China Archives - Page 3 of 5

Posts

Thursday Morning: Eye in the Sky

April 7, 2016/6 Comments/in Culture, Cybersecurity /by Rayne

I am the eye in the sky
Looking at you
I can read your mind
I am the maker of rules
Dealing with fools
I can cheat you blind

— excerpt, Eye in the Sky by Alan Parsons Project

It’s not like I wanted to haul out all my high school and college music, but they sure seem to work well this week.

Speaking of the eye in the sky…

FBI and DHS circle overhead a LOT
Buzzfeed published its findings after looking into FBI and DHS surveillance flight records, finding a lot of planes circling over mosques. The results also looked at flights immediately after the San Bernardino shooting. You know what would be interesting? Comparing that information against the handling timeline for the Apple iPhone issued to Syed Farouk by his employer.

U.S. dealerships sue Volkswagen – but expand on Dieselgate
Not only are three family-owned dealerships suing VW for its fraudulent use of an emissions control defeat system in their diesel passenger vehicles — they are suing because of VW’s financing practices, which steered money away from dealership’s preferred financing while leaving the dealerships stuck with rapidly depreciated business value. The potential losses to VW just swelled by another magnitude.

Iceland’s new PM expects elections this fall
Rather than dissolving the government, the former Prime Minister Sigmundur David Gunnlaugsson’s coalition partners negotiated the appointment of Sigurdur Ingi Johannsson as his replacement after Gunnlaugsson’s Panama Papers-driven resignation. Johannsson said the coalition expects elections this autumn while continuing to focus on working on stability. That’s a nice way of saying the Progressive Party and the Independence Party are stalling for time to avoid a likely rout if elections were held today. Polling indicates the Pirate Party would stomp the other three major parties if a vote was held now.

MP and Official spokesperson of the Pirate Party Birgitta Jónsdóttir was interviewed by Democracy Now! about Iceland’s current political climate. Jonsdottir, a possible contender for PM, explained her country’s reaction to the Panama Papers’ revelations:

…What is in particular disturbing about the prime minister’s conduct in this matter is that the day before new laws took effect in Iceland about how you declare and how tax havens are dealt with, because Iceland is a part of a sort of a campaign, international campaign, to stop tax havens being a part of a solution on how to get away from participating in paying tax in your own country. He signed—his sold his wife his share for one dollar the day before the laws took effect. And that, in itself, seems highly dubious. And then, he has actually been using his wife as a shield and saying that people that are criticizing him are attacking his wife. I actually think that this guy is in some sort of meltdown, because his behavior in the last few days has been so outrageous that it seems like we are stuck in a satire by Dario Fo, you know, in a complete theater of the absurd. And I’m just so deeply humiliated on behalf of my nation that this is what the outside world is looking at. …

The feeling of betrayal is palpable. It’s a good read, do check it out in its entirety.

Odd lots

Massive breach exposes 55 million Philippine voters’ identities (The Register) — That’s Philippines’ Commission on Elections (COMELEC) *entire* database, which COMELEC claims doesn’t contain anything sensitive. Except for stuff like fingerprints and passport numbers. Oh, and all the information for half the entire country’s population.
China’s ‘Great Firewall’ architect reduced to using VPN during a speech (Shanghaist) — Oops.
Adobe patching a Flash zero-day (Naked Security) — Again. I know, I know, when will Flash die?
Climate change could lengthen Europe’s dengue fever season (Science Daily) — Longer, warmer summers will extend the season for Aedes aegypti and Aedes albopictus mosquito populations, the disease’s key infection vectors. Hey, you know what else might show up for longer periods of time, too? Zika, since it’s carried by Aedes aegypti.

Wow. It’s coffee break time already? Have at it. Catch you tomorrow morning!

Wednesday Morning: Whip It Good

April 6, 2016/10 Comments/in Culture, Cybersecurity /by Rayne

When a problem comes along you must whip it
Before the cream sits out too long you must whip it
When something’s going wrong you must whip it

— excerpt, Whip It by Devo

Can’t tell you how many times I’ve thought of this song in the last couple of days.

Panama Papers fallout
Still not as much reporting showing up in global media as one might expect from a collaborative effort the size of that mustered by the International Consortium of Investigative Journalists (ICIJ) and German news outlet Süddeutsche Zeitung (SZ) around the leaked Panama Papers. But there is a slowly building debris field accumulating in the leak’s wake.

