What is the Vulnerability Equities Process?

vulnerabilities equity process

The Vulnerability Equities Process or VEP was designed by the Obama administration in an effort to ensure that the government react appropriately if and when it discovers vulnerabilities in the products made by technology manufacturers. While the guidelines were an attempt to find an ideal compromise among contradictory values, many technology, industry and security experts have condemned the VEP as a failure.

Dave Aitel and Matt Tait, for example, said last week that “the US has confused a public relations strategy with a security strategy, to the detriment of the nation.”

vepThe VEP hosts a handful of major weaknesses, the first and most important of which is perhaps the fact that it’s not actually a binding order. In fact, because the VEP is technically contained under the umbrella of administration policy as opposed to being a law or executive order, the next president can decide whether or not he or she even wants to continue it.

That’s just fine with Aitel and Tate. According to them, the next administration should just devise a completely new strategy, preferably one that’s actually effective.

So what is the VEP? Briefly, the Obama administration hashed out and later revised the VEP as an internal framework for ascertaining whether the US government should publicly disclose discoveries it might make regarding hardware and software vulnerabilities in tech products. These discoveries could be discovered independently by government agencies or by third-party contractors. How exactly the government determines the applicability of situations that merit disclosing or covering up vulnerabilities remains classified. However, intelligence and defense agencies seem to do work where issues regarding discovery and disclosure would be most relevant.

vep2Given the basis of US intelligence, the VEP would provide a fundamentally flawed and confusing framework for deciding whether or not to inform a company of its products’ vulnerabilities. Given intelligence equities, clearly the most advantageous situation is one in which the government develops, stockpiles, and utilizes vulnerabilities for as long as they can get away with it, disclosing vulnerabilities as little as possible.

This agenda clearly butts heads with that which would form given an operational standpoint. It takes at least two years to make full use of and integrate a discovered vulnerability; if an intelligence officer is given the task of managing an offensive security process, the VEP requires that inexpert intergovernmental oversight be maintained over these actions. That means that certain bugs are going to be doomed to eventual public exposure, regardless of strategic management by whatever experts are involved.

Whether the government published the VEP in an effort to ultimately make the vulnerabilities process transparent is rather unlikely. As prominent tech blogger Michael Daniel noted about Heartbleed, “this case has re-ignited debate about whether the federal government should ever withhold knowledge of a computer vulnerability from the public.”

The argument will likely be hashed out yet again as a result of the recent NSA hack and the consequential leak of important and highly confidential hacking tools created by the US government. Now that these powerful methods will be made available to malevolent hackers through a black market auction, a case can be made that the government should inform manufacturers as opposed to documenting and exploiting vulnerabilities.

 

 

Understanding Your Slow Internet

Seo you go bro

There is very little that can be done to reverse some of the most advanced states of computer slowing and the pretense of viruses. At the end of the day you will probably experience a adverse affects of these computer happenings on one or maybe even 2 occurrences throughout the course of your life. Luckily there are several tips and tricks you can do everyday to make sure you are not the easy target you are now, and will hopefully allow your computer to run like a champion for years to come.

In order to understand what we need to know what to do we should probably start by understanding what not to do, and the high probably trouble zones when it comes to computers and your uses of them. For one you should always make sure you are going to established safe and well maintained site. Another major red flag is that you go on most Russian websites. It’s not ideal but the reality of the situation is that unless you absolutely need the information provided on a strictly Russian domain you should try to avoid them given how many cases there were last year of US computer owners experiencing infiltration into their delicate information data bases.

Another thing you need to do when you are considering what you are going to do with your computer is that you get some anti virus software and go for the more deluxe package. This is the type of thing that seems like it is appealing to skimp on because you never really see it working and you feel like you can operate without it. There is very little we know today about the state of affairs and the opportunities that surround the strengthen of cyber security but there is in many ways to this change going to be the reality that as things become more secure and we have the means to enact change and ensure security and locate threats before they can enact any harm so too will it be the case that we loose much of our cyber freedom and the ability to operate in a way that is going make us feel good about our state on security while also ensuring the ideals we value most as a people like liberty and net neutrality.

