encryption.

pages: 457 words: 126,996

Hacker, Hoaxer, Whistleblower, Spy: The Story of Anonymous
by Gabriella Coleman
Published 4 Nov 2014

The encryption was too strong to crack on their own, but by utilizing the brute force of a pool of GPUs (graphics processing unit), they were able to crack the hashes in a number of hours. One of the passwords, “kibafo33,” granted access to Barr’s Gmail-hosted email account. There the Anons saw the jubilant internal HBGary email exchanges. Naturally, the hackers tried the password on all of Barr’s social media accounts and found that he violated the first rule of informational security: never use the same password across platforms. The team could now commandeer all of Barr’s social media accounts for lulz and worse. Getting in was just the beginning. “Good drama must be drastic”23 It was Super Bowl Sunday. Millions of Americans were glued to the tube watching overgrown bulky men pounce on each other for the purpose of kicking a ball through two goal posts.

I actually appreciated the productive discussions—much more than the veiled threats. Sometime in 2010 an email arrived in my inbox from a respected hacker encouraging me to attend NYSEC, the informal New York City gathering of security professionals and hackers held monthly at a bar. Or as their Twitter bio describes it, “A drinking meetup with an information security problem.” I figured why not. This was the cordial way of telling me: get real, start hanging out with real hackers. Others were less amicable. One of these “hackers” contacted me by email to generously offer me his entire collection of the hacker zine 2600 for my research. I was excited to add the zines to my personal library, and we met at a tiny New York City cafe.

pages: 525 words: 116,295

The New Digital Age: Transforming Nations, Businesses, and Our Lives
by Eric Schmidt and Jared Cohen
Published 22 Apr 2013

Over the past several years, the growth of mobile phones in Somalia has been one of the few success stories to emerge amid this anarchy. Even in the absence of security or a functioning government, the telecommunications industry has come to play a critical role in many aspects of society, providing Somalis with jobs, information, security and critical connections to the outside world. In fact, the telecoms are just about the only thing in Somalia that is organized, that transcends clan and tribal dynamics, and that functions across all three regions: South Central Somalia (Mogadishu), Puntland in the northeast and Somaliland in the northwest.

“war as a continuation of policy by other means”: Carl von Clausewitz, On War (Baltimore: Penguin Books, 1968). The original quote is “war as a continuation of politik by other means.” “it’s just much harder to know who took the shot at you”: Craig Mundie in discussion with the authors, November 2011. Mundie calls cyber-espionage tactics “weapons of mass disruption”: Craig Mundie, “Information Security in the Digital Decade.” Remarks at the American Chamber of Commerce in Bangkok, Thailand, October 20, 2003, http://www.microsoft.com/en-us/news/exec/craig/10-20security.aspx. until a virus known as Flame, discovered in 2012, claimed that title: “Resource 207: Kaspersky Lab Research Proves That Stuxnet and Flame Developers Are Connected,” Kaspersky Lab, June 11, 2012, http://www.kaspersky.com/about/news/virus/2012/Resource_207_KasperskyLab_Research_Proves_that_Stuxnet_and_Flame_Developers_are_Connected.

pages: 320 words: 87,853

The Black Box Society: The Secret Algorithms That Control Money and Information
by Frank Pasquale
Published 17 Nov 2014

Professor Helen Nissenbaum at NYU looks to creative obfuscation: her browser extension TrackMeNot floods your search engine with so many random queries that companies like Google can’t compile an accurate psychological or marketing profile.198 Presumably the same technology could be applied to Gmail by sending dozens of fake e-mails to dummy accounts. Other apps offer to watch our backs and tell us exactly who is sharing our data with others, and how.199 There are “personal data vaults” in which we can store our information securely and then bargain, oneon-one, with anyone who wants access to it.200 But self-help can take us only so far. For nearly every “Privacy Enhancing Technology” (PET) developed, a “Privacy Eviscerating Technology” may arise. Week by week the PET recommendations of digital gurus are rendered obsolete by countermeasures.

Jerry Kang, Katie Shilton, Deborah Estrin and Jeff Burke, “SelfSurveillance Privacy,” Iowa Law Review 97 (2010): 809–848; Jonathan Zittrain, “What the Publisher Can Teach the Patient: Intellectual Property and Privacy in an Era of Trusted Privication,” Stanford Law Review 52 (2000): 1201–1250; Latanya Sweeney, The Data Map (2012), http://thedatamap.org/maps.html. 201. Though some regulators are setting security standards, the leading policy response is simply to notify people that the breach occurred. Gina Stevens, Federal Information Security and Data Breach Notifi cation Laws, CRS Report for Congress, RL34120 (2010). 202. Kim Zetter, “Use These Secret NSA Google Search Tips to Become Your Own Spy Agency,” Wired, May 8, 2013, http://www.wired.com /threatlevel /2013/05/nsa-manual-on-hacking-internet /. 203. Lucas Mearian, “ ‘Wall of Shame’ Exposes 21M Medical Record Breaches,” Computerworld, August 7, 2012, http://www.computerworld.com /s /article/9230028.

pages: 960 words: 125,049

Mastering Ethereum: Building Smart Contracts and DApps
by Andreas M. Antonopoulos and Gavin Wood Ph. D.
Published 23 Dec 2018

Eventually, the development of the Ethereum platform will slow down and its interfaces will become fixed. But in the meantime, innovation is the driving principle. You’d better keep up, because no one will slow down for you. Why Learn Ethereum? Blockchains have a very steep learning curve, as they combine multiple disciplines into one domain: programming, information security, cryptography, economics, distributed systems, peer-to-peer networks, etc. Ethereum makes this learning curve a lot less steep, so you can get started quickly. But just below the surface of a deceptively simple environment lies a lot more. As you learn and start looking deeper, there’s always another layer of complexity and wonder.

Then we will look at how keys are generated, stored, and managed. Finally, we will review the various encoding formats used to represent private keys, public keys, and addresses. Public Key Cryptography and Cryptocurrency Public key cryptography (also called “asymmetric cryptography”) is a core part of modern-day information security. The key exchange protocol, first published in the 1970s by Martin Hellman, Whitfield Diffie, and Ralph Merkle, was a monumental breakthrough that incited the first big wave of public interest in the field of cryptography. Before the 1970s, strong cryptographic knowledge was kept secret by governments.

pages: 444 words: 127,259

Super Pumped: The Battle for Uber
by Mike Isaac
Published 2 Sep 2019

After years in government suits, he compromised with dadcore jeans and button-downs, and eventually moved to a more tech-friendly jeans and T-shirt combo. His high cheekbones, broad forehead, and wide-set eyes made his default expression a kind of restful stoicism, even in the face of complex information security problems. He spoke quickly and clinically, his dispassionate attitude forged over his years as a lawyer. The most emotion you’d see was a raised eyebrow, or perhaps a knowing smirk when telling war stories from his days as a prosecutor. Laughter never came in more than a chuckle, like the joke was a secret he kept to himself.

Before I left my house, I was to delete my Uber app and check the setting buried in the app submenu that deleted my contact information from Uber’s servers. One of Uber’s features requested users to upload their phone books to the cloud. If two friends or colleagues took a ride together, this feature allowed them to quickly split the fare. For most users, this was a nifty, convenient feature. For Bob and me, it was a liability; if Uber’s information security team wanted, they could spy on the rides I’d taken, the names and numbers of my contacts and sources—any information I’d willingly given over to Uber. Better I delete Uber from my phone entirely. I was to leave my phone in the car, turned off, and bring nothing but a pen and notebook. He’d find me when I got there.

pages: 200 words: 47,378

The Internet of Money
by Andreas M. Antonopoulos
Published 28 Aug 2016

There are really two types of companies out there: those that have failed to take the necessary action to secure the credit cards that you entrusted them with; and those that will soon fail to take the necessary security action to protect the credit cards you’ve entrusted them with. You’ve either been hacked or you will be hacked—those are the two categories. Nobody’s immune to this. No one can invent a way to protect millions of secure access tokens from motivated attackers. It’s impossible to do. We don’t know how to do it. There is no information security trick that can protect for all possible types of attacks. Credit cards are broken by design because the token itself is the secret key. If you transmit that token, you expose your entire account to risk. 9.2. Bitcoin Transactions: Secure by Design Bitcoin is fundamentally different.

pages: 312 words: 52,762

Gray Hat Python: Python Programming for Hackers and Reverse Engineers
by Justin Seitz
Published 15 Feb 2009

The book is designed to allow you to learn some theory behind most hacking tools and techniques, including debuggers, backdoors, fuzzers, emulators, and code injection, while providing you some insight into how prebuilt Python tools can be harnessed when a custom solution isn't needed. You'll learn not only how to use Python-based tools but how to build tools in Python. But be forewarned, this is not an exhaustive reference! There are many, many infosec (information security) tools written in Python that I did not cover. However, this book will allow you to translate a lot of the same skills across applications so that you can use, debug, extend, and customize any Python tool of your choice. There are a couple of ways you can progress through this book. If you are new to Python or to building hacking tools, then you should read the book front to back, in order.

pages: 271 words: 52,814

Blockchain: Blueprint for a New Economy
by Melanie Swan
Published 22 Jan 2014

Different parties have different definitions of what constitutes a Dapp. For example, Ethereum defines a smart contract/Dapp as a transaction protocol that executes the terms of a contract or group of contracts on a cryptographic blockchain.65 Our working definition of a Dapp is an application that runs on a network in a distributed fashion with participant information securely (and possibly pseudonymously) protected and operation execution decentralized across network nodes. Some current examples are listed in Table 2-4. There is OpenBazaar (a decentralized Craigslist), LaZooz (a decentralized Uber), Twister (a decentralized Twitter), Bitmessage (decentralized SMS), and Storj (decentralized file storage).

pages: 525 words: 142,027

CIOs at Work
by Ed Yourdon
Published 19 Jul 2011

The opportunity for compromise, for attack, I think one of the metaphors for the second half of the 20th century and now for this 21st century, is that society trails technology. Society evolves slower and the conventions of society and its mechanisms evolve far slower than technology does across a broad landscape in technology. Yourdon: Right. Fried: And I think this is true in these areas related to information security, information warfare. These things are deeply concerning to me, because, the technology’s evolved at such a rapid rate and these are powerful, powerful tools with a powerful, powerful ability to be misused, with many, many opportunities for attack. I’m really concerned about vulnerabilities and people’s ability to take advantage of them.

Yourdon: [laughter] Wakeman: It is disconcerting to know that there are organized groups out there, very sophisticated groups, that seek to steal information or shut down a company’s ability to operate on the Internet. Yourdon: Yeah. Wakeman: We work hard to protect the information we are entrusted with and use leading edge technologies to do so. A few years ago I created the position of Chief Information Security Officer and was fortunate enough to staff it with an outstanding security leader. He has built a great team that works every day to improve our ability to protect ETS’s information assets and monitor for potential threats. Yourdon: Right. Wakeman: His team is constantly looking for vulnerabilities and we always take care of them.

pages: 629 words: 142,393

The Future of the Internet: And How to Stop It
by Jonathan Zittrain
Published 27 May 2009

Through a combination of regulatory suasion and industry best practices, such policies are now found on many Web sites, comprising little-read boilerplate answering questions about what information a Web site gathers about a user and what it does with the information. Frequently the answers are, respectively, “as much as it can” and “whatever it wants”—but, to some, this is progress. It allows scholars and companies alike to say that the user has been put on notice of privacy practices. Personal information security is another area of inquiry, and there have been some valuable policy innovations in this sphere. For example, a 2003 California law requires firms that unintentionally expose their customers’ private data to others to alert the customers to the security breach.14 This has led to a rash of well-known banks sending bashful letters to millions of their customers, gently telling them that, say, a package containing tapes with their credit card and social security numbers has been lost en route from one processing center to another.15 Bank of America lost such a backup tape with 1.2 million customer records in 2005.16 That same year, a MasterCard International security breach exposed information of more than 40 million credit card holders.17 Boston College lost 120,000 alumni records to hackers as a result of a breach.18 The number of incidents shows little sign of decreasing,19 despite the incentives provided by the embarrassment of disclosure and the existence of obvious ways to improve security practices.

See September 11 attacks and PATRIOT Act PDAs (personal digital assistants), 58–59 peer production, 206–16 perfect enforcement, 107–10, 112, 122, 134, 161, 166 personal computers (PCs): accessibility via broadband, 4; business adoption of, 15–16; connected by modems, 25; connectivity vs. design of, 166; data sharing on, 160; desktop, 17; development of, 15; as electronic workbooks, 236; as endpoints, 167; flexible architecture of, 16; generative technology of, 2, 3, 5, 19, 34, 72; government investigations of, 186–88; Green and Red, 155; of hobbyists, 13, 14, 15, 18, 19, 34; hourglass architecture of, 69–71; increasing reliance on, 102; independent functioning of, 15; as information (tethered) appliances, 4, 59–61, 102, 185–88; information appliances vs., 18, 29, 57–59; and Internet compatibility, 28–29; lockdown of, 4, 5, 57, 102, 155–56, 164, 165; model of computing, 17; modularization of, 156; PC revolution, 3, 18; potential functionality sold with, 13; regulability of, 106; search across computers, 185; security dilemma of, 241; in sites where users are not owners, 4; and third-party storage, 186–88; “trapped,” 77; unsecured on Internet, 45; users as programmers for, 14, 15; virtual, 156; zombies, 46, 52, 54, 57, 166 personal identity management, 32–33 Pew Internet & American Life Project, 51 phishing, 47, 53, 99 photo recognition, 214–15 physical layer, 67–69 placeholders, 56 plagiarism, 244 plastic, adaptability of, 72 PlayMedia, 104, 108 Pledgebank, 148, 243 pornography, child, 111 Posner, Eric, 213 Post, David, 123 Postel’s Law, 134 post hoc remedies, 122 post hoc scrubs, 116 Postman, Neil, 93 preemption, 108 press conference behavior, 212–13, 229 prime time, being ready for (and the generative Net), 153–54 prior restraints, 115, 122 Privacy Act (1974), 202 privacy: administrative burdens of, 221–22; and captchas, 208; and cheap sensors, 206, 208–9, 210, 216, 221; code-backed norms, 223–28; Constitutional support of, 112, 185–86, 188; and consumer protection law, 177; contextualization, 229–31; data genealogy, 225–28; enforceability of, 112–14; and generation gap, 231–34; and government power, 117–19, 186–88; HEW report (1973) on, 201–5, 222, 233–34; and industry self-regulation, 203; involuntary celebrities, 210–14; “just deal with it,” 111–12; and peer production, 206–16; personal information security, 203–4; Privacy 1.0, 201–5, 208, 215, 216, 222, 232; Privacy 2.0, 205–34; as proxies for other limitations, 112; public vs. private behavior, 212–16; and reputation, 216–21, 228–29; search and seizure, 112; sensitivity identified with, 202; and third-party storage, 185–88; and ubiquitous surveillance, 109–10, 206, 209–16; on Web sites, 203, 226 privacy “tags,” 227 procrastination principle: and Digital Millennium Copyright Act, 119–20; in generative systems, 152, 164, 180, 242, 245; in Internet design, 33, 34; and Morris worm, 39–40; in networks, 31, 33, 99, 164; in operating systems, 69; and Wikipedia, 134, 135; in XO, 237, 240 Prodigy, 7, 23, 24, 81, 157 proprietary rights thickets, 188–92 protocol layer, 39, 67–69 punch card system, 11 QTel, 157 quasi-contracts, 184 Radin, Margaret, 233 radio broadcasts, jamming of, 106 radio frequency identifiers (RFIDs), 203 Radio Shack, 75-in-1 Electronic Project Kit, 14, 73 Rand, Ayn, 143 Raymond, Eric, 137 “Realtime Blackhole List,” 169 reCAPTCHA, 208, 227 Reed, David, 31 Reidenberg, Joel, 104 reputation bankruptcy, 228–29 reputationdefender.com, 230 reputation systems, 216–21; buddy lists, 219–20; correcting or identifying mistakes on, 220; identity systems, 220; search engines, 217, 220–21; user rankings, 146, 217–18, 221; whole-person ratings, 218–19 RFC 1135, “The Helminthiasis of the Internet,” 39 robots, spam messages from, 207–8 robot signaling, 223 robots.txt, 223–25, 227, 243 Rosen, Jeffrey, 216 RSS (really simple syndication), 56 Saltzer, Jerry, 31 Samuelson, Pamela, 225–26 Sanger, Larry, 133, 142–43, 145 Sapphire/Slammer worm, 47 satellite TV, 181, 182 Saudi Arabia, information control in, 113, 180 Scherf, Steve, 145–46 search engines, 220–21, 223, 226, 227; creation of, 224; user rankings, 217 Second Amendment, 117 SEC v.

pages: 548 words: 147,919

How Everything Became War and the Military Became Everything: Tales From the Pentagon
by Rosa Brooks
Published 8 Aug 2016

Throw in the people with lower-level clearances and we get up to more than four million, or nearly 2 percent of the adult population of the United States.50 Who let all those people into the club? As a result, the government keeps finding new ways to distinguish between levels and types of access, and more and more documents and programs are reflexively given a high classification, even when there’s really no secret to keep. The government’s Information Security Oversight Office reported that 92 million decisions to classify information were made in 2011 alone, representing a 20 percent increase in classification decisions from 2010 and a 40 percent increase from 2009.51 And as I said, this problem isn’t new. A 2011 report by the Brennan Center for Justice offers some choice glimpses into history.