Iceland’s Prime Minister Sigmundur David Gunnlaugsson resigned after ~7.5% of the population showed up at a protest rally (Channel NewsAsia) — But you probably know this much already, right? Icelanders don’t mess around with even so much as the appearance of conflict. Hope somebody will tell us if bananas are a thing at protests in addition to eggs, yogurt, and tissue paper. (see photo).
Chair of Transparency International’s Chile chapter resigned (Transparency.org) — Oops. But kudos to Transparency for the prompt and direct reaction after the leak revealed the Chilean chair had been involved with
China squelched reporting ties to leadership and revelations in Panama Papers (SCMP) — The suppression includes redirecting search engine queries to stories about sports figures involved in the scandal.
Amazon’s cloud now home to the Panama Papers source documents (Forbes) — And tiny Australian software firm Nuix has been helping with sifting through the documents.

What will today bring?

Related? Pfizer and Allergan nix their merger
Proposed changes to Treasury Department rules are blamed for the breakup of this corporate marriage, in which Pfizer would have moved its headquarters to Allergan’s location in Ireland to avoid U.S. tax rates. Public sentiment about offshoring after the Panama Papers leak may have clinched this split.

Miscellany

Heat pump technology could reduce energy use in clothing dryers by 40% (Phys.org) — Here’s a great use of our tax dollars, this research by U.S. Department of Energy’s Oak Ridge National Laboratories. Dryers are the largest consumer of electricity in households equipped with them. As much of U.S. energy is produced by fossil fuel, this could have a dramatic impact on CO2 output. Let’s hope Congress encourages more of this kind of research as well as tax credits for related corporate R&D and consumer purchases.
Orbeus, a photo-recognition software company, has been acquired by Amazon (Business Insider) — Imagine getting this message the next time you upload your personal photos to your Amazon Prime Photo account: “People who purchased your spouse’s belt on Amazon also purchased this underwear/lubricant/sex toy.” Just, no.
STARZ premium cable channel will now offer a direct streaming service for cord cutters (Ars Technica) — The offering will work much like HBO Direct. But will ISPs that offer STARZ (like Comcast and Charter) attempt to throttle this service as it cuts into their bundled sales? Net neutrality is going to get a work out as more cable channels offer their content straight to consumers.

Thursday Morning: Number 49

February 18, 2016/38 Comments/in Culture, Cybersecurity, Foreign Policy /by Rayne

[image: Leo Reynolds via Flickr]

Name day of Saint Simon (Simeon), and Greek name day for Leon and Agapitos, it’s also the 49th day of the year, only 317 more to go. Make the best of it, especially if your name is Simon, Leon, or Agapitos.

Hollywood hospital paid ransom — $17K in bitcoin, not millions
See the official statement linked in this updated report. Speed and efficiency drove the payment. Given the difference between the original amount reported and the amount paid in ransom, one might wonder if there was a chaining of devices, or if many less important devices will be bricked.

Laser pointed at Pope Francis’ plane over Mexico
Someone pointed a laser at the Pope’s flight just before it landed in Mexico City yesterday, one of the highest profile incidences of “lasering” to date. The incident follows an international flight forced back to Heathrow on Monday after one of its pilots suffered eye injury from a laser. Thousands of laserings happen every year; it’s illegal in the U.S. and the U.K. both, but the U.S. issues much stiffer penalties including fines of $10,000 and prison time. If Mexico doesn’t already treat lasering firmly, it should after this embarrassing and threatening incident.

Air strike on Doctors Without Borders/Médecins Sans Frontières’ Syrian hospital spurs call for investigation
It’s absolutely ridiculous how many MSF medical facilities have been hit air strikes over the last year, the latest west of Aleppo in Syria. MSF has now called for an independent investigation into this latest attack which killed nine medical personnel and more than a dozen patients. This particular strike is blamed on the Syrian government-led coalition, but Russia and the U.S. have also been blamed for attacks on MSF facilities this year, including the hospital in Kunduz, Afghanistan last October. You’d think somebody had it out for MSF specifically.

Is China rousing over Korean peninsula escalation?
Tension spawned by North Korea’s recent nuclear test, missile and satellite launches, as well as South Korea’s pull back from Kaesong industrial complex and U.S. F-22 flyovers have increased rhetoric in media.

