Month: ottobre 2014

Happy 45th Birthday, Internet!

Happy 45th Birthday, Internet!EXPAND

Happy birthday, Internet! You may be turning 45 today, but we swear you don’t look a day over 30. And not to embarrass you, but we thought we’d celebrate by sharing some of your baby photos. Or, more accurately, perhaps some of your sonograms.

How do we define the invention of the internet? It’s a question that scholars and armchair historians have debated for decades. Did it start with the birth of the web? Did it start with the adoption of TCP/IP? You could make a case for either. But one seminal moment in the creation of the internet cannot be denied: the first host-to-host connection of the ARPANET between UCLA and Stanford on October 29, 1969. At 10:30pm.

How do we know the exact time? We actually have a document of this historical event. Below, the IMP log which recorded that at 22:30 (10:30pm) the researchers at UCLA and their computer “talked to SRI, host to host.” The IMP log was what researchers used to document their progress as they built and connected the fundamental technologies that would shape our modern tech infrastructure.

Happy 45th Birthday, Internet!EXPAND

The SRI is in reference to the computer at Stanford, an SDS 940. The team at UCLA was talking with that computer all the way from Los Angeles (about 350 miles to the south) with their SDS Sigma 7 computer. Two different computers talking together over a network host-to-host? It was like magic!

In the photo at the top of the post we see a group of researchers circa 1970 standing around a teletype going over data from the ARPANET. William Naylor is there on the far left. Below, a shot of 3420 Boelter Hall at UCLA, where that first ARPANET message was sent from.

Happy 45th Birthday, Internet!EXPAND

The story of the first message on the internet is that of a happy accident. The UCLA computer connected to the computer at Stanford and the two teams were each on the phone together for the historic moment. UCLA researcher Bill Duvall typed an “L” and they asked down the phone, “did you get the L.” Yes, they got the L. He next typed the letter O. “Did you get the O?” they asked. Stanford had gotten the O. Next he typed a G. “Did you get the G?” Nope. the computer had crashed. They were trying to type LOGIN. They had only managed to type LO, leaving the very first message ever sent over the ARPANET as LO, as in lo and behold.

One of the internet’s founding fathers, Leonard Kleinrock, is particularly fond of telling this story. I had the pleasure of getting a tour of the room where the first message was sent at 3420 Boelter Hall at UCLA from Kleinrock not long after first moving to Los Angeles. It has since been restored to its former retro-computing glory (complete with teletypes, the original IMPand 1960s desks) and you can walk by that very room if you’re ever on UCLA’s campus.

But let’s go back even further. Below, we have a short article from the July 15, 1969 edition of the Daily Bruin (UCLA’s student newspaper) announcing that ARPA was working on networked computing on campus. “Country’s computers linked here first,” proclaimed the headline. There was no indication of the internet revolution that was to come.

Happy 45th Birthday, Internet!EXPAND

Perhaps this is where the analogies about baby photos and sonograms start to get a bit embarrassing because the photo below is kind of like the moment of conception. The photograph below shows the delivery of the SDS Sigma 7 computer in Boelter Hall at UCLA circa 1967.

Happy 45th Birthday, Internet!EXPAND

It was easier to cut open the wall and use a forklift to get it into the build than unhook the computer components. But the computer alone wasn’t what made networked computing possible, of course. They needed IMPs (interface message processors), which you can think of as refrigerator-sized modems.

Not only do we have baby pictures of the internet (and a bit of over-sized computer porn), we have what might be considered the notches on the doorframe measuring little Suzy Q. Internet’s growth over the years: the ARPANET maps. Below, a GIF showing its growth from 1969 until 1989.

Happy 45th Birthday, Internet!EXPAND

Internet history nerds will continue to fight over who gets credit for the “true” birth of the internet. But wherever you fall in the the great Internet Invention Debates of the 21st century, you have to admit that the internet’s equivalent of baby photos and bronzed shoes are pretty cool. I guess what I’m trying to say is that if you deny the ARPANET’s role in internet history (as some people surprisingly still do) you hate babies.

Below, the IEEE plaque at UCLA commemorating it as the birthplace of the internet, photographed by Gizmodo’s own Alissa Walker.

Happy 45th Birthday, Internet!

Happy birthday internet! We don’t know where we’d be without you. Probably doing something productive.