F., 291 Hellfire missiles, 106, 112 Hemingway, Ernest, 318 Henkin, Louis, 283 Henry II, king of England, 255 Henry V, king of England, 185 Henry V (Shakespeare), 21 Hessel, Andrew, 134 Hezbollah, 227 Hicks, Kathleen, 315 Hiroshima, atomic bombing of, 133, 191 Hitler, Adolf, 190 Ho, James C., 220 Hobbes, Thomas, 134, 169, 227 Holbrooke, Richard, 5–6, 90, 312 Holder, Eric, 408 Holocaust, 138, 190, 192, 207, 365 Holy Spirit Movement, 177 Homeland Security Department, U.S., 19, 131, 299, 301–2 Horn of Africa, 6, 45 HotAir.com, 198 House of Representatives, U.S., Appropriations Subcommittee on Defense of, 156 Howard, Michael, 171, 348–49 humanitarian aid: deaths of workers in, 96 by government agencies, 95 military intervention and, 234–35, 243–49 neutrality and, 96 by NGOs, 96 by U.S. military, 80, 95–96, 319 human rights, 190, 231–32, 263, 281, 295, 308, 344, 345, 356–57, 361, 365 international community and, 243, 340–41 law of armed conflict and, 193 sovereignty and, 24, 193, 233, 234–53 unrestricted war and, 351–52 U.S. commitment to, 100, 101 human rights advocates, 53, 76, 135–36, 252, 298, 320–21, 344, 397 Guantánamo and, 54 Human Rights First, 321 human rights law, 23–24, 192–94, 275, 290, 339, 353, 394 autonomous weapons and, 136, 137 human rights revolution, 23, 35, 340–41, 394 Human Rights Watch, 27, 135, 137, 176, 177, 227, 235 human species: categorization as tendency of, 345–46 threats to survival of, 263–64 Huntington, Samuel P., 81, 93 Hussein, Saddam, 26, 29, 31, 98, 144, 266, 329 idealism, American, harmful consequences of, 97–101 Iliad, The (Homer), 170 Imagined Communities (Anderson), 400 immigration: data collection and, 302 war on terror and, 301–3 Immigration and Customs Enforcement (ICE), 302 Immigration and Naturalization Service, 301–2 imminent threat, U.S. definition of, 286–87, 291 improvised explosive devices (IEDs), 78, 89, 98, 100, 135, 159, 260, 329, 331, 333 India, 183–84 British rule in, 257 Indonesia, 241 Industrial Revolution, 264 information, classified: in court cases, 301 declassification of, 126–27 overclassification of, 124–28, 301 unauthorized disclosure of, 127–28 information revolution, 264 Information Security Oversight Office, 125 infrastructure, cyber warfare and, 131 Innocent II, Pope, 109 Institute for Policy Studies, 271 insurgents, 41 Intelligence Authorization Act, 122 intelligence community, U.S., 258 blurred line between military and, 118, 122–23 budget of, 19 lethal covert action eschewed by, 118–19 post-9/11 refocusing of, 119 interconnectedness, global, 10, 11, 23 cyber warfare and, 130–31 downside of, 263 geopolitical uncertainty and, 261–67 rule of law of, 283 International Commission on Intervention and State Sovereignty (ICISS), 249, 250 Responsibility to Protect report of, 235–38, 249 International Committee of the Red Cross, 54, 189, 229, 391 international community: diverse makeup of, 226–27 failed states and, 225, 226 human rights and, 243, 340–41 Rwanda genocide and, 234 sovereignty and, 243 viewed as failed state, 227–28 International Criminal Court, 232–33, 243 International Criminal Tribunal for the Former Yugoslavia, see Hague Tribunal international governance, 253, 262 international law, 273 ambiguity and vagueness in, 283, 407 duress and, 204, 347 extrajudicial executions in, 274 general adherence to, 283 human rights and, see human rights law piracy and, 42–43, 49 sovereignty and, 227, 339, 356, 407 see also rule of law International Review of the Red Cross, 172 “International Strategy for Cyberspace,” 12 international system, 233, 245, 340, 364 effectiveness of, 282–83 gaps in, 290–91 need for new categories and rules in, 356, 357 and response to cataclysmic wars, 343–44 International Tennis Federation, 221 Internet, 10, 129, 130, 132 interrogation, enhanced, see torture interstate conflicts, decline in, 262, 264–65 Invention of Peace, The (Howard), 348–49 Iran, 259 Iraq, 12, 226, 227 author in, 30–32 Kuwait invaded by, 283 Iraq War, 4, 13, 29, 30–32, 33, 81–82, 83, 117, 143, 160, 218, 250, 258, 259, 291, 318, 332, 349 cost of, 103, 157 drone strikes in, 106 insurgency in, 92–93, 94, 97, 144, 329 Iraqi casualties in, 5, 97, 136–37, 157 long-term instability in wake of, 97–98, 101 Obama and, 103 private contractors and, 123 U.S. casualties in, 16, 18, 148, 157 WMD claims as justification for, 88 Irish Republic Army, 339 Iron Age, 264 Islamic extremism, 232, 259 Islamic State (ISIS), 10, 12, 97, 99, 133, 227, 273, 276–77, 285, 294, 295, 329, 332, 338, 348, 349 Italy, unification of, 229, 348 James II, king of England, 256 Japan: atomic bombing of, 133, 190, 191 World War II atrocities of, 190 Jara, Víctor, 272 Jefferson, Thomas, 48 Jews, 190 Jibaro Indians, 173–74 Johnson, Jeh, 34, 279 Joint Chiefs of Staff, 6, 15, 16, 71 Journal of International Law, 199 “JP 3–0: Doctrine for Joint Operations,” 82 Judge Advocate General’s Corps, 197–98 functions of, 198 Rule of Law Handbook of, 73 Judge Advocate General’s School, 199 justice, law vs., 362–63 Justice Department, U.S., 119, 202, 203 “imminent threat” as interpreted by, 286–87 Office of Legal Counsel at, 200 justice system, U.S., war on terror and, 296–97, 299–301 Kabbah, Ahmad Tejan, 27 Kabul, Afghanistan, 74–75, 76, 77 Kandahar, Afghanistan, 77 Kane, Tim, 327 Kansas State University, 147 Karadzic, Radovan, 26, 206, 207 Karsten, Rafael, 174 Karzai, Hamid, 76 Kellogg-Briand Pact, 189, 191 Kenya, 27 bombing of U.S. embassy in, 83, 223 Khadr, Omar, 60 “kill lists,” 115, 116, 133, 355 Klaidman, Daniel, 110 Knife Fights (Nagl), 92 Koh, Harold Hongju, 53, 115, 248 Kony, Joseph, 27 “Kony 2012” (video), 177 Koran, 184 Korean War, 257, 349 Kosovo, 80, 101, 241, 280 NATO bombing campaign in, 27, 243–44, 249, 401 Kotler, Steven, 134 Kuwait, 26, 142, 150–51, 153–54 Iraqi invasion of, 283 Kuwait City, 153 Kyrgyzstan, 307–9 Lakwena, Alice, 177 Lancaster, James, 256–57 law: categorization in, 346–47 humanitarian, see human rights law justice vs., 362–63 morality and, 363–64 as optimistic enterprise, 204, 339 see also international law; rule of law law of armed conflict, 55–57, 65, 66, 171–72, 183–203, 220, 224, 274–78, 283, 362–63 allowable use of force in, 194–95, 339 autonomous weapons and, 138 and blurred line between war and peace, 342 combatant immunity in, 195–96 cyber warfare as subject to, 131 distinction in, 196–97, 275, 405 drone strikes and, 288–89 due process and, 57, 63, 133 Dunant and, 187–89, 204, 216, 229–30, 365 Erdemovic case and, 204–16 Geneva Conventions and, 193–94 historical evolution of, 183–89 human rights and, 193 individualization of war and, 132–33 justified vs. unjustified violence in, 196–97 Lieber Code and, 185–87, 189, 204, 216, 348, 349, 365 9/11 attacks and, 275–76 private contractors and, 123 proportionality in, 196–97 protected persons in, 196–97 status-based killing scrutinized by, 133, 275–76, 289, 355 U.N.

pages: 579 words: 160,351

Breaking News: The Remaking of Journalism and Why It Matters Now
by Alan Rusbridger
Published 14 Oct 2018

The pair would not be specific about what kind of law: whether the police would march through the front door or the government would go down the civil route to injunct us and order us to return all the Snowden material. I said we were still working on the documents and that it wasn’t for politicians to determine when a newspaper story had run its course. If they were worried about the Chinese in the flats opposite, why not send in some information security advisers to see if there were any flaws in the way we were holding the material? Of course, I could see their anxiety. The trouble was that the British authorities were stuck in a mindset about official secrecy that was the polar opposite of the Americans’ (‘we hate you having it, but we recognise and respect your right to report’).

We were left with the dossier intact – in New York – and a variety of mangled circuit boards in London. Quite what the point of the exercise was remains a mystery. The UK authorities showed little interest in the material we held at 536 Broadway – either in destroying it or advising on keeping it securely. Similarly, they offered no guidance to the NYT, Washington Post or Greenwald on information security. It felt like a piece of theatre designed to satisfy hawks in Whitehall. The former deputy prime minister Nick Clegg gave a glimpse of the mood towards Snowden inside government in his autobiography:‘The whole security establishment, backed by Number 10, the Home Office and all Conservative ministers, focused exclusively on the man and not the ball, working themselves up into a lather of indignation at his personal conduct, rather than grappling with the wider issues that his revelations clearly raised.’

Ghost in the Wires: My Adventures as the World's Most Wanted Hacker
by Kevin Mitnick
Published 14 Aug 2011

I heard later that the guys from Pacific Bell Security razzed the hell out of their buddies at GTE, thinking it was hilarious that any company could be stupid enough to hire the notorious phone phreaker Kevin Mitnick—whom Pacific Bell had been keeping a file on for years. One step back and one step forward. A Computer Learning Center instructor who also worked at Security Pacific National Bank as an Information Security Specialist suggested I apply for a job there. Over a period of weeks, I had three sets of interviews, the last one with a vice president of the bank. Then a fairly lengthy wait. Finally the phone call came: “One of the other candidates has a college degree, but we’ve decided you’re the person we want.”

16 Crashing Eric’s Private Party 17 Pulling Back the Curtain 18 Traffic Analysis 19 Revelations 20 Reverse Sting 21 Cat and Mouse 22 Detective Work 23 Raided 24 Vanishing Act PART THREE: On the Run 25 Harry Houdini 26 Private Investigator 27 Here Comes the Sun 28 Trophy Hunter 29 Departure 30 Blindsided 31 Eyes in the Sky 32 Sleepless in Seattle PART FOUR: An End and a Beginning 33 Hacking the Samurai 34 Hiding in the Bible Belt 35 Game Over 36 An FBI Valentine 37 Winning the Scapegoat Sweepstakes 38 Aftermath: A Reversal of Fortune Acknowledgments Photo Inserts Author Bio Also by Kevin Mitnick Copyright AUTHOR BIO Kevin Mitnick, the world’s most famous (former) hacker, is now a security consultant. He has been the subject of countless news and magazine articles and has appeared on numerous television and radio programs offering expert commentary on information security. He has testified before the U.S. Senate and written for Harvard Business Review. Mitnick is the author, with William L. Simon, of the bestselling books The Art of Deception and The Art of Intrusion. He lives in Las Vegas, Nevada. ALSO BY KEVIN MITNICK The Art of Deception (with William L.

pages: 176 words: 55,819

The Start-Up of You: Adapt to the Future, Invest in Yourself, and Transform Your Career
by Reid Hoffman and Ben Casnocha
Published 14 Feb 2012

When eBay acquired the company for $1.5 billion, PayPal staked its claim as a great Silicon Valley success story. Yet the PayPal Plan A did not look anything like the company looks today. In 1998 programmer Max Levchin teamed with derivatives trader Peter Thiel to create a “digital wallet”—an encryption platform that allowed you to store cash and information securely on your mobile phone. That soon evolved to software that allowed you to send and receive digital cash wirelessly and securely via a Palm Pilot (the first of several iterations) so that two friends could split a dinner tab using their PDAs. It was a neat idea that leveraged Max’s and Peter’s technology and finance backgrounds, respectively (complementary assets that gave them a competitive edge as founders).

pages: 214 words: 57,614

America at the Crossroads: Democracy, Power, and the Neoconservative Legacy
by Francis Fukuyama
Published 20 Mar 2007

In most earlier historical periods the ability to inflict serious damage to a society lay only within the purview of states: the entire edifice of international relations theory is built around the presumption that states are the only Threat, Risk, and Preventive War significant players in world politics. If catastrophic destruction can be inflicted by non-state actors, then many of the concepts that informed security policy over the past two centuries— balance of power, deterrence, containment, and the like—lose their relevance. Deterrence theory in particular depends on the deployer of any form of WMD having a return address and with it equities that could be threatened in retaliation. The real question concerns the likelihood that Islamist terrorists could actually get their hands on a nuclear device, smallpox, or some other mass casualty-inducing weapon and use it on U.S. territory.

pages: 198 words: 57,703

The World According to Physics
by Jim Al-Khalili
Published 10 Mar 2020

For example, highly accurate quantum gravimeters will be able to map tiny changes in the Earth’s gravitational field, so that geologists can locate new mineral deposits or locate pipes under roads to minimise disruption when workers need to access them. Quantum cameras will have sensors that let us see behind obstacles; quantum imaging will allow non-intrusive mapping of brain activity with the potential to tackle conditions like dementia. Quantum key distribution (QKD) will enable us to exchange information securely from one place to another. Quantum technologies will also help us build artificial molecular machines that can carry out a multitude of tasks. Medicine in particular is a good example of where the quantum world is likely to have a big impact in the coming years. Down at length scales even smaller than living cells, we are going to see a range of spectacular new technologies emerging, such as nanoparticles with unique quantum properties that allow them to attach to antibodies to help tackle infections, or to be ‘programmed’ to replicate only inside tumor cells, and even to take images of cells from the inside.

pages: 247 words: 60,543

The Currency Cold War: Cash and Cryptography, Hash Rates and Hegemony
by David G. W. Birch
Published 14 Apr 2020

These algorithms are, essentially, from three different ‘families’ that rely on different sources of mathematical difficulty. Lattice cryptosystems are built using geometric structures known as lattices and are represented using matrices. Code-based systems use error-correcting codes, which have been used in information security for decades. Multivariate systems depend on the difficulty of solving a system of quadratic polynomial equations over a finite field. Early opinion sees lattice cryptosystems as both the most actively studied and the most flexible (Buchanan and Woodward 2016). They are capable of key exchanges, digital signatures and far more sophisticated constructions, such as fully homomorphic encryption, which, while not widely used now, might well be at the heart of future business infrastructure in response to the continuing cyberwar around us.

pages: 505 words: 161,581

The Founders: The Story of Paypal and the Entrepreneurs Who Shaped Silicon Valley
by Jimmy Soni
Published 22 Feb 2022

In the days before Don’t Ask, Don’t Tell—when gays, lesbians, and bisexuals were forbidden from serving in the military—such “army marriages” were common. “I grew up a lot by watching all this,” Levchin said. Soon, one dark reality hit close to home. During Levchin’s tenure, the Army Corps of Engineers grew concerned about foreign employees and information security. Unfortunately for the research outpost at Urbana-Champaign, that meant potentially losing the vast share of its programming talent and leaving a complex computer system in the hands of staff unfamiliar with its upkeep. Levchin was on the chopping block as well, but his manager intervened: Levchin would continue working on his helicopter software, and he’d receive off-the-books payment in the form of computer parts.

“The development team was very in sync on values,” David Gausebeck recalled. “About the standard we should build to, especially around security and guarantees of correctness, it was, ‘Of course we have to make sure that this is bulletproof.’ ” The “impenetrable Russian” had come to feel that the financial services industry didn’t take information security seriously enough. Levchin and his team had closely studied the industry’s cybersecurity standards and came away underwhelmed. If the PayPal system was to be truly secure, hitting those marks wouldn’t be nearly enough. “There were standards already about how you’re supposed to secure them, but they covered maybe one-tenth of the way that an adversary could attack your system,” engineer Bob McGrew recalled.

Likewar: The Weaponization of Social Media
by Peter Warren Singer and Emerson T. Brooking
Published 15 Mar 2018

Galeotti, “The ‘Gerasimov Doctrine.’” 106 enshrined in Russian military theory: See Embassy of the Russian Federation to the United Kingdom of Great Britain and Northern Island, “The Military Doctrine of the Russian Federation,” news release, June 29, 2015 (policy adopted December 25, 2014), https://rusemb.org.uk/press/2029; Ministry of Foreign Affairs of the Russian Federation, “Doctrine of Information Security of the Russian Federation,” December 5, 2016, http://www.mid.ru/en/foreign_policy/official_documents/-/asset_publisher/CptICkB6BZ29/content/id/2563163. 106 “war on information warfare”: Jolanta Darczewska, The Anatomy of Russian Information Warfare: The Crimean Operation, a Case Study, Point of View, no. 42 (Centre for Eastern Studies, May 2014), 10https://www.osw.waw.pl/sites/default/files/the_anatomy_of_russian_information_warfare.pdf, 13. 107 conglomerate of nearly seventy-five: Ibid., 10. 107 the “4 Ds”: Ben Nimmo, “Anatomy of an Info-War: How Russia’s Propaganda Machine Works, and How to Counter It,” StopFake, May 19, 2015, https://www.stopfake.org/en/anatomy-of-an-info-war-how-russia-s-propaganda-machine-works-and-how-to-counter-it/. 107 identity and mission shifted: Dougherty, “How the Media Became.” 107 $30 million: Simon Shuster, “Russia Today: Inside Putin’s On-Air Machine,” Time, March 5, 2015, http://time.com/rt-putin/. 107 approximately $400 million: Gabrielle Tetrault-Farber, “Looking West, Russia Beefs Up Spending on Global Media Giants,” Moscow Times, September 23, 2014, https://themoscowtimes.com/articles/looking-west-russia-beefs-up-spending-on-global-media-giants-39708. 107 “weapons system”: Shuster, “Russia Today.” 107 “The phone exists”: Ibid. 107 more YouTube subscribers: “Assessing Russian Activities and Intentions in Recent US Elections” (Intelligence Community Assessment, Office of the Director of National Intelligence, January 6, 2017), 10, https://www.dni.gov/files/documents/ICA_2017_01.pdf. 108 RT has promoted: Matthew Bodner, Matthew Kupfer, and Bradley Jardine, “Welcome to the Machine: Inside the Secretive World of RT,” Moscow Times, June 1, 2017, https://themoscowtimes.com/articles/welcome-to-the-machine-inside-the-secretive-world-of-rt-58132. 108 “‘Question More’ is not about”: Matthew Armstrong, “RT as a Foreign Agent: Political Propaganda in a Globalized World,” War on the Rocks, May 4, 2015, https://warontherocks.com/2015/05/rt-as-a-foreign-agent-political-propaganda-in-a-globalized-world/. 108 Sputnik International: “Major News Media Brand ‘Sputnik’ Goes Live November 10,” Sputnik, October 11, 2014, https://sputniknews.com/russia/201411101014569630/. 108 Baltica targets audiences: Inga Springe et al., “Sputnik’s Unknown Brother,” Re:Baltica, April 6, 2017, https://en.rebaltica.lv/2017/04/sputniks-unknown-brother/. 108 first source of this false report: Ben Nimmo, “Three Thousand Fake Tanks,” @DFRLLab (blog), Medium, January 12, 2017, https://medium.com/@DFRLab/three-thousand-fake-tanks-575410c4f64d. 109 all-out assault: Matthew Sparkes, “Russian Government Edits Wikipedia on Flight MH17,” The Telegraph, July 18, 2014, http://www.telegraph.co.uk/technology/news/10977082/Russian-government-edits-Wikipedia-on-flight-MH17.html. 109 “Questions over Why”: Paul Szoldra, “Here’s the Ridiculous Way Russia’s Propaganda Channel Is Covering the Downed Malaysia Airliner,” Business Insider Australia, July 19, 2014, https://www.businessinsider.com.au/rt-malaysia-airlines-ukraine-2014-7#JhJsCOWZzphQ00IG.99. 109 Russian Union of Engineers: Eliot Higgins, “SU-25, MH17 and the Problems with Keeping a Story Straight,” Bellingcat, January 10, 2015, https://www.bellingcat.com/news/uk-and-europe/2015/01/10/su-25-mh17-and-the-problems-with-keeping-a-story-straight/. 110 bad photoshop job: Veli-Pekka Vivimäki, “Russian State Television Shares Fake Images of MH17 Being Attacked,” Bellingcat, November 14, 2014, https://www.bellingcat.com/news/2014/11/14/russian-state-television-shares-fake-images-of-mh17-being-attacked/. 110 “It came from”: Max Seddon, “Russian TV Airs Clearly Fake Image to Claim Ukraine Shot Down MH17,” BuzzFeed, November 15, 2014, https://www.buzzfeed.com/maxseddon/russian-tv-airs-clearly-fake-image-to-claim-ukraine-shot-dow?