What is going to be scary is when we look at the state of cyber security when we consider the role it will play in our lives here after. In the future when we are putting all most everything onto the cloud from our heath metrics to our financial instructions and even our undivided attention through the means of VR capabilities. When we have the ability to have very convincing VR we are going to want to make sure we take care of vulnerabilities in this regard before we loose sight of what is most desired and wanted in the future. What we can see though is that even though it may not seem like it we are actually getting better in this regard, and the world is getting safer and more prosperous not less, which is what the news would have you assume if it were your only source of information.

Tech Outside of its Comfort Zone

igotyodad

When it comes to machine learning it is not just for high tech companies anymore. In fact, these days any business is able to leverage machine learning for sale, as well as market and to drive engagement with the tech and tech companies there in. There are several technology firms that are beginning to offer their companies services to leverage machine learning in the next new years that are having big effects on the market in general. This includes a reorganization of motherboards and data analytics in general. 

Companies will use their machine learning for sale and marketing as we all know, but they can also funnel analysis since even non tech businesses are able to generate a lot of data from sales and marketing. Instead of letting that said just lie around, it can and should be used to improve the routing and handling of customer interactions to improve the efficacy of their sales and even marketing teams.

You can also benefit in this regards by seeking the help through friendlier 3rd party services, such as companies will allow their service to operate at a higher level and thus they can illicit the help of machine learning. To put this more clearly Google vision API is one way that this is taking place. To put it more clearly, POST will return sophisticated images for their data analysis and services.

In order to achieve greater efficiency the non tech companies that are already beginning to leverage said power of data science and their machine learning. However, that is the only way they are able to increase as a group such as sales and marketing that attempt to deploy AI driven solutions in their business infrastructure. To give this some perspective, regarding sales productivity, sales forecasts and accuracy or territory planning, every company can use machine learning to achieve an even greater efficiency. Every company that can take advantage of machine learning to achieve inefficiencies.

Another thing to consider is as core to their processes and is a need to develop and understand the market of their en-devours. Working at a non tech company, I see companies using machine learning to predict and see the rending topics of the sale of goods and services. Sales and marketing can use machine learning to help them advocate and identify potential customers and at risk customers. Outside of this narrow breadth we should consider a re imagining of the private sector and commerce in general.

The thing that is interesting in this regard is that the tech industry is slowly and slowly becoming an arbitrary distinction for industries in general. What I mean by that is there is not going to be a sector that is going to be able to resist change in this regard. From computers to carpenters, there is really no facet of the world that cannot benefit from tech in some regard. the question remains in this regard as in all things, of determining where we draw this line,and how we are able to know that we are doing things that are better and not just different.

Fledgling Tech Companies Prepare for Change

tech company

In terms of young tech startups enjoying almost immediate, enormous, and global success, you can’t find a much better example than Slack. Only two years old, Slack has already secured for itself a mind-boggling $2.8 billion dollar valuation, hundreds of thousands of users, and a break-neck growth rate that is extremely competitive by even Silicon Valley standards.

Slack recently raised $160 million as a result of its $2.8 billion valuation in April. It’s founder, Stewart Butterfield, said that he did so not because the company actually needed the money, but purely because it was possible.

slack“This is the best time to raise money ever,” he told the New York Times. “It might be the best time for any kind of business in any industry to raise money for all of history, like since the time of the ancient Egyptians.”

This quote is not necessarily an indicator that the young startup founder expects long term prosperity in a gravy-train market. Butterfield may be expressing a “make hay while the sun shines” type philosophy that if anything, indicates an understanding that more difficult times may be ahead.

He and many other successful tech company founders are likely making an intelligent decision to raise as much money as possible now. According to many analysts, they may be riding the inflation of a tech bubble for all its worth and collecting as much “bubble insurance” as possible before that bubble implodes and times get a little tougher for venture capitalists and the private tech companies that they’ve invested in.

