Tag Archives: security

The two-step password movement continues – Dropbox joins in

The push towards two-step passwords and better security continues.

Dropbox trials two-factor authentication beta

A few weeks ago, when Dropbox users began reporting that their emails had been leaked to spam lists, Dropbox made some security changes and promised it would bolster its security measures further. The company has now made good on its promise, rolling out the beta version of a two-factor authentication system over the weekend.

 

Visit the link above for instructions on how to enable two-factor authentication.

I am a big fan of extra security for everything. I have two-factor authentication with my bank, PayPal, and in all my Google accounts. It’s good to see more companies beefing up our consumer security options.

 

 

Continue reading

Gmail: why do messages end up in spam folder?

Many of our users say the accuracy of our spam filter is one of the key reasons they love Gmail. And while we think you should never have to look in your spam folder, we know some of you may want to know why the messages there were marked as spam.

So starting today, we’ll be showing a brief explanation at the top of each of your spam messages. Simply look at any message in your spam folder and now you can find out why it was put there and learn about any potentially harmful content within the message.

via Official Gmail Blog

 

Help articles from Google explaining why Spam can be dangerous.

Thx Don Burke.

NASA completely hacked, several times in cyber war

NASA said hackers broke into its computer systems 13 times last year, stealing employee credentials and gaining access to mission-critical projects in breaches that could compromise U.S. national security.

The National Aeronautics and Space Administration spends only $58 million of its $1.5 billion annual IT budget on cyber security, Paul Martin, the agency’s inspector general, told a Congressional panel on NASA security earlier this week.

“Some NASA systems house sensitive information which, if lost or stolen, could result in significant financial loss, adversely affect national security, or significantly impair our nation’s competitive technological advantage,”

He said the agency discovered in November that hackers working through a Chinese-based IP address broke into the network of NASA’s Jet Propulsion Laboratory.

He said they gained full system access, which allowed them to modify, copy, or delete sensitive files.

Unencrypted notebook computers that have been lost or stolen include ones containing codes for controlling the International Space Station as well as sensitive data on NASA’s Constellation and Orion programs and Social Security numbers, Martin said.

via Reuters

Google challenges any hacker to take down Chrome – “I am the king of the world!”

Google Will Offer $1 Million In Rewards For Hacking Chrome

For the last three years, Google’s Chrome browser has left the world’s premiere hacking competition unscathed, even as Firefox, Internet Explorer and Safari have all been taken down.

Google announced Monday evening that it’s offering up to a million dollars in rewards at the annual Pwn2Own hacking contest, which takes place next week at the CanSecWest security conference in Vancouver. Hackers don’t necessarily need to target Chrome to win a chunk of that money: Google is paying $20,000 to any participant who can exploit hackable bugs in Windows, Flash, or a device driver, security problems that would affect users of all browsers. But for hacks that include flaws specific to Chrome, Google will pay $40,000 each, and for those that exploit only bugs in Chrome, the company will shell out $60,000, up to its million dollar limit.

Since Chrome first appeared as a target in the Pwn2Own contest in 2009, participating hackers haven’t even tried to exploit the browser…that’s a sign that none of the researchers could find a chink in Chrome’s armor.

Even when Google offered an extra $20,000 to anyone who could hack its browsers last year, no one took up the challenge.

via Forbes

Google challenges any hacker to take down Chrome – "I am the king of the world!"

Google Will Offer $1 Million In Rewards For Hacking Chrome

For the last three years, Google’s Chrome browser has left the world’s premiere hacking competition unscathed, even as Firefox, Internet Explorer and Safari have all been taken down.

Google announced Monday evening that it’s offering up to a million dollars in rewards at the annual Pwn2Own hacking contest, which takes place next week at the CanSecWest security conference in Vancouver. Hackers don’t necessarily need to target Chrome to win a chunk of that money: Google is paying $20,000 to any participant who can exploit hackable bugs in Windows, Flash, or a device driver, security problems that would affect users of all browsers. But for hacks that include flaws specific to Chrome, Google will pay $40,000 each, and for those that exploit only bugs in Chrome, the company will shell out $60,000, up to its million dollar limit.

