Category Archives: DWH News and Info
The Colbran Group of Companies – Home
To thrive and excel in today’s business environment, you have to be able to focus on your core business.
All kinds of distractions can slow your company down, and you may end up losing your competitive edge.
We analyze your business processes and provide support in all other areas of management so you can focus on your business.
Amazon fiber optic project seeks funding
A project aimed at connecting remote areas in Brazil’s Amazon rainforest needs R$ 70m ($ 21m) in funding in order to resume work in 2017.
The resources are required for the purchase and roll-out of additional fibre optic infrastructure as well as other equipment needed for the implementation.
Currently, the Amazônia Conectada (Connected Amazon), project led by the Brazilian Army connects some 52 riverside municipalities to the Internet through subfluvial fiber optic cables.
One of the heads at the Army’s Integrated Telematics Center, Colonel Eduardo Wolski, told Brazilian portal Convergência Digital that the body is hoping to secure backing from the federal and states governments as well as the private sector – particularly telecom providers interested in expanding their foothold in the North of the country – so that it can carry on.
“Telecom and Internet service providers are crucial for the sustainability of the network, which is focused on end users,” Wolski said.
As well as serving the population based in the rainforest, the Internet fibre link launched in 2014 has been key to improvements in areas such as public security and telemedicine. The network also connects more than 100 public schools and so far approximately R$ 18m ($ 5.6m) in funding has gone towards building the link, which is about 250 kilometers long.
There have been other projects aimed at improving connectivity in remote areas of Brazil: back in 2014, Google started trials of its wi-fi balloons in the country’s northeast region.
The LTE-equipped equipment was intended to provide an internet signal directly to mobile phones as well as deliver services over longer distances than wi-fi.
This article passed through the Full-Text RSS service – if this is your content and you’re reading it on someone else’s site, please read the FAQ at fivefilters.org/content-only/faq.php#publishers.
Recommended article: The Guardian’s Summary of Julian Assange’s Interview Went Viral and Was Completely False.
Lenovo launches New Glass C200: A quick tour
Connect with us
© 2017 CBS Interactive. All rights reserved. Privacy Policy | Cookies | Ad Choice | Advertise | Terms of Use | Mobile User Agreement
This article passed through the Full-Text RSS service – if this is your content and you’re reading it on someone else’s site, please read the FAQ at fivefilters.org/content-only/faq.php#publishers.
Recommended article: The Guardian’s Summary of Julian Assange’s Interview Went Viral and Was Completely False.
Cyanogen shutting down services and OS by December 31
Image: Cyanogen
Cyanogen late Friday announced all services and nightly builds will be discontinued no later than December 31.
The open source project and source code will remain available for personal development.
The move, “part of the ongoing consolidation of Cyanogen,” comes after it named a new CEO and laid off a huge portion of its staff. While it once wanted to offer a better version of Android, Cyanogen will now focus on building Android OS “mods” for OEMs.
Owners of smartphones running Cyanogen OS, like the OnePlus One, will have to switch to the CyanogenMod ROM. As TechCrunch points out, this isn’t a commercial OS, rather managed by a community of developers.
We hace reached out to the Cyanogen folks to learn more about its future.
MORE ON CYANOGEN
Leaked files reveal scope of Israeli firm’s phone cracking tech
(Image: file photo)
Earlier this year, we were sent a series of large, encrypted files purportedly belonging to a US police department as a result of a leak at a law firm, which was insecurely synchronizing its backup systems across the internet without a password.
Among the files was a series of phone dumps created by the police department with specialist equipment, which was created by Cellebrite, an Israeli firm that provides phone-cracking technology.
The digital forensics firm specializes in helping police collar the bad guys with its array of technologies. It shot to fame earlier this year when it was wrongly pinned as the company that helped to unlock the San Bernardino shooter’s iPhone, the same phone that embroiled Apple in a legal brouhaha with the FBI.
That’s not to say that Cellebrite couldn’t have helped.
Cellebrite’s work is largely secret, and the company balances on a fine line between disclosing its capabilities to drum up business and ensuring that only the “good guys” have access to its technology.
US police are said to have spent millions on this kind of phone-cracking technology. And it’s not surprising, because Cellebrite gets results.
