Category Archives: Computer Science

What is the Vulnerability Equities Process?

The Vulnerability Equities Process or VEP was designed by the Obama administration in an effort to ensure that the government react appropriately if and when it discovers vulnerabilities in the products made by technology manufacturers. While the guidelines were an attempt to find an ideal compromise among contradictory values, many technology, industry and security experts have condemned the VEP as a failure.

Dave Aitel and Matt Tait, for example, said last week that “the US has confused a public relations strategy with a security strategy, to the detriment of the nation.”

vepThe VEP hosts a handful of major weaknesses, the first and most important of which is perhaps the fact that it’s not actually a binding order. In fact, because the VEP is technically contained under the umbrella of administration policy as opposed to being a law or executive order, the next president can decide whether or not he or she even wants to continue it.

That’s just fine with Aitel and Tate. According to them, the next administration should just devise a completely new strategy, preferably one that’s actually effective.

So what is the VEP? Briefly, the Obama administration hashed out and later revised the VEP as an internal framework for ascertaining whether the US government should publicly disclose discoveries it might make regarding hardware and software vulnerabilities in tech products. These discoveries could be discovered independently by government agencies or by third-party contractors. How exactly the government determines the applicability of situations that merit disclosing or covering up vulnerabilities remains classified. However, intelligence and defense agencies seem to do work where issues regarding discovery and disclosure would be most relevant.

vep2Given the basis of US intelligence, the VEP would provide a fundamentally flawed and confusing framework for deciding whether or not to inform a company of its products’ vulnerabilities. Given intelligence equities, clearly the most advantageous situation is one in which the government develops, stockpiles, and utilizes vulnerabilities for as long as they can get away with it, disclosing vulnerabilities as little as possible.

This agenda clearly butts heads with that which would form given an operational standpoint. It takes at least two years to make full use of and integrate a discovered vulnerability; if an intelligence officer is given the task of managing an offensive security process, the VEP requires that inexpert intergovernmental oversight be maintained over these actions. That means that certain bugs are going to be doomed to eventual public exposure, regardless of strategic management by whatever experts are involved.

Whether the government published the VEP in an effort to ultimately make the vulnerabilities process transparent is rather unlikely. As prominent tech blogger Michael Daniel noted about Heartbleed, “this case has re-ignited debate about whether the federal government should ever withhold knowledge of a computer vulnerability from the public.”

The argument will likely be hashed out yet again as a result of the recent NSA hack and the consequential leak of important and highly confidential hacking tools created by the US government. Now that these powerful methods will be made available to malevolent hackers through a black market auction, a case can be made that the government should inform manufacturers as opposed to documenting and exploiting vulnerabilities.

 

 

Fledgling Tech Companies Prepare for Change

In terms of young tech startups enjoying almost immediate, enormous, and global success, you can’t find a much better example than Slack. Only two years old, Slack has already secured for itself a mind-boggling $2.8 billion dollar valuation, hundreds of thousands of users, and a break-neck growth rate that is extremely competitive by even Silicon Valley standards.

Slack recently raised $160 million as a result of its $2.8 billion valuation in April. It’s founder, Stewart Butterfield, said that he did so not because the company actually needed the money, but purely because it was possible.

slack“This is the best time to raise money ever,” he told the New York Times. “It might be the best time for any kind of business in any industry to raise money for all of history, like since the time of the ancient Egyptians.”

This quote is not necessarily an indicator that the young startup founder expects long term prosperity in a gravy-train market. Butterfield may be expressing a “make hay while the sun shines” type philosophy that if anything, indicates an understanding that more difficult times may be ahead.

He and many other successful tech company founders are likely making an intelligent decision to raise as much money as possible now. According to many analysts, they may be riding the inflation of a tech bubble for all its worth and collecting as much “bubble insurance” as possible before that bubble implodes and times get a little tougher for venture capitalists and the private tech companies that they’ve invested in.

“The advice you always get from more seasoned entrepreneurs is to take the hors d’oeuvres when they’re passed,” explained Marco Zappacosta, CEO of Thumbtack. In other words, raise money when you can, because if you wait until you need it, it might not be out there waiting for you to grab it. Thumbtack is a local services platform that managed to raise $100 billion from Google Capital and other investors in August of 2014.