Since Chrome first appeared as a target in the Pwn2Own contest in 2009, participating hackers haven’t even tried to exploit the browser…that’s a sign that none of the researchers could find a chink in Chrome’s armor.

Even when Google offered an extra $20,000 to anyone who could hack its browsers last year, no one took up the challenge.

via Forbes

How a Brookings Fellow travels with tech to China – #espionage

When Kenneth G. Lieberthal, a China expert at the Brookings Institution, travels to that country, he follows a routine that seems straight from a spy film.

He leaves his cellphone and laptop at home and instead brings “loaner” devices, which he erases before he leaves the United States and wipes clean the minute he returns. In China, he disables Bluetooth and Wi-Fi, never lets his phone out of his sight and, in meetings, not only turns off his phone but also removes the battery, for fear his microphone could be turned on remotely. He connects to the Internet only through an encrypted, password-protected channel, and copies and pastes his password from a USB thumb drive. He never types in a password directly, because, he said, “the Chinese are very good at installing key-logging software on your laptop.”

Via NY Times

 

Advice for travelling to China…or good advice for everyday life?

10 years after 9/11, have we changed?

It’s been 10 years since 9/11.

Amid the celebrations and acts of unity, I want to reflect on how the world has changed. More specifically how we have changed, and will that prevent another attack from happening.

What really caused 9/11?

There are so many explanations, if I miss one please tell me, but here are the ones I look to: oil, the Middle East, our military but more specifically our geo-political strategy, and our security around the world.

Oil

U.S. oil consumption has remained steady since 2000 when it was 19.7 million barrels of oil/day. In recent years a slight dip has occurred maybe due to the recession or due to structural changes (improved car MPG), and is now at 19.2.

Which is very good news. Not only have we handled our economic and population growth without increasing our demand, we have even reduced it. Economist call this “demand destruction”, one of my favorite terms.

It is quite possible that we have turned the corner on fossil fuels (or reached “peak oil”). If so, one of the main sources of terrorist funding, recruiting, and anger may be fading away.

 

The Middle East

Then we can look to the Middle East, where all 19 hijackers were from. The vast majority of them (15) were from Saudi Arabia, which backs up the oil topic. The remaining ones were from Lebanon, Egypt, and two from the UAE.

It’s great that we took down the Taliban in Afghanistan, even though it is not in the Middle East (South-Central Asia). They were bad and needed to go. Their replacement is not perfect but a whole lot better, with room to grow, unlike the Taliban.

The Arab Spring changes everything, though.

Before the uprisings, there were no democracies in the Middle East (only 26 in the rest of the world). Many of the new governments are on track to change that, but remember that even in our own past, the road is rocky and violent.

The good news is that three evil, violent, and obnoxious dictators are out of Egypt, Libya, and Tunisia. Eight other countries had major uprisings and six more had minor ones, with multiple reforms across the board.

All in all, it looks to be a general improvement.

Military Presence

The cult of Al-Qaeda was formed due to one very important factor, one that Osama exploited to no end. We have our military in several countries.

From our point-of-view this is a rational geo-political strategy to protect our interests. In the early days, we also protected the people from dictators and warlords.

Then at some point we started supporting more corrupted leaders than reformers. When one is bad, several is more than enough to cause hatred.

Which explains the opposing point-of-view. We often crossed that fine line between bully and protector, and usually for our own oil interests.

Yet, the situation hasn’t changed, in fact, it’s gotten worse. We now have our military in more places than ever, with many long term contracts in place to keep it there.

This is a problem and will not go away and was recently highlighted by crazy guy #1 in Iraq, Moqtada Al-Sadr’s statement, (paraphrasing): “don’t kill the Americans, they are leaving.”

Security

It’s hard to travel when everyone hates you. I went to Europe in 2004 and so many of those wealthy, pacificist, socialists hated us. They had signs up about our “invasion” of Iraq.

Now imagine how people in Muslim countries feel. It’s gotten to the point that if we are not giving money to a country, they hate us (and some still hate us when we do). We have to build monumental fortresses just to have embassies. Our checkpoints are becoming comedy acts of creative bomb making.

