Jean Lievens: Tim O’Reilly on Open Data and Best (Open) Security

Categories: Data,Security
Jean Lievens

Jean Lievens

Opening up open data: An interview with Tim O’Reilly | McKinsey & Company

The tech entrepreneur, author, and investor looks at how open data is becoming a critical tool for business and government, as well as what needs to be done for it to be more effective. A McKinsey & Company article.January 2014

Interview transcript

Read the rest of this entry »

Comments Off
Jan 16

Patrick Meier: #Westgate Tweets One Hour Before Attacks to Two Hours Afterwards — Who, What, When, Where…

Patrick Meier

Patrick Meier

#Westgate Tweets: A Detailed Study in Information Forensics

My team and I at QCRI have just completed a detailed analysis of the 13,200+ tweets posted from one hour before the attacks began until two hours into the attack. The purpose of this study, which will be launched at CrisisMappers 2013 in Nairobi tomorrow, is to make sense of the Big (Crisis) Data generated during the first hours of the siege. A summary of our results are displayed below. The full results of our analysis and discussion of findings are available as a GoogleDoc and also PDF. The purpose of this public GoogleDoc is to solicit comments on our methodology so as to inform the next phase of our research. Indeed, our aim is to categorize and study the entire Westgate dataset in the coming months (730,000+ tweets). In the meantime, sincere appreciation go to my outstanding QCRI Research Assistants, Ms. Brittany Card and Ms. Justine MacKinnon for their hard work on the coding and analysis of the 13,200+ tweets. Our study builds on this preliminary review.

The following 7 figures summarize the main findings of our study. These are discussed in more detail in the GoogleDoc/PDF.

Figure 1: Who Authored the Most Tweets?

Figure 2: Frequency of Tweets by Eyewitnesses Over Time?

Read the rest of this entry »

Comments Off
Nov 19

Berto Jongman: Google Evil – Exploits All Wi-Fi Passwords

Categories: Security
Berto Jongman

Berto Jongman

Google knows nearly every Wi-Fi password in the world

By 

Computer World, September 12, 2013

If an Android device (phone or tablet) has ever logged on to a particular Wi-Fi network, then Google probably knows the Wi-Fi password. Considering how many Android devices there are, it is likely that Google can access most Wi-Fi passwords worldwide.

Recently IDC reported that 187 million Android phones were shipped in the second quarter of this year. That multiplies out to 748 million phones in 2013, a figure that does not include Android tablets.

Many (probably most) of these Android phones and tablets are phoning home to Google, backing up Wi-Fi passwords along with other assorted settings. And, although they have never said so directly, it is obvious that Google can read the passwords.

Full article with many links below the line.

Read the rest of this entry »

Comments Off
Sep 14

Stephen E. Arnold: IBM Has Security Flaws

Categories: Security,Software
Stephen E. Arnold

Stephen E. Arnold

IBM Has Security Flaws

September 8, 2013

IBM is a respected technology company and it appears that hardly anything can bad can be said about them. There comes a time when every company must admit they have a fault in their product and IBM must step up to the plate this time. The news comes to us from Secunia, a Web site that monitors technology security, in the warning, “Security Advisory SA54460-IBM Content Analytics With Enterprise Search Multiple Vulnerabilities.”The warning is labeled as moderately critical and should worry organizations that use the software to manage their data. The bug messes with cross site scripting, manipulates data, exposes sensitive information, and a DoS.

Here is the official description:

“IBM has acknowledged a weakness and multiple vulnerabilities in IBM Content Analytics with Enterprise Search, which can be exploited by malicious people to disclose certain sensitive information, conduct cross-site scripting attacks, manipulate certain data, and cause a DoS (Denial of Service).”

Ouch! IBM must not be happy about this, but at least they discovered the problem and Content Analytics users can expect a patch at some point. Hate to bring up Microsoft at this venture, but whenever a big company has a problem I can’t help but think about how Microsoft never has a product launch without some issues. IBM is reliable and hopefully they will not go down the same path as Windows 8.

Whitney Grace, September 08, 2013

Sponsored by ArnoldIT.com, developer of Beyond Search

Comments Off
Sep 9

Tom Atlee: Surveillance and parasitism harm society’s collective intelligence

Tom Atlee

Tom Atlee

Surveillance and parasitism harm society’s collective intelligence

What this post is about:  Society’s collective intelligence needs to be able to see clearly what’s going on and take action about it.  Both NSA surveillance and corporate suppression of activism interfere with that vital dynamic.  This post clarifies what’s going on in these dynamics and suggests strategies to counter them and increase society’s collective intelligence.

Any healthy living system will try to weed out challenges that threaten its functioning. That’s what immune systems do: they preserve business-as-usual in a body.

But this natural maintenance activity of a system can be counterproductive:
(a) when changing circumstances demand adaptive responses, when the system NEEDS to change its business-as-usual – and
(b) when the system has been parasitized by something that is using it for the parasite’s own purposes at the larger system’s expense.

Entire post below the line, with links.

Read the rest of this entry »

Comments Off
Aug 11

99% Android Devices Totally Open — How Long Before Open Source Security and Code Level Integrity Are Appreciated?

Categories: Security,Software
Click on Image to Enlarge

Click on Image to Enlarge

Mobile security startup Bluebox Security has unearthed a vulnerability in Android’s security model which it says means that the nearly 900 million Android phones released in the past four years could be exploited, or some 99% of Android devices. The vulnerability has apparently been around since Android v1.6 (Donut), and was disclosed by the firm to Google back in February. The Samsung Galaxy S4 has already apparently been patched.

It’s likely that Google is working on a patch for the vulnerability. We’ve reached out to the company for comment and will update this story with any response.

Bluebox intends to detail the flaw at the Black Hat USA conference at the end of this month but in the meanwhile it’s written a blog delving into some detail. The vulnerability apparently allows a hacker to turn a legitimate app into a malicious Trojan by modifying APK code without breaking the app’s cryptographic signature. Bluebox says the flaw exploits discrepancies in how Android apps are cryptographically verified and installed. Specifically it allows a hacker to change an app’s code, leaving its cryptographic signature unchanged — thereby tricking Android into believing the app itself is unchanged, and allowing the hacker to wreak their merry havoc.

Read full article.

Read the rest of this entry »

Comments Off
Jul 4

Marcus Aurelius: Time for US to Get Serious About Setting Everyone Else “Ablaze”? — Sun Tzu Comment

Marcus Aurelius

Marcus Aurelius

Two articles follow:  one posits a seemingly global anti-US opposition, an Anti-American Network (AAN), and the other posits that political warfare is the answer to the Middle East portion of the problem.  IMHO, both are worth considering.  Further believe that, with respect to Boot & Doran’s approach, (a) coverage needs expansion to cover all the opponents Hirsch posits and (b) political warfare is a necessary but not sufficient component of our response and an NCTC-centric structure is probably not the way to go.  We already have policy in place to deal with these kinds of things but it probably needs revision in light of international and domestic politics.  In my view, what we need is national leadership (read:  POTUS and Congress) with the guts and principles of Britain’s WWII leader Winston Churchill supported by an Executive Branch organizational structure combining the best features of their Special Operations Executive (SOE) and Political Warfare Executive (PWE), one authorized, directed, and capable of covertly, surgically and virtually “setting our adversaries ablaze.”   Neither the currently tasked organization nor U.S Special Operations Command, or even the two together, is presently that structure.)

Read the rest of this entry »

Comments Off
Jun 30