Whether this economic downturn is worth preparing for is becoming an increasingly irrelevant question; people are actively waiting for the bubble to burst, and mitigating the potential results before they’re a reality is one of the most effective ways to avoid total failure when disaster hits.

That said, riding out a couple years’ worth of market crash with stored money isn’t without its risks. “You’ll have to make the numbers to justify your valuation at some point, so you’re raising the hurdle on yourself.”

google clioudThe paradox is that the ability of even the most successful tech moguls like Facebook to make those numbers has become increasingly in dispute, and that’s the reason people are suspicious of there being a bubble in the first place. AirBnb was valued at 50x its actual profits, and Uber was valued at 100x. Investors have backed up these valuations with the logic that, for startups that show promise, there’s no good reason to cap their potential.

“All of the growth in venture capital has been in the seed market,” explained Scott Kupor, a managing partner at Andreessen Horowitz. Cloud computing and other innovations have made starting up a tech company cheaper than ever, which means more seed companies hit the market ever year. That said, cheaper to start doesn’t mean cheaper to bring into fruition, and at some point, that truth will be written in red dollar signs.

 

Intro to Motherboards

You’ve likely heard of a motherboard and know that it serves some kind of purpose in terms of allowing your PC to work. If you’d like to know a little more about this fundamental computer component, read on.

A motherboard is the main printed circuit board (PCB) of any electronic computing apparatus; it is upon your computer’s motherboard that its other components are either directly installed or connected secondarily. Motherboards are also known as mainboards, system boards, baseboards, planar boards, and logic boards.

mbYour computer’s CPU or central processing unit (the brain of your computer) is installed directly onto your motherboard. Also posited on the motherboard are its various types of data storage, from RAM or random-access memory for temporary information storage (including all of its various caches), to ROM or read-only memory for permanent data that your computer needs to function. Upon inspection of the motherboard you’re likely to find important computing sub-systems like the central processor, the chipset’s input/output and memory controllers, interface connectors, and many, many more components that make your computer your computer.

Motherboards earned their name because they are, in a sense, the “mother” of all components; they beget peripherals, interface cards, and even something called daughtercards, which include sound cards, video cards, network cards, hard drives, TV tuner cards, and cards providing extra USB or FireWire slots.

A system that might be indirectly attached to your computer’s motherboard is the sound card. Whether the sound card is directly installed on your device varies from machine to machine; it can be installed directly or it can be connected through an expansion slot.

Motherboards usually require some kind of cooling system in order to function correctly in the long term; some are cooled using heat sinks mounted on larger chips like the Northbridge. Many devices use fans as well, which tend to be mounted on heat sinks. Keeping motherboards cool has become an increasingly important and difficult task as time goes on and computer clock speeds and power consumption rise. If a motherboard is insufficiently cooled, it can cause damage to its internal components and lead to a devastating computer crash.

mb2Motherboards vary about as much as computers, and their variance in size and form is known as a computer’s form factor. Form factors can be specific to individual computers, but the motherboards utilized by IBM-compatible systems are designed specifically so that they can fit various case sizes and enable some flexibility. In order for a computer to function, its case’s motherboard and PSU form factor must be compatible.

Laptop computers tend to use smaller, more integrated and specialized motherboards that enable excellent processing from miniature computers, but also can cause difficulty with repairs down the line. The failure of one laptop component may cause an entire motherboard to need to be replaced, and laptop motherboards tend to be significantly more expensive than desktop motherboards.

So obviously there’s a reason that motherboards are often called the “central nervous system” of computers; they bring together all the other components to make computers able to function.

When the Internet Acts as Judge and Jury

The Trump campaign made headlines today as usual, though this time around the case was slightly more unique and potentially much more appalling than the standard coverage. Let me save you the effort of Googling it:

Today it was released that Corey Lewandowski, Trump’s camptn rmanager, has been charged with misdemeanor battery after allegedly grabbing former Breitbart reporter Michelle Fields following a Trump event in Jupiter, Florida early this month.