Images: Courtesy of the KCIS at UCLA

L’auto del futuro dovrà difendersi dagli hacker

Carlo Del Bo |International Security Advisor

Grazie all’evoluzione tecnologica e a grande richiesta del pubblico, le vetture d’ultima generazione trovano in internet un partner irrinunciabile: è così che ad esempio possono fungere da hot spot Wi-Fi tramite sim card integrate, oppure da semplice ripetitore per la telefonia mobile, spesso replicando in vettura alcune app originariamente progettate per gli smartphone.

Ogni conquista ha però il suo prezzo. L’accesso alla rete non è mai a senso unico, e nessun dispositivo è veramente “chiuso”. Questo il parere di Carlo Del Bo, executive advisor presso BizEmpowerment SA di Lugano e da oltre 25 anni security manager e specialista della cyber defense: «L’accesso al web porta in dote, inevitabilmente, una vulnerabilità. Non importa quale sia lo strumento che accede alla rete. Recenti attacchi hacker negli States, ad esempio, hanno avuto come vittime frigoriferi e televisori connessi a internet. Elettrodomestici che, contrariamente ai PC, nella stragrande maggioranza dei casi non sono…

View original post 272 altre parole

This Chart Shows How The US Military Is Responsible For Almost All The Technology In Your iPhone

Nearly all of the technology in many of the world’s most ubiquitous electronic devices can be traced to a single, taxpayer-funded source: the US Department of Defense.

In an article promoted by the European Commission today, Italian economist Mariana Mazzucato wrote that sparking the world’s economies after a long recession will require greater and riskier investment from government. She used Apple’s wildly popular handheld devices as a present-day example.

The world’s biggest company may have more cash on hand than many actual governments. But the technological breakthroughs behind its iconic iPods, iPhones, and iPads were funded almost exclusively by government agencies — and by one particular segment of one particular country’s government.

As the chart below demonstrates, there’s little in these devices that doesn’t owe its existence to the US Department of Defense in some form or another.

iPhone Technology Military Funding Chart PNGMariana Mazzucato, The Entrepreneurial State: Debunking the Public vs. Private Sector Myths. London: Anthem.

Later devices saw investments from the Navy for their GPS capabilities, and the Defense Advanced Research Projects Agency (DARPA) funded Siri. In fact, the parent company of Siri’s creator, which was acquired by Apple in 2010, still gets over half of its revenue from the Department of Defense, according to a report they published earlier this year.

Highlighting an idea from her recent book on the relationship between the private and public sectors, Mazzucato explains that achieving missions like putting a man on the moon required “a confident ‘entrepreneurial state’ willing and able to take on the early, capital-intensive high risk areas which the private sector tends to fear.”

The US military was often the one taking “capital-intensive risks” that resulted in Apple’s line of products. And the result is a family of devices so widely used that it’s difficult to imagine the world without them.

Read more:  http://www.businessinsider.com/the-us-military-is-responsible-for-almost-all-the-technology-in-your-iphone-2014-10#ixzz3HdqL1AXz

L’auto del futuro dovrà difendersi dagli hacker

Grazie all’evoluzione tecnologica e a grande richiesta del pubblico, le vetture d’ultima generazione trovano in internet un partner irrinunciabile: è così che ad esempio possono fungere da hot spot Wi-Fi tramite sim card integrate, oppure da semplice ripetitore per la telefonia mobile, spesso replicando in vettura alcune app originariamente progettate per gli smartphone.

Ogni conquista ha però il suo prezzo. L’accesso alla rete non è mai a senso unico, e nessun dispositivo è veramente “chiuso”. Questo il parere di Carlo Del Bo, executive advisor presso BizEmpowerment SA di Lugano e da oltre 25 anni security manager e specialista della cyber defense: «L’accesso al web porta in dote, inevitabilmente, una vulnerabilità. Non importa quale sia lo strumento che accede alla rete. Recenti attacchi hacker negli States, ad esempio, hanno avuto come vittime frigoriferi e televisori connessi a internet. Elettrodomestici che, contrariamente ai PC, nella stragrande maggioranza dei casi non sono protetti da antivirus, non hanno a disposizione firewall e non applicano gli aggiornamenti di sicurezza via via rilasciati dai produttori di software. L’auto non fa eccezione».