[Analysis] Geopolitical tensions now posing risk to S. Korean economy (The Hankyoreh-South Korea)
Seoul’s spy service says North Korea is preparing cyber and other attacks (South China Morning Post)
China calls for demilitarisation in South China Sea (GBtimes)
Chinese military adviser Major General Wang Haiyun: “[China] must adjust the force deployment along northeastern borders…” (South China Morning Post)

Just as it is in the U.S., it’s important to note the origin and politics of media outlets covering China. GBtimes, for example, covers Chinese stories, but from Finland. ~head scratching~

All Apple, all the time
A huge number of stories published over the last 24 hours about Judge Sym’s order to Apple regarding unlocking capability on San Bernardino shooter Syed Farook’s iPhone.

Some of the stories followed Google CEO Sundar Pichai’s reaction — was he or wasn’t he supportive of Apple’s position in his tweet-only response?
Some posts claim Apple can comply with the order and FBI’s request — technically speaking, yeah, they can.
Others oppose compliance as it may establish a new precedent and increase risks to other law-abiding iPhone users’ personal data.
This is a pretty decent overview of the entire FBI vs. Apple case.

I wonder if this is really a Third Amendment case, given the lack of daylight between the FBI and the U.S. military by way of Joint Terrorism Task Force involvement, and the case at hand in which a non-U.S. citizen’s illegal activities (Farook’s wife Tashfeen Malik) may have triggered related military counterterrorism response. Has the U.S. government, by demanding Apple create code to permit unlocking the shooter’s iPhone, insisted on taking private resources for government use? But I’m not a lawyer. What do I know?

That’s it for now. Thursday, February 18th is also “Teen Missed the Bus Day”; ‘Agapitos’ he is not at the moment. Kid’s going to owe me some time helping with the next morning post.

Thursday Morning: Trouble, We Haz It

January 21, 2016/4 Comments/in Culture, Cybersecurity /by Rayne

[screensnap: José James at AllSaints Basement Session (video not available for embed)]

[screensnap: Jose James at AllSaints Basement Session (video not available for embed)]

Quite literally I went looking for Trouble, and I found this video by José James from the AllSaints Basement Sessions. Might be the first time looking for trouble paid off.

Drug makers struggle with ‘supply and demand’ concept
Speaking of trouble, the World Economic Forum meets at Davos, Switzerland this week to engage in its annual circus of the wealthy. Big Pharma piped up and said it wants money to develop antibiotics to replace/augment their current lineup to which bugs have become resistant. Extortion, much?

Hello? Your drugs don’t work any longer, which means sales will go down. They don’t work because you oversold them, jackasses. You don’t get to change ‘supply and demand’. Your incentive is and always has been profits, which only happen if you sell a working product. Too bad you screwed your golden goose — and us.

Here’s an idea: in the meantime, the U.S. government should fund a competing government-owned drug research and manufacturing facility the way it funds DARPA. The public will benefit directly from the research it bought, and if private drug companies can do better, even using freely available public research, they can knock themselves out.

Still want incentives? Sure. We get a chunk of the company in exchange for a handout, just like General Motors. Now beat it and get back to research or bean counting, whatever it is you really do.

Speaking of drugs, Chinese caught spying on pharmaceutical firm GlaxoSmithKline
Along with four others, a senior-level manager and biotechnology expert based at Glaxo’s Pennsylvania facility was charged with conspiracy, wire fraud, money laundering, and theft of trade secrets. An interesting spin on this story is the involvement of a twin sibling used in money laundering. Glaxo has been at the heart of a couple other corruption stories in China, including reports of bribery and industrial espionage. These Glaxo-related stories all read like telenovela scripts.

Hey, look! A leaky backdoor built into encrypted phone calls
Shocking, just SHOCKING, that a backdoor might be so flawed that a single master key could allow the holder access to ALL phone calls in an encrypted system. It’s not shocking that GCHQ is pushing this system’s security protocol it developed in-house.

Android phones used for banking may be infected with two-factor defeating malware
Wow. This is pretty creepy. You’d think your voice would be your bond in banking, but it can be used to access your account even though your voice is part of a two-factor authentication system. Android.bankosy is the bug in question; better read this article because it’s pretty complex stuff.

