According to the Washington Post, the Pentagon has recently received a report that states that over 2 dozen US weapon systems plans and specifications have been stolen via digital attacks on defense contractor and subcontractor systems. The list of possibly compromised systems include several key military assets such as the FA-18 fighter, the F-35 Joint Strike Fighter, the Black Hawk helicopter and the Patriot Missile. Officially, the Pentagon has downplayed the report, stating that they have no reason to believe the strength or integrity of the military compromised in any way, but Department of Defense officials have said, off record, that there is growing concern that the Pentagon and our government at large are increasingly falling behind in their ability to defend our digital borders from future cyber attacks.
What this means for you:
Regardless of your political leaning, there are few Americans who believe that our government runs a tight ship, and anyone who’s had any dealings with the Federal government knows that for the most part, they are woefully behind in just about every aspect of technology. Poor operational standards and old technology is a recipe for security disaster on a large scale for any business, and the Department of Defense is about as big a business as you can get.
Just like the problem life insurance salespeople face (no one wants to face the fact of dying), many businesses still have not come to grips with the fact that they will have (or already have had) a security breach. Many defense contractors who have lived in the bubble of American military superiority for so long have developed a complacency that is leading to poor decisions and lack of preparation until it is too late. The Chinese military is hungry to tip the scales, and it seems that they have the digital advantage.
Surely your business is more nimble than the Department of Defense. Have you grown complacent and ignored your technology’s security? Wouldn’t you rather do some work ahead of a security breach rather than scrambling to repair the damage?
In a controlled experiment run by technology website ArsTechnica.com, hackers were given a list of over 16000 hashed passwords and asked to try to decipher as many as possible. Not only were they able to crack over 90% of the passwords in about 20 hours, one of them managed to decipher over 60% of the encrypted passwords in less than an hour using a single computer.
To put this into some context, the target list contained passwords of varying lengths and composition, containing both letters, numbers and symbols, and was encrypted using an MD5 Hash. For the uninitiated, “hashing” a password is a one-way encryption method used to store passwords. When you go to log into your password-protected service, the server takes the password you just typed in, “hashes” it, and then compares it to the hashed password it has stored for you, and if they match, you are authenticated. Hashing is commonly used so that if a server is compromised and a list of passwords is downloaded, all the hackers have gained is a list of unencryptable letters and numbers. Of the encryption methods available, “MD5” is very common, because it requires little computational power, something that busy websites want to reserve for other functions.
The hackers in the ArsTechnica project used brute-force dictionary attacks driven by their own hand-built hash source lists, essentially decoding the target list by comparing hashes with lists that contains upwards of a billion combinations of letters, numbers and symbols. The computers used in this exercise were garden-variety workstations capable of processing several million guesses per second using parts easily procured from any computer store. Late last year one of the hackers involved showcased a cluster computer built using the same parts. Designed specifically for cracking passwords, this machine was capable of processing 350 billion hash guesses per second, and if it had been used in the above exercise, would have rendered out the list in a few hours.
What this means for you:
The real intent of ArsTechnica’s exercise was to demonstrate how trivial passwords are in terms of true security, even ones that are traditionally believed to be very strong, e.g. “qeadzcwrsfxv1331”. The hackers involved in the exercise pointed out the controlled nature of the exercise actually limited their ability and efficiency as compared to “real world” scenarios – the fact that they were limited to traditional workstations and were cracking a list about which they had no further information. Typically, crackers will have much more information about the passwords they are attempting to decipher, such as the security rules enforced when the users create them (e.g. 8-14 characters, must contain a letter, number but no symbols, etc.). Even knowing the service or site the passwords were used on will help crackers decipher passwords, as it will often allow them to uncover the encryption method used to hash the passwords.
If you think you are being clever by creating “hard” passwords that are ten characters or longer and interspersed with numbers, there is a statistically high probability that even that combination will be on these brute-force source lists, especially if you use the common substitutions like 3 for “e”, zero for “o” and so on. Computers have become so powerful that cracking even the most complex passwords is really a matter of patience and persistence.