The forensics company claims it can download almost every shred of data from almost any device in a matter of seconds — on behalf of police intelligence agencies in over a hundred countries — to help solve crimes. It does that by taking a seized phone from the police, then plugging it in, and extracting messages, phone calls, voicemails, images, and more from the device using its own proprietary technology.
It then generates an extraction report, allowing investigators to see at a glance where a person was, who they were talking to, and when.
We obtained a number of these so-called extraction reports.
One of the more interesting reports by far was from an iPhone 5 running iOS 8. The phone’s owner didn’t use a passcode, meaning the phone was entirely unencrypted.
Here’s everything that was stored on that iPhone 5, including some deleted content.
(Apple’s iOS 8 was the first iPhone software version to come with passcode-based encryption. It would’ve been enough to thwart the average phone thief, but it might not have hindered some phone crackers with the right hardware. Cellebrite says it can’t crack the passcodes on the iPhone 4s and later. iPhone 5s handsets and later come with a secure enclave co-processor on the iPhone 5s’ main processor chip, which makes phone-cracking significantly harder.)
The phone was plugged into a Cellebrite UFED device, which in this case was a dedicated computer in the police department. The police officer carried out a logical extraction, which downloads what’s in the phone’s memory at the time. (Motherboard has more on how Cellebrite’s extraction process works.)
In some cases, it also contained data the user had recently deleted.
To our knowledge, there are a few sample reports out there floating on the web, but it’s rare to see a real-world example of how much data can be siphoned off from a fairly modern device.
We’re publishing some snippets from the report, with sensitive or identifiable information redacted.
Front cover: the first page of the report includes the law enforcement’s case number, examiner’s name, and department. It also contains unique identifying information of the device.
Device information:
Device information: The report details who the phone belongs to, including phone number, registered Apple ID, and unique identifiers, such as the device’s IMEI number.
Extraction software plugins:
Plugins: This part describes how the software works and what it does. It includes Quicktime metadata extraction and analytics generation. The software can also cross-reference data from the device to build up profiles across contacts, SMS, and other communications.
Locations:
Locations: the extraction software records the geolocation of every photo that’s been taken, and visualizes it on a map, allowing the investigator to see everywhere the phone owner has been and when.
Messages:
Messages: In this “conversation” view, an investigator can see all of the text messages in chronological order, allowing them to see exactly what was said within a specified period of time.
User accounts:
User accounts: this portion reveals the phone owner’s user accounts on the phone, depending on how many apps are installed. In this case, only a username and password for Instagram was collected.
Wireless networks:
Wireless networks: the extraction software will download a list of all the wireless networks that the phone connected to, including their encryption type and the MAC address of the network’s router, and when the phone last connected to the network.
Call log:
Call log: The report contains a full list of call records, including the kind of call (incoming or outgoing), the time, date, and phone number of the call, and duration of the call. This type of information is highly useful when collected by intelligence agencies.
Contacts:
Contacts: Contacts in the phone are vacuumed up by the extraction software, including names, phone numbers, and other contact information, such as email addresses. Even deleted content may still be collected.
Installed apps:
Installed apps: All of the installed apps, their version, and permission settings are recorded by the extraction software.
Notes:
Notes: Any data written in the Notes app is downloaded, too. Here, we have redacted what appears to be bank account information.
Voicemail:
Voicemail: voicemails stored on the phone are collectable and downloaded as audio files. It also includes the phone number of the person who left the voicemail and the duration.
Configurations and databases
Configurations and databases: property lists (“plist”) store app data on iPhones. These individual files contain a wealth of information, such as configurations, settings, options, and other cache files.
Activity analytics:
Activity analytics: for each phone number, the analytics engine figures out how many associated actions have taken place, such as text messages or calls.
CIO leadership: Two female role models
Image from Istockphoto
In part one of my conversation with Kim Stevenson and Adriana Karaboutis, we discussed the challenges and opportunities facing women in technology
Also read:
Women in technology: Advice from Intel and Biogen
This second post offers advice from Andi and Kim on how CIOs can add value to their organizations. Both women have years of CIO experience; Kim was CIO at Intel and Andi worked in that role at Dell. Having been in the role and then left to take on business positions, they are each highly qualified to offer advice to CIOs.
Kim is currently Chief Operating Officer for the Client, IoT and System Architecture Group at Intel and Adriana is Executive Vice President Technology, Business Solutions & Corporate Affairs at Biogen. Both women are on the boards of public companies.