US Embassy, El Salvador

Where else can we possibly stick a bomb when traveling?

The only good news is that, for some reason, foreigners like Obama.

I don’t really get it. Maybe it’s that he’s not white. Maybe it’s because he was against the Iraq war and talks about removing troops. Or, maybe it’s just because Bush labelled so many as enemies that it became us-or-them.

Who knows.

The good news is that foreigners still like him after he announced the troop increase in Afghanistan. If he gets re-elected then he can do more international rock-star tours and keep building up that goodwill.

Then maybe I can travel abroad and not get the evil eye from everyone.

But then again, if a Tea Party-er gets elected we might start calling everyone extremists and enemies. It would be great if they added ‘isolationism’ to their pseudo-retro movement.

Conclusion

I think everything begins and ends with oil. If we are truly past peak oil then things are getting better. We can stop (or decrease) the use of our heavy hand in the Middle East to maintain our oil supply.

Our military can draw down and our goodwill will go up. Which will take years of course, but it will mean our state of affairs is getting better.

We just have to keep making those hard decisions to get us off oil, though, with shaded solar parking lots, maybe it’s not so hard after all.

 

Reflections from the 1st Chief Information Officer of the USA

“Last Friday was my last day at the White House. As I begin my fellowship at Harvard University, I’d like to share my reflections on public service…”

So begins, Vivek’s 12-page summary of his time in the Obama administration (the full version can be found via Alex Howard’s GovFresh piece).

I’ve been a big fan of Vivek’s, since his days as the CTO of Washington, DC. When he was named the first Fed CIO, it was big news in the tech community, especially in DC.

He's always smiling.

Each and every move he made, we followed. You have to remember that during the Bush years the exciting news was that the White House press core “had a blogger” (not to mention Bush didn’t use email). Then Obama came into office full of blackberry, twitter, facebook, and web prowess.

Every geek in the nation was rooting for some gear to get into the White House. We wanted cell phones, laptops (Macbooks!), modern websites, social media, podcasts, etc.

In the midst of this Bush/Obama collision arrived Vivek, fresh off amazingly innovative programs in DC: real-time tracking of city projects, GIS for municipal services, and co-location of engineers in schools.

Then he hit the Federal bureaucracy.

On the first day “they handed me a stack of documents with $27 billion worth of technology projects…years behind schedule…millions over budget.”

“Those documents were what passed for real-time updates on the performance of IT projects. My neighbor’s ten-year-old could look up the latest stats of his favorite baseball player on his phone on the school bus, but I couldn’t get an update on how we were spending billions of taxpayer dollars while at my desk in the White House.”

That stack of documents became his fighting spirit. No IT professional could claim any cred if they worked off binders and printouts.

“…from a small, nondescript office in downtown Washington, we spent many long nights fueled by coffee, thinking big about how we could transform our Government through technology.”

“I was ready to embark on a technology revolution…that would crack down on wasteful spending; increase the efficiency and effectiveness of government; enable an open, transparent, and participatory democracy; advance the cybersecurity posture of the nation; and most importantly, improve delivery of citizen services.”

Yeah, he was on fire.

The original IT dashboard.

The first big step was to bring that same real-time tracking pioneered in DC to the Federal Government, which is a lot like going from a tricycle to a spaceship.

“The Federal Government is the largest purchaser of IT on the planet, with over $80 billion spent on over 12,000 systems every year…to shine a light on (that spending) we launched the federal IT Dashboard in June 2009.”

“The Dashboard is a website where people can monitor every IT project..as easily as they can monitor their personal investment portfolios. If a project is over budget, or behind schedule, the Dashboard tells you so – and shows a picture of the person in charge.”

You gotta love the picture of the person in charge. Imagine having your face next to a project that is $100 million over budget. In quick order they “saved $3 billion and cut the time to deliver projects in half.”

And then to show that good ideas have legs, they “open-sourced the IT Dashboard and released all of our training materials. Within hours, 38 states and multiple countries reached out to express interest in adopting it to improve transparency and accountability. It’s already been downloaded more than 2,500 times across the world.”