On the flip side, most services we use are secured against brute-force attacks, at least on an account by account basis. No hacker is going to waste his or her time trying to guess your online banking password via the methods described above, as they would get locked out after the 3rd or 4th failed guess. But if they somehow managed to get into the bank’s servers and download a list of hashed passwords (which has been happening to other services quite often), you can bet your password will soon become another statistical probability in some hackers brute-force dictionary list.
A Congressional report authored by California Representative Michael Waxman and Massachusetts Representative Ed Markey publicizes that some United States utility companies are under constant cyberattack. Based upon a survey of 160 utilities, the publication notes that a dozen of the respondents report that they experience “daily, constant or frequent attempted cyber attacks.” Congress and the White House are understandably concerned that hackers could damage the nation’s powergrid, but the utilities say that their security standards are sufficient to protect the systems that keep America’s lights on, and that the attacks suffered by the utilities are no different than the ones that other American businesses and organizations suffer on a regular basis.
What this means for you:
Unless you happen to be a highly placed Security Officer at the North American Electrical Reliability Corporation or a member of the House Energy and Commerce Committee, there’s not much you’ll be able to do personally to prevent cyberterrorists hacking a utility eventually. Many security analysts predict that it’s only a matter of time before a US utility gets hacked, and you may recall a rather hushed-up incident affecting a large Saudi energy company not too long ago.
The real truth of the matter is that most companies, regardless of size, function or even nationality, are being probed and tested on a regular basis. The server that hosts this website experiences dozens (sometimes hundreds) of attacks on a daily basis. Is C2 being targeted specifically? Unlikely, but whether there is specific human intent behind the attacks or not, the fact remains that if (when) one of those automated attacks actually manages to penetrate a weakness, you can bet a human will follow along behind to assess whether the target is worth further hacking, or simply relegated to the growing army of zombified computers that are pointed at more high-value targets. My server doesn’t contain anything important enough to warrant concentrated effort, but you can bet that a compromised utility company server is a high-value target. And when everyone is gunning for you, it can’t dodge bullets forever, no matter how good you think your security is.
Dell, on the tail-end of a dismal earnings report that failed to meet Wall Street’s expectations, has been busily diversifying its product offerings in the face of flagging PC computer sales. The fruit of one of those diversifications is coming from Dell’s recently purchased WYSE division, a manufacturer known most prominently for their thin-client platforms, in the form of an extremely small thin-client that can be plugged directly into the HDMI port of late-model monitors and TV’s to create a “computer on the go.” Dubbed “Ophelia” this device is just slightly larger than a USB flash (nee thumb) drive, and will run the Android 4.0 OS natively, but can also hook into virtualization platforms from industry standards VMWare, Citrix and Microsoft. Expected to arrive in July for developers and the general public this Fall, Ophelia is expected to cost approximately $100.
What this means for you:
More and more businesses are turning to virtualization and cloud-based resources, one of many factors that is contributing to Dell’s weakening PC sales. The purchase of WYSE was a shrewd move, assuming this trend continues, and we don’t see a rebound like the industry saw in the 80’s with it’s first romance with the client-server model. Unlike the first go-round with client-server technology, today’s thin clients are more than powerful enough for the average knowledge worker’s needs while still being easier and cheaper to maintain than a fleet of standard desktops. The move to ultra-portable seems to be a natural next step, given the modern workforce’s growing acceptance of mobility, and may be a much-needed shot in the arm for Dell.
Should you go out and buy one? At $100, it may add another layer of sophistication to your fancy LCD big-screen in the living room, or add a valuable and extremely portable resource to your traveling business kit. It’s still way too early to tell, but basing it on Android will give the device a solid app eco-system that will hopefully prevent it from being just another addition to the drawer of lost technology toys.