,” Comparative Strategy 12, no. 2 (1993): 141–65, https://www.rand.org/content/dam/rand/pubs/reprints/2007/RAND_RP223.pdf. 182 “information is becoming”: Ibid. 183 “It means trying”: Ibid. 183 essentially a dead topic: Ronfeldt interview. 183 “Our hope was”: John Arquilla, phone interview with author, November 3, 2014. 184 “global information warfare”: Jolanta Darczewska, The Anatomy of Russian Information Warfare: The Crimean Operation, A Case Study, Point of View, no. 42 (Centre for Eastern Studies, May 2014). 184 release of an atomic bomb: Ulrik Franke, “War by Non-military Means: Understanding Russian Information Warfare” (report, Swedish Ministry of Defense, March 2015), 27, http://johnhelmer.net/wp-content/uploads/2015/09/Sweden-FOI-Mar-2015-War-by-non-military-means.pdf. 184 “blur the traditional”: Ministry of Foreign Affairs of the Russian Federation, “Doctrine of Information Security of the Russian Federation,” December 5, 2016, http://www.mid.ru/en/foreign_policy/official_documents/-/asset_publisher/CptICkB6BZ29/content/id/2563163. 184 “a system of spiritual”: Franke, “War by Non-military Means,” 12. 184 “measures aiming to pre-empt”: Ibid., 11. 184 “three warfares”: Information at War: From China’s Three Warfares to NATO’s Narratives, Beyond Propaganda (Transitions Forum, Legatum Institute, September 2015), https://stratcomcoe.org/legatum-institute-information-war-chinas-three-warfares-natos-narratives. 185 “War is accelerating”: State Council Information Office of the People’s Republic of China, “China’s Military Strategy (2015)” (report, May 2015), https://jamestown.org/wp-content/uploads/2016/07/China%E2%80%99s-Military-Strategy-2015.pdf. 185 Operation Earnest Voice: Nick Fielding and Ian Cobain, “Revealed: US Spy Operation That Manipulates Social Media,” The Guardian, March 17, 2011, https://www.theguardian.com/technology/2011/mar/17/us-spy-operation-social-networks. 185 “allow one U.S. serviceman”: Ibid. 185 In 2015, Britain formed: Ewen MacAskill, “British Army Creates Team of Facebook Warriors,” The Guardian, January 31, 2015, https://www.theguardian.com/uk-news/2015/jan/31/british-army-facebook-warriors-77th-brigade. 185 “agent of change”: “77th Brigade,” British Army, accessed October 5, 2017, http://www.army.mod.uk/structure/39492.aspx?

pages: 238 words: 46

When Things Start to Think
by Neil A. Gershenfeld
Published 15 Feb 1999

Without entanglement a quantum computer would have the same problem as a DNA computer, trying many answers at the same time and then having to locate the correct one, like trying to find a needle in a haystack. With entanglement, a single quantum computer can be certain to solve a factoring problem. Naturally, the three-letter agencies (NSA, CIA, ... ) panicked. Here was a very real threat to information security, coming from an entirely unexpected quarter. Since by that time the result was already widely known they couldn't cover it up, but they could try to keep ahead of the competition. So they started showing up at meetings, in effect offering a purchase order to anyone who would build them a quantum computer.

PostgreSQL Cookbook
by Chitij Chauhan
Published 30 Jan 2015

Since all company-related information is stored in databases, it becomes imperative that controls be placed on data access and only authorized persons be allowed to access relevant data. It is in this context that database security is of utmost importance because it is important to ensure that the information stored in databases is protected against malicious attempts to view and modify data by hackers or people with malicious intent. Database security deals with the information security measures that are undertaken to protect databases in order to ensure confidentiality, integrity, and availability of data. Databases need to be protected against various risks and threats, such as misuse by authorized database users, malicious attempts made by hackers to steal information or damage data, design flaws and software bugs in databases that lead to various security vulnerabilities that are exploited by hackers, data corruption that might be caused by wrong input and mistakes by humans, the possibility of data being sabotaged, and the administrator tendency of keeping a default schema password which might lead to unauthorized access to data by people with malicious intent.

The Techno-Human Condition
by Braden R. Allenby and Daniel R. Sarewitz
Published 15 Feb 2011

For a fuller treatment of these issues, see Sarewitz et al. 2000. 3. Such failures are systemic. Even today, the educational process that creates the civil, environmental, mechanical, and industrial engineering graduates who are designing ICT functionality into these systems are seldom if ever introduced to concepts of information security. 4. Standards arise when technology systems must work with other technologies (in which case the standard governs interfaces between technologies), or when standards are necessary for a technology to link more widely. An example of the latter is rail gauges: interconnectivity of rail systems required standards (Shapiro and Varian 1999, who suggest this example, also illustrate its strategic use in noting that the Finns deliberately chose rail gauges different from the Soviet rail system to help prevent invasion).

pages: 257 words: 64,973

Intrusion Detection With Snort, Apache, Mysql, Php, and Acid
by Rafeeq Ur Rehman
Published 7 May 2003

Some vendor-specific IDS need updates from the vendor to add new signatures when a new type of attack is discovered. In other IDS, like Snort, you can update signatures yourself. 1.1.1.5 Alerts Alerts are any sort of user notification of an intruder activity. When an IDS detects an intruder, it has to inform security administrator about this using alerts. Alerts may be in the form of pop-up windows, logging to a console, sending e-mail and so on. Alerts are also stored in log files or databases where they can be viewed later on by security experts. You will find detailed information about alerts later in this book.

pages: 234 words: 63,149

Every Nation for Itself: Winners and Losers in a G-Zero World
by Ian Bremmer
Published 30 Apr 2012

At the same time, governments have discovered both opportunities to use the Internet for their own purposes and vulnerabilities that must be protected. Those that can afford it have begun to develop the technology needed to militarize cyberspace. Today, ICANN faces considerable pressure from several governments, particularly China and Russia, to provide tools that enhance their “information security,” a move that amounts to a declaration of sovereignty over sections of the Internet and the beginnings of a surveillance society online. The threats that governments are trying to manage via the Internet include some that almost anyone would consider legitimate, like terrorism, and others more likely to excite controversy, like control of political activism.

pages: 420 words: 61,808

Flask Web Development: Developing Web Applications With Python
by Miguel Grinberg
Published 12 May 2014

When the user clicks the link, the view function that handles this route receives the user id to confirm as an argument and can easily update the confirmed status of the user. But this is obviously not a secure implementation, as any user who figures out the format of the confirmation links will be able to confirm arbitrary accounts just by sending random numbers in the URL. The idea is to replace the id in the URL with a token that contains the same information securely encrypted. If you recall the discussion on user sessions in Chapter 4, Flask uses cryptographically signed cookies to protect the content of user sessions against tampering. These secure cookies are signed by a package called itsdangerous. The same idea can be applied to confirmation tokens.

Team Topologies: Organizing Business and Technology Teams for Fast Flow
by Matthew Skelton and Manuel Pais
Published 16 Sep 2019

Pact has really helped us to adopt a clear, defined approach to testing services, setting expectations across all teams about how to test and interact with other teams. Most of our delivery teams are aligned to business domain bounded contexts such as email, calendar, people, surveys, and so on. We also have a few parts of the system that align to regulatory boundaries (particularly ISO 27001 for information security management) and to the need for cross-domain reporting of feature usage. These areas are handled by either a small specialist team or through collaboration across several teams. We also have a team that helps to provide consistent user experience (UX) across all parts of the software. The UX team acts as internal consultants across all the delivery teams, enabling them to adopt good UX practices quickly.

pages: 212 words: 68,690

Independent Diplomat: Dispatches From an Unaccountable Elite
by Carne Ross
Published 25 Apr 2007

There exactly the same arguments would be repeated, except by different people and with more or less fluency, depending on the individual — the Russian ambassador, for instance, was not only a brilliant and lucid advocate in English, but also had a thorough familiarity with the arguments. The only other significant difference was that the ambassadorial discussion would take place in another room, this time the “informal” Security Council chamber. The result, needless to say, was total deadlock. Negotiation became a tedious recitation of their “facts” and our “facts”, thrown to and fro across the table. We only persisted in this trench warfare because each of us was trying to convince the non-permanent members that we were right, in the hope that this would convince them later to vote for this or that proposal in the resolution.

pages: 226 words: 65,516

Kings of Crypto: One Startup's Quest to Take Cryptocurrency Out of Silicon Valley and Onto Wall Street
by Jeff John Roberts
Published 15 Dec 2020

In 2016, Balaji’s expertise on genetics had led the new Trump administration to interview him to run the Food and Drug Administration. As for crypto, Balaji saw it as a subject best left to geniuses. “Blockchains are the most complicated piece of technology to arrive since browsers or operating systems,” he declares. “They require a deep understanding of cryptography, game theory, networking, information security, distributed systems, databases, and systems programming. Only a handful of people have that sort of knowledge.” Left unspoken was that Balaji saw himself as one of those people. Coinbase, though, had sought out Balaji for more than his smarts. Since Fred’s departure in early 2017, Brian had found it lonely at the top.

pages: 696 words: 184,001

The Brussels Effect: How the European Union Rules the World
by Anu Bradford
Published 14 Sep 2020

Times (Oct. 15, 2018), https://www.nytimes.com/2018/07/08/business/china-surveillance-technology.html (on file with author). 203.Lily Kuo, China Bans 23m From Buying Travel Tickets as part of “Social Credit” System, Guardian (Mar. 1, 2019), https://www.theguardian.com/world/2019/mar/01/china-bans-23m-discredited-citizens-from-buying-travel-tickets-social-credit-system [https://perma.cc/5PB5-J6UD]. 204.Policy in Action through the Information Security Management System, Wipro Sustainability Report 2016–17 (2017), http://wiprosustainabilityreport.com/16-17/policy_in_action_through_the_information_security_management_system [https://perma.cc/CNA3-ENFD]. 205.Annual Report for 2015–16, Infosys (2016), https://www.infosys.com/investors/reports-filings/annual-report/annual/Documents/infosys-AR-16.pdf [https://perma.cc/XYQ8-WTDY]. 206.Christopher Nilesh, The India draft bill on data protection draws inspiration from GDPR, but has its limits, Economic Times (July 28, 2018), https://economictimes.indiatimes.com/tech/internet/the-india-draft-bill-on-data-protection-draws-inspiration-from-gdpr-but-has-its-limits/articleshow/65173684.cms [https://perma.cc/M88H-NFJJ] (India). 207.Mozilla Foundation, Mozilla’s Comments on the White Paper of the Committee of Experts on Data Protection Framework for India 13 (Jan. 31, 2018), https://blog.mozilla.org/netpolicy/files/2018/02/Mozilla-submission-to-Srikrishna-Committee.pdf [https://perma.cc/J2LN-ZVB3]. 208.Daskal, supra note 29, at 233. 209.See White House, Consumer Data Privacy in a Networked World: A Framework for Protecting Privacy and Promoting Innovation in the Global Digital Economy 1‒26 (2012), https://obamawhitehouse.archives.gov/sites/default/files/privacy-final.pdf [https://perma.cc/R47Z-LDMX]. 210.See, e.g., Daisuke Wakabayashi, California Passes Sweeping Law to Protect Online Privacy, N.Y.

pages: 1,302 words: 289,469

The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws
by Dafydd Stuttard and Marcus Pinto
Published 30 Sep 2007

Josh Pauli received his Ph.D. in Software Engineering from North Dakota State University (NDSU) with an emphasis in secure requirements engineering and now serves as an Associate Professor of Information Security at Dakota State University (DSU). Dr. Pauli has published nearly 20 international journal and conference papers related to software security and his work includes invited presentations from the Department of Homeland Security and Black Hat Briefings. He teaches both undergraduate and graduate courses in system software security and web software security at DSU. Dr. Pauli also conducts web application penetration tests as a Senior Penetration Tester for an Information Security consulting firm where his duties include developing hands-on technical workshops in the area of web software security for IT professionals in the financial sector.

Although a full-blown description is outside the scope of this book, the following are some useful resources if you want to know more about reverse engineering of native code components and related topics: ■ Reversing: Secrets of Reverse Engineering by Eldad Eilam ■ Hacker Disassembling Uncovered by Kris Kaspersky ■ The Art of Software Security Assessment by Mark Dowd, John McDonald, and Justin Schuh ■ Fuzzing for Software Security Testing and Quality Assurance (Artech House Information Security and Privacy ) by Ari Takanen, Jared DeMott, and Charlie Miller ■ The IDA Pro Book: The Unofficial Guide to the World's Most Popular Disassembler by Chris Eagle ■ www.acm.uiuc.edu/sigmil/RevEng ■ www.uninformed.org/?v=l&a=7 154 Chapter 5 Bypassing Client-Side Controls Handling Client-Side Data Securely As you have seen, the core security problem with web applications arises because client-side components and user input are outside the server's direct control.

pages: 265 words: 74,000

The Numerati
by Stephen Baker
Published 11 Aug 2008

When I log on to the website, I find a list of five women who have the right levels of serotonin and estrogen for people like me. My wife isn't one of them. There's an insurance manager from West Orange—a Negotiator-Explorer—who says "we all have to laugh every day, especially at ourselves." A Negotiator-Builder, from Rochelle Park, works in information security and likes ballroom dancing. These and three others are the machine's choices. Many other subscribers, however, have access to my profile. And regardless of the chemistry, they're free to express interest. Whether they're Builder-Directors from Tarrytown or fellow Explorer-Negotiators from Toms River, I learn that each one is a "great match."

pages: 255 words: 78,207

Web Scraping With Python: Collecting Data From the Modern Web
by Ryan Mitchell
Published 14 Jun 2015

This is most commonly accomplished by writing an automated program that queries a web server, requests data (usually in the form of the HTML and other files that comprise web pages), and then parses that data to extract needed informa‐ tion. In practice, web scraping encompasses a wide variety of programming techniques and technologies, such as data analysis and information security. This book will cover the basics of web scraping and crawling (Part I), and delve into some of the advanced topics in Part II. Why Web Scraping? If the only way you access the Internet is through a browser, you’re missing out on a huge range of possibilities. Although browsers are handy for executing JavaScript, displaying images, and arranging objects in a more human-readable format (among other things), web scrapers are excellent at gathering and processing large amounts of data (among other things).

pages: 263 words: 75,610

Delete: The Virtue of Forgetting in the Digital Age
by Viktor Mayer-Schönberger
Published 1 Jan 2009

This is a tall order, and one not likely to be accomplished any time soon, but it may possibly be the only path forward in creating a technical solution—a DRM system—to manage and enforce individuals’ control over their personal information.25 Until then, such comprehensive DRM systems offer no help in finding a suitable response to digital remembering. Perhaps though, we have simply envisioned DRM systems as too comprehensive and all-encompassing. Maybe a system offering a much less wide-ranging solution could be achieved using existing technology, while retaining efficiency. This is what Princeton information security expert Edward Felten and his colleagues have proposed: a “privacy management system” that facilitates negotiating usage and enforcement of control over personal information between two parties.26 Unlike a pure property system, Felten’s is based on direct and shared consent between the parties involved.

pages: 266 words: 80,018

The Snowden Files: The Inside Story of the World's Most Wanted Man
by Luke Harding
Published 7 Feb 2014

So was Oliver Robbins, the deputy national security adviser who had forced the Guardian to bash up its own laptops. Lawyers acting for Miranda challenged his detention in the High Court. In a blistering affidavit, Robbins said the Snowden disclosures had hurt national security. He offered no proof but accused Greenwald of ‘very poor information security practice’. This was ironic: it was the British agency GCHQ that had lost control of sensitive information, not the Guardian. Robbins made no mention of the UK’s dysfunctional intelligence-sharing deal with the NSA, which apparently meant thousands of American officials – and passing private contractors – could read top-secret GCHQ files.

pages: 264 words: 74,313

Wars, Guns, and Votes: Democracy in Dangerous Places
by Paul Collier
Published 9 Feb 2010

Inside the Cauldron 87 The key question was whether this guarantee had actually reduced the incidence of civil war. This question needs a model of the risk of civil war. Such a model can be used to address a range of important questions, but here I will just give you this particular answer. Did the French informal security guarantee reduce the incidence of civil war? We found that it was highly effective. Francophone Africa had characteristics that would otherwise have made it prone to warfare: the actual incidence was much lower than would have been expected. Statistically, the guarantee significantly and substantially reduced the risk of conflict by nearly three-quarters.

Raw Data Is an Oxymoron
by Lisa Gitelman
Published 25 Jan 2013

The concepts of “personal” and “nonpersonal” are, as one would expect, somewhat mutable in the context of dataveillance. The single cookie assigned to each machine is not automatically attached to an individual identity so, while sexual preference might in certain legal statutes be defined as “personal,” in the context of information security it would be considered nonpersonal. Personally identifiable information (PII), on the other hand, includes social security numbers, genetic information, biometric data, date of birth, and in some cases vehicle registration numbers, bank numbers, and IP addresses, although the increasingly widespread use of proxies makes the last more complicated.

pages: 1,136 words: 73,489

Working in Public: The Making and Maintenance of Open Source Software
by Nadia Eghbal
Published 3 Aug 2020

Hackers are characterized by bravado, showmanship, mischievousness, and a deep mistrust of authority. Hacker culture still lives on today, in the way that beatniks, hippies, and Marxists still exist, but hackers don’t capture the software cultural zeitgeist in the same way that they used to. The generational successor to hackers today might be cryptographers and those who dabble in information security: those who flirt with the law, and do so with a wink and a bow. Although Levy doesn’t focus exclusively on free and open source developers in his book, hacker culture in the 1980s and ’90s was closely intertwined with the early generation of free and open source software, as evinced by a trio of leaders: Richard Stallman, Eric S.

pages: 269 words: 70,543

Tech Titans of China: How China's Tech Sector Is Challenging the World by Innovating Faster, Working Harder, and Going Global
by Rebecca Fannin
Published 2 Sep 2019

Alibaba, which was caught in the headwinds, is pivoting after a block on its affiliate Ant Financial from acquiring Dallas-based money transfer service Money-Gram for $1.2 billion in 2017. US regulators had raised issues about security and privacy risks for stateside users. To push the deal past national security concerns, Ant Financial had promised to keep the MoneyGram personal financial information secure by storing the data on servers in the United States. But the deal wasn’t approved and Alibaba paid a $30 million termination fee to MoneyGram. Following that rejection, Alibaba has made only a few tech deals in America, and those were highly strategic, smaller ones, such as an acquisition of New York–based social shopping marketplace OpenSky.

pages: 290 words: 73,000

Algorithms of Oppression: How Search Engines Reinforce Racism
by Safiya Umoja Noble
Published 8 Jan 2018

So when accidents happen—if your computer crashes or gets stolen—you can be up and running again in seconds. Lastly, we rigorously track the location and status of each hard drive in our data centers. We destroy hard drives that have reached the end of their lives in a thorough, multi-step process to prevent access to the data. Our security team is on-duty 24x7. Our full-time Information Security Team maintains the company’s perimeter defense systems, develops security review processes, and builds our customized security infrastructure. It also plays a key role in developing and implementing Google’s security policies and standards. At the data centers themselves, we have access controls, guards, video surveillance, and perimeter fencing to physically protect the sites at all times.20 The language of privacy and security, as articulated by Google’s statements on data protection, does not address what happens when you want your data to be deleted or forgotten.

pages: 231 words: 71,299

Culture Warlords: My Journey Into the Dark Web of White Supremacy
by Talia Lavin
Published 14 Jul 2020

He dropped out of public view entirely—but not before pretending to be his own mother on Twitter and email, begging Bellingcat to unpublish the story, and offering monetary bribes to the journalists to take his name out of circulation. He also deleted all his social-media pages. He seemed genuinely afraid, and embarrassed—and his peers reacted with contempt toward him. Brenton Tarrant’s Lads announced his expulsion from the chat room and sent out an increasingly unhinged series of warnings about information security, the need to avoid “e-girls,” and the need to not be stupid. I had outed a violent Nazi—perhaps one with the potential to become a mass shooter—and sown dissension and fear in the ranks of extremists. How could they rebuild the white race, and preserve a future for the white children they claimed to want, if any woman could be a trap?