Internet of Things via search engine — including your Things?
You want more creepy trouble? Here you go — but I sure hope your home doesn’t appear in these webcam feeds.

That’s enough trouble for now. Make some of your own.

Wednesday Morning: Whac-A-Mole

January 20, 2016/5 Comments/in Culture, Cybersecurity /by Rayne

[image: eric lynch via Flickr]

Can’t bop them on the head fast enough. There are just too many issues popping up. See which ones you can nail.

And GO!

Video popularity in Facebook’s ‘walled garden’ means change for news outlets
This is not good. This is AOL’s model come full circle. Increasingly Facebook is shutting down access from outside, forcing news outlets to move inside, and to produce video instead of text content in order to fight for attention. Numerous outlets are affected by this trend, including the former AOL (now Huffington Post). The capper is Facebook’s persistent tracking of any users, including those who click on Facebook links. What will this do to general election coverage? Facebook really needs effective competition — stat.

Weather and bad flu season raised French deaths above WWII’s rate
Wow. I knew the flu was bad last year, but this bad? Ditto for Europe’s weather, though the heat wave last summer was really ugly. Combined, both killed more French in one year than any year since the end of World War II, while reducing overall life expectancy.

FDA issues guidelines on ‘Postmarket Management of Cybersecurity in Medical Devices’ for comment
Sure hope infosec professionals jump all over this opportunity to shape policy and regulation. Imagine pacemakers being hacked like a Chrysler 300, or reprogrammed without customer knowledge like a VW diesel, or surveilling user like a Samsung smart TV…

UK’s Cameron says one thing, UK’s arms dealers another with sales of £1Bn arms to Saudi Arabia
Can’t. Even. *mumbles something about pig porker*

“The day after the prime minister [David Cameron] claimed to be ‘trying to encourage a political process in Yemen’ and declared ‘there is no military solution in Yemen’, official figures reveal that in just the three months July to September, the government approved the sale of over £1bn worth of bombs for the use of the Royal Saudi Air Force. …

[Source: The Guardian]

Lack of transparency problematic in fatal French drug trial
Like talking to a brick wall to get answers about the drug involved in one death and five hospitalizations after 94 subjects were given an experimental drug. On the face of it, simultaneous rather than staggered administration may have led to multiple simultaneous reactions.

Canadian immigrant helped two Chinese soldiers attempt theft of U.S. military aircraft plans
You want to know how ‘chaining’ works? Here’s a simple real world example allegedly used to spy on U.S. military aircraft: Identify a key node in a network; identify the node’s key relationships; sniff those connections for content and more key nodes. A Chinese immigrant in aircraft biz, located in Vancouver, shares email addresses of key individuals in the industry with Chinese officers. They, in turn, attempt to hack accounts to mine for plans, which their contact in Vancouver vets.

Now ask yourself whether these key individuals are in or related to anyone in the Office of Personnel Management database.

Ugh. Keep whacking those moles.

Friday Morning: Looks Like We Made It!

January 8, 2016/24 Comments/in Culture, Cybersecurity /by Rayne

[image: Viewminder via Flickr]

Looks like we survived the first business week of the year, made it through floods and fire and other apocalyptic events. Can’t imagine what next week will bring at this rate.

Saudi Arabia may sell shares in oil producer Aramco
Listing Aramco could create the most valuable company in the world, worth over a trillion in U.S. dollars. The move may raise cash to pay down some of the Saudi government’s debt, but it opens the oil producer to public scrutiny. Would it be worth the hassle?

With Russia increasingly eating into Aramco’s market share of China, and OECD countries’ oil consumption falling, selling shares in Aramco may not raise enough cash as its revenues may remain flat. Prices for utilities have already been raised within Saudi Arabia, shifting a portion of expenses to the public. What other cash-producing moves might Saudi Arabia make in the next year?

Detroit’s annual Autoshow brings VW’s CEO for more than a visit to tradeshow booth
Looks like Volkswagen’s Matthias Mueller will be tap dancing a lot next week — first at the 2016 North American International Auto Show, which unofficially opens Sunday, and then with the Environmental Protection Agency.

What’s the German word for “mea culpa”? Might be a nice name for a true “clean diesel” vehicle.