The incident has been a highly Twitter-ized he-said-she-said battle ever since the incident allegedly occurred. Fields isn’t the only witness to the potential violence; Washington Post reporter Ben Teriss claims he witnessed Lewandowski’s violent act against Fields.

coreyJupiter police have stated that their arrest report was not hinged on the two’s testimonies alone but also on surveillance footage that eventually surfaced and has been also posted on the internet. The footage seems to support Field’s story of Lewandowski grabbing “Field’s left arm with his right hand, causing her to turn and step back.” This sealed the deal with the police, who then moved forward to press charges.

Or course, the Trump campaign and its supporters have yet to be convinced. That’s not too shocking for anyone who has kept an eye on Trump’s campaign, as no amount of fact-checking or evidence-finding seems to throw his supports off track. Their camp has even set in motion a new hashtag train, “#IStandWithCorey.

The Trump campaign recently released a statement reading, “Mr. Lewandowski is absolutely innocent of this charge. He will enter a plea of not guilty and looks forward to his day in court.”

Of course, Trump isn’t the only candidate under Twitter fire for dirty campaign tricks. Remember right around the South Carolina democratic primary when the hashtag #WhichHillary started trending, eliciting more than 88,000 weets by 1pm ET? The Twitter had surfaced multiple times on social media as a way of raising awareness of when Hillary Clinton had “flip-flopped” on issues that are currently acting as her selling points in the primaries.

WhichHillary#WhichHillary was all over the internet after Clinton became involved in an altercation with Black Lives Matter activist Ashley Williams at a private fundraiser in South Carolina the Wednesday before the primary. Clinton did not address the activist’s sign, which sported a quote from Hillary Clinton during her husband’s presidential time in which she describes gang members as “super-predators” and said something along the lines of that they need to be “brought to heel.”

The hashtag is now used to bring to light many of Hillary Clinton’s political inconsistencies, from her stance on gay marriage to mass incarceration. It goes to show how much more power internet users have to incriminate people than the standard politically active person had, say, twenty years ago. Physical protests remain powerful, but online protests and trending hashtags are now worthy of campaigner’s attention and anxiety. Just how much power they hold remains to be determined, but I’m sure in a few years we’ll have data to tell us exactly that.

In this particular case, and despite the hashtag, Clinton led Sanders in South Carolina by a fairly large margin.

Google Plays Part in Stopping Zika

There’s a new virus on the loose, and it has nothing to do with hacking.

Last week, Google announced its contribution of US $1 million to the UN Children’s Fund in an effort to support the global fight against the mosquito-borne Zika virus.

Additionally, a team of Google engineers has volunteered to lend their talents to UNICEF; they’ve signed up to analyze data and better understand the viral infection’s path.

zika2Google has also promised to match all employee donations with the intention of donating an additional $500,000 to UNICEF and the Pan American Health Organization.

According to Google, the recent Zika virus outbreaks caused a 3,000% increase in worldwide internet search inquiries since last November. By February, the World Health Organization saw fit to declare a public health emergency regarding the virus.

Although the virus continues to be only partially understood, there are a number of alarming correlations with the virus and other major diseases. Microcephaly and a number of other birth defects have made the list, causing public health officials to recommend that women in areas near Zika outbreaks avoid becoming pregnant.

The spread of the virus is further obfuscated by the fact that four out of five people who contract the virus show no symptom. That and the widespread population of the virus’s primary transmitter, the Aedes mosquito, have caused the eradication of the disease to prove challenging.

That’s why Google saw fit to help; UNICEF is now working with the additional assistance of Google engineers and data scientists to create an open source information platform that will enable UNICEF and its partners to better target and isolate Zika response efforts.

“This open source platform will be able to process information like mobility patterns and weather data to build risk maps. We plan to prototype this tool in the Zika response but expand it for use globally,” stated Chris Fabian. colead of UNICEF’s innovation unit.

The open source data platform will be developed by Google software engineers John Li and Zora Tung as well as UNICEF research scientist Manual Garcia Herranz and UX designer Tanya Bhandari. The platform will be built to process data from different sources like weather and travel patterns and to visualize potential outbreaks.