The Secret World: A History of Intelligence
by Christopher Andrew
Published 27 Jun 2018

F., Hannibal’s War: A Military History of the Second Punic War (Warminster: Aris and Phillips, 1978) Le Naour, Jean-Yves, L’Affaire Malvy: Le Dreyfus de la Grande Guerre (Paris: Hachette, 2007) Le Roy Ladurie, Emmanuel, Montaillou: Cathars and Catholics in a French Village 1294–1324 (London: Penguin Books, 1980) Leeuw, Karl de, ‘The Black Chamber in the Dutch Republic during the War of the Spanish Succession and Its Aftermath, 1707–1715’, The Historical Journal, Vol. 42 (1999), no. 1 —, Cryptology and Statecraft in the Dutch Republic (Amsterdam: University of Amsterdam, 2000) —, ‘Cryptology in the Dutch Republic: A Case-Study’, in Karl de Leeuw and Jan Bergstra (eds.), The History of Information Security: A Comprehensive Handbook (Amsterdam: Elsevier, 2007) — and Jan Bergstra (eds.), The History of Information Security: A Comprehensive Handbook (Amsterdam: Elsevier, 2007) Lefauconnier, Camille, ‘François Sublet de Noyers (1589–1645): Ad majorem regis et Dei gloriam’, MA thesis (École des Chartes, Paris, 2008) Leggett, George, The Cheka: Lenin’s Political Police (London: Clarendon Press, 1981) Leggiere, Michael V., Blücher: Scourge of Napoléon (Norman: University of Oklahoma Press, 2014) Leidinger, Hannes, ‘The Case of Alfred Redl and the Situation of Austro-Hungarian Military Intelligence on the Eve of World War I’, Contemporary Austrian Studies, vol. 23 (2014) Leimon, M., and G.

.: Yale University Press, 2009) Black, Jeremy, Pitt the Elder: The Great Commoner (Cambridge: Cambridge University Press, 1992) —, British Diplomats and Diplomacy, 1688–1800 (Exeter: University of Exeter Press, 2001) —, ‘Intelligence and the Emergence of the Information Society in Eighteenth-Century Britain’, in Karl de Leeuw and Jan Bergstra (eds.), The History of Information Security: A Comprehensive Handbook (Amsterdam: Elsevier, 2007) —, George III: America’s Last King (New Haven, Conn.: Yale University Press, 2008) Blair, Ann, ‘Reading Strategies for Coping with Information Overload, ca. 1550–1700’, Journal of the History of Ideas, vol. 64 (2003), no. 1 —, Too Much to Know: Managing Scholarly Information before the Modern Age (New Haven, Conn.: Yale University Press, 2010) Blair, Tony, A Journey (London: Hutchinson, 2010) Blaisdell, Lowell L., ‘Aloysius Huber and May 15, 1848: New Insights into an Old Mystery’, International Review of Social History, vol. 29 (April 1984), no. 1 Blanning, Tim, The Pursuit of Glory: Europe 1648–1815 (London: Penguin Books, 2008) —, Frederick the Great: King of Prussia (London: Allen Lane, 2015) Blanqui, Louis-Auguste, ‘Réponse du citoyen Auguste Blanqui’ (Paris: Imprimerie Blondeau, 1848) Blount, Thomas, Boscobel; or, The history of the most miraculous preservation of King Charles II after the battle of Worcester, September the third, 1651.

/London: Yale University Press, 2011) Storrs, Christopher, ‘Intelligence and the Formulation of Policy and Strategy in Early Modern Europe: The Spanish Monarchy in the Reign of Charles II (1665–1700)’, Intelligence and National Security, vol. 21 (2006), no. 4 Stout, Felicity, Exploring Russia in the Elizabethan Commonwealth: The Muscovy Company and Giles Fletcher, the Elder (1546–1611) (Manchester: Manchester University Press, 2014) Stout, Mark, ‘American Intelligence Assessment of the Jihadists, 1989–2011’, in Paul Maddrell (ed.), The Image of the Enemy: Intelligence Analysis of Adversaries since 1945 (Washington, DC: Georgetown University Press, 2015) Strasser, G.F., ‘The rise of cryptography in the European Renaissance’, in Karl de Leeuw and Jan Bergstra (eds.), The History of Information Security: A Comprehensive Handbook (Amsterdam: Elsevier, 2007) Strauss, Barry, The Battle of Salamis: The Naval Encounter That Saved Greece – and Western Civilization (New York: Simon & Schuster, 2004) Stuart, Hannah, Islamist Terrorism: Analysis of Offences and Attacks in the UK (1998–2015) (London: Henry Jackson Society, 2017) Stubbs, John, Reprobates: The Cavaliers of the English Civil War (London: Viking, 2011) Sullivan, Brian R., ‘“A Highly Commendable Action”: William J.

pages: 322 words: 84,752

Pax Technica: How the Internet of Things May Set Us Free or Lock Us Up
by Philip N. Howard
Published 27 Apr 2015

Competing networks exist in several forms, and to make this sociotechnical system function fairly, we need to work to strengthen the information infrastructures that have the most open standards, the widest reach, and the greatest potential for innovation. We all need to take a more active interest in our own information security and in international affairs. We need to make sure the internet of things works for us. Program or be programmed, as hackers say. If we aren’t purposeful in designing the internet of things, we’ll find that those with power will make decisions using data gleaned about us, and without our informed consent.

pages: 250 words: 87,722

Flash Boys: A Wall Street Revolt
by Michael Lewis
Published 30 Mar 2014

He was making Goldman’s bulky, inefficient system faster, but he could never make it as fast as a system built from scratch, without the burden of 60 million lines of old code underneath it. Or a system that, to change it in any major way, did not require six meetings and signed documents from informational security officers. Goldman hunted in the same jungle as the small HFT firms, but it could never be as quick or as nimble as those firms: No big Wall Street bank could. The only advantage a big bank enjoyed was its special relationship to the prey: its customers. (As the head of one high-frequency trading firm put it, “When one of these people from the banks interviews with us for a job, he always talks about how smart his algos are, but sooner or later he’ll tell you that without his customer he can’t make any money.”)

pages: 269 words: 83,307

Young Money: Inside the Hidden World of Wall Street's Post-Crash Recruits
by Kevin Roose
Published 18 Feb 2014

But as much as 200 West Street seemed familiar, it also had an odd sterility to it. Samson wasn’t sure how to characterize it, but something about the building felt fortified—as if the entire place had been sanded down to make it a little more secure and a little less welcoming. The new building felt designed to keep employees and information securely inside, while keeping outsiders at a total remove. Maybe it was in his head. In the nine months since his internship, Goldman had undergone a massive transformation in the public imagination. Once a relatively anonymous investment bank, it had taken on the image of a global financial villain—a firm whose name was shorthand for unrepentant greed and vice.

pages: 309 words: 79,414

Going Dark: The Secret Social Lives of Extremists
by Julia Ebner
Published 20 Feb 2020

She compares cyber-security measures to rocks rather than a wall: there always remain gaps in between. To walk around the rocks and get to the valuable thing in the middle, you need the right equipment and you have to know the path, but in theory anybody can get in. ‘You can never have one hundred per cent cyber and information security.’ Even the Israelis admit that. When I enter the headquarters of Cyberbit, one of the world’s leading cyber-security firms, on the outskirts of the Israeli city Ra’anana, their vice president for Europe, the Middle East and North Africa explains: ‘The mean time to identify a cyberattack is 206 days.

pages: 301 words: 88,082

The Great Tax Robbery: How Britain Became a Tax Haven for Fat Cats and Big Business
by Richard Brooks
Published 2 Jan 2014

Sell-Out 1‌ Based on personal recollection and believed to be a reasonable paraphrase. 2‌ ‘Review of Links with Business’, Inland Revenue, November 2001. 3‌ Nick Davies, Guardian, 23 and 24 July 2002. 4‌ HMRC departmental board meeting 13 August 2007; http://www.hmrc.gov.uk/about/minutes-aug07.htm 5‌ ‘Review of Information Security’, Kieron Poynter, June 2008. 6‌ CBI press release, 4 November 2005. 7‌ CBI Annual Conference, 28 November 2005. 8‌ Make-up and remit explained in Large Corporates presentation 18 May 2006; http://www.hmrc.gov.uk/lbo/review-of-links.pdf 9‌ Whistle-blower letter to Private Eye, July 2012. 10‌ Interview with author. 11‌ ‘UK business tax: a compelling case for change’, CBI, November 2006; http://www.cbi.org.uk/media/999090/cbi_tax_report_text.pdf 12‌ Financial Times comment piece, ‘Why the Chancellor is Missing the Point’, 15 July 1999. 13‌ Freedom of information response to author, October 2008; http://www.hmrc.gov.uk/freedom/board-hospitality.pdf 14‌ A review by the Bureau of Investigative Journalism, June 2010, found Hartnett had received hospitality on 107 occasions between April 2007 and September 2009, which was in fact a lower rate than for previous periods; http://www.thebureauinvestigates.com/2010/06/17/bureau-publishes-comprehensive-civil-service-hospitality-database/ 15‌ Discussion with author, September 2009. 16‌ Reported in trade magazine the Post, 9 September 2009; http://www.postonline.co.uk/post/news/1532892/rsa-launches-reinsurer-scrapping-tax 17‌ Email from HMRC press office to author, 23 September 2009. 18‌ See, for example, Public Accounts Committee hearing 12 October 2011; http://www.publications.parliament.uk/pa/cm201012/cmselect/cmpubacc/uc1531-i/uc153101.htm 19‌ BT 2006/07 third quarter results announcement, transcript at http://www.btplc.com/Sharesandperformance/Quarterlyresults/Financialpresentations/q307transcript.pdf 20‌ See, for example, evidence of Judith Freedman to Treasury Select Committee, 29 June 2011; http://www.publications.parliament.uk/pa/cm201012/cmselect/cmtreasy/uc731-v/uc73101.htm 21‌ Information provided to author and reported in Private Eye, May 2008, issue 1211. 22‌ Interview with Guardian Tax Gap reporting team, reported in Guardian, 6 February 2009; http://www.guardian.co.uk/business/2009/feb/06/tax-gap-gamekeeper-inland-revenue 23‌ National Audit Office report on HMRC annual accounts 2010/11 shows ‘value of open issues for Large Business Service Companies’ falling from £35.1bn in 2007 to £25.5bn in 2011.

pages: 301 words: 85,126

AIQ: How People and Machines Are Smarter Together
by Nick Polson and James Scott
Published 14 May 2018

Hacking already plagues hospitals: if you recall the big ransomware attacks of 2017 (like WannaCry), you may also recall that hospitals were disproportionately hit. These hospitals probably weren’t doing anything AI-related with their data, but that kind of activity would hardly have entailed a higher security risk than what was already present. Hospitals should obviously plug their existing information-security holes—probably, as many experts suggest, by moving to some kind of cloud-based infrastructure run by a firm who thinks about security full time. But this has nothing to do with whether the data already sitting on hospital servers should be used to improve health care. Postscript As you now appreciate, when it comes to widespread adoption of AI, the health-care system faces very few barriers of technology, but enormous barriers of culture, law, and incentives.

pages: 306 words: 82,909

A Hacker's Mind: How the Powerful Bend Society's Rules, and How to Bend Them Back
by Bruce Schneier
Published 7 Feb 2023

Krawiec and Scott Baker (2006), “Incomplete contracts in a complete contract world,” Florida State University Law Review 33, https://scholarship.law.duke.edu/faculty_scholarship/2038. 27systems of trust: Bruce Schneier (2012), Liars and Outliers: Enabling the Trust that Society Needs to Thrive, John Wiley & Sons. 28complexity is the worst enemy of security: Bruce Schneier (19 Nov 1999), “A plea for simplicity: You can’t secure what you don’t understand,” Information Security, https://www.schneier.com/essays/archives/1999/11/a_plea_for_simplicit.html. 6. ATM HACKS 31Saunders withdrew $1.6 million: Jack Dutton (7 Apr 2020), “This Australian bartender found an ATM glitch and blew $1.6 million,” Vice, https://www.vice.com/en_au/article/pa5kgg/this-australian-bartender-dan-saunders-found-an-atm-bank-glitch-hack-and-blew-16-million-dollars. 33changes in ATM design: Z.

pages: 265 words: 80,510

The Enablers: How the West Supports Kleptocrats and Corruption - Endangering Our Democracy
by Frank Vogl
Published 14 Jul 2021

On January 1, 2021, the US Senate voted to approve the National Defense Authorization Act for Fiscal Year 2021, which included as Division F, Title LXIII, extensive improvements in the US government’s AML operations, including improved interagency coordination and consultation, establishment of Bank Secrecy Act information security officers, training for examiners on AML/CFT, obtaining foreign bank records from banks with US correspondent accounts, prohibitions on concealment of the source of assets in monetary transactions, and improved incentives and protections for whistleblowers. The following section of the legislation, Title LXIV, was designated as the Corporate Transparency Act.

pages: 422 words: 86,414

Hands-On RESTful API Design Patterns and Best Practices
by Harihara Subramanian
Published 31 Jan 2019

Importance of penetration tests Before we delve into the details, the following rationalizations will help us understand why pen tests are so crucial in API testing: No compromise to data privacy Guaranteed and secured financial transactions and financial data over the network Discover security vulnerabilities and loopholes in APIs and in underlying systems Simulate, forecast, understand, and assess the impacts of attacks Make APIs fully information security compliant Pen testing lifecycle Now that we have a good understanding of vulnerability causes from the earlier section, let's look at the five stages of pen tests in this section: The preceding diagram depicts the life cycle of pen tests, involving five phases of activities such as Preparation, Scanning, Gaining Access and Maintaining Access, and reporting.

pages: 287 words: 92,118

The Blue Cascade: A Memoir of Life After War
by Mike Scotti
Published 14 May 2012

It had been five months since I’d graduated from Stern and a year since Rob was killed. I spent the summer after graduation in the Credit Suisse associate training program, along with the others who had been hired from various MBA programs. Kevin and I worked in the private side of finance. We had access to sensitive information. Security was tight. We worked behind electronically locked access doors where you had to swipe your ID card to get through the carefully constructed information wall that separated us from the other parts of the bank. Those doors were in addition to card swipes in the lobby and just outside the elevators on our floor.

pages: 209 words: 89,619

The Precariat: The New Dangerous Class
by Guy Standing
Published 27 Feb 2011

The precariat lives in public spaces but is vulnerable to surveillance and undemocratic nudging. It should demand regulations to give individuals the right to see and correct information that any organisation holds on them, to require firms to inform employees, including outworkers, if any security breach occurs affecting them, to require organisations to undergo annual information-security audits 168 THE PRECARIAT by an accredited third party, to put expiry dates on information and to limit use of data profiling on the basis of some probability of behaviour. Data protection and freedom-of-information laws have been a step in the right direction but do not go far enough. Active Voice is required.

pages: 320 words: 90,526

Squeezed: Why Our Families Can't Afford America
by Alissa Quart
Published 25 Jun 2018

Before he went to ITT, Rodriguez had been working as a high school–educated graphic designer. After he was “enticed” into enrolling by a visit to a nearby suburban ITT campus, where admissions staff told him that they’d help him find a job upon graduation, he signed up; eventually he obtained a bachelor’s degree in information security systems, but went into serious debt in the process. His fellow students were mostly in their thirties and forties, he said. The ITT representatives pitched the program to older students predominantly. Now, eight years later, he was $59,000 in debt to a school that was under investigation by the Obama administration.

pages: 343 words: 91,080

Uberland: How Algorithms Are Rewriting the Rules of Work
by Alex Rosenblat
Published 22 Oct 2018

I mention their application as part of my methods because the collaborative, interdisciplinary conversations I had at different stages helped me process and analyze what I continued to observe in my qualitative research, as well as suggested what to look for as my research project evolved and continued. For example, I intermittently consulted with computer scientists, both regarding what was technically possible and about information security practices for conducting my research. In particular, the Labor Tech group run by Winifred Poster and the Privacy Law Scholars Conference are generative spaces for receiving invaluable feedback from engaged scholars. Throughout the course of this research, I’ve also benefited from conversations with leaders across many different communities: academic, policy, regulatory, and business.

pages: 307 words: 90,634

Insane Mode: How Elon Musk's Tesla Sparked an Electric Revolution to End the Age of Oil
by Hamish McKenzie
Published 30 Sep 2017

The well-put-together Brit had left the brave new world of Silicon Valley for the decidedly old-school confines of one of the world’s most iconic car brands. At Tesla’s headquarters, a visitor must drive into the parking lot off Deer Creek Road, just outside Palo Alto, hand their keys to a valet, then sign in on an iPad in the reception area. For my visit to Aston Martin, I drove down a private road called Kingsway, informed security guards at a checkpoint that I was there to see Sproule, and was then directed to the VIP entrance, where I pushed a buzzer by a large locked gate. Walking past a private lot of million-dollar cars, I entered a brightly lit lobby with a high ceiling under which had been parked a series of Aston Martins—the Zagato, the Rapide, the Vulcan—just waiting for 007 to come in and select one for his next impossible escape across the continent.

pages: 304 words: 91,566

Bitcoin Billionaires: A True Story of Genius, Betrayal, and Redemption
by Ben Mezrich
Published 20 May 2019

Tyler also saw true protocol royalty in the form of Bram Cohen, who had built BitTorrent and essentially invented decentralized, peer-to-peer file sharing. Cohen was perhaps the greatest living protocol developer alive after Satoshi. Maybe, Tyler mused, he was Satoshi? And then there were fellow early Bitcoiners like Paul Bohm, an information security expert who had written one of the earliest blogs explaining Bitcoin mining; Mike Belshe, one of the first engineers to work the SPDY protocol used by Google in its Chrome browser; Matt Pauker and Balaji Srinivasan, who had cofounded a Bitcoin mining company called 21e6 (the scientific notation for the number twenty-one million, the total number of bitcoin that would ever be created); Srinivasan was also on the way to becoming the CTO of a company called Coinbase, a cryptocurrency exchange on a rapid rise in the industry.

pages: 305 words: 93,091

The Art of Invisibility: The World's Most Famous Hacker Teaches You How to Be Safe in the Age of Big Brother and Big Data
by Kevin Mitnick , Mikko Hypponen and Robert Vamosi
Published 14 Feb 2017

When the ex-wife and her boyfriend were out of town, the General claimed he would jack up the temperature in the house and then lower it back down before they returned: “I can only imagine what their electricity bills might be. It makes me smile.”1 Researchers at Black Hat USA 2014, a conference for people in the information security industry, revealed a few ways in which the firmware of a Nest thermostat could be compromised.2 It is important to note that many of these compromises require physical access to the device, meaning that someone would have to get inside your house and install a USB port on the thermostat. Daniel Buentello, an independent security researcher, one of four presenters who talked about hacking the device, said, “This is a computer that the user can’t put an antivirus on.

pages: 295 words: 89,441

Aiming High: Masayoshi Son, SoftBank, and Disrupting Silicon Valley
by Atsuo Inoue
Published 18 Nov 2021

What I want to make perfectly clear, however, and what I’ve always maintained, is that we are an investment company. The consolidated totals concerning the valuation of the companies we invest in is irrelevant when looking at our own valuation.’ Goto Yoshimitsu (SoftBank Group director, senior managing executive officer, chief financial officer, chief information security officer and chief sustainability officer) gives his assessment, his tone calm and measured as ever. ‘Take the current situation, for example. Having an operating loss of 1.3 trillion yen is unthinkably bad but you only have to look at the financial results for 2019 where we posted an operating profit of 2.3 trillion yen – an extraordinary good result, second only to Toyota.

pages: 277 words: 91,698

SAM: One Robot, a Dozen Engineers, and the Race to Revolutionize the Way We Build
by Jonathan Waldman
Published 7 Jan 2020

In Muscat, they admired the Sultan Qaboos Grand Mosque, which had taken six years to build and whose masonry dome easily outflanked the best in America. They lay on towels on the beach and soaked up the sun while, not fifty feet away, one wave at a time, water ground particles into unusable construction material. At some point, back in Dubai, a housekeeper found eggshells in Zak’s trash can and informed security. Zak was told not to use the electric hot plate in his room anymore. He ignored the instruction and continued to cook his own meals until the last day of the program, when hotel staff confiscated the device. By then, Zak had eaten at least thirty burgers, and come no closer to getting SAM or CR some action.