“The advice you always get from more seasoned entrepreneurs is to take the hors d’oeuvres when they’re passed,” explained Marco Zappacosta, CEO of Thumbtack. In other words, raise money when you can, because if you wait until you need it, it might not be out there waiting for you to grab it. Thumbtack is a local services platform that managed to raise $100 billion from Google Capital and other investors in August of 2014.

Whether this economic downturn is worth preparing for is becoming an increasingly irrelevant question; people are actively waiting for the bubble to burst, and mitigating the potential results before they’re a reality is one of the most effective ways to avoid total failure when disaster hits.

That said, riding out a couple years’ worth of market crash with stored money isn’t without its risks. “You’ll have to make the numbers to justify your valuation at some point, so you’re raising the hurdle on yourself.”

google clioudThe paradox is that the ability of even the most successful tech moguls like Facebook to make those numbers has become increasingly in dispute, and that’s the reason people are suspicious of there being a bubble in the first place. AirBnb was valued at 50x its actual profits, and Uber was valued at 100x. Investors have backed up these valuations with the logic that, for startups that show promise, there’s no good reason to cap their potential.

“All of the growth in venture capital has been in the seed market,” explained Scott Kupor, a managing partner at Andreessen Horowitz. Cloud computing and other innovations have made starting up a tech company cheaper than ever, which means more seed companies hit the market ever year. That said, cheaper to start doesn’t mean cheaper to bring into fruition, and at some point, that truth will be written in red dollar signs.

 

Intro to Motherboards

motherboard

You’ve likely heard of a motherboard and know that it serves some kind of purpose in terms of allowing your PC to work. If you’d like to know a little more about this fundamental computer component, read on.

A motherboard is the main printed circuit board (PCB) of any electronic computing apparatus; it is upon your computer’s motherboard that its other components are either directly installed or connected secondarily. Motherboards are also known as mainboards, system boards, baseboards, planar boards, and logic boards.

mbYour computer’s CPU or central processing unit (the brain of your computer) is installed directly onto your motherboard. Also posited on the motherboard are its various types of data storage, from RAM or random-access memory for temporary information storage (including all of its various caches), to ROM or read-only memory for permanent data that your computer needs to function. Upon inspection of the motherboard you’re likely to find important computing sub-systems like the central processor, the chipset’s input/output and memory controllers, interface connectors, and many, many more components that make your computer your computer.

Motherboards earned their name because they are, in a sense, the “mother” of all components; they beget peripherals, interface cards, and even something called daughtercards, which include sound cards, video cards, network cards, hard drives, TV tuner cards, and cards providing extra USB or FireWire slots.

A system that might be indirectly attached to your computer’s motherboard is the sound card. Whether the sound card is directly installed on your device varies from machine to machine; it can be installed directly or it can be connected through an expansion slot.

Motherboards usually require some kind of cooling system in order to function correctly in the long term; some are cooled using heat sinks mounted on larger chips like the Northbridge. Many devices use fans as well, which tend to be mounted on heat sinks. Keeping motherboards cool has become an increasingly important and difficult task as time goes on and computer clock speeds and power consumption rise. If a motherboard is insufficiently cooled, it can cause damage to its internal components and lead to a devastating computer crash.

mb2Motherboards vary about as much as computers, and their variance in size and form is known as a computer’s form factor. Form factors can be specific to individual computers, but the motherboards utilized by IBM-compatible systems are designed specifically so that they can fit various case sizes and enable some flexibility. In order for a computer to function, its case’s motherboard and PSU form factor must be compatible.

Laptop computers tend to use smaller, more integrated and specialized motherboards that enable excellent processing from miniature computers, but also can cause difficulty with repairs down the line. The failure of one laptop component may cause an entire motherboard to need to be replaced, and laptop motherboards tend to be significantly more expensive than desktop motherboards.

So obviously there’s a reason that motherboards are often called the “central nervous system” of computers; they bring together all the other components to make computers able to function.

When the Internet Acts as Judge and Jury

internet judge

The Trump campaign made headlines today as usual, though this time around the case was slightly more unique and potentially much more appalling than the standard coverage. Let me save you the effort of Googling it:

Today it was released that Corey Lewandowski, Trump’s camptn rmanager, has been charged with misdemeanor battery after allegedly grabbing former Breitbart reporter Michelle Fields following a Trump event in Jupiter, Florida early this month.