At the end of the day, the platform’s main objective will be to identify the risk of Zika transmission for different regions and help UNICEF, governments and nongovernmental organizations to find the best possible way to focus their time and resources.

zika3“Financial contributions and donations are always beneficial, but it has hard to say whether or not tracking the virus itself will have significant contributions,” stated Sarah Lisovich, content strategist at CIA Medical.

“The symptoms are similar tot hose of other common healthcare conditions,” she continued. “Google is a leader in terms of research tools and putting forth tools to help understand the outbreak and bring more awareness and comprehension,” she concluded.

This isn’t the first time that big data analytics ave been used for the purposes of tracking and stopping an outbreak; analytics have been used to track malaria, dengue fever, and the West Nile virus for years. They enable researches to quickly turn of knowledge from billions of data points and supply the best input for predicting where the disease will show up next.

4 Ways to Hack a Facebook Account

It’s not nearly as hard as it should be… you definitely don’t have to be a professional hacker to pull it off. Here’s 4 ways you can hack into someone else’s Facebook account without doing anything too strenuous or unimaginable.

The easiest way to “hack” into someone’s Facebook is more a social engineering feat than one of computer genius. Just figure out someone’s Facebook email login, then go to the Facebook login page and click “Forgotten your password?”. Type in the victim’s email and if their account comes up, click “This is my account.”

key loggerFacebook will ask if you’d like to reset the password using the victim’s emails, which obviously won’t help you an just click “No longer have access to these? It will ask How can we reach you? and you can type in an email that you have that also isn’t linked to any other Facebook account. Then it will ask you a security question. If you’re close friends with the person, you likely know the answer. If you’re not, make an educated guess and in 24 hours you can login to their account. if you can’t figure out the question, click “Recover your account with help from friends” and click three friends that are in cahoots and can give you the password or make three fake Facebook accounts and get the person to add you before any of this stuff happens. Then you’re in.

Another option? Use a keylogger, or a program that can record each stroke own the keyboard that a user makes without their knowledge. The software has to be downloaded manually on the victim’s computer and will automatically start capturing keystrokes as soon as the computer is turned on and remain undetected in the background. The software can then be programmed to send you a summary of all the keystrokes via email. CNET provides Free Keylogger.

If you’re afraid you might be susceptible to key logger, use fireball, install a password manager, update you software and change your passwords every so often.

Then there’s the option of phishing. It’s not for beginners because you have to design a fake Facebook login page, and if the victim logs in, the information will be sent to you instead of Facebook’s server. You’d also need a web hosting account. There are guides on how to clone a website that you can use, and detailed instructions you can follow, if you really want to do it.

internet cookieIf you don’t want to be susceptible to this trick, be sure not to click on links provided through weird emails. Also check the URL before you click on it using CheckShortUrl or unshort.me. Antivirus and web security software is also helpful here.

The final method? Steal the cookies that allow a website to store information on a user’s hard drive and retrieve it later. You can access your victim’s account by cloning those cookies and tricking Facebook into thinking the hacker’s browser is already authenticated. Fire sheep collects cookies and stores them in a tab on the side of the browser so you can get in.

Brendan Eich Takes on Ads

Branden Eich is famous for his part in rewriting the Web; his creation of JavaScript, the world’s most used programming language, ended Internet Explorer’s web browser monopoly and opened the door for other browsers to proliferate and change the way people experienced the internet.

His first browser was Mozilla Firefox, but he stepped down from his position as the CEO of Mozilla in 2014 amid loud criticisms of his donations to same-sex marriage ban initiatives in California. Now he’s working on his next browser project: Brave.

Brave is a startup dedicated to developing a browser that changes how internet ads are published and paid for. The browser would block advertisements and attempts to track user data, but replace those advertisements with ads that are less intrusive and use less of a device’s computing resources to run. Advertising revenue will go to site owners and users themselves; publishers would be getting 55 percent of the revenue generated by the ad, which trumps the percentage they get from more established advertising networks. The company advertising would then pay its own advertising network partners 15 percent and keep 15 percent for itself. The final 15 percent would flow back into the browser users’ pockets, though I don’t really get how. Users could opt out of ads altogether by donating to their favorite websites.