Days of Fire: Bush and Cheney in the White House
by Peter Baker
Published 21 Oct 2013

The order, first signed by Bill Clinton in 1995 and later updated and reissued by Bush in 2003, required that any “entity within the executive branch that comes into the possession of classified information” report annually how much it was keeping secret—not even what it kept secret, just the quantity. Cheney’s office filed reports in 2001 and 2002 but stopped filing in 2003. By 2004, the Information Security Oversight Office at the National Archives and Records Administration responded by ordering an inspection of Cheney’s office to see how sensitive material was handled, but his staff blocked the examination. The vice president’s team later proposed amending the executive order to abolish the Information Security Oversight Office altogether. Bush found such disputes baffling. With so much else going on, he was interested in one last chance to achieve a historic domestic initiative, not to poke at a hornet’s nest.

Health and Human Services Department, U.S., 9.1, 18.1 health care reform, 4.1, 16.1, epl.1 Heiden, Debbie Helal, Gamal Hennen, Scott Hennessey, Keith, 21.1, 34.1, 35.1 Heritage Foundation Hernandez, Israel, 2.1, 17.1, 37.1 Hertzberg, Hendrik Hezbollah, 10.1, 27.1, 27.2 Hill, Christopher, 21.1, 23.1, 28.1, 30.1, 31.1, 31.2, 31.3, 31.4, 32.1, 33.1, 33.2, 34.1, 34.2, 35.1 Hill, Fiona, 34.1, 34.2 Hillyer, Quin Hispanic Americans, 17.1, 21.1, 22.1 Hitler, Adolf Hobbs, David, 16.1, 16.2 Holbrooke, Richard, 21.1, 31.1, 31.2 Holland, Steve Holliday, Stuart Holocaust, 13.1, 13.2 Homeland Security Department, U.S., 11.1, 12.1, 13.1, 20.1, nts.1n Honoré, Rossel Hook, Brian Hoover, Herbert, 34.1, 35.1, 35.2, 37.1, nts.1n Horne, Alistair House Budget Committee House Intelligence Committee, 2.1, 9.1, 12.1 House of Representatives, U.S., 1.1, 1.2, 2.1, 2.2, 6.1, 6.2, 9.1, 10.1, 12.1, 12.2, 12.3, 12.4, 12.5, 12.6, 13.1, 15.1, 16.1, 21.1, 24.1, 24.2, 28.1, 29.1, 30.1, 30.2, 31.1, 31.2, 32.1, 33.1, 34.1, 35.1, 35.2, 35.3, 36.1, epl.1 House Republican Conference housing market, 24.1, 26.1, 27.1, 33.1, 34.1, 35.1, 35.2, 36.1, 37.1, epl.1 Houston, Sam Howard, Arlene, 8.1, 8.2, 8.3 Howard, George Hoyer, Steny Hubbard, Al, 21.1, 30.1 Hubbard, Glenn, 3.1, 11.1, 13.1, 13.2 Huckabee, Mike, 31.1, 33.1 Hughes, Karen, 2.1, 3.1, 3.2, 3.3, 3.4, 3.5, 4.1, 4.2, 5.1, 5.2, 6.1, 6.2, 6.3, 6.4, 6.5, 7.1, 7.2, 8.1, 8.2, 8.3, 8.4, 9.1, 10.1, 10.2, 11.1, 11.2, 12.1, 13.1, 13.2, 13.3, 13.4, 14.1, 14.2, 17.1, 18.1, 19.1, 19.2, 20.1, 21.1, 24.1, 25.1, 26.1, 27.1, 29.1, 31.1, 34.1, 35.1, 35.2, 37.1, epl.1 Hu Jintao, 25.1, 28.1, 33.1, 35.1 Hume, Brit Hundred Degree Club, 11.1, 27.1 Hunt, Al Hunt, Terence, 28.1, 28.2 Hurricane Gustav Hurricane Katrina, 23.1, 23.2, 23.3, 24.1, 27.1, 31.1, 35.1, 35.2, epl.1, epl.2, nts.1n–29n, nts.2n–49n Hussein, Qusay, 14.1, 16.1 Hussein, Saddam, prl.1, prl.2, 2.1, 5.1, 6.1, 7.1, 7.2, 8.1, 8.2, 8.3, 8.4, 8.5, 8.6, 9.1, 10.1, 10.2, 11.1, 11.2, 11.3, 12.1, 13.1, 14.1, 15.1, 15.2, 16.1, 16.2, 16.3, 17.1, 18.1, 18.2, 18.3, 18.4, 20.1, 21.1, 21.2, 24.1, 26.1, 26.2, 28.1, 30.1, 30.2, 30.3, 33.1, 35.1, 35.2, 36.1, epl.1, epl.2, epl.3, nts.1n Hussein, Uday, 14.1, 16.1 Hutchinson, Asa Hutchison, Kay Bailey Huxley, Aldous Ibrahim, Saad Eddin Ifill, Gwen Ignatius, David immigration reform, 2.1, 3.1, 20.1, 21.1, 21.2, 24.1, 31.1, 32.1, 32.2, 33.1, 37.1, epl.1, epl.2 independent voters, 5.1, 17.1, 17.2, 19.1, 28.1 India, 3.1, 5.1, 16.1 Information Security Oversight Office inspectors, weapons, 11.1, 12.1, 12.2, 12.3, 13.1, 13.2, 13.3, 13.4, 13.5, 13.6, 15.1, 17.1, 17.2 Insurrection Act (1807), 23.1, 23.2 Intelligence Identities Protection Act (1982) International Atomic Energy Agency (IAEA), 13.1, 32.1 International Committee of the Red Cross International Criminal Court (ICC) interrogations, 10.1, 11.1, 18.1, 18.2, 20.1, 22.1, 24.1, 28.1, 28.2, 28.3, 31.1, 33.1, 33.2, 35.1, 35.2, epl.1, epl.2, epl.3, epl.4 In the Heart of the Sea (Philbrick) Iowa primary, 3.1, 17.1, 35.1 Iran, prl.1, 2.1, 2.2, 7.1, 10.1, 10.2, 11.1, 11.2, 11.3, 14.1, 16.1, 17.1, 18.1, 18.2, 21.1, 24.1, 26.1, 27.1, 29.1, 30.1, 31.1, 32.1, 32.2, 33.1, 34.1, 35.1, 35.2, 37.1, epl.1, epl.2 Iran-contra scandal, 2.1, 17.1, epl.1 Iraq Body Count Iraq Governing Council, 16.1, 16.2, 16.3, 17.1 Iraq Interim Authority, 13.1, 14.1 Iraq Stabilization Group Iraq Study Group, 28.1, 29.1, 30.1 Iraq Summit, 26.1, 29.1 Iraq Survey Group Iraq War: Arab reaction to, 8.1, 11.1, 11.2, 11.3, 12.1, 13.1, 29.1, 33.1, 35.1, 36.1, epl.1, epl.2 casualties in, 2.1, 11.1, 13.1, 13.2, 22.1, 24.1, 26.1, 26.2, 27.1, 30.1, 31.1, nts.1n constitution established in, 15.1, 16.1, 16.2, 20.1, 21.1, 21.2, 22.1, 24.1, 26.1 insurgency in, 13.1, 14.1, 15.1, 16.1, 16.2, 16.3, 17.1, 20.1, 21.1, 21.2, 21.3, 23.1, 25.1, 26.1, 26.2, 26.3, 27.1, 28.1, 29.1, 29.2, 33.1, epl.1 interim government in, 10.1, 13.1, 14.1, 16.1, 20.1, 21.1, 25.1, 26.1 invasion in, prl.1, 8.1, 8.2, 9.1, 10.1, 11.1, 12.1, 13.1, 13.2, 13.3, 13.4, 13.5, 13.6, 13.7, 13.8, 14.1, 17.1, 17.2, 19.1, 21.1, 21.2, 26.1, 26.2, 27.1, 28.1, 28.2, 30.1, 30.2, 31.1, 33.1, 33.2 Iraqi elections (2005) held during, 15.1, 16.1, 20.1, 21.1, 21.2, 24.1, 24.2, 25.1, 25.2, 26.1, 30.1 occupation after, prl.1, 2.1, 5.1, 5.2, 5.3, 6.1, 7.1, 8.1, 8.2, 9.1, 10.1, 10.2, 10.3, 11.1, 11.2, 13.1, 16.1, 16.2, 17.1, 18.1, 20.1, 27.1, 35.1 reconstruction for, 13.1, 13.2, 13.3, 16.1, 24.1, 25.1 regime change in, 5.1, 6.1, 9.1, 10.1, 11.1, 11.2, 12.1, 12.2, 12.3, 13.1, 14.1, 14.2, 14.3, 21.1, 30.1 surge strategy for, 26.1, 26.2, 26.3, 27.1, 27.2, 27.3, 28.1, 28.2, 28.3, 28.4, 28.5, 28.6, 29.1, 29.2, 29.3, 31.1, 31.2, 31.3, 31.4, 32.1, 32.2, 32.3, 32.4, 33.1, 33.2, 34.1, 35.1, epl.1, epl.2, epl.3 troop deployment in, prl.1, prl.2, prl.3, 10.1, 11.1, 12.1, 13.1, 13.2, 13.3, 14.1, 14.2, 15.1, 16.1, 16.2, 17.1, 18.1, 20.1, 20.2, 24.1, 24.2, 25.1 troop withdrawal in, 20.1, 20.2, 21.1, 21.2, 22.1, 22.2, 24.1, 26.1, 27.1, 27.2, 28.1, 29.1, 29.2, 29.3, 29.4, 30.1, 31.1, 31.2, 31.3, 31.4, 32.1, 33.1, 32.2, 32.3, 33.2, 35.1, 36.1, nts.1n–51n UN resolutions on, 11.1, 11.2, 11.3, 12.1, 12.2, 12.3, 12.4, 13.1, 13.2, 13.3, 16.1, 18.1 “Iron Triangle,” 3.1, 17.1 Islam, 8.1, 8.2, 8.3, 8.4, 16.1, 21.1, epl.1, epl.2 Islamic Center of Washington Islamic extremists, 8.1, 16.1, 21.1 Islamic Movement of Uzbekistan Israel, 5.1, 6.1, 8.1, 11.1, 11.2, 11.3, 14.1, 14.2, 20.1, 24.1, 27.1, 27.2, 31.1, 31.2, 32.1, 33.1, 33.2, 33.3, 34.1, 35.1 Ivanov, Igor, 10.1, 26.1 Jaafari, Ibrahim al-, 21.1, 25.1, 25.2, 26.1 Jackson, Andrew, 5.1, epl.1 Jackson, Barry James, Marquis Janjaweed Japan, 11.1, 16.1, epl.1 Japanese-American internment camps Jarrett, Valerie Jefferson, Thomas Jefferson, William Jeffords, James, 6.1, 12.1 Jeffrey, James Jennings, Peter Jesus Christ, 2.1, 3.1, 11.1, nts.1n Jeter, Derek Jews, 8.1, 11.1, 13.1, 13.2 John Adams (McCullough) Johnson, Clay, 25.1, 37.1 Johnson, Lyndon B., 2.1, 3.1, 3.2, 6.1, 17.1, 23.1, 26.1, 27.1, 29.1, 30.1, 35.1, epl.1 Joints Chiefs of Staff, U.S., 2.1, 6.1, 8.1, 9.1, 10.1, 11.1, 13.1, 13.2, 29.1, 29.2, 30.1, 30.2, 31.1, 32.1 Jones, Edith Jones, Frederick, 16.1, 19.1, 21.1, 24.1, 26.1 Jordan, Vernon Joseph, Robert, 5.1, 14.1, 15.1, 16.1, 23.1, 31.1 JPMorgan Chase Jumblatt, Walid Jurgens, Thomas Justice Department, U.S., 9.1, 9.2, 10.1, 10.2, 11.1, 11.2, 15.1, 16.1, 17.1, 18.1, 20.1, 23.1, 24.1, 26.1, 32.1, 34.1, 35.1, 37.1, epl.1, nts.1n Kabul, 10.1, 10.2, 10.3, 10.4, 25.1, 28.1, 31.1, 36.1 Kagan, Frederick W., 26.1, 26.2, 29.1, 29.2, 29.3 Kagan, Robert Kandahar, 9.1, 10.1, 28.1 Kaplan, Joel, 11.1, 25.1, 28.1, 34.1, 34.2, 35.1, 36.1, 36.2, 37.1, 37.2, 37.3 Kaplan, Robert Kappes, Stephen Karami, Omar Karine A incident (2002) Karzai, Hamid, 10.1, 25.1, 28.1, 31.1, 36.1 Kasich, John Kass, Leon Kaufman, Ron, 3.1, 3.2 Kavanaugh, Ashley Kavanaugh, Brett Kay, David, 15.1, 17.1, 17.2, 18.1 Kazakhstan, 27.1, 31.1 Kean, Thomas H., 17.1, 18.1, 20.1 Keane, Jack, 28.1, 29.1, 30.1, 30.2, 31.1, 31.2, 32.1 Keating, Frank, 3.1, 8.1 Keegan, John Keene, David Keil, Richard, 7.1, 8.1, 28.1, 28.2 Kellems, Kevin, 9.1, 16.1 Keller, Bill, 24.1, 24.2, nts.1n Kelley, William, 22.1, 23.1, 23.2, 23.3 Kelly, James, 12.1, 17.1, 17.2 Kemp, Jack Kennedy, Anthony M.

Israel & the Palestinian Territories Travel Guide
by Lonely Planet

Month by Month Itineraries Crossing Borders Travel with Children Regions at a Glance On The Road Jerusalem History Sights Courses Tours Festivals & Events Sleeping Eating Drinking & Nightlife Entertainment Shopping Abu Ghosh Eating Soreq Cave Caves of Maresha & Beit-Guvrin Latrun Around Latrun Tel Aviv-Jaffa (Yafo) - History Sights Beaches Activities Festivals & Events Sleeping Eating Drinking & Nightlife Entertainment Shopping Herzliya Sights Eating Netanya Activities Eating Ramla Sights Eating Haifa & the North Coast Haifa & the North Coast Highlights Haifa Daliyat al-Karmel - Carmelite Monastery of St Elijah Atlit Ein Hod & Ayn Hawd Zichron Ya'acov Mey Kedem Jisr az-Zarka ' Caesarea Akko (Acre) Around Akko Baha'i Gardens & Shrine of Baha'ullah Kibbutz Lohamei HaGeta'ot Nahariya North of Nahariya Montfort Akhziv Lower Galilee & Sea of Galilee Lower Galilee & Sea of Galilee Highlights Nazareth Kafr Kana Tzipori Mt Tabor Area Mt Tabor Kfar Tavor Kfar Kisch Kfar Kama Jezreel & Beit She'an Valleys Beit She'an Belvoir Beit Alpha Synagogue Gangaroo Animal Park ' ' Ein Harod Tiberias Sea of Galilee North of Tiberias South of Tiberias Eastern Shore Hamat Gader Upper Galilee & Golan Upper Galilee & Golan Highlights The Upper Galilee Tsfat (Safed) Mt Meron Area Rosh Pina Around Rosh Pina Hula Valley Kiryat Shmona & Tel Hai Metula East of Kiryat Shmona The Golan Heights Katzrin South of Katzrin North of Katzrin Northern Golan West Bank West Bank Highlights Bethlehem Around Bethlehem Ramallah & Al-Bireh Around Ramallah Jericho & Around Hebron Nablus Jenin The Gaza Strip Gaza City Elsewhere in the Gaza Strip Khan Younis Rafah The Dead Sea Dead Sea Highlights Ein Gedi North of Ein Gedi Masada Ein Bokek Sodom Neot HaKikar The Negev The Negev Highlights Arad Around Arad Be'er Sheva Around Be'er Sheva Sde Boker Mitzpe Ramon The Arava Eilat Around Eilat Petra Petra Highlights The Ancient City Wadi Musa Siq al-Barid (Little Petra) ( ) Understand Understand Israel & the Palestinian Territories Israel & the Palestinian Territories Today History People of Israel & the Palestinian Territories Hummus & Olives Regional Food Daily Life Government & Politics Religion Arts Environment Survive Safe Travel Travel Advisories & Information Security Measures in Israel News in English Safe Travel in the West Bank Political Protests Minefields Directory AZ Accommodation Activities Customs Regulations Dangers & Annoyances Discount Cards Electricity Embassies & Consulates Food Gay & Lesbian Travellers Insurance Internet Access Legal Matters Maps Money Opening Hours Post Telephone Time Tourist Information Travellers with Disabilities Visas Volunteering Weights & Measures Women Travellers Work Transport Getting There & Away Getting Around Health Before You Go In Israel & the Palestinian Territories Language Glossary Behind the Scenes Our Writers Special Features Religious Sites Welcome to Israel & the Palestinian Territories At the intersection of Asia, Europe and Africa – both geographically and culturally – Israel and the Palestinian Territories have been a meeting place of cultures, empires and religions since history began.