The incident has been a highly Twitter-ized he-said-she-said battle ever since the incident allegedly occurred. Fields isn’t the only witness to the potential violence; Washington Post reporter Ben Teriss claims he witnessed Lewandowski’s violent act against Fields.

coreyJupiter police have stated that their arrest report was not hinged on the two’s testimonies alone but also on surveillance footage that eventually surfaced and has been also posted on the internet. The footage seems to support Field’s story of Lewandowski grabbing “Field’s left arm with his right hand, causing her to turn and step back.” This sealed the deal with the police, who then moved forward to press charges.

Or course, the Trump campaign and its supporters have yet to be convinced. That’s not too shocking for anyone who has kept an eye on Trump’s campaign, as no amount of fact-checking or evidence-finding seems to throw his supports off track. Their camp has even set in motion a new hashtag train, “#IStandWithCorey.

The Trump campaign recently released a statement reading, “Mr. Lewandowski is absolutely innocent of this charge. He will enter a plea of not guilty and looks forward to his day in court.”

Of course, Trump isn’t the only candidate under Twitter fire for dirty campaign tricks. Remember right around the South Carolina democratic primary when the hashtag #WhichHillary started trending, eliciting more than 88,000 weets by 1pm ET? The Twitter had surfaced multiple times on social media as a way of raising awareness of when Hillary Clinton had “flip-flopped” on issues that are currently acting as her selling points in the primaries.

WhichHillary#WhichHillary was all over the internet after Clinton became involved in an altercation with Black Lives Matter activist Ashley Williams at a private fundraiser in South Carolina the Wednesday before the primary. Clinton did not address the activist’s sign, which sported a quote from Hillary Clinton during her husband’s presidential time in which she describes gang members as “super-predators” and said something along the lines of that they need to be “brought to heel.”

The hashtag is now used to bring to light many of Hillary Clinton’s political inconsistencies, from her stance on gay marriage to mass incarceration. It goes to show how much more power internet users have to incriminate people than the standard politically active person had, say, twenty years ago. Physical protests remain powerful, but online protests and trending hashtags are now worthy of campaigner’s attention and anxiety. Just how much power they hold remains to be determined, but I’m sure in a few years we’ll have data to tell us exactly that.

In this particular case, and despite the hashtag, Clinton led Sanders in South Carolina by a fairly large margin.

Google Plays Part in Stopping Zika

zika

There’s a new virus on the loose, and it has nothing to do with hacking.

Last week, Google announced its contribution of US $1 million to the UN Children’s Fund in an effort to support the global fight against the mosquito-borne Zika virus.

Additionally, a team of Google engineers has volunteered to lend their talents to UNICEF; they’ve signed up to analyze data and better understand the viral infection’s path.

zika2Google has also promised to match all employee donations with the intention of donating an additional $500,000 to UNICEF and the Pan American Health Organization.

According to Google, the recent Zika virus outbreaks caused a 3,000% increase in worldwide internet search inquiries since last November. By February, the World Health Organization saw fit to declare a public health emergency regarding the virus.

Although the virus continues to be only partially understood, there are a number of alarming correlations with the virus and other major diseases. Microcephaly and a number of other birth defects have made the list, causing public health officials to recommend that women in areas near Zika outbreaks avoid becoming pregnant.

The spread of the virus is further obfuscated by the fact that four out of five people who contract the virus show no symptom. That and the widespread population of the virus’s primary transmitter, the Aedes mosquito, have caused the eradication of the disease to prove challenging.

That’s why Google saw fit to help; UNICEF is now working with the additional assistance of Google engineers and data scientists to create an open source information platform that will enable UNICEF and its partners to better target and isolate Zika response efforts.

“This open source platform will be able to process information like mobility patterns and weather data to build risk maps. We plan to prototype this tool in the Zika response but expand it for use globally,” stated Chris Fabian. colead of UNICEF’s innovation unit.