Data breaches now so common, court throws out suit
You’re going to have to show more than your privacy was lost if you sue a company for a data breach. Judge Joanna Seybert for U.S. District Court for the Eastern District of New York dismissed a class action suit against craft supplies retailer Michael’s last week, writing that lead plaintiff “has not asserted any injuries that are ‘certainly impending’ or based on a ‘substantial risk that the harm will occur.” Whalen’s credit card had been used fraudulently, but she wasn’t liable for the charges.

Annoyingly, Clapper v Amnesty International USA was used as precedent, much as it had been in last summer’s suit against Home Depot for a data breach. At this rate, retailers will continue to thumb their noses at protecting their customers’ data, though identity theft-related losses amount to more than all other property theft losses combined [pdf].

Don’t forget China: DOJ raids Chinese hoverboard company’s stall at CES 2016
I can’t find any previous examples of law enforcement conducting a raid at a trade show — if you know of one, please share in comments. The Department of Justice’s raid yesterday on Changzhou First International Trade Co.’s booth at CES 2016 doesn’t appear to have precedent. Changzhou’s hoverboard product looks an awful lot like Future Motion’s Onewheel, which had been the subject of a Kickstarter project. The Chinese hoverboard was expected to market for $500, versus the Onewheel at $1500.

Makes me wonder if there are other examples of internet-mediated crowd-funded technology at risk of intellectual property theft.

Pass the Patron. I’m declaring it tequila-thirty early today.

Thursday Morning: Chinese Fortune Not Looking Good

January 7, 2016/9 Comments/in Culture, Energy Policy, Foreign Policy /by Rayne

[image by Images Money via Flickr]

If I was still a practicing Catholic, I’d be tempted to pray to St. Angela of Foligno today, her saint’s day. She was known for walking away from wealth and practicing charity. Given the Chinese stock market’s plummet overnight, St. Angela might be the right guide for this leg of the journey.

China halts stock trading after market sinks more than 7%
Second time this week trading has been suspended in China, with free fall blamed on Chinese currency, lower oil prices, economic slowdown. Some also blame North Korea’s nuclear test, but anecdotes from Pacific Rim region suggest news about the test did not receive the same level of attention across Asia as in U.S. Not much feedback at the time this post was written in news media about response to market by China’s leadership.

Richard Perle’s long tail seen in North Korea
Worth revisiting an analysis on North Korea’s nuclear program written last January by Siegfried Hecker of Stanford University’s Center for International Security and Cooperation (CISAC). I agree with Hecker’s assessment, only surprised he didn’t name Richard Perle specifically for the cascade of diplomatic fail on North Korea that began under the Bush administration.

Self-driving cars, now self-driving passenger drones?
At CES 2016, China’s Ehang Inc. showed off a single-passenger drone, launched by commands entered on a tablet. The drone has no backup controls, which sounds scary as hell for a passenger flying 1000-1600 feet above the ground at +60 miles per hour. I can hear George Jetson screaming, “Jane! Stop this crazy thing!” even now. FAA would be insane to permit these devices in the U.S.

Unnamed sources say VW may buy back polluting cars sold in U.S.
This report could be a trial balloon floated by Volkswagen to see if a buy-back or a hefty discount on a new car will appease U.S. owners of so-called “clean diesel” vehicles. Is this really a satisfactory remedy to fraud?

Rethinking Saudi Arabia’s future in a time of cheap oil
Another worthwhile read, if a bit shallow. It’s time to model not only Saudi Arabia’s future, but a global economy no longer dependent on oil; what risks are there for OPEC countries if they cannot depend on increasing oil revenues? Could political instability spread across Central and South America as it has in the Middle East and Africa? How will climate change figure into the equation, as it has in Syria? And then back to economic unease in China, where the market has reacted negatively to lower oil prices.

I’m out of pocket this morning, will check in much later. Talk amongst yourselves as usual.

Was Quantum Entanglement Experiment Behind “Classified Cryptographic Equipment” Confusion After Antares Crash?

October 29, 2014/20 Comments/in Science /by Jim White

Yesterday evening, an Antares rocket built and operated by Orbital Sciences Corporation exploded shortly after liftoff. The rocket was intended to ferry supplies and equipment to the International Space Station. Orbital and Spacex have taken over some of the duties supplying the space station since the termination of NASA’s shuttle program.