If you were someone who worried that Facebook was taking over the world, one market segment at a time, it would seem that the smartphone front is safe, for now. As part of the launch of its new pseudo smartphone OS “Facebook Home” back in April, the social media giant had also announced a partnership with HTC to sell the “HTC First” with the application suite pre-installed, essentially creating the official Facebook Phone. Unfortunately, Facebook’s foray into pseudo-OS development received a mostly tepid to slightly-negative response from the public, and HTC’s First faired little better. According to some analysts, as few as 15,000 units have been sold since it’s launch.
AT&T, betting big on the First and Facebook, appears to have a serious overstock problem due to the lackluster market response and has slashed the phone’s price to $.99 (with contract, of course) from the original launch price of $99. Unfortunately for the carrier, they signed a display contract that requires them to continue providing valuable shelf space for the First, despite the phone’s lack of popularity, so the price slash is an obvious desparate move to clear space for better selling phones.
What this means for you:
It’s too early to make any sort of prediction, but Facebook seems to be entering the awkward stage of life as it struggles to find relevance with an increasingly cynical/sophisticated user base while pursuing profit for shareholders disappointed by flops like the Facebook Home app. One of the interesting dynamics that is still very poorly understood is the changing demographic of Facebook’s core audience. The same population segment that helped Facebook rocket to world dominance is now entering into a distinctly different phase of life (college students are now parents and employees), and the next generation of users are young enough to view Facebook as the place where their moms and dads (and grandparents!) “do the ‘net.” The next generation of internet users are very fragmented and intent on experimenting with new platforms that rise and fall with rapidity, and many view Facebook as yesterday’s news. Still, with billions of users worldwide, Facebook has a long way to fall before any other platform, no matter how new or exciting can ever fill its shoes.
The media has been aflutter with the progress on the highly controversial 3D-printed pistol, the Liberator, but has paid relatively little attention to the other side of 3D-printing which is intent on helping others. On the other side of the world in South Africa, Richard Van As, a master carpenter has collaborated with Ivan Owen, a Seattle, Washington prop maker to build an affordable prosthetic hand that has the potential to revolutionize the world of prosthetics.
Dubbed Robohand, this concept came into being after 3d-printer manufacturer MakerBot stepped in to help Van As and Owen as they struggled with the prototyping process by donating a pair of Replicator 2 3d-printers to their efforts. The devices helped the 2 men reduce the prototyping and testing cycle down from weeks to minutes, thanks in part to the mechanical speed of the Replicators, as well as the ability to collaborate digitally through MakerBot’s Thingiverse.org website to exchange designs and changes instantly. The result: a simple, affordable (less than $200 in materials) prosthetic that has already helped several children gain function in missing hands due to Amniotic Band Syndrome.
What this means for you:
3d-printing has been around for several years, but has only been hitting the front pages of mainstream media because of the controversy surrounding the creation of weapons that have the potential to avoid metal detectors. As with most things that are as disruptive as 3d-printing, the potential for both good and bad will be thoroughly explored by humans. Devices like MakerBot’s Replicators use materials and plans that are easy to acquire, which means things like the Robohand (and yes, the Liberator) can be quickly created just about anywhere in the world. Unlike the invention of the nuclear bomb, 3d-printing is more akin to the invention of the printing press by democratizing its potential for the masses. We can only hope that the creation and spread of Robohand-type devices overwhelm our more destructive and violent tendencies.
Image courtesy of 3ders.org
If you’ve spent any time on the internet lately, you likely know that Google’s latest innovation, “Glass” is already in the hands of the media and developers, and will soon be available to the general public. While the concept of wearable computers is not new – the earliest prototypes appeared over 30 years ago – Google’s sleek device has been giving privacy advocates fits since it was announced. Now that Glass is actually appearing “in the wild” as developers and media put the device through its paces, it’s getting pre-emptively banned by businesses, and in some cases, entire states are seeking to regulate its use.
As you might imagine, a device that can (relatively) unobtrusively record video and audio of anything in sight of a Glass wearer, on top of being able to access the vast data stores of Google’s indexed information, has many people understandably concerned. Cameras and recording devices are already banned in places like Las Vegas casinos, and organizations like Caesers Entertainment have extended their policies to explicitly include Google Glass in anticipation of the device’s arrival, as have numerous bars and other businesses, some merely for the publicity, but many for serious privacy concerns for their patrons and businesses.