Palestine Wildlife Society (www.wildlife-pal.org) - an educational and research NGO focusing on nature conservation. Palestinian Ministry of Environmental Affairs (www.mena.gov.ps) - charged with environmental regulation and education. Society for the Protection of Nature in Israel (www.natureisrael.org) Israel’s oldest and largest environmental organisation. Safe Travel Travel Advisories & Information Security Measures in Israel News in English Safe Travel in the West Bank Political Protests Minefields Safe Travel Is it safe? This is a question friends and family are likely to ask when you announce your plans to travel to Israel and/or the Palestinian Territories. The answer will always depend on current events, and can change within the space of a few days.

pages: 328 words: 100,381

Top Secret America: The Rise of the New American Security State
by Dana Priest and William M. Arkin
Published 5 Sep 2011

None of that was true. To understand how far the government has fallen into the bottomless well of official secrets, step into William Bosanko’s stately pale-yellow office at the National Archives on Pennsylvania Avenue, not far from the White House. With only twenty-three employees, his agency, the obscure Information Security Oversight Office (ISOO), is supposed to ensure that the entire government classifies and protects its documents properly. But since 2001, the number of newly classified documents has tripled to over 23 million, while his staff has barely grown. Bosanko said that with so few resources, ISOO has not even attempted to gain access to the government’s Special Access Programs.

pages: 308 words: 99,298

Brexit, No Exit: Why in the End Britain Won't Leave Europe
by Denis MacShane
Published 14 Jul 2017

The reader can skip the titles of the organisations but they are examples of what may be lost if the full, hardline Brexit desired by politicians like Nigel Farage and Iain Duncan Smith is achieved: Agency for the Cooperation of Energy Regulators; Clean Sky Joint Undertaking; Community Plant Variety Office; European Agency for Safety and Health at Work; European Asylum Support Office; European Aviation Safety Agency; European Banking Authority; European Centre for Disease Prevention and Control; European Centre for the Development of Vocational Training; European Chemicals Agency; European Defence Agency; European Environment Agency; European Fisheries Control Agency; European Food Safety Authority; European Foundation for the Improvement of Living and Working Conditions; European Global Navigation Satellite Systems Agency; European Institute for Gender Equality; European Institute for Innovation and Technology; European Joint Undertaking for ITER and the Development of Fusion Energy; European Maritime Safety Energy; European Medicines Agency; European Monitoring Centre for Drugs and Drug Addiction; European Police College; European Police Office (EUROPOL); European Railway Agency; European Securities and Markets Authority; European Training Foundation; European Union Agency for Fundamental Rights; European Union Agency for Network and Information Security; European Union Agency for the Management of Operational Cooperation at the External Borders (FRONTEX); European Union Institute for Security Studies; European Union Satellite Centre; European Union’s Judicial Cooperation Unity (EUROJUST); Fuel Cells and Hydrogen Joint Undertaking; Innovative Medicines Unit Joint Undertaking; Office for the Harmonisation in the Internal Market – Trade Marks and Design; Office of the Body of European Regulators for Electronic Communications; Translation Centre for the Bodies of the European Union.

pages: 410 words: 101,260

Originals: How Non-Conformists Move the World
by Adam Grant
Published 2 Feb 2016

As iconic filmmaker Francis Ford Coppola observed, “The way to come to power is not always to merely challenge the Establishment, but first make a place in it and then challenge and double-cross the Establishment.” When Medina made the risky choice to present her idea again, she stabilized her risk portfolio by applying for a job that focused on information security. Her primary role was to keep knowledge safe. “That’s not something I would have normally gone for—it was a very conservative thing,” she remembers. The other things I had to do with the security of our publications didn’t excite me. But I could eventually use this in a smaller way to do the things I wanted to get done.

pages: 326 words: 103,170

The Seventh Sense: Power, Fortune, and Survival in the Age of Networks
by Joshua Cooper Ramo
Published 16 May 2016

(The phrase means to take control of, or to “own,” a system. The spelling is an artifact of an overenthusiastic video-game death-match gloat, when one player killed another and in his rush to celebrate typed something along the lines of “I pwned you!” The mistyping lives on today: The highest award in information security is known as the Pwnie.) Bratus calls the resulting pwned device a weird machine: a computer, a sensor, a drone that has been silently made to do something unintended. Made weird. Hacking is, after all, a kind of perverse programming. It involves slipping inside a machine and then driving it to do things it wasn’t intended to do by giving it instructions its designers never knew it might receive.

pages: 368 words: 96,825

Bold: How to Go Big, Create Wealth and Impact the World
by Peter H. Diamandis and Steven Kotler
Published 3 Feb 2015

Taken together, my hope is that these how-to sections serve as a comprehensive playbook, literally a user’s guide for going big, creating wealth, and impacting the world. Let’s begin. Case Study 1: Freelancer—Quantum Mechanic for Hire by the Hour11 It started back in the late 2000s. Matt Barrie was irritated. A venture capitalist and entrepreneur with expertise in information security, Barrie was coding a website and trying to hire someone—anyone—to do some basic data entry. His rates were decent. He was willing to pay two dollars a line to the kid brother or kid sister of a friend. But there was soccer practice. There were exams. The whole process dragged on for months.

pages: 348 words: 97,277

The Truth Machine: The Blockchain and the Future of Everything
by Paul Vigna and Michael J. Casey
Published 27 Feb 2018

In the wake of the 2016 legal battle: For a useful analysis of this dispute, see: Arash Khamooshi, “Breaking Down Apple’s iPhone Fight with the U.S. Government,” The New York Times, March 21, 2016, https://www.nytimes.com/interactive/2016/03/03/technology/apple-iphone-fbi-fight-explained.html. Even though the world spent: “Gartner Says Worldwide Information Security Spending Will Grow Almost 4.7 Percent to Reach $75.4 Billion in 2015,” Gartner, September 23, 2015, http://www.gartner.com/newsroom/id/3135617. were running at $400 billion: Stephen Gandel, “Lloyd’s CEO: Cyber Attacks Cost Companies $400 Billion Every Year,” Fortune, January 23, 2015, http://fortune.com/2015/01/23/cyber-attack-insurance-lloyds/.

pages: 332 words: 100,601

Rebooting India: Realizing a Billion Aspirations
by Nandan Nilekani
Published 4 Feb 2016

The positive impact on financial inclusion, bringing in ever more people into the formal financial sector, is an illustration of one of our core ideas—expecting organizations to participate in an initiative solely because it’s a worthy social goal isn’t likely to succeed. The minute we manage to make it an attractive business model by adding appropriate financial incentives, people are immediately willing to join in, and the whole ecosystem grows and expands in ways we ourselves might not have foreseen. e-KYC also represents significant improvements in information security and handling, especially important in a country that doesn’t have a strong set of regulations around data privacy. Features like explicit consent, biometric verification and digital signatures make the e-KYC process robust and tamper-proof, and resistant to identity theft. Transactions are easy to store and trace, making audits far simpler.

pages: 371 words: 98,534

Red Flags: Why Xi's China Is in Jeopardy
by George Magnus
Published 10 Sep 2018

This isn’t a uniquely Chinese phenomenon because other Asian countries, such as Japan and South Korea, industrialised behind protectionist barriers too. Yet times were different then and they had the protection and encouragement of the US. China does not. Indeed, China’s practices, for example in industrial procurement, product standards, information security, tax and competition rules, and intellectual property requirements are viewed with increasing concern not just in the US but elsewhere too. SOEs are now being asked to do much more than in the past, when their main task was to search for and gain access to natural resources and trade opportunities.

pages: 349 words: 102,827

The Infinite Machine: How an Army of Crypto-Hackers Is Building the Next Internet With Ethereum
by Camila Russo
Published 13 Jul 2020

Technically, keeping the system attack-free had been his responsibility for all of four hours, so the words he was about to hear sounded like a bad joke. “The network is under attack.” Martin had flown over from Stockholm, his home city, the previous day. Like many in the Ethereum community, he was there for the third annual Devcon. Martin had quit his job working at Nasdaq’s information security department to join Ethereum. He had been informally participating in the online chats with the core developers for the past three months. “Very funny,” Martin said, sitting up on the bed. “Messing with the new guy.” “Um, no. Not a drill. Get over here!” “Shit.” He joined Peter Szilagyi, Jeff Wilcke’s right-hand man leading the Go Ethereum implementation, and a handful of other developers including Nick Johnson, Piper Merriam, and Vitalik in what was intended to be the press room for the biggest Ethereum conference so far.

pages: 337 words: 96,666

Practical Doomsday: A User's Guide to the End of the World
by Michal Zalewski
Published 11 Jan 2022

For my children About the Author Michal Zalewski has been actively involved in disaster preparedness for more than a decade, including the publication of a popular 2015 guide titled Disaster Planning for Regular Folks. By day, he is an accomplished security researcher who has been working in information security since the late 1990s, helping companies map out and manage risk in the digital domain. He is the author of two classic security books, The Tangled Web and Silence on the Wire (both No Starch Press), and a recipient of the prestigious Lifetime Achievement Pwnie award. He spent 11 years at Google building its product security program before joining Snap Inc. as a VP of Security & Privacy Engineering.

pages: 363 words: 98,496

Dead in the Water: A True Story of Hijacking, Murder, and a Global Maritime Conspiracy
by Matthew Campbell and Kit Chellel
Published 2 May 2022

That flow of funds represented a vulnerability that Veale was proposing to exploit. “We’re not talking about trying to seize money from guys with guns,” he said. “We’re talking about frustrating their financial ambitions.” There was an obvious place to start. Pirates tended to be sloppy when it came to information security. Often they used the phones or computers on board captured ships. In one project he worked on, Veale traced their calls and emails to addresses in Minnesota and the English Midlands, nodes in an international money-laundering network. “We can lawfully intercept those communications,” he explained.

pages: 356 words: 105,533

Dark Pools: The Rise of the Machine Traders and the Rigging of the U.S. Stock Market
by Scott Patterson
Published 11 Jun 2012

His talents were in high demand from outfits that required protection from people just like him. At first, he worked on computer system security analysis for the military and intelligence agencies. Then he started researching the technology behind the stock market, and eventually, in 1996, he landed a job as director of global information security at Instinet. In 1998, he came into contact with the legendary founder of D. E. Shaw, a giant New York hedge fund that used math and computers to mine hundreds of millions of dollars from the market year after year. David Shaw, who’d taught computer science at Columbia University before jumping into finance, helped convince Ladopoulos that the big money on Wall Street wasn’t in security systems—it was in designing computer models to trade stocks.

pages: 398 words: 107,788

Coding Freedom: The Ethics and Aesthetics of Hacking
by E. Gabriella Coleman
Published 25 Nov 2012

Indeed, these hackers have made secrecy and spectacle into something of a high art form (Coleman 2012b). Some hackers run vibrant technological collectives whose names—Riseup and Mayfirst—unabashedly broadcast that their technical crusade is to make this world a better one (Milberry 2009). Other hackers—for example, many “infosec” (information security) hackers—are first and foremost committed to security, and tend to steer clear of defining their actions in such overtly political terms—even if hacking usually tends to creep into political territory. Among those in the infosec community there are differences of opinion as to whether one should release a security vulnerability (often called full disclosure) or just announce its existence without revealing details (referred to as antidisclosure).

pages: 364 words: 99,897

The Industries of the Future
by Alec Ross
Published 2 Feb 2016

The growth is steep, the need will be sustained, and this ever-growing need currently comes up against a major talent shortage. The qualified job candidates are too few. The Bureau of Labor Statistics, hardly prone to hyperbole, reports that there will be “a huge jump” in demand for people with information security skills. Echoing a point made by Jim Gosler, the head of a very successful multibillion-dollar hedge fund based in New York that invests in cyber told me, “There’s a small group of highly talented people who really understand this stuff to the point where they can actually design hardware, software solutions to actually address them.”

pages: 368 words: 32,950

How the City Really Works: The Definitive Guide to Money and Investing in London's Square Mile
by Alexander Davidson
Published 1 Apr 2008

At the FSA’s Annual Crime Conference in January 2007, John Tiner, then chief executive, said that in the previous two years, the regulator had delivered a new training programme to equip its supervisors to identify financial crime risks in firms, and had extended its links with industry and law enforcement to exchange information. In early 2007, the FSA created a new Financial Crime and Intelligence Division, which should enable it to tackle financial crime more rapidly and in more depth. The FSA aimed to address the rising information security and hi-tech crime risks, which would involve close collaboration with other regulators. The FSA has pointed to a close relationship between threats and opportunity in today’s regulatory regime, citing increasing evidence of cross-border attempts by firms and individuals of dubious backgrounds to enter the UK market via authorisation, change of control or passporting under the Single Market Directives.

pages: 363 words: 109,077

The Raging 2020s: Companies, Countries, People - and the Fight for Our Future
by Alec Ross
Published 13 Sep 2021

In 2015, the OECD released an action plan for reducing profit shifting, which included a framework for country-by-country reporting standards. The problem is that the rules apply only to the companies that earn more than €750 million per year. These companies are also required to file reports only with their home government, and those governments can share the information only with countries that meet minimum standards for information security. Most developing countries do not. In other words, the measure lets wealthy countries observe the behavior of wealthy companies, but neither developing countries nor the public gets to see anything. “Even if [countries] are able to get ahold of this, they’re only getting information on the largest companies—there may or may not be any of those operating in your country,” said Clark Gascoigne of the FACT Coalition.

pages: 416 words: 106,532

Cryptoassets: The Innovative Investor's Guide to Bitcoin and Beyond: The Innovative Investor's Guide to Bitcoin and Beyond
by Chris Burniske and Jack Tatar
Published 19 Oct 2017

It involves taking information and scrambling it in such a way that only the intended recipient can understand and use that information for its intended purpose. The process of scrambling the message is encryption, and unscrambling it is decryption, performed through complex mathematical techniques. Cryptography is the battlefield on which those trying to transmit information securely combat those attempting to decrypt or manipulate the information. More recently, cryptography has evolved to include applications like proving the ownership of information to a broader set of actors—such as public key cryptography—which is a large part of how cryptography is used within Bitcoin.

pages: 382 words: 105,819

Zucked: Waking Up to the Facebook Catastrophe
by Roger McNamee
Published 1 Jan 2019

The combination of free-market capitalism plus platform monopolies plus trust in tech by users and policy makers has left us at the mercy of technological authoritarians. The unelected leaders of the largest technology platforms—but especially Facebook and Google—are eroding the foundations of liberal democracy around the world, and yet we have entrusted them with the information security of our 2018 election. They are undermining public health, redefining the limits of personal privacy, and restructuring the global economy, all without giving those affected a voice. Everyone, but especially technology optimists, should investigate the degree to which the interests of the internet giants may conflict with those of the public.

pages: 398 words: 105,917

Bean Counters: The Triumph of the Accountants and How They Broke Capitalism
by Richard Brooks
Published 23 Apr 2018

The Radio 4 programme was File on 4, ‘The Accountant Kings’, 4 March 2014. 21. PwC and Google for Work: Reinventing Business, from PwC website, http://www.pwc.com/us/en/increasing-it-effectiveness/google-for-work.html; accessed 24 January 2017. 22. Deloitte had 15.7%, EY 11.4%, PwC 10%, KPMG 9.2%: Market Share Analysis: Information Security Consulting, Worldwide, 2015, Gartner, 5 July 2016, ID: G00291998; analysts: Jacqueline Heng, Elizabeth Kim. 23. Caroline Binham, ‘The Hacker Hunters’, Financial Times, 21 November 2013. 24. ‘“Serious” Hack Attacks from China Targeting UK Firms’, BBC News website, 3 April 2017. 25. Mervyn King, The End of Alchemy: Money, Banking and the Future of the Global Economy, Little, Brown, 2016. 26.

Reset
by Ronald J. Deibert
Published 14 Aug 2020

Much of it is rendered invisible through familiarity and habituation: Edwards, P. M. (2017). The mechanics of invisibility: On habit and routine as elements of infrastructure. In I. Ruby & A. Ruby (Eds.), Infrastructure space (327–336). Ruby Press. Sometimes gaping vulnerabilities: Anderson, R. (2001, December). Why information security is hard — An economic perspective. Seventeenth Annual Computer Security Applications Conference (358–365). IEEE; Anderson, R. (2000). Security Engineering: A Guide to Building Dependable Distributed Systems, 3rd Edition. Hoboken, NJ: Wiley. Retrieved from https://www.cl.cam.ac.uk/~rja14/book.html An “accidental megastructure”: Bratton, B.

pages: 444 words: 105,807

Nuclear War: A Scenario
by Annie Jacobsen
Published 25 Mar 2024

Panetta: United States secretary of defense, director of the Central Intelligence Agency, White House chief of staff General C. Robert Kehler: commander, United States Strategic Command Vice Admiral Michael J. Connor: commander, United States [nuclear] submarine forces Brigadier General Gregory J. Touhill: first U.S. federal chief information security officer (CISO); director, Command, Control, Communications, and Cyber (C4) Systems, U.S. Transportation Command William Craig Fugate: administrator, Federal Emergency Management Agency (FEMA) Honorable Andrew C. Weber: assistant secretary of defense for nuclear, chemical, and biological defense programs Jon B.

pages: 437 words: 113,173

Age of Discovery: Navigating the Risks and Rewards of Our New Renaissance
by Ian Goldin and Chris Kutarna
Published 23 May 2016

Menn, Joseph (2015, May 29). “US Tried Stuxnet-Style Campaign against North Korea but Failed—Sources.” Reuters. Retrieved from www.reuters.com. 91. Bundesamt fur Sicherheit in der Informationstechnik (2014). Die Lage Der IT-Sicherheit in Deutschland 2014. Berlin: German Federal Office for Information Security. Retrieved from www.bsi.bund.de. 92. Industrial Control Systems Cyber Emergency Response Team (2015). ICS-CERT Year in Review. Washington, D.C.: Department of Homeland Security. Retrieved from ics-cert.us-cert.gov. 93. Maddison, Angus (2003). The World Economy: Historical Statistics, Vol. 2: Statistical Appendix.

pages: 396 words: 116,332

Political Ponerology (A Science on the Nature of Evil Adjusted for Political Purposes)
by Andrew M. Lobaczewski
Published 1 Jan 2006

We can assume that the American phase lags 80 years behind the European. When the world becomes an inter-related structure from the viewpoint of communicating both information and news, different social contents and opinions caused by unlike phases of said cycles, inter alia, will overflow all boundaries and information security systems. This will give rise to pressures which can change the causative dependencies herein. A more plastic psychological situation thus emerges, which increases the possibilities for pinpointed action based on an understanding of the phenomena. At the same time, in spite of many difficulties of a scientific, social and political nature, we see the development of a new community of factors which may eventually contribute to the liberation of mankind from the effects of uncomprehended historical causation.

pages: 518 words: 49,555

Designing Social Interfaces
by Christian Crumlish and Erin Malone
Published 30 Sep 2009

Respect the Ethical Dimension When you are designing experiences for people, or designing frameworks within which people will create their own experiences, there is always an ethical dimension. What commitments are you making explicitly or implying when you open your doors for business? Are you promising to keep people safe, to keep their information secure, to respect their privacy? Are you willing to bend ethical rules to cheat your way through the cold-start problem and rapidly build your social graph? Balzac once wrote, “The secret of great wealth with no obvious source is some forgotten crime, forgotten because it was done neatly.” Many successful social sites today founded themselves on an original sin, perhaps a spammy viral invitation model or unapproved abuse of new users’ address books.

System Error: Where Big Tech Went Wrong and How We Can Reboot
by Rob Reich , Mehran Sahami and Jeremy M. Weinstein
Published 6 Sep 2021

At its core, encryption is the process of making a message unreadable by anyone other than the intended recipient. Its use dates back to the time of the Roman emperor Julius Caesar, who used a simple form of encryption in his private communications. Since that time, cryptographers—those who study encryption and other means of keeping information secure—have made impressive mathematical and technological advances in maintaining the privacy of communications. In fact, for a time in the 1990s, the US government classified particularly strong forms of encryption as munitions—essentially, certain forms of mathematics were considered to be weapons—and prohibited them from being exported to foreign countries.

pages: 405 words: 113,895

The Unclaimed: Abandonment and Hope in the City of Angels
by Pamela Prickett and Stefan Timmermans
Published 11 Mar 2024

GO TO NOTE REFERENCE IN TEXT upholsterer in the aircraft industry Benjamin’s death certificate; nickname “Frank” via Donna van Gundy. Donna, who enjoyed genealogy, provided us with the Browns’ marriage and death certificates. GO TO NOTE REFERENCE IN TEXT allowing his son and Lena Interview with Marjorie Ramos, August 10, 2020, and interview with Donna van Gundy, August 9, 2021. Additional information secured via Ancestry.com and court records. GO TO NOTE REFERENCE IN TEXT barley fields hedged by large eucalyptus Hadley Meares, “Hawthorne’s Deceptively Sunny History,” LA Curbed, January 30, 2018. GO TO NOTE REFERENCE IN TEXT Lena cared for her mother-in-law Interviews with Marjorie Ramos, August 10, 2020, and August 3, 2021.

pages: 521 words: 118,183

The Wires of War: Technology and the Global Struggle for Power
by Jacob Helberg
Published 11 Oct 2021

As far as the government was concerned, allowing unbreakable communications threatened the security of the American people. The tech industry, by contrast, emphasized the risk of introducing a single vulnerability into a product’s security. “You can’t really build backdoors in crypto,” observed Alex Stamos, then Yahoo’s chief information security officer. “It’s like drilling a hole in the windshield.”30 Weakening the integrity of the system in even a small way would eventually affect the entire thing. Once they built one backdoor, what was to stop hackers from exploiting it? What if Beijing forced Apple to build a backdoor for Chinese intelligence agencies?

pages: 1,164 words: 309,327

Trading and Exchanges: Market Microstructure for Practitioners
by Larry Harris
Published 2 Jan 2003

They learned the official outcome of the battle only after the Cabinet received Wellington’s dispatch at 11 P.M. on June 21. Communications before the invention of the telegraph were much slower than now. The Rothschild family of investment bankers ran a private system of couriers to move information, securities, currency, and bullion throughout Europe. Their system was very fast, given the available technology. The Rothschild brothers often were the first to learn news in their respective cities. London-based Nathan Rothschild learned of Wellington’s victory late on the night of June 19. He conveyed it to the government the next day.