The open source data platform will be developed by Google software engineers John Li and Zora Tung as well as UNICEF research scientist Manual Garcia Herranz and UX designer Tanya Bhandari. The platform will be built to process data from different sources like weather and travel patterns and to visualize potential outbreaks.

At the end of the day, the platform’s main objective will be to identify the risk of Zika transmission for different regions and help UNICEF, governments and nongovernmental organizations to find the best possible way to focus their time and resources.

zika3“Financial contributions and donations are always beneficial, but it has hard to say whether or not tracking the virus itself will have significant contributions,” stated Sarah Lisovich, content strategist at CIA Medical.

“The symptoms are similar tot hose of other common healthcare conditions,” she continued. “Google is a leader in terms of research tools and putting forth tools to help understand the outbreak and bring more awareness and comprehension,” she concluded.

This isn’t the first time that big data analytics ave been used for the purposes of tracking and stopping an outbreak; analytics have been used to track malaria, dengue fever, and the West Nile virus for years. They enable researches to quickly turn of knowledge from billions of data points and supply the best input for predicting where the disease will show up next.

4 Ways to Hack a Facebook Account

hack

It’s not nearly as hard as it should be… you definitely don’t have to be a professional hacker to pull it off. Here’s 4 ways you can hack into someone else’s Facebook account without doing anything too strenuous or unimaginable.

The easiest way to “hack” into someone’s Facebook is more a social engineering feat than one of computer genius. Just figure out someone’s Facebook email login, then go to the Facebook login page and click “Forgotten your password?”. Type in the victim’s email and if their account comes up, click “This is my account.”

key loggerFacebook will ask if you’d like to reset the password using the victim’s emails, which obviously won’t help you an just click “No longer have access to these? It will ask How can we reach you? and you can type in an email that you have that also isn’t linked to any other Facebook account. Then it will ask you a security question. If you’re close friends with the person, you likely know the answer. If you’re not, make an educated guess and in 24 hours you can login to their account. if you can’t figure out the question, click “Recover your account with help from friends” and click three friends that are in cahoots and can give you the password or make three fake Facebook accounts and get the person to add you before any of this stuff happens. Then you’re in.

Another option? Use a keylogger, or a program that can record each stroke own the keyboard that a user makes without their knowledge. The software has to be downloaded manually on the victim’s computer and will automatically start capturing keystrokes as soon as the computer is turned on and remain undetected in the background. The software can then be programmed to send you a summary of all the keystrokes via email. CNET provides Free Keylogger.

If you’re afraid you might be susceptible to key logger, use fireball, install a password manager, update you software and change your passwords every so often.

Then there’s the option of phishing. It’s not for beginners because you have to design a fake Facebook login page, and if the victim logs in, the information will be sent to you instead of Facebook’s server. You’d also need a web hosting account. There are guides on how to clone a website that you can use, and detailed instructions you can follow, if you really want to do it.

internet cookieIf you don’t want to be susceptible to this trick, be sure not to click on links provided through weird emails. Also check the URL before you click on it using CheckShortUrl or unshort.me. Antivirus and web security software is also helpful here.

The final method? Steal the cookies that allow a website to store information on a user’s hard drive and retrieve it later. You can access your victim’s account by cloning those cookies and tricking Facebook into thinking the hacker’s browser is already authenticated. Fire sheep collects cookies and stores them in a tab on the side of the browser so you can get in.

Brendan Eich Takes on Ads

Branden Eich is famous for his part in rewriting the Web; his creation of JavaScript, the world’s most used programming language, ended Internet Explorer’s web browser monopoly and opened the door for other browsers to proliferate and change the way people experienced the internet.

His first browser was Mozilla Firefox, but he stepped down from his position as the CEO of Mozilla in 2014 amid loud criticisms of his donations to same-sex marriage ban initiatives in California. Now he’s working on his next browser project: Brave.