What this means for you:
Whether or not you ever intend to use Google Glass or something similar, you’ve already been through a social revolution, and you might not have realized it. Remember when cellphones first started appearing with cameras? Remember when laptops first started shipping with webcams built into the lid? Devices that can be used to record others without their knowledge have been used in modern society for decades. Google is not the first to open this particular Pandora’s Box – the cows have long since fled the barn. Google Glass is fairly easy to spot now, but the technology will only improve (read: get smaller and harder to spot) and we will soon have wearable computers that are completely indistinguishable from a regular pair of glasses or sunglasses. We will get to a point that we will not be able to tell whether someone is digitally augmented, and societal conventions will have to adopt to the new standard, just like they have with smartphone cameras.
Hackers have compromised a Department of Energy website, leveraging a previously undiscovered security flaw in version 8 of Microsoft’s Internet Explorer. IE 8, which is now 2 versions back from Microsoft’s most recent release (v10), is used by almost a quarter of all Internet Explorer users, and is most commonly found on Windows XP computers. The “watering hole” style attack is thought to be the work of Chinese hackers based upon the malware used and the command and control protocols used. The hacked website is used by the DOE to disseminate information on radiation-based illnesses, leading analysts to believe that this was a targeted attack aimed at compromising the computers of government employees working with nuclear weapons and reactors, ostensibly for the purposes of gaining access to classified information and systems.
What this means for you:
This is the first instance of this particular exploit being discovered, but given the publicity and Microsoft’s well-known inertia in issuing security updates for it’s older products, there is a chance that if you are still using IE 8 you could be at risk. Microsoft recommends upgrading to a new version of Internet Explorer, but in the event that you are unable to upgrade due to your business requirements or application limitations, Microsoft has issued the following guidance for working around the security flaw until it can be patched:
- Set Internet and Local intranet security zone settings to “High” to block ActiveX Controls and Active Scripting in these zones
- Configure Internet Explorer to prompt before running Active Scripting or to disable Active Scripting in the Internet and Local intranet security zone
- Add sites that you trust to the Internet Explorer Trusted sites zone to minimize prompt disruption
As I’m not a Microsoft employee, I can also recommend switching browsers to Chrome or Firefox. Both issue security updates much more rapidly, and though they are not free of security flaws and zero-day exploits, both browsers typically fair better than IE in terms of overall security strength.
According to BlackBerry’s CEO, Thorsten Heins, tablets will lose their market dominance in 5 years, to be replaced by, presumably, smartphones like the BlackBerry, and larger monitors. Assuming he is referring to the business space, it’s hard to decide whether his prediction is some parts sour grapes – BlackBerry’s own tablet, the Playbook, was a market failure and nearly bankrupted the company – and some parts wishful, magical thinking to self-fulfill their own business goals, which is to supplant tablets (dominated by the iPad and to a lesser extent Android) with their devices. As is usually the case with controversial predictions, Heins’ prognostications have roots in fact. Apple’s profits have been declining, as has its margins on the iPad, giving analysts cause to speculate on the longevity of the platform.
What this means for you:
Unless you are about to make a substantial investment in bringing tablets into your business processes (and even if you are), Heins’ predictions are likely to have little impact on you. BlackBerry wants to be considered a competitor in the mobile device space, and as they can’t compete on the tablet level, the traditional business tactic one can take in this situation is to attempt to invalidate the competition’s strategy by influencing the market. “Tablet’s will be dead in five years. Everyone will be using BlackBerries,” makes for good headlines, but any student of technology history will tell you that smarter technology leaders and innovators got more wrong than right when attempting to predict the future.







![robohand-indiegogo-3d-printed-hand-2[1].jpg robohand-indiegogo-3d-printed-hand-2[1].jpg](https://c2techs.net/wp-content/uploads/2013/05/robohand-indiegogo-3d-printed-hand-2[1]-460x260_c.jpg)