The idea behind Brave is to give more power to web users, who are just beginning to be able to make real decisions about their surfing experience based on the browser they choose. If Brave is a success, it will be the first browser to show so much respect for an internet user’s privacy. For now, every time you load a page you’re opting into whatever policies an ad network has in place. “…so we invert this power structure and have the browser be an important part of the system instead of this passive window,” explained Eich.

That said, Eich isn’t out to eliminate internet advertising by any means. He understands that the internet cannot function without its main source of funding, and that ad-blocking software could create major funding issues for a lot of websites.

“Most people aren’t ready to pay for their content,” Eich claimed. “Some aren’t well off enough to pay for subscriptions, some don’t know how or don’t want to trust their credit card to a paywall…They like free-riding, or even starting a war.”

“You may never click on an ad, but even forming an impression from a viewable ad has some small value. With enough people blocking ads, the Web’s main funding model is in jeopardy.”

Brave hopes to allow those who prefer to not see ads still support sites through donations, allowing for those websites losing out on advertising funding to be funded directly by their users. Everyone else can support sites by viewing ads that Eich hopes will be “more relevant, less intrusive, and not so creepy” as the status quo.

Brave claims that if it shares data it finds, it will always by anonymized and that it cannot be shared without the user opting in.

Apple CEO Stands Strong Against FEDs on Encryption

encryption3Last Sunday, Apple CEO Tim Cook took part in an interview on the CBS new program 60 Minutes in which he asserted the rights of tech companies to provide encryption services to their clients.

“There’s all kinds of sensitive information on smartphones today,” claimed Cook. “You should have the ability to protect it. The only way we know how to do that is to encrypt it.”

Cook noted that Apple was still willing to comply with search warrants served on it by law enforcement officials.

FBI Director James B. Comey disagrees, believing encryption is only remains a legal service because of a lag between legislators and inventors: “Unfortunately, the law hasn’t kept pace with technology, and this disconnect has created a significant public safety problem… We call it ‘Going Dark’ and what it means is this: Those charged with protecting our people aren’t always able to access the evidence we need to prosecute crime and prevent terrorism, even with lawful authority.”

“We have the legal authority to intercept and access communications and informant pursuant to court order, but we often lack the technical ability to do so,” added Comey.

Plenty of security and tech advocates take issue with Comey’s initiative to ban encryption services.

“A proposal to protect our security by weakening our security is going in the wrong direction,” asserted executive director of the Electronic Frontier Foundation Cindy Cohn.

“If the government were to suggest that no one put locks on their doors because if we were a terrorist it would be harder to get into our house, we would think that was a bad idea… This is pretty much the digital equivalent of that.”

supercompute2Cohn makes an excellent point; as large scale hacks become commonplace, government agencies are finding that sometimes not even they can keep their sensitive data under wraps. If they have access to everyone’s data, or make that data more accessible to everyone, terrorists won’t be the only users made more vulnerable.

Berin Szoka, the president of TechFreedom, claims that this issue presents a historic crossroads in American history and the history of the internet:

“This is really a binary issue. Are you going to allow end-to-end encryption by the operating system makers or not? Once you say no, you start down this road without stopping the really smart bad guys from continuing to use encryption on their devices.”

CEO of Accellion Yorgen Edholm believes the government can achieve its goals by walking a separate path: “If the government law enforcement agencies are looking for an encryption compromise, maybe they should look outside the tech sector for it… Encryption can always be broken by people who have supercomputers- the government has more supercomputers than anyone else. So the government has the resources to decrypt anything. It’s just that those resources have to be made available to local law enforcement… That compromise wouldn’t make it easier for the bad guys to get into my privacy just because the government wants to have the computer equivalent of a wiretap.”

 

UK Police Crack Down on Young Cybercriminals

The UK has made headlines for turning the heat up on young hackers.

lizard stresser“Over the past few years, the NCA [National Crime Agency] has seen the people engaging in cybercrime becoming younger and younger,” Richard Jones explained. Jones is the current head of the Prevent team at the NCA’s Cyber Crime Unit.

Jones explained that a recent online attack tool known as Lizard Stresser was actually created by 7 people under the age of 18.