Brave is a startup dedicated to developing a browser that changes how internet ads are published and paid for. The browser would block advertisements and attempts to track user data, but replace those advertisements with ads that are less intrusive and use less of a device’s computing resources to run. Advertising revenue will go to site owners and users themselves; publishers would be getting 55 percent of the revenue generated by the ad, which trumps the percentage they get from more established advertising networks. The company advertising would then pay its own advertising network partners 15 percent and keep 15 percent for itself. The final 15 percent would flow back into the browser users’ pockets, though I don’t really get how. Users could opt out of ads altogether by donating to their favorite websites.

The idea behind Brave is to give more power to web users, who are just beginning to be able to make real decisions about their surfing experience based on the browser they choose. If Brave is a success, it will be the first browser to show so much respect for an internet user’s privacy. For now, every time you load a page you’re opting into whatever policies an ad network has in place. “…so we invert this power structure and have the browser be an important part of the system instead of this passive window,” explained Eich.

That said, Eich isn’t out to eliminate internet advertising by any means. He understands that the internet cannot function without its main source of funding, and that ad-blocking software could create major funding issues for a lot of websites.

“Most people aren’t ready to pay for their content,” Eich claimed. “Some aren’t well off enough to pay for subscriptions, some don’t know how or don’t want to trust their credit card to a paywall…They like free-riding, or even starting a war.”

“You may never click on an ad, but even forming an impression from a viewable ad has some small value. With enough people blocking ads, the Web’s main funding model is in jeopardy.”

Brave hopes to allow those who prefer to not see ads still support sites through donations, allowing for those websites losing out on advertising funding to be funded directly by their users. Everyone else can support sites by viewing ads that Eich hopes will be “more relevant, less intrusive, and not so creepy” as the status quo.

Brave claims that if it shares data it finds, it will always by anonymized and that it cannot be shared without the user opting in.

Apple CEO Stands Strong Against FEDs on Encryption

cook

encryption3Last Sunday, Apple CEO Tim Cook took part in an interview on the CBS new program 60 Minutes in which he asserted the rights of tech companies to provide encryption services to their clients.

“There’s all kinds of sensitive information on smartphones today,” claimed Cook. “You should have the ability to protect it. The only way we know how to do that is to encrypt it.”

Cook noted that Apple was still willing to comply with search warrants served on it by law enforcement officials.

FBI Director James B. Comey disagrees, believing encryption is only remains a legal service because of a lag between legislators and inventors: “Unfortunately, the law hasn’t kept pace with technology, and this disconnect has created a significant public safety problem… We call it ‘Going Dark’ and what it means is this: Those charged with protecting our people aren’t always able to access the evidence we need to prosecute crime and prevent terrorism, even with lawful authority.”

“We have the legal authority to intercept and access communications and informant pursuant to court order, but we often lack the technical ability to do so,” added Comey.

Plenty of security and tech advocates take issue with Comey’s initiative to ban encryption services.

“A proposal to protect our security by weakening our security is going in the wrong direction,” asserted executive director of the Electronic Frontier Foundation Cindy Cohn.

“If the government were to suggest that no one put locks on their doors because if we were a terrorist it would be harder to get into our house, we would think that was a bad idea… This is pretty much the digital equivalent of that.”

supercompute2Cohn makes an excellent point; as large scale hacks become commonplace, government agencies are finding that sometimes not even they can keep their sensitive data under wraps. If they have access to everyone’s data, or make that data more accessible to everyone, terrorists won’t be the only users made more vulnerable.

Berin Szoka, the president of TechFreedom, claims that this issue presents a historic crossroads in American history and the history of the internet:

“This is really a binary issue. Are you going to allow end-to-end encryption by the operating system makers or not? Once you say no, you start down this road without stopping the really smart bad guys from continuing to use encryption on their devices.”

CEO of Accellion Yorgen Edholm believes the government can achieve its goals by walking a separate path: “If the government law enforcement agencies are looking for an encryption compromise, maybe they should look outside the tech sector for it… Encryption can always be broken by people who have supercomputers- the government has more supercomputers than anyone else. So the government has the resources to decrypt anything. It’s just that those resources have to be made available to local law enforcement… That compromise wouldn’t make it easier for the bad guys to get into my privacy just because the government wants to have the computer equivalent of a wiretap.”