Tesla

La prima vettura vittima di hackeraggio è stata Tesla Model S (in figura). Il problema non riguarda soltanto la perdita o il trafugamento di dati sensibili, quanto piuttosto la sicurezza degli automobilisti. «L’auto da un lato potrebbe fungere da cavallo di Troia per quanti volessero accedere indirettamente a smartphone e dispositivi mobile che dialoghino con il veicolo – prosegue Del Bo –, dall’altro potrebbe non rispondere di se stessa. L’elettronica governa oggigiorno l’80% delle tecnologie d’una vettura. Dall’ABS all’ESP, agli air bag, senza dimenticare le smart key e i moderni dispositivi di sicurezza; ad esempio l’arresto automatico in caso di collisione imminente. Violare l’elettronica di un veicolo può significare prenderne possesso a distanza. A maggior ragione quando i sistemi di guida autonoma, attualmente in fase di prototipazione, diventeranno operativi». Una questione che solleva interrogativi rilevanti in sede di responsabilità civile e penale. Per fare un esempio, qualora l’apertura degli air bag indotta da un pirata informatico dovesse causare un incidente, la colpa sarebbe da ascrivere al solo hacker, oppure anche alla Casa automobilistica che non ha saputo prevenire un attacco cibernetico? Negli Stati Uniti il tema è già caldo, in Europa lo diventerà nei prossimi anni. Mentre il rischio di attacchi ai sistemi informatici sta acquisendo una sempre maggiore rilevanza strategica e operativa, una contromisura adeguata e univoca non è ancora disponibile. Gli esperti della sicurezza però si sono già attivati, in primis Carlo Del Bo, pioniere nel nuovo ramo della “car defense”.

The Usual Suspects: Russia or China Suspected in White House Data Breach

After months of embarrassing physical security lapses, the Presidential residence appears to suffer a digital breach

Sometimes when you’re laser focused on spying on your own citizens (more specifically 75 percent of their internet traffic and 99 percent of their phone calls) and your allies, sometimes you don’t have time for the tedious task of safeguarding your own networks from foreign hackers.  That seems to be the case for the White House, whose unclassified internal staff network was reportedly accessed by hackers.

The hackers reportedly entered through the employee virtual proxy network (VPN) system, which gives employees remote access to email and other unclassified local resources.  Traces of the intrusion were only observed post-mortem “two to three weeks ago”, according to The Washington Post.  And the intrusion had gone unnoticed until an ally took note of the peculiar traffic and sent a warning to the White House IT staff.

The White House
The White House — America’s presidential residence — has suffered embarassing security intrusions in recent months. [Image Source: Outside the Beltway]

I. Breach is Confirmed

The Washington Post cites one official as saying:

In the course of assessing recent threats, we identified activity of concern on the unclassified Executive Office of the President network.  We took immediate measures to evaluate and mitigate the activity. . . . Unfortunately, some of that resulted in the disruption of regular services to users. But people were on it and are dealing with it.

Certainly a variety of actors find our networks to be attractive targets and seek access to sensitive information.  We are still assessing the activity of concern.

A second official reportedly said:

On a regular basis, there are bad actors out there who are attempting to achieve intrusions into our system.  This is a constant battle for the government and our sensitive government computer systems, so it’s always a concern for us that individuals are trying to compromise systems and get access to our networks.

The Washington Post and The New York Times cited administration officials as stating that there was no evidence of a more serious breach of the classified networks used by the President, high-level executive branch staff, and high level members of the U.S. Military and Intelligence community.

The breach is being investigated by the Secret Service, the U.S. Federal Bureau of Investigation (FBI), and the National Security Agency (NSA).

II. Hackers Probed Network, But Reportedly Did No Damage

According to the report, the attackers did not seek to damage computers, or take over other systems at the White House.  Instead they appeared to be merely methodically mapping the network from the node they gained unauthorized access to.  This suggests a greater level of sophistication.  The Washington Post reports:

In the case of the White House, the nature of the target is consistent with a state-sponsored campaign, sources said.

Probable culprits include Russia, a prominent figure in the world of global hacking, and China, which has been developing a crack team of military hackers.  Like the U.S., both Russia and China have shown a penchant for sparing no expense in their efforts to spy on both their own people and the world at large.

There have been past reports of hackers gaining unauthorized access to the White House, but it’s unclear whether there was ever official confirmation of those incidents.

The White House IT staff responded to the recent intrusion by forcing all White House staff with VPN/intranet access to change their passwords.  Files remained inaccessible for weeks, according to reports, but email access was preserved as IT staff looked to prevent further probing of the network.

