Thursday, March 26, 2015

JavaOne 2015 San Francisco Call for Papers is Open

Got something to share about Java security?  JavaOne 2015 San Francisco call for papers is LIVE.  Send in your proposals for consideration to the Java security track.  Submit Now!

Wednesday, March 25, 2015

Algorithm: The Hacker Movie

As a security professional I know the levers and buttons behind the smoke of Oz.  There's not much that surprises me in the field.  Anyone that has actually hacked a system before knows it's not all that glamourous.  I'm not saying hacking ops never involve hot girls, guns, fast cars, and secret orders that go up in a puff of smoke after being read, but my missions are far more sublime.  As a result, my expectations for computer security movies coming out of Hollywood these days is not very high but I am presently surprised with Algorithm: The Hacker Movie.

The movie begins with a loner on the edge of society.  Earning money from occasional odd side jobs, even to the point of occasionally sleeping outside, living with friends and hacking.  The desire to hack is a deep desire to solve puzzles (which drives many of us).  You get the impression hacking not a job but a way of life.  The character also narrates the story occasionally so you get a chance to learn what he's thinking, his motivations, his relationships with friends.  The acting was perhaps not outstanding but it was believable.  I like the tone of the movie, quiet and not splashy.  The quite tone reminded me of watching Twilight movies but more grown-up.  Many movies portray hackers as bright social misfits but most real hackers don't have ADD, OCD, or other social disorders.  Many of the brightest minds in the field can carry a conversation and do enjoy a daily shower.  Yes, I do have friends with binary tattooed on their knuckles, OCD, and such.  But the real truth about hackers is really somewhere in between.  The mix of characters in this movie seemed quirky yet believable which is less polarized and more true to life.

Fact is, real hacking is boring to watch.  Nobody gets excited watching someone solve a crossword puzzle.  The film makers made the film exciting while keeping more or less true to the overall security theme earns it a thumbs up in my opinion.  Oh almost forgot, I even learned something about security in the movie I didn't know prior to watching - Port Knocking.

Algorithm: The Hacker Movie, movie link

Thursday, March 19, 2015

DIY Drone Bootcamp, Build Log

Updated January 13, 2016

ARTICLE HAS MOVED...
Now being maintained on dedicated site.

Monday, March 9, 2015

OWASP AppSecUSA 2015

Honored for invitation to OWASP AppSecUSA 2015 San Francisco conference Call for Papers(CFP) review team.  If you have an interesting security talk submit your proposal.  CFP closes on March 14, 2015.  In the event your not aware, OWASP is an organization of application security professionals and has many free resources to keep your software applications safe.

Monday, March 2, 2015

Balkanization of US Products and Services Technology Accelerates

Updated October 5, 2015

---

It's been more than a year since I wrote a story about the erosion of trust in US products and services and its impact on corporate revenues, A Crisis of Confidence Costs Real Money.  Recently China announced top US companies like Apple Computer Inc, Cisco Systems Inc., and Intel Corp have been dropped the state's approved vendors list [1].  Trust may be old school but it's clearly still important when comes to sale of products and services.

Other countries have already began curtailing purchases but perhaps without the bold public proclamations.  According to the Wall Street Journal [2] Cisco has been particularly harmed, "first-quarter orders in China declined 18%,...Mexico and India off by the same percentage. Orders were off 30% in Russia and 25% in Brazil".  Last year it was revealed the NSA tampered with Cisco products sent to China.  One of the saving graces of these highly diversified companies is that they do business in many other countries.  While many American's and businesses where harmed in 2008 with the economic crash, American bellwether companies did better than ever.  Partially due to their global diversification, these companies no longer depend upon American's to purchase their products.  Also a sharp rise in commodity prices due in no small way to an uncertain economy, is fueling the purchase of company stock across the board further bolstering cash reserves, stock buy backs, and expansions.

Generally globalization and diversification are great for business but apparently American bellwethers are now feeling growing pains as stories continue to break about overreaching US security policies.  The problem with an "end justifies the means" to security policy is the stain it leaves on corporate integrity of these global corporations.  At issue, trust, nothing US companies say or do will convince foreign nations US products or services are not compromised.  Many companies like YahooGoogle, and Apple reacted to the new policies by encrypting data at rest and in transit as a default.  Encrypting user data by default does away with the free feast on personal information and ensures at least an electronic trail by authorities for personal information requests.  The FBI contends, search warrants are not enough, new "security backdoors" are required in US products services.  The news set off a firestorm with unexpected results, now other nations like China are also requesting security backdoors in US products.  Experts contend backdoors weaken products and services for everyone.

Beyond interception of data sent over telecommunications networks, US authorities have other shadowy tools at their disposal like National Security Letters(NSL) and secret FISA court hearings.  These tools provide secrecy or gag measures accompanying government requests for information and eliminate critical public oversight.  In fact, in 2014 it finally became public knowledge that in 2008 Yahoo argued against warrantless surveillance.  Other businesses have shut their doors entirely rather than participate in what history may one day consider the most egregious incursion into American's 4th Amendment privacy rights ever.  In stark opposition, authorities are convinced American privacy is small sacrifice for the security of a nation.

Most experts agree, authorities need access to sensitive information to support their investigations and keep America safe.  At issue is the method of collection, a complete dragnet on all Americans.  Until the US government begins observing the rule of law and transparency in the area personal data collection, bellwethers will continue to bleed revenue as products and services become increasing balkanized along geopolitical boarders.  Even if government policies improved overnight, a shaken world confidence is not so easily restored and it will likely be many years before trust in US products and services are restored.

[1] Exclusive: China drops leading technology brands for state purchases (removed by Reuters prior to post).  See also, China removes top U.S. tech firms from government purchasing list
[2] Cisco CEO: 'Never Seen' Such a Falloff in Orders

Image: American flag image, Wikipedia.

Share It!