Within months we went from a President who doesn’t have email to open source code!

My favorite section from the piece is not the numbers and projects but the personal anecdotes that Vivek shares. It’s part of what, in my opinion, makes him such a great leader (and great person).

“I was born in New Delhi, India, and lived in Tanzania until I was eleven. I came to America in 1985…I couldn’t speak English when I first arrived. I recall my first days at school in Gaithersburg, Maryland, and seeing a couple of African American kids around my age. They reminded me of my friends in Tanzania, so I walked up to them and starting speaking in Swahili. I was promptly met by strange looks, so I started speaking even louder to make sure they understood me. I suspect they thought I was making fun of them because the next thing I knew, I was being beaten up. Not the warm welcome I was expecting.”

But back to the tech: we get to the biggest project of his tenure, cloud computing.

“With the economy facing the worst recession since the Great Depression, one program – Cash for Clunkers – provided rebates to people who traded in older cars for new, more fuel-efficient ones. But just three days after its launch, the system for processing these rebates collapsed.”

“One hot DC August night during the height of this mess, I emerged at 4 a.m. from the Department of Transportation after 14 straight hours working…to keep servers online and the site operational.

“When I was Director of Infrastructure Technology in Arlington County, I knew down to the street address where each of our data center facilities was located and what was in them. Yet when I asked how many data centers the Federal Government had, nobody could give me the answer.

“It took agencies eight months to produce an initial inventory of their data centers. All told, the number of Federal data centers has more than quadrupled since 1998, from 432 to more than 2000. Yet on average, they are only 27 percent utilized.

“That’s why the Federal Government is actively shutting down 800 data centers by 2015.”

As of now the Federal Government is moving full speed into the cloud.

Which, of course, brings up the security concerns. As more of our critical systems go online we face an increasing risk of cataclysm.

“From power plants to stock exchanges, hospitals to banks, our Nation’s critical infrastructure systems are increasingly wired and, as a result, increasingly vulnerable to cyber-attacks.”

Finally, the last of Vivek’s projects, transparency.

“In this approach we also need to be mindful, however, that security is used too often as an excuse to justify the Government operating in a closed, secretive, and opaque manner.

“We almost have an IT cartel that’s made up of a few companies that benefit from government spending because they understand the procurement process better than anyone else, not because they provide better technology.

His response was to re-create the Apps for Democracy program but in a bigger, more permanent way.

“…we threw open DC’s warehouse of public data so that everyone – constituents, policymakers, and businesses – could meet in a new digital public square. We started with 200 live data feeds – everything from government contracts to crime statistics to economic development. And to spur citizens to turn this data into applications that the government didn’t have the resources to create on its own, we launched the “Apps for Democracy” contest, offering prizes for the best applications based on the data we released.

“We ran Data.gov like a lean start-up. On day one, we launched with a Minimum Viable Product with only 47 datasets. Two years later, there are 389,907 datasets covering every government mission area, from health care to public safety.

“Data.gov has spawned a global movement – 21 nations, 29 states, 11 cities, and several international organizations have established open data platforms.

In many ways Vivek is not a traditional White House appointee. His projects were big but not flashy. They tackled the hardest problems big IT faces (spending, cloud, security, and openness) and did so in a lasting way. Each of these projects are now fundamental elements of the Federal Government, which is an awesome legacy.

Americans may not know his name or even understand his work, but in Vivek’s own words: “We saved billions in taxpayer dollars; we adopted game changing technologies; we strengthened the cybersecurity posture of the nation while making it more open, transparent, and participatory.”

A truly successful CIO.

Good luck to you, Vivek, in your new position:

“…my work at Harvard, focusing on how we can use information technology to solve our nation’s and the world’s most pressing problems.

And, good luck to your replacement, Steven VanRoekel, a former Microsoft executive and one-time assistant to Bill Gates.

 

Congratulations, @stevenvDC! The best man for the best tech job on the planet. Good luck–you’re going to rock it!less than a minute ago via HootSuite Favorite Retweet Reply