In the early aftermath of the explosion, word came out that the crash site had to be secured because sensitive cryptographic equipment was on board:

The Cygnus mission was non-military, but the company’s Antares program manager, Mike Pinkston, said the craft included “some classified cryptographic equipment, so we do need to maintain the area around the debris in a secure manner”.

That initially struck me as odd. The International Space Station has a large number of cooperating countries, including Russia. It’s hard to imagine that the US would put sensitive equipment into the hands of cosmonauts right now, given the cool state of US-Russian relations. Of course, it would make sense for ISS communications to be encrypted in order to prevent meddling by hackers, but movement all the way to classified (and presumably military or NSA-level) encryption seems to be excessive.

This morning, we are seeing walk-back on the presence of classified equipment:

Shortly after the explosion, CNN quoted a launch director as saying that the spacecraft contained classified “crypto” equipment, but early Wednesday a NASA spokesman said by email that “We didn’t have any classified items on board.”

In trying to make sense of what could have been behind these strange statements, I ran across this interesting announcement of a new cryptographic technology that European scientists have proposed evaluating in an experiment on the space staion:

A team of European researchers have proposed a series of experiments that, if successful, could turn the International Space Station into a key relay for a quantum communications network.

The key basis of physics underlying quantum communications is entanglement. Entangled particles are connected in a way that pretty much defies common sense. If you change the spin of one of the particles, the spin of its entangled counterpart will change – even if they’re miles apart. And that change happens nearly instantaneously – at least four orders of magnitude faster than the speed of light, according to a recent experiment.

Another remarkable aspect of this technology that sounds almost too good to be true is its potential security. After noting that quantum networks are quite fragile, the Forbes article continues:

But why bother with these networks at all if they’re so fragile? The answer is pretty simple – because they’re almost perfectly secure. Here’s how it works. Let’s say that I want to send a message to New York City. My message is going to travel through normal channels, but it will be encrypted with a key. That key is transmitted via the entangled photons – so the changes I make to entangled particles on my end almost instantly show up in the particles in New York. We then compare the measurements of what I changed in my photons to those states in New York City.

Those measurements then comprise an encryption key for our communications. So even if our communications are bugged, nobody can read them without knowing that encryption key. And here’s the important thing: if somebody were to try to eavesdrop on the quantum entanglement, they would alter the spin of the photons. So the measurements I make and the measurements made in New York would be out of sync – thus letting us know that we have an eavesdropper. It also prevents us from creating an encryption key, so we don’t send any communications. Theoretically, a quantum encrypted network is almost perfectly secure. (That said, they’re not perfect, and there are some exploits.)

The announcement from the European group that they wished to carry out the experiment based on what Einstein called “spooky action over a distance” came last April. Then, in June, it was announced that China had carried out a key demonstration of concept experiment back in 2010 but waited four years to publish the result.

With China announcing progress on the technology, one would think that the West would want to accelerate its work in the area, so it would not be at all surprising if equipment for the European experiment was among the items lost when the rocket exploded. Further, one would expect that Orbital would have been told that security for that equipment would be of the very highest level. In discussing the issue of sensitive equipment among the Antares wreckage, PCWorld this morning mentioned the incident of China perhaps examining the wreckage of the US stealth helicopter that was left behind after the mission to kill Osama bin Laden. It could well be that for this crash site, keeping the debris away from prying eyes from China is behind the call for security. Note also that the experiment quite likely would have been coordinated by the European Space Agency on behalf of the European scientists, so NASA’s claim that “We didn’t have any classified items on board” could be parsed as not applying to any classified items that ESA might have had on the rocket.

Not-So-Trusted Computing: German Government Worried About Windows 8 Risks

August 22, 2013/33 Comments/in Cybersecurity, Foreign Policy, Intelligence /by Rayne

Microsoft’s “trusted computing platform.”

Microsoft’s “secure boot” technology.

The doublespeak almost writes itself these days. Whose “trusted computing”? Whose “platform”? And whose “secure boot”?

At least one government has expressed concerns in internal documents, buttressed by an unusual public statement in response to reports about the leaked documents.

According to German news outlet Die Zeit, internal documents from the Bundesamt fur Sicherheit in der Informationstechnik (Germany’s Federal Office for information Security – BSI) warn that Microsoft Windows 8’s Trusted Computing Platform poses a security risk.