III. The White House Falls Victim to Both Cyber and Physical Intrusions.

The entire incident bears some resemblance to the recent lapses in physical security at the White House by the U.S. Secret Service.  In the past five years, the Obama administration has seen 16 separate incidents of people scaling the White House fence, according to official documents.

Secret Service reports reveal that a 2011 shooting was improperly dismissed as “cars backfiring”, telling security staff to “stand down”.  It turned out that the shooting was very real.  Four days later a housekeeper discovered signs of damage, leading to the realization that at least seven bullets, fired from a high-power automatic assault rifle had struck the White House.  One had even shattered a second story window, damage that went unnoticed for more than half a week.

White House hits
A Secret Service document details where the bullets struck the White House. [Image Source: The White House via The Washington Post]

Secret Service initially claimed that the shooting was a gang gun battle and that the bullets were accidental and not intended for the White House.  Eventually federal investigators discovered that wild claim was as much utter bunk as it sounded.  In reality the gunshots had come from an angry and troubled 21-year-old U.S. citizen from Idaho.  Before travelling to the capitol, he had told relatives that he “needed to kill” the President.  That man was eventually sentenced to 25 years in prison and fined $94,000 USD for attempted assassination.

In August, a homeless, armed veteran managed to make it into the East Room of the White House before he was finally detained.  Any armed intruder is supposed to be shot dead on sight, according to the White House’s security policy, but multiple security lapses allowed the man’s potentially dangerous impromptu tour of the White House.

White House intruder

White House Intruder
Omar Gonzalez broke into the White House armed in late September.  He was eventually arrested without anyone being harmed. [Image Source: The Washington Post (top), The Heavy (bottom)]


In a separate, more humorous incident — also in August — a toddler managed to squeeze through the fence bars, triggering a lockdown by security staff.

Sources: The Washington PostThe New York Times

– See more at: http://www.dailytech.com/The+Usual+Suspects+Russia+or+China+Suspected+in+White+House+Data+Breach/article36796.htm#sthash.pimG8rJi.dpuf

Could hackers give you a heart attack or drugs overdose? US authorities investigate

Normally when we talk about healthcare security, we’re considering how well organisations are protecting our private medical data from hackers.

After all, according to some reports, 24,800 US medical records are exposed every day, and don’t forget that it’s not unusual for medical insurance companies to store social security numbers alongside our names, physical addresses, dates of birth and other personal information.

And such hacks can have significant financial impact. As an ESET infographic published last year portrated, the estimated cost of hacks against medical providers was staggering $17 billion.

But there’s another growing concern – that in the rush to embrace technology to save and improve the lives of patients, medical scientists may have forgotten something important: are they putting your body at risk from hackers?

According to media reports, the US Department of Homeland Security is investigating “two dozen cases of suspected cybersecurity flaws in medical devices and hospital equipment” that could potentially cause serious injury or death.

According to unnamed sources said to be familiar with investigation by the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), devices under investigation include infusion pumps from Hospira Inc and implantable heart devices from Medtronic Inc and St Jude Medical Inc.

Hospira, Medtronic and St Jude Medical have declined to comment on the investigation.

The security of medical devices is not a new concern, of course. In the past we have discussed fearsthat tiny chips implanted under a woman’s skin to manage her birth control could be hacked, for instance.

And just last year, ICS-CERT published a security advisory warning that hundreds of devices were using hardcoded passwords, opening the door for potential attacks that could change critical settings or modify device firmware.

The affected devices have hard-coded passwords that can be used to permit privileged access to devices such as passwords that would normally be used only by a service technician. In some devices, this access could allow critical settings or the device firmware to be modified.

The affected devices are manufactured by a broad range of vendors and fall into a broad range of categories including but not limited to:

* Surgical and anesthesia devices,
* Ventilators,
* Drug infusion pumps,
* External defibrillators,
* Patient monitors, and
* Laboratory and analysis equipment.

Perhaps most memorably, security researcher Barnaby Jack demonstrated in 2012 how he reverse-engineered a device to deliver a deadly 830 volt shock to a pacemaker from a distance of 30 feet, and discovered a method to scan insulin pumps wirelessly and configure them to deliver more or less insulin than patients required, sending patients into a hypoglycaemic shock.