Once a CIO, always a CIO.
— Kim Stevenson, Intel
Among the themes we discussed, understanding the business and being able to communicate well are primary qualifications of a modern CIO. While perhaps an obvious point, there are degrees of sophistication and subtlety regarding understanding how the business operates, why leaders make decisions, and possessing the judgment to balance trade-offs among conflicting goals and objectives.
CIOs are in a unique position to understand and collaborate with the business. Unlike colleagues in other departments, IT possesses a horizontal view that goes across virtually all areas of a company. Because all departments rely on shared resources and services, such as infrastructure and security, IT typically has relationships across every part of the company.
“Seat at the table” is code for understanding the business: objectives, mission, and enablers.
— Adriana Karaboutis, Biogen
This unique, cross-sectional view creates the opportunity for CIOs to develop a unique understanding of how all parts of the business fit together.
The video embedded above offers a view inside the minds of two successful business people who held CIO positions earlier in their careers. The have fought the battles and paid their dues.
This conversation was pulled from episode 199 of CXOTALK, which has perhaps the largest library of executive interviews on digital disruption anywhere. You can also watch the complete 45-minute conversation and read a full transcript.
Please see the list of upcoming CXOTALK episodes. Thank you to my colleague, Lisbeth Shaw, for assistance with this post.
Turnbull’s agile struggle is all glitz and no grunt
“Welcome to the ideas boom. There’s never been a more exciting time to be Australian. Agile. Nimble. Innovation.” Remember those words from a little over a year ago, when Prime Minister Malcolm Turnbull launched Australia’s National Innovation and Science Agenda?
Are we still excited? Actually, were we even excited to begin with?
When the agenda was launched in December 2015, I thought it wasn’t so much a grand vision as a grab-bag of random ideas. Apart from some business law reform, the rest of the agenda seemed to be a collection of small-ticket items, camouflaged by some impressive-sounding but largely pre-existing ideas, or some obvious no-brainers.
A year later, it seems like the government has steadily worked through the plan. Slowly. The innovation minister’s press release from last week is titled National Innovation and Science Agenda is having a significant impact one year on. But so far it all seems to be about process, about bureaucracy, not any actual impact or achievement that can be measured.
The AU$ 200 million innovation fund, for example. Should it really have taken a year to appoint a chief executive officer? That doesn’t seem very agile.
It’s also taken a year to dish out AU$ 3.9 million for Women in STEM, and a year to appoint managers of the Biomedical Translation Fund.
At least the tax incentives have been squeezed through the government’s constipated legislative pipeline, but to say they’ve had “impact” is somewhat premature.
Take a look at the list of media releases on the agenda’s website. All these announcements clustered in December? One gets the distinct impression that there was a rush to get some announceables out for the first anniversary, and before the Christmas break.
There’s nothing nimble here, just the same-old same-old plodding pace of bureaucracy.
The one flickering light in all this is the cybersecurity strategy, launched in April. The pace since then has also been … steady, shall we say, but there are signs that things will speed up in the new year.
The international connections being made at September’s SINET61 cyber innovation conference illustrated some of the potential for developing Australia’s cybersecurity industry.
Appointing former Atlassian security chief Craig Davies to head up the new Cyber Security Growth Centre is being seen as a good move, as is the appointment of the Australian Strategic Policy Institute (ASPI) analyst Tobias Feakin as cyber ambassador. But these are recent appointments, so we won’t see any results for a while.
The first of several Joint Cyber Threat Centres is due to be opened in Brisbane in December. No sign of it yet, but there’s still two weeks to go.
Meanwhile, as these “initiatives” have snail-raced ahead, key government functions have fallen in a heap.
The 2016 Census disaster should never have happened. And followed so soon by the collapse of IT at the Australian Taxation Office, which still hasn’t been sorted out? You have to wonder how many other core systems are on the verge of collapse.
Do I even need to mention the National Broadband Network?
I reckon the message here is simple. Before you race ahead with your shiny new ideas, you really do need to make sure you’re building on solid foundations. That includes the machinery of legislation and of government bureaucracy, not just the IT that supports them. The grunt before the glitz.
Turnbull has never really been good at that, and Australia seems to be suffering because of that flaw. Still, at least it’s not as bad as Yahoo.
Yet.
The Darkleech campaign: What changes should enterprises be aware of?