Securities and Exchange Commission provides a one-paragraph summary definition of insider trading on its Web page: “Insider trading” refers generally to buying or selling a security, in breach of a fiduciary duty or other relationship of trust and confidence, while in possession of material, nonpublic information about the security. Insider trading violations may also include “tipping” such information, securities trading by the person “tipped” and securities trading by those who misappropriate such information. Examples of insider trading cases that have been brought by the Commission are cases against: corporate officers, directors, and employees who traded the corporation’s securities after learning of significant, confidential corporate developments; friends, business associates, family members, and other “tippees” of such officers, directors, and employees, who traded the securities after receiving such information; employees of law, banking, brokerage and printing firms who were given such information in order to provide services to the corporation whose securities they traded; government employees who learned of such information because of their employment by the government; and other persons who misappropriated, and took advantage of, confidential information from their employers.

pages: 503 words: 131,064

Liars and Outliers: How Security Holds Society Together
by Bruce Schneier
Published 14 Feb 2012

To encourage people to act in the competing group interest, the society implements a variety of societal pressures. Moral: IRA teaches people to value freedom over peace and not to let fellow IRA members down. Reputational: Those who testify against their fellow criminals are shunned, or worse. Institutional: The criminal organization punishes police informants. Security: The criminal organization limits the amount of damage a defecting criminal can inflict. Competing societal dilemmas represent the normal state of affairs. Rarely is the real world so tidy as to isolate a single societal dilemma from everything else. Group interests are often in conflict, and cooperating in one necessitates defecting in another.

pages: 515 words: 126,820

Blockchain Revolution: How the Technology Behind Bitcoin Is Changing Money, Business, and the World
by Don Tapscott and Alex Tapscott
Published 9 May 2016

Had Greek citizens known about bitcoin during their country’s economic crash in 2015, they still would’ve been hard-pressed to locate a bitcoin exchange or a bitcoin ATM anywhere in Athens. They wouldn’t have been able to transfer their drachmas into bitcoins to hedge against the plummeting fiat currency. Computer scientist Nick Szabo and information security expert Andreas Antonopoulos both argued that robust infrastructure matters and can’t be bootstrapped during catastrophes. Antonopoulos said that Greece’s blockchain infrastructure was lacking at the time of the crisis, and there was insufficient bitcoin liquidity for an entire population to move its troubled fiat currency into it.

pages: 416 words: 129,308

The One Device: The Secret History of the iPhone
by Brian Merchant
Published 19 Jun 2017

Soon, my phone had joined a public Wi-Fi network, without my permission. I had trouble with Safari when I tried to use Google; instead of search results, the page froze in the process of, it seemed, loading another page altogether. The good thing about getting hacked at Def Con, though, is that you are surrounded by thousands of information-security pros, most of whom will happily and eloquently tell you exactly how you got “pwned.” “You probably got Pineapple’d,” Ronnie Tokazowski, a security engineer for the West Virginia cybersecurity company PhishMe, tells me at the kind of absurd, faux-outdoors, French-themed buffet you can find only in a Las Vegas casino.

pages: 369 words: 128,349

Beyond the Random Walk: A Guide to Stock Market Anomalies and Low Risk Investing
by Vijay Singal
Published 15 Jun 2004

Officers of a company cannot legally trade on material nonpublic information (see Chapter 7, on insider trading). Instead, the company is encouraged to make public any material information as soon as possible. That is why companies routinely preannounce their earnings estimates if they are significantly different from publicly available information. Security analysts can also generate new information based on their own reading of the industry or that particular firm. But their analysis is derived from information disclosed in corporate news releases. Analysts can, of course, choose not to publicly release their recommendations, as they are not subject to insider trading laws, provided that their analysis is based on publicly avail- Short-Term Price Drift able information.

pages: 448 words: 71,301

Programming Scala
by Unknown
Published 2 Jan 2010

He has a Ph.D. in physics from the University of Washington. Alex Payne is Platform Lead at Twitter, Inc., where he develops services that enable programmers to build atop the popular social messaging service. Alex has previously built web applications for political campaigns, non-profits, and early-stage startups, and supported information security efforts for military and intelligence customers. In his free time, Alex studies, speaks, and writes about the history, present use, and evolution of programming languages, as well as minimalist art and design. Colophon The animal on the cover of Programming Scala is a Malayan tapir (Tapirus indicus), also called an Asian tapir.

pages: 469 words: 146,487

Empire: How Britain Made the Modern World
by Niall Ferguson
Published 1 Jan 2002

In 1767 the first shots were fired in what would prove a protracted struggle with the state of Mysore. The following year, the Northern Sarkars – the states of the east coast – were won from the Nizam of Hyderabad. And seven years after that, Benares and Ghazipur were seized from the Nawab of Oudh. What had started as an informal security force to protect the company’s trade had now become the company’s raison d’être: fighting new battles, conquering new territory, to pay for the previous battles. The British presence in India also depended on the Navy’s ability to defeat the French when they returned to the fray, as they did in the 1770s.

AI 2041: Ten Visions for Our Future
by Kai-Fu Lee and Qiufan Chen
Published 13 Sep 2021

We rescued two hundred and seventy-four of them, but the next step was triggered anyway. Unless…” A terrible possibility dawned on him. He met Robin’s gaze. “Unless it was a padded list. Unless there were distraction targets alongside real ones!” Robin quickly retrieved data on the last drone victim: Hikari Oshima, a leading information security scientist, one of twenty-three people in the world with a restart key for the DNS system. Launched in 2010, DNS was a multinational cooperative project to ensure Internet security and domain name system integrity. Robin continued to study the names of the dead, finding yet more experts and scholars in fields related to network technology.

The Radium Girls
by Moore, Kate
Published 17 Apr 2017

Chapter 14 1“nervous case” Wiley notes, RBP, reel 3. 2“I could not” KS, “Radium,” 138. 3“The pain” KS, quoted in “Poisoned—As They Chatted.” 4“advised work” Wiley notes, RBP, reel 3. 5“I had stopped” KS, “Radium,” 139. 6“Why should I” KS, quoted in “Woman Doomed Rests All Hopes in Her Prayers,” Graphic. 7“It seemed to” QM affidavit, August 29, 1927, RBP, reel 1. 8“could not move” Humphries, court testimony, April 25, 1928. 9“white shadow” Ibid. 10“a white mottling” Humphries, court testimony, November 27, 1934. 11“The whole situation” Roach, quoted in “Occupational Diseases—Radium Necrosis,” information secured by Miss E. P. Ward, CHR. 12“Such trouble as” Szamatolski to Roach, April 6, 1923, RBP, reel 3. 13“radium jaw” Blum, address to the American Dental Association, September 1924. 14“all necessary” KS to Berry, memorandum, RBP, reel 1. 15“They told me” QM affidavit, August 29, 1927, RBP, reel 1. 16“I could still” Ibid. 17“That cast eased” QM, quoted in “Radium Death is Specter,” Star-Eagle. 18“one leg was” Ibid. 19“suffered so frightfully” Wiley notes, RBP, reel 3 20“She suffered” Karl Quimby to Martland, June 23, 1925, HMP. 21“vigorously” Hamilton to Wiley, January 30, 1925, RBP, reel 3. 22“From what I” Ibid. 23“special investigator” Ibid. 24“a lamentable case” Hoffman to Roeder, December 13, 1924, RBP, reel 2. 25“If the disease” Hoffman to Roeder, December 29, 1924, RBP, reel 2. 26“That it will” Ibid.

pages: 491 words: 141,690

The Controlled Demolition of the American Empire
by Jeff Berwick and Charlie Robinson
Published 14 Apr 2020

Sales still happen because there is usually so much money at stake, but it certainly works to complicate the process and at the very least slow things down. The United States uses the SWIFT (Society for Worldwide Interbank Financial Telecommunication) system that enables banking institutions to send and receive financial transaction information securely for everything dollar-related. They have been known to switch off permission for countries that annoy America, making it virtually impossible for them to conduct international banking using the dollar.203 Second, this destabilizes the country, financially at first, then politically if the situation does not get fixed.

pages: 205 words: 18,208

The Transparent Society: Will Technology Force Us to Choose Between Privacy and Freedom?
by David Brin
Published 1 Jan 1998

Bruce Schneier, Applied Cryptography: Protocols, Algorithms, and Source Code in C, 2nd ed. (New York: John Wiley & Sons, 1996). Schneier is a pragmatist who has no illusions about the practical problems of implementing crypto-systems. “Why Cryptography Is Harder than It Looks,” B. Schneier, Information Security Bulletin, vol. 2, no. 2, March 1997, pp. 31—36. 280 ... DNA Computer has drawn special attention ... “DNA Solution of Hard Computational Problems,” Richard J. Lipton, Science, vol. 268, 28 April 1995, p. 542. Also “Molecular Computation of Solutions to Combinatorial Problems,” Leonard Adelman, Science, vol. 266, 11 November 1994, p. 1021. 286 ... gnat cameras ... seem plausible at this point ...

pages: 553 words: 151,139

The Teeth of the Tiger
by Tom Clancy
Published 2 Jan 1998

Not a friend, certainly, but an ally of convenience. "How the hell did you manage this?" Jack asked. "Ever hear of a company called INFOSEC?" Rick Bell asked in return. "Encryption stuff, right?" "Correct. Information Systems Security Company. The company's domiciled outside of Seattle. They have the best information-security program there is. Headed by a former deputy head of the Z-Division over at Fort Meade. He and three colleagues set the company up about nine years ago. I'm not sure NSA can crack it, short of brute-forcing it with their new Sun Workstations. Just about every bank in the world uses it, especially the ones in Liechtenstein and the rest of Europe.

pages: 470 words: 144,455

Secrets and Lies: Digital Security in a Networked World
by Bruce Schneier
Published 1 Jan 2000

They are also prohibited from the collection, use, and dissemination of personal information without the consent of the person. Organizations also have the duty to tell individuals about the reason for the information collection, to provide access and correct inaccurate information, and to keep that information secure from access by unauthorized parties. Individuals have a right to see their own personal data that has been collected and have inaccuracies corrected. Individuals also have the right to know what their data is being collected for, and to be sure that their data isn’t being sold for other purposes.

pages: 492 words: 153,565

Countdown to Zero Day: Stuxnet and the Launch of the World's First Digital Weapon
by Kim Zetter
Published 11 Nov 2014

He later appealed, at which point his conviction on two of the charges was set aside, but his conviction on other charges remained, as well as his sentence. 16 A survey of utilities conducted by the Electronic Power Research Institute in 1996 found that only 25 percent of respondents reported using any intrusion detection methods. The survey, the EPRI Summer 1996 Electronic Information Security Survey, and the statistic are referenced at solarstorms.org/ElectricAssessment.html. 17 Maroochy Water Services had little choice but to involve law enforcement in the case, because the spillages were so public and threatened public safety. The incidents also brought heavy scrutiny from Australia’s environmental protection agency and from regional government officials who demanded an explanation for why they occurred. 18 Kingsley was speaking at the AusCERT2002 conference in Australia.

pages: 492 words: 149,259

Big Bang
by Simon Singh
Published 1 Jan 2004

Singh also traces the monumental improvements in code-making and -breaking brought on by the First and Second World Wars, including the development of the German Enigma cipher machine, which was cracked by the brilliant Allied code-breakers at Bletchley Park. Now, in the Information Age, the possibility of a truly unbreakable code looms large, and information security has become one of the major debates of our times. Simon Singh investigates how technology and the ways we communicate will affect our personal privacy and our everyday lives. Dramatic, compelling and remarkably far-reaching, this book will forever alter your view of history, what drives it, and how private that e-mail you just sent really is.

pages: 559 words: 155,372

Chaos Monkeys: Obscene Fortune and Random Failure in Silicon Valley
by Antonio Garcia Martinez
Published 27 Jun 2016

Search results would vary based on your connections via Google Plus, and anything you shared—photos, posts, even chats with Friends—would be used as part of Google’s ever-powerful and mysterious search algorithm. This was shocking news, even more so to Googlers. Search was the company’s tabernacular product, the holy of holies, the one-line oracle of human knowledge that had replaced libraries and encyclopedias. By all accounts (and Google information security was clearly not as good as Facebook’s) this caused a considerable stir internally. In January 2012, at a company-wide Q&A, Google’s founder Larry Page addressed this new direction forcefully, quelling the internal dissent and issuing a Googler ultimatum. “This is the path we’re headed down—a single, unified, ‘beautiful’ product across everything.

pages: 590 words: 152,595

Army of None: Autonomous Weapons and the Future of War
by Paul Scharre
Published 23 Apr 2018

Official: Iran Does Have Our Drone,” CBS News, December 8, 2011, http://www.cbsnews.com/news/us-official-iran-does-have-our-drone/. 210 “networks of systems”: Heather Roff, interview, October 26, 2016. 210 “If my autonomous agent”: Ibid. 210 “What are the unexpected side effects”: Bradford Tousley, interview, April 27, 2016. 210 “I don’t know that large-scale military impacts”: Ibid. 210 “machine speed . . . milliseconds”: Ibid. 14 The Invisible War: Autonomy in Cyberspace 212 Internet Worm of 1988: Ted Eisenberg et al., “The Cornell Commission: On Morris and the Worm,” Communications of the ACM 32, 6 (June 1989), 706–709, http://www.cs.cornell.edu/courses/cs1110/2009sp/assignments/a1/p706-eisenberg.pdf; 212 over 70,000 reported cybersecurity incidents: Government Accountability Office, “Information Security: Agencies Need to Improve Controls over Selected High-Impact Systems,” GAO-16-501, Washington, DC, May 2016, http://www.gao.gov/assets/680/677293.pdf. 212 most frequent and most serious attacks: Ibid, 11. 212 exposed security clearance investigation data: James Eng, “OPM Hack: Government Finally Starts Notifying 21.5 Million Victims,” NBC News, October 1, 2015, http://www.nbcnews.com/tech/security/opm-hack-government-finally-starts-notifying-21-5-million-victims-n437126.

pages: 863 words: 159,091

A Manual for Writers of Research Papers, Theses, and Dissertations, Eighth Edition: Chicago Style for Students and Researchers
by Kate L. Turabian
Published 14 Apr 2007

Schoenfeld, Robert. The Chemist's English, with “Say It in English, Please!” 3rd rev. ed. New York: Wiley-VCH, 2001. 6. Dodd, Janet S., ed. The ACS Style Guide: A Manual for Authors and Editors. 2nd ed. Washington, DC: American Chemical Society, 1997. Computer Sciences 1. Gattiker, Urs E. The Information Security Dictionary: Defining the Terms That Define Security for E-Business, Internet, Information, and Wireless Technology. Boston: Kluwer Academic, 2004. 1. LaPlante, Phillip A. Dictionary of Computer Science, Engineering, and Technology. Boca Raton, FL: CRC Press, 2001. 1. Pfaffenberger, Bryan.

pages: 499 words: 144,278

Coders: The Making of a New Tribe and the Remaking of the World
by Clive Thompson
Published 26 Mar 2019

“There is a very real and critical danger that unrestrained public discussion of cryptologic matters will seriously damage the ability of this government to conduct signals intelligence,” worried Vice Admiral Bobby Inman, then head of the NSA. They certainly didn’t want everyday people using powerful crypto. “If you simply took this technology and released it widely, you were also potentially creating an opportunity for very small terrorist groups, criminals and the like to use this technology to get a kind of perfect information security,” as the onetime NSA general counsel, Stewart Baker, recalled. The US government did have one law that they could use to limit the spread of crypto. Federal regulations classified strong encryption—stuff the NSA couldn’t break—as a “munition,” and munitions can’t be shipped outside the country without the federal government’s approval.

pages: 2,054 words: 359,149

The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities
by Justin Schuh
Published 20 Nov 2006

This explanation sounds simple, but a lot of effort goes into the work step. The following sections cover a handful of considerations you need to remember during this step. Working Papers Regulated industries have established practices for dealing with working papers, which are simply notes and documentation gathered during an audit. The information security industry isn’t as formalized, but you should still get in the habit of taking detailed assessment notes. This practice might seem like a nuisance at first, but you’ll soon find it invaluable. The following are a few reasons for maintaining good working papers: Notes help you to organize your work and ensure proper code coverage.

The forged Referer header satisfies the check and successfully displays the secret page. So, using a Referer header might buy you a modicum of obscurity, but it doesn’t do much to provide any real security. * * * Note The Referer field does have some security value for preventing cross-site reference forgery (XSRF) attacks. Jesse Burns of Information security partners published an excellent paper on this attack type, available at www.isecpartners.com/documents/XSRF_Paper.pdf. * * * Embedding State in HTML and URLs The essential trick to maintaining state in HTTP is feeding information to the client that you expect the client to include in every request.

pages: 578 words: 170,758

Gaza: An Inquest Into Its Martyrdom
by Norman Finkelstein
Published 9 Jan 2018

“Chuck Schumer: ‘Strangle’ them economically,” Huffington Post (11 June 2010). See also Juan Cole, “Schumer’s Sippenhaftung,” Informed Comment blog (12 June 2010). 59. Jonathan Ferziger and Calev Ben-David, “Gaza Situation ‘Unsustainable,’ Clinton Says as Ship Approaches,” Bloomberg Businessweek (1 June 2010); United Nations Department of Public Information, “Security Council Condemns Acts Resulting in Civilian Deaths during Israeli Operation against Gaza-Bound Aid Convoy, Calls for Investigation, in Presidential Statement” (31 May 2010). See also Bernard Kouchner, Franco Frattini, and Miguel Angel Moratinos, “Averting Another Gaza,” New York Times (10 June 2010); “EU Strongly Condemns Gaza Flotilla Attack,” EurActiv.com (2 June 2010); Yossi Lempkowicz, “Gaza Flotilla: EU Parliament calls for international inquiry and end to blockade,” European Jewish Press (17 June 2010). 60.

pages: 733 words: 179,391

Adaptive Markets: Financial Evolution at the Speed of Thought
by Andrew W. Lo
Published 3 Apr 2017

Traditionally, cryptography has been the study of secret codes—spy thriller stuff like how to make them and how to break them—but under Moore’s Law, it’s blossomed into a broader and deeper field of study populated by computer scientists and pure mathematicians. Cryptography now includes the study of mathematical methods of information security—and this is where it becomes useful for financial regulation. There’s a well-known technique from the computer science literature called “secure multiparty computation,” an elegant way to share certain types of information while preserving the confidentiality of each party’s data. Here’s a simple example.