The NCA’s clamping down on teenage offenders come as part of the Cyber Choices campaign, which was in turn prompted by the fact that an NCA study revealed the average age of people involved in its investigations was only 17 years of age. The study also found that very few teenagers in the UK actually understood what constituted a cybercrime and what the legal consequences were.

Cybercrimes are common among young hackers who don’t actually want to steal anything or do any horribly catastrophic harm; often viruses are created solely to see how far they spread so that the hackers behind them can reap the bragging rights. Unfortunately, in this age of more serious hacking and cyberterrorism, many governments have no sense of humor for this new form of teenage pranking.

blackshades ratThe National Crime Agency’s Cyber Crime Unit was astounded after uncovering certain information during Operation Dermic in 2014. The operation was pitted against users of a remote-access Trojan (known as a Rat) called Blackshades. After an in-depth investigation of the origin of the Blackshades Trojan, a total of 17 arrests were made. During a follow-up, the National Crime Agency’s Cyber Crime Unit underwent over 80 “cease and desist” visits to people that they had found guilty of purchasing the Blackshades Trojan. Over 500 emails and letters were additionally sent out to people found responsible for purchasing the cybercrime kit that allows for the generation of the Blakshades remote-access Trojan. To the National Crime Agency’s Cyber Crime Unit’s surprise, a large portion of the people contacted due to buying or somehow being involved with the kit were under the age of 20 and still living at home with their parents. In fact, the youngest Blackshades buyer was just 12 years old.

The issue highlights the fact that programmers and hackers are becoming younger and younger, so ill-conceived cybercrimes are being enacted by younger and younger cybercriminals, often in a more experimental than malicious mindset. Early access to computers and the internet will yield an unprecedented generation of computer users, a generation that governments are struggling to educate in terms of the law and the consequences for breaking it. At the same time, laws regarding cybercrime are still forming and lawmakers are attempting to adapt to the constant need for new legislation in a world they weren’t trained to oversee.

What’s A Circuit Again?

Don’t be ashamed; despite the fact that your life totally relies on your access to a myriad of objects that utilize circuits to manipulate electricity for results that are now taken totally for granted, you are not alone in not understanding even the basics of electrical engineering; weirdly enough, most people don’t, and I guess it’s because they can get by just fine without that knowledge. However, if a meteor hits the Earth and corrupts its atmosphere in such a way that only those with a rare and previously unnoted genetic mutation can breathe the new air and you have that mutation, you’re likely going to have to contribute to building society up again to become what it once was which means you should know the basics of mechanical engineering. Or at least someone should. Here’s a quick bit about how circuits work:

Circuits use energy made by electric currents. They are composed of closed paths or loops around which that electric current can flow. Conductive materials like copper metal allow for electricity to flow freely through them. Insulators that don’t allow electricity to easily pass through them, like rubber or plastic, are called insulators.

copper electricityWhy is copper a conductor and plastic an insulator? It all has to do with the chemical structures of the materials and the physical properties of electricity itself. A current of electricity is a steady flow of electrons, which carry electrical energy along with them when they move in the form of a small electric charge. When electrons can move through a substance easily, that substance is a conductor. Conductors tend to have chemical structures in which there are a lot of free electrons easily separated from their parent atoms, which makes electron movement and the carry of electric charge that much easier.

Insulators, on the other hand, have chemical structures in which the electrons are more tightly bound, hampering the movement of electrons.

No matter what the material, electricity will not flow without something to push the electrons, known as the electromotive force, or EMF. A battery, for example, creates the electromotive force that makes a current of electrons flow. Electromotive force is just another word for voltage.

Given a circuit, electricity can flow in two different ways; it can have a direct current or an alternating current. Alternating currents are more powerful and generally used for larger appliances, while direct currents are used for kids toys or simple flashlights.

motorThe ability to run electricity through a circuit opens up so many other new abilities. For example, when electricity is run through a wire, it creates a pattern of magnetism around the wire. That magnetism is utilized in electric motors, which are composed of a cylinder packed with magnets and a core made of iron wire. When electricity runs through the iron core, it becomes magnetically charged in such a way that it interacts with the magnetic cylinder by spinning. The force generated by the spinning can was clothes in a washing machine, spin a drill and drive machinery.