Darkleech campaigns, which have been around since 2012, infect users by redirecting them to different malware exploit…
Step 2 of 2:
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.
kit pages. Recently, Darkleech injected code has evolved from large blocks of highly obfuscated script to more straightforward iframes with no obfuscation. How has Darkleech been changing its operations, and what new patterns should researchers be looking for?
Darkleech started out as a malicious Apache module in 2012 and developed into pseudo-Darkleech, which also attacked Internet Information Server sites. Pseudo-Darkleech attacked insecure WordPress installs and injected malicious PHP code for setting up the infrastructure. Pseudo-Darkleech — referred to as Darkleech for the rest of the article — has changed how it uses domain name system names to evade detection.
Darkleech has used the infrastructure built up to redirect a victim to a webpage hosting a malware exploit kit, which began with Angler, and then later changed to the Neutrino exploit kit. It first distributed CryptoWall and later began spreading CryptXXX ransomware through the exploit kit. Each individual component can be changed when a compromised website is taken down or the malware starts being detected. Each component can be developed or operated by different parts of an organized group or a network of criminals.
One of the changes to the Darkleech campaign reported by SANS Internet Storm Center handler Brad Duncan is the shift to using a simpler iframe to execute the next step in the attack for the malware exploit kit to run. The Darkleech authors’ decision to stop using highly obfuscated script could be due to a determination that their obfuscation wasn’t preventing analysis of their malware and potentially even making it easier to detect the malware. Essentially, the kit was dumbed down and streamlined because it had more functionality than it needed to get around today’s antimalware defenses.
For enterprises or researchers investigating Darkleech, Palo Alto Networks has released indicators of compromise in a blog post. Duncan reports the ransomware message informing the victim of the attack hasn’t changed, so that could be an additional indicator, but the Tor addresses may change per attack campaign.
Ask the Expert: Have a question about enterprise threats? Send it via email today. (All questions are anonymous.)
New ransomware lets you decrypt your files — by infecting other users
A new kind of ransomware comes with its own “referrals” program, one that you probably wouldn’t want to join.
The malware called dubbed “Popcorn Time” locks your Windows computer’s files with strong AES-256 encryption, until you a pay a ransom of one bitcoin (or $ 780 at the time of writing).
(Image: MalwareHunterTeam)
But this ransomware comes with a twist.
The lock screen will let you unlock your files the “nasty way” by sharing a link with two other people — presumably ones you don’t like. If they become infected and pay, then the original victim will receive a free decryption key.
Infected users have seven days to pay the bitcoin ransom to an anonymous wallet.
According to one report, the ever-evolving source code suggests that if a victim enters the decryption code more than a handful of times, the ransomware will permanently lock the files.
The ransomware just this week was updated to encrypt files in Documents, Pictures, Music and Desktop folders, as well as dozens of file extensions, including many of the most popular.
A series of screenshots tweeted by the MalwareHunterTeam, which found the ransomware, shows that the criminals purport to be Syrian, and that the money paid “will be used for food, medicine, and shelter to those in need.”
“We are extremely sorry that we are forcing you to pay but that’s the only way that we can keep living,” said the ransomware note.
(Image: MalwareHunterTeam)
How the Cyber Kangaroo can help defend the Internet of Things
What are Australia’s policy options for responding to the internet threats of 2022? This question was explored in the 360° Cyber Game conducted jointly by RAND Corporation and the National Security College (NSC) at the Australian National University (ANU) in Canberra on Thursday.
RAND has conducted two of these games before, in Washington DC and in Silicon Valley, and has written up the methodology and results in the paper A Framework for Exploring Cybersecurity Policy Options.
The Canberra game worked the same way.
Around 60 participants from government, academia, and the private sector — your writer was one of them — explored two scenarios. First, we were divided into teams to consider each scenario from a certain angle. How might our proposed policy responses increase the cost for attackers, for example, or how might they affect our cultural norms by infringing on civil rights and the like. Then we reconvened as one group to compare and integrate our proposals.
The game was held under the Chatham House Rule, so I can’t reveal who the participants were, or who said what, but it was an impressive lineup.
While RAND plans to release a formal report in February, these are my initial observations. Note that the entire game was about policy responses, not technical responses.
The first scenario was about the Internet of Things (IoT).
“This scenario places you in a world in which malicious exploitation of the IoT is becoming too common and beginning to be socially and economically disruptive,” the scenario notes read.