Sadly Jack died in July 2013, one week before he was scheduled to present new research on how hackers could maliciously exploit medical devices.

Such threats are taken seriously, as can be seen by the fact that former US vice-president Dick Cheney was so frightened of assassination that he had the wireless feature of his implanted heart defibrillator deactivated.

Clearly there are plenty of opportunities for the mainstream media to spread fear about the potential threat, but that doesn’t mean that there isn’t any genuine concern about devices being used for medical purposes that can be communicated with wirelessly, but that haven’t been properly secured.

Chances are that you have enough things to worry about if you’re having a serious operation to embed a medical device inside your body. The last thing you need is to be also losing sleep over whether the gadget that’s helping you stay alive is at risk of being hacked.

What are your thoughts? Do you think the threat is over-hyped, or should more be done to defend devices relied upon by patients from attack? Leave a comment below.

Author Graham Cluley, We Live Security

Keyless cars ‘increasingly targeted by thieves using computers’

Organised criminal gangs are increasingly targeting high-end cars with keyless security systems, a UK motoring industry group has warned.

The thieves are able to bypass security using equipment intended only for mechanics, the Society of Motor Manufacturers and Traders (SMMT) said.

Manufacturers are trying to stay ahead of the thieves by updating software.

It has been reported that some London-based owners of Range Rovers have been denied insurance over the issue.

The warnings echoed those made by the US National Insurance Crime Bureau (NICB), which earlier this year said it had seen a “spike” in car thefts involving equipment to spoof keyless entry.

WATCH: “Thieves are somehow getting access to the car’s onboard computer”

Keyless entry and ignition typically works by the driver keeping a fob on their person which automatically opens the car and activates it so it can be driven.

As the popularity of keyless systems has increased, criminals have been buying equipment online that is able to re-programme keys.

“The criminal act of stealing vehicles through the re-programming of remote-entry keys is an on-going industry-wide problem,” said Jaguar Land Rover.

“Our line-up continues to meet the insurance industry requirements as tested and agreed with relevant insurance bodies.

“Nevertheless we are taking this issue very seriously and our engineering teams are actively working in collaboration with insurance bodies and police forces to solve this continuously evolving problem.”

Keyless ignitionKeyless ignition means drivers press a button to start a car

The statement added: “This has already resulted in a number of prosecutions.”

A specific case reported by The Times involved insurers AIG refusing insurance cover to a motorist. In a statement the company said it treated every case individually.

“We do not have a blanket policy to exclude certain vehicles from cover.

“Given the increasing likelihood that replacement vehicles may be a target for thieves we may ask for additional security measures such as secure off-road parking.

By far the most common way of a car being stolen is still from thieves breaking into homes and stealing keys”

Ian CrowderAA

“This could be, for example, secure private garaging or the installation of mechanically moveable bollards. If this is not possible then, as a last resort, we may refuse to offer insurance cover but only after exhausting every avenue.”

Thatcham Research, which collates data on behalf of UK insurers, acknowledged the problem was widespread.

“Whilst BMWs and Audis appeared to be the early targets, it’s fair to say that this was largely associated with their desirability across Europe, rather than any specific security lapse.

“Recently we’ve seen evidence of a range of makes and models being affected, including the Ford Fiesta and Focus, Range Rover Evoque and also now including light commercial vehicles such as the volume-selling Ford Transit and Mercedes Sprinter.”

Weakest link

It is becoming much harder to steal cars. According to the UK Office for National Statistics, car theft has fallen from 318,000 in 2002 to 77,500 last year.

But thefts involving computer equipment used to circumvent security are rising. The SMMT is pushing for stronger legislation to help reverse this.

“The challenge remains that the equipment being used to steal a vehicle in this way is legitimately used by workshops to carry out routine maintenance,” a spokesman said.

“As part of the need for open access to technical information to enable a flourishing after-market, this equipment is available to independent technicians. However a minority of individuals are exploiting this to obtain the equipment to access vehicles fraudulently.

“We need better safeguards within the regulatory framework to make sure this equipment does not fall into unlawful hands and, if it does, that the law provides severe penalties to act as an effective deterrent.”

But Ian Crowder, from motorists’ group the AA, warned the risk should not be overstated.

“By far the most common way of a car being stolen is still from thieves breaking into homes and stealing keys,” he said.

“The keys are still the weakest link in a car security chain. If someone has your keys, they have your car.”