The BSI issued a response, the first paragraph of which acknowledges the news reports; it also refers to an internal paper by the Bundeswirtschaftsministeriums (Germany’s Federal Ministry of Economics and Technology – BMWi) advising caution in using the Trusted Computing Platform. This may not be the first cautionary communication by the BMWi as it is not clear whether the paper referenced by the BSI today is the same internal paper issued on the subject in early 2012.

In the second paragraph, BSI denies it has issued any warning to private or public sector users, though this announcement doesn’t deny a warning might be warranted since government agencies are warning each other internally.

The third paragraph says that the Win 8 TCP (using Trusted Platform Module TPM 2.0) might offer improved security for some groups, though transparency should be offered by the manufacturer.

But the kicker is the fourth paragraph:

“From the BSI’s perspective, the use of Windows 8 combined with TPM 2.0 is accompanied by a loss of control over the operating system and the hardware used. As a result, new risks arise for the user, especially for the federal government and for those providing critical infrastructure. In particular, on hardware running Windows 8 that employs TPM 2.0, unintentional errors of hardware or the operating system, but also errors made by the owner of the IT system, could create conditions that prevent further operation of the system. This can even lead to both the operating system and the hardware employed becoming permanently unusable. Such a situation would not be acceptable for either the federal authorities or for other users. In addition, the newly-established mechanisms can also be used for sabotage by third parties. These risks must to be addressed.”[1]

“Loss of control over the operating system” isn’t a minor trifle. This suggests that any and all computers with this “feature” could go rogue and operate in contravention to the owners’ instructions, at the direction of some unseen entity on a network or by injection of an application through thumb drive, disk drive, CD, etc.

This also suggests that a Win 8 system using TPM 2.0 might well reject any attempts to use an alternative operating system — a so-called “secure boot” might cut off any application other than Win 8. For all intents and purposes, a machine with Win 8 and TPM 2.0 will operate to Microsoft’s orders and to the orders of whomever is ordering Microsoft these days. It’s not out of the question that Win 8 systems lacking valid TPM 2.0 might be prevented from accessing the internet or any other network.

Which begs the question: if Windows 8 and TPM 2.0 are installed, whose computer is it? Read more →

Morally Depraved Obama Fails in Response to Egyptian Massacre

August 16, 2013/15 Comments/in Foreign Policy, War /by Jim White

The New York Times headline for its story summarizing Barack Obama’s statement yesterday on the violence in Egypt parrots the administration’s hapless plea that Obama has few options in dealing with Egypt: “His Options Few, Obama Rebukes Egypt’s Leaders“. Obama’s grand statement delivered the stinging blow of canceling joint military exercises with the Egyptians. We also are reminded later in the article that the US has delayed delivery of four F-16 fighter jets without also being informed that this delay was announced prior to the massacre of Egyptian civilians.

In his statement, Obama never addressed the huge piece of leverage that the US does have in relation to Egypt. The roughly $1.5 billion in US aid that flows to Egypt each year is primarily for the military and supports about a third of the military’s budget. The article in the Times goes to great lengths to explain to us just why Obama can’t cut off this aid. We are told first that if we cut off aid, “Saudi Arabia, Kuwait and the United Arab Emirates” will rush into the void to provide the missing funding And if that isn’t scary enough, we are told a couple of paragraphs later that cutting off the aid would open the door for Russia and China to step in.

With the death toll from the crackdown now above 600 and likely to go much higer, and with grisly videos surfacing of civilians being gunned down in cold blood by the military, we see a quote from the standard anonymous “senior official” who says “There’s a basic threshold where we can’t give a tacit endorsement to them.”

Just wow. The Egyptian military has staged a coup in which they have removed a democratically elected (although dysfunctional and failed) government and massacred over 600 of its citizens in cold blood. None of that rises to the level of the “threshold where we can’t give a tacit endorsement to them”? What on earth do they have to do to get the US to cut them off?

One answer to that question is in the next paragraph:

And it could destabilize the region, particularly the security of Israel, whose 1979 peace treaty with Egypt is predicated on the aid.

It would appear that Egypt can kill all of its own civilians it wants with the weapons and money we provide as long as they don’t also kill any Israelis.

But there is another insidious tie in the US aid to Egypt. US defense contractors are making tons of money off of it. From a Bloomberg piece describing US support of the Egyptian military two years ago at the beginning of the uprising against Mubarak: Read more →