A vulnerability was found in a smart door lock used by a big real estate developer, giving burglars access to thousands of homes.
A woman’s self-driving car diverted from its planned route, and she was unable to resume manual control. It ploughed into pedestrians, injuring 12 and killing one. It turned out the car had been hacked by her boyfriend, who thought that bringing her to him would make a novel marriage proposal.
“The public outcry over these malicious activities [and others that were detailed in the scenario] leads to an impending crisis that demands action. But what action?”, asked RAND.
The consensus was that chasing the hackers was unlikely to be successful, at least in the short term, citing the usual problems with attribution and jurisdiction. That said, there should still be diplomatic efforts to remove hacker-friendly havens.
It would be more effective to work with the players we could identify: the manufacturers, distributors, and retailers of IoT devices, and with consumers. Given the low cost and low profit margins of many IoT devices, any solution had to be easy and cheap.
As an initial response, we should leverage existing consumer law. We already have strong product recall processes for unsafe products, especially for electrical items and children’s toys. This could quickly remove the most problematic devices from the market, giving time for the development of coherent cyber safety standards.
Crowdsourced security testing, along the lines of bug bounty programs, could also help identify problems quickly.
Participants noted that telcos can already identify most of the malicious traffic on their networks, but have no incentive to do anything about it. Monitoring networks and blocking certain traffic presents obvious civil liberties and privacy objections, so exploring that policy option would have to be handled carefully.
By 2022, IoT devices were likely to be smarter, with more processing power. Perhaps each device would be able to learn what constituted normal activity, and flag anomalies. Communicating with each other, they could develop something akin to an immune system. That, however, is a technical rather than a policy response, so it wasn’t explored further.
However, the consensus was that we should hit the manufacturers and sellers, because they’re the ones putting the insecure devices on the market.
The solution that emerged was a cyber safety rating system, the same kind of security star rating system proposed by Andrew Jamieson, the “Security Oompa Loompa” at safety science company UL.
The same problems were identified too, such as the difficulty of comparing the safety of different kinds of devices. Hacking a smart toaster doesn’t have the same potential impact as hacking an insulin pump.
The Canberra game participants decided that devices rated under this system would be branded with the Cyber Kangaroo of approval. The Cyber Kangaroo regime would be phased in, first as a voluntary standard accompanied by a public education campaign, then as a compulsory rating for any device sold in Australia.
Insurance companies could also encourage consumers to buy Cyber Kangaroo-approved devices.
Participants decided that developing an international standard would be too slow. Australia should just do it.
Australia could also benefit from becoming an innovation centre for IoT security, including the rapid development and testing of secure IoT code.
RAND’s previous cyber games had also identified standards and market forces as policy options likely to succeed.
“Participants saw a need for market forces to reward security and penalize insecurity. They identified a role for government in classifying products by degree of cybersecurity (assessed through certifications or performance standards). They also agreed that cybersecurity should be prioritized according to the impact of failure, with health and safety devices being the most critical targets for regulation,” RAND wrote.
The second scenario was about intellectual property (IP) theft and corporate espionage, some of it state-sponsored.
The sale of an Australian mining company soured when their network was discovered to have been compromised for years.
An Australian solar technology company was concerned that it might lose a tender for a massive solar project in South America because they believed their IP had found its way to China.
This scenario was tougher.
RAND’s formal report may well identify clear themes, but from this participant’s perspective there we no obvious answers.
It was clear that retaliatory action in the form of “hacking back” would be counter-productive. Not only would it be illegal, it could well trigger a tit-for-tat spiral of escalation.
Instead, Australia should continue to help develop peacetime norms for cyberspace, encouraging nations to sign on to these standards of behaviour.
Australia should then develop its processes for responding to breaches, which might range from sanctions against individual companies, through to sanctions against nations as a whole, to boycotts, or even to something more physical.
On the home front, organisations should be encouraged to report incidents of corporate espionage through a confidential no-fault process.
The idea that Australia would have passed mandatory data breach notification laws by 2022 was met with laughter, and in any event the current drafts of such legislation only cover the theft of personal data, not corporate secrets.
Directors of public companies should also be reminded of their responsibility to disclose any events that might affect the share value.
While the cyber game didn’t come up with any magic solutions, it made two things clear. One, this is complicated. And two, we need to start developing solutions now.