HBase: The Definitive Guide
by Lars George
Published 29 Aug 2011

HBase 0.94.0 Current plans for this version, which is preliminarily being called the Security Release, call for an early 2012 release date. This version is scheduled to include the following new features. See https://issues.apache.org/jira/browse/HBASE/fixforversion/12316419 for more information. Security This release will add Kerberos integration to HBase. Secondary indexes This coprocessor-backed extension allows you to create and maintain secondary indexes based on columns of tables. Search integration This feature lets you create and maintain a search index, for example, based on Apache Lucene, per region, so that you can perform searches on rows and columns.

pages: 579 words: 183,063

Tribe of Mentors: Short Life Advice From the Best in the World
by Timothy Ferriss
Published 14 Jun 2017

“Several years ago, following the example of my then wife, Amber O’Hearn, I eliminated all plants from my diet. . . .” Zooko Wilcox TW: @zooko z.cash ketotic.org ZOOKO WILCOX is the founder and CEO of Zcash, a cryptocurrency that offers privacy and selective transparency of transactions. Zooko has more than 20 years of experience in open, decentralized systems, cryptography and information security, and startups. He is recognized for his work on DigiCash, Mojo Nation, ZRTP, “Zooko’s Triangle,” Tahoe-LAFS, BLAKE2, and SPHINCS. He is also the founder of Least Authority, which offers an affordable, ethical, usable, and lasting data storage solution. What is the book (or books) you’ve given most as a gift, and why?

pages: 615 words: 187,426

Chinese Spies: From Chairman Mao to Xi Jinping
by Roger Faligot
Published 30 Jun 2019

One case highlighted in the report particularly stood out: the Black Eagle Base, members of which had been arrested in Henan by the Gonganbu for hooliganism. Six months later, they had been released and went on to form the Black Eagle Honker Base, a group of hackers who began working for the presumably more pragmatic Guoanbu. This group, and several others, had links with the School of Information Security Engineering at Shanghai’s Jiao Tong University, whose dean, He Dequan, was the former head of the Guoanbu’s science and technology department. This made it clear that the Guoanbu was still active on all “underground fronts”, Yinbi zhanxian (荫庇 战线). 12 BEIJING 2008 CHINA WINS THE ESPIONAGE GOLD During the flight to Athens on Sunday, 24 March 2006, Geng Huichang might well have reflected on the astonishing epic of the Olympic Games.

pages: 685 words: 203,949

The Organized Mind: Thinking Straight in the Age of Information Overload
by Daniel J. Levitin
Published 18 Aug 2014

H. (2012). Organizing for resistance: How group structure impacts the character of violence. Terrorism and Political Violence, 24(5), 743–768. and, Matusitz, J. (2011). Social network theory: A comparative analysis of the Jewish revolt in antiquity and the cyber terrorism incident over Kosovo. Information Security Journal: A Global Perspective, 20(1), 34–44. coherence across different components of a project Simon, H. A. (1957). Administrative behavior: A study of decision-making processes in administrative organization. New York, NY: Macmillan, p. 9. accountable for their decisions and their work product Simon, H.

pages: 706 words: 202,591

Facebook: The Inside Story
by Steven Levy
Published 25 Feb 2020

Normally, a departure of this significance would have generated a blizzard of questions at the weekly all-hands. But that was also the week that Joel Kaplan thumbed his nose at his liberal colleagues and showed public allegiance to Brett Kavanaugh. Also that week was the discovery of the security breach that exposed the personal information of 50 million Facebook users, the biggest information-security disaster in the company’s history. The exit of Instagram’s founders was downranked to outrage number three that week. Systrom said nothing publicly until he appeared at a Wired conference in November. He revealed that he’d just gotten his flying license and was excited about that. He was spending time with his infant daughter.

pages: 1,409 words: 205,237

Architecting Modern Data Platforms: A Guide to Enterprise Hadoop at Scale
by Jan Kunigk , Ian Buss , Paul Wilkinson and Lars George
Published 8 Jan 2019

Ensure that racks are located no more than 100 meters apart when deploying optical cabling. Don’t connect clusters to the internet Use cases that require a cluster to be directly addressable on the public internet are rare. Since they often contain valuable, sensitive information, most clusters should be deployed on secured internal networks, away from prying eyes. Good information security policy says to minimize the attack surface of any system, and clusters such as Hadoop are no exception. When absolutely required, internet-facing clusters should be deployed using firewalls and secured using Kerberos, Transport Layer Security (TLS), and encryption. Layer 2 Recommendations The following recommendations concern aspects of Layer 2, known as the data link layer, which is responsible for sending and receiving frames between devices on a local network.

pages: 562 words: 201,502

Elon Musk
by Walter Isaacson
Published 11 Sep 2023

Roth did not know who Yoni was, but he headed through the forlorn Halloween party that was underway and arrived at the big open space of the conference areas where Musk, his bankers, and the musketeers were bustling about. There he was greeted by Yoni Ramon, a short, energetic, long-haired Tesla information security engineer, originally from Israel. “I’m Israeli myself, so I could tell he was Israeli,” Roth says. “But otherwise I had no idea who he was.” Musk had given Ramon the task of preventing any disgruntled Twitter employees from sabotaging the service. “Elon is absolutely paranoid, and with reason, that some angry employee is going to disrupt things,” he told me just before Roth arrived.

pages: 1,744 words: 458,385

The Defence of the Realm
by Christopher Andrew
Published 2 Aug 2010

Lambton renounced the earldom of Durham, which he inherited from his father in 1970, in the interests of his political career, but caused controversy by attempting to keep the courtesy title ‘Lord Lambton’ in the Commons. 42 Security Service Archives. 43 Security Service Archives. 44 Sheldon, however, added that, though the Service had been briefed orally by the Met, it had not yet seen the latest written reports on the case and ‘could not therefore be absolutely sure that we had taken full account’ of the latest information. Security Service Archives. 45 John Stradling Thomas MP to Francis Pym (Chief Whip), 14 May 1973 (marked ‘Immediate copy to PM 2–15 pm 14 May 1973’), TNA PREM 15/190. 46 Record of meeting chaired by Prime Minister, 18 May 1973, TNA PREM 15/1904. 47 TNA PREM 15/1904. ‘Obituary: Lord Lambton’, The Times, 2 Jan. 2007.

Security Service Archives. 32 Campbell, Heath, pp. 413–14. 33 Ibid. 34 Hennessy and Jeffery, States of Emergency, p. 235. 35 See above, pp. 139–40. 36 Security Service Archives. 37 Security Service Archives. 38 Security Service Archives. 39 Security Service Archives. 40 Security Service Archives. 41 See above, pp. 548, 587. 42 Security Service Archives. 43 Security Service Archives. 44 See above, p. 547. 45 Security Service Archives. 46 Security Service Archives. 47 Security Service Archives. 48 Security Service Archives. 49 Security Service Archives. 50 Security Service Archives. 51 Security Service Archives. 52 Security Service Archives. 53 Security Service Archives. 54 Heath, Course of my Life, p. 505. 55 Security Service Archives. 56 Security Service Archives. 57 See above, p. 530. 58 Security Service Archives. 59 Recollections of a recently retired Security Service officer. 60 Morgan, People’s Peace, p. 351. Chapter 3: Counter-Terrorism and Protective Security in the Early 1970s 1 Security Service Archives. 2 See below, pp. 606–7, 654–5. Until the 1970s peacetime ‘protective security’ had been mainly concerned with ‘the protection of classified information’. Security Service Archives. Thereafter its scope was extended to cover protection against terrorist attack. 3 See below, p. 619. 4 See above, pp. 353–61. 5 Follain, Jackal, pp. 20–1. 6 Security Service Archives. 7 Security Service Archives. 8 Security Service Archives. 9 Security Service Archives. 10 Boyce, Irish Question and British Politics, p. 106. 11 Taylor, Provos, p. 32. 12 Security Service Archives. 13 Security Service Archives. 14 Security Service Archives. 15 Security Service Archives. 16 Security Service Archives. 17 Security Service Archives. 18 Rimington, Open Secret, p. 105. 19 The 1967 JIC working group on intelligence priorities made no mention of Irish affairs.

pages: 801 words: 209,348

Americana: A 400-Year History of American Capitalism
by Bhu Srinivasan
Published 25 Sep 2017

The Internet was designed to be an open network where any connected computer could access another computer speaking a standard language, a protocol. In this decentralized system, academics in one university could publish a set of papers or experimental data and researchers in any other university could access the information. Secure communications and e-mails could be exchanged as well. By the late 1980s, the utility of the Internet was fairly established, with academia and the military its primary users. What launched the consumer Internet, however, was a visual method of organizing and accessing all of the information on the network.

pages: 678 words: 216,204

The Wealth of Networks: How Social Production Transforms Markets and Freedom
by Yochai Benkler
Published 14 May 2006

It resulted in the decertification of some of Diebold's systems in California, and contributed to a shift in the requirements of a number of states, which now require voting machines to produce a paper trail for recount purposes. The first analysis of the Diebold system based on the files Harris originally found was performed by a group of computer scientists at the Information Security Institute at Johns Hopkins University and released [pg 229] as a working paper in late July 2003. The Hopkins Report, or Rubin Report as it was also named after one of its authors, Aviel Rubin, presented deep criticism of the Diebold system and its vulnerabilities on many dimensions. The academic credibility of its authors required a focused response from Diebold.

Americana
by Bhu Srinivasan

The Internet was designed to be an open network where any connected computer could access another computer speaking a standard language, a protocol. In this decentralized system, academics in one university could publish a set of papers or experimental data and researchers in any other university could access the information. Secure communications and e-mails could be exchanged as well. By the late 1980s, the utility of the Internet was fairly established, with academia and the military its primary users. What launched the consumer Internet, however, was a visual method of organizing and accessing all of the information on the network.

pages: 797 words: 227,399

Wired for War: The Robotics Revolution and Conflict in the 21st Century
by P. W. Singer
Published 1 Jan 2010

Of course, military systems have firewalls to keep unwanted guests out (though the telecom companies likely thought they did too), and the military’s internal computer network, “SIPRNet” (the Secret Internet Protocol Router Network), its internal Internet used for classified communications, is supposed to be completely cut off from intruders. And yet, asks information security expert Richard Clarke, “Why is it that every time a virus pops up on the regular Internet, it also shows up in SIPRNet? It is supposed to be separate and distinct, so how’s that happen?... It’s a real Achilles’ heel.” No matter how great the capabilities a new RMA delivers, modern enemies aren’t just going to sit back and accept defeat.

pages: 761 words: 231,902

The Singularity Is Near: When Humans Transcend Biology
by Ray Kurzweil
Published 14 Jul 2005

There will be no centralized communications hubs that could be vulnerable to hostile attack. Information will rapidly route itself around damaged portions of the network. An obvious top priority is to develop technology capable of maintaining integrity of communication and preventing either eavesdropping or manipulation of information by hostile forces. The same information-security technology will be applied to infiltrate, disrupt, confuse, or destroy enemy communications through both electronic means and cyberwarfare using software pathogens. The FCS is not a one-shot program; it represents a pervasive focus of military systems toward remotely guided, autonomous, miniaturized, and robotic systems, combined with robust, self-organizing, distributed, and secure communications.

pages: 496 words: 174,084

Masterminds of Programming: Conversations With the Creators of Major Programming Languages
by Federico Biancuzzi and Shane Warden
Published 21 Mar 2009

Peter Weinberger has been at Google New York since the middle of 2003, working on various projects that handle or store large amounts of data. Before that (from the time that AT&T and Lucent split apart), Peter was at Renaissance Technologies, a fabulously successful hedge fund (for which he takes no credit at all), where he started as Head of Technology, responsible for computing, software, and information security. The last year or so, he escaped all that and worked on a trading system (for mortgage-backed securities). Until AT&T and Lucent split, he was in Computer Science Research at Bell Labs in Murray Hill. Before ending up in management, Peter worked on databases, AWK, network filesystems, compiling, performance and profiling, and no doubt some other Unix stuff.

The Age of Turbulence: Adventures in a New World (Hardback) - Common
by Alan Greenspan
Published 14 Jun 2007

These institutions specialize in teaching practical skills that are immediately applicable in the workplace, and have been especially helpful in retraining people who have lost their jobs for new opportunities. Some typical curricula: electronics maintenance, collision repair technology, nursing, massage therapy, and computer information security. These middle-income occupations require substantially more skills than were required of middle-income workers when I entered the labor force in the late 1940s. A rising proportion of the population is also taking advantage of workrelated instruction. The "corporate university" is rapidly becoming a permanent fixture in adult job-specific learning.

Global Catastrophic Risks
by Nick Bostrom and Milan M. Cirkovic
Published 2 Jul 2008

This, however, hinges on the obviously limited capacity to pack sufficiently sophisticated self-replicating algorithm in the bit-string of size small enough to be received non-deformed often enough - which raises some interesting issues from the point of view of algorithmic information theory (e.g., Chaitin, 1977). It seems almost certain that the rapidly occurring improvements in information security will be able to clear this possible threat in check. Global catastrophic risks 138 A 'new vacuum' bubble produced anywhere in the visible universe - say by powerful alien particle accelerators - would expand at the speed of light, possibly encompassing the Earth and humanity at some point.

Data Mining: Concepts and Techniques: Concepts and Techniques
by Jiawei Han , Micheline Kamber and Jian Pei
Published 21 Jun 2011

Moreover, many applications involving stream data (e.g., e-commerce, Web mining, stock analysis, intrusion detection, mobile data mining, and data mining for counterterrorism) require dynamic data mining models to be built in real time. Additional research is needed in this direction. ■ Privacy protection and information security in data mining: An abundance of personal or confidential information available in electronic forms, coupled with increasingly powerful data mining tools, poses a threat to data privacy and security. Growing interest in data mining for counterterrorism also adds to the concern. Further development of privacy-preserving data mining methods is foreseen.

pages: 918 words: 257,605

The Age of Surveillance Capitalism
by Shoshana Zuboff
Published 15 Jan 2019

“Mobile Health App Developers: FTC Best Practices,” Federal Trade Commission, April 2016, https://www.ftc.gov/tips-advice/business-center/guidance/mobile-health-app-developers-ftc-best-practices; “Mobile Privacy Disclosures: Building Trust Through Transparency,” Federal Trade Commission, February 2013, https://www.ftc.gov/sites/default/files/documents/reports/mobile-privacy-disclosures-building-trust-through-transparency-federal-trade-commission-staff-report/130201mobileprivacyreport.pdf; Harrison Kaminsky, “FDA States It Will Not Regulate Fitness Trackers and Wellness Apps,” Digital Trends, July 31, 2016, http://www.digitaltrends.com/health-fitness/fda-will-not-regulate-fitness-wellness-apps. 50. Tobias Dehling et al., “Exploring the Far Side of Mobile Health: Information Security and Privacy of Mobile Health Apps on iOS and Android,” JMIR MHealth and UHealth 3, no. 1 (2015): 1–26, https://doi.org/10.2196/mhealth.3672. In 2013 an analysis by the Privacy Rights Clearinghouse evaluated a range of health and fitness apps according to their level of privacy risk, including the expropriation of personal information, the sensitivity of that information, and its degree of dissemination.

pages: 1,117 words: 305,620

Dirty Wars: The World Is a Battlefield
by Jeremy Scahill
Published 22 Apr 2013

Airstrike Kills Somali Accused of Links to Al-Qaeda.” 226 bio of their slain leader: Daveed Gartenstein-Ross, “The Strategic Challenge of Somalia’s Al-Shabaab,” Middle East Quarterly (fall 2009), www.meforum.org/2486/somalia-al-shabaab-strategic-challenge#_ftn22. 226 “short-term disruption”: US diplomatic cable 08NAIROBI1363, from Ambassador Michael Ranneberger, US Embassy Nairobi, “Somalia—Ayrow’s Demise,” June 3, 2008, released by WikiLeaks, http://wikileaks.org/cable/2008/06/08NAIROBI1363.html. 226 agreement signed in Djibouti: United Nations Security Council Department of Public Information, “Security Council, in Presidential Statement, Welcomes Signing of Djibouti Agreement on Reconciliation by Parties to Somalia Conflict,” UN Security Council press release, September 4, 2008. 227 refused to discuss: Author interview, President Sheikh Sharif Sheikh Ahmed, June 2011. 227 “favorite puppet”: Abdirahman “Aynte” Ali, “The Anatomy of al Shabaab,” unpublished paper, June 2010, www.radiodaljir.com/audio/docs/TheAnatomyOfAlShabaab.pdf. 227 indigenous diversity: Ibid., p. 28. 227 sense of empowerment: Ibid., p. 20. 228 diplomatic “visits”: International Crisis Group, “Somalia: To Move Beyond the Failed State,” Africa Report No. 147, December 23, 2008, p. 12. 228 lengthy negotiations: Ibid., pp. 12–13. 228 dismantling of roadblocks: Mark Bradbury, “State-Building, Counterterrorism, and Licensing Humanitarianism in Somalia,” briefing paper, Feinstein International Center, October 2010. 228 “a caricature”: International Crisis Group, “Somalia: To Move Beyond the Failed State,” p. 14. 228 reminiscent of the Taliban: Ibid. 228 “the only organization”: Committee on Foreign Relations, Al Qaeda in Yemen and Somalia: A Ticking Time Bomb, S.

Fateful Triangle: The United States, Israel, and the Palestinians (Updated Edition) (South End Press Classics Series)
by Noam Chomsky
Published 1 Apr 1999

By early September, however, only a few days after his election as President, “disappointment was increasing in Jerusalem” concerning Gemayel, the Israeli press reported, for several reasons: he had refused to sign an imposed peace treaty and had threatened to bring Major Saad Haddad, Israel’s puppet in the south, to trial on charges of desertion from the Lebanese army. 35 Citing “informed security sources,” Ze’ev Schiff reported that “the threat of the new Lebanese government to bring Major Haddad to trial is a hint to Israel that the new regime under Bashir Gemayel strongly opposes Israel’s plans to establish a military presence in southern Lebanon in the future or to extend the Haddad enclaves, over which Israel rules indirectly.”

pages: 1,087 words: 325,295

Anathem
by Neal Stephenson
Published 25 Aug 2009

“Fraa Spelikon told me to go to the Telescope of Saunts Mithra and Mylax and retrieve a photomnemonic tablet that Fraa Orolo had placed there hours before the starhenge was closed by the Warden Regulant,” Sammann announced in correct but strangely accented Orth. “I obeyed. He did not issue any command as to information security relating to this tablet. So, before I gave it to him, I made a copy.” And with that Sammann withdrew a photomnemonic tablet from a bag slung over his shoulder. “It contains a single image that Fraa Orolo created, but never got to see. I summon the image now,” he said, manipulating its controls.

pages: 889 words: 433,897

The Best of 2600: A Hacker Odyssey
by Emmanuel Goldstein
Published 28 Jul 2008

Just about seven weeks ago, I was dressed in prison-issued khakis, a prisoner at the U.S. federal correctional institution in Lompoc, California. Last Thursday, March 2, I presented my written and verbal testimony to the United States Senate Governmental Affairs Committee that described how to increase information security within government agencies. Wow. On The Inside “Doing time” is a strange thing. When you’re on the inside, you can’t look out—you have to pretend as though the outside doesn’t even exist. Letters are a welcome break to the routine, but as soon as I read them, I’d have to focus and get back into my rhythm of pretending there were no cars outside my window, that there were no people living their lives.