“Notwithstanding Any Other Provision of Law”

(Reprinted from the Metro Spirit, April 26, 2012)

It’s only been a couple of months since SOPA and PIPA were successfully beaten back by the proponents of free speech.  At the time, I remarked that it was unlikely that this would be the last assault on the internet freedoms.  However, I didn’t think the next attack would occur so quickly.

The Cyber Intelligence Sharing and Protection Act (CISPA) is scheduled for a vote the Friday in the House of Representatives.  The original intent of the bill is to encourage the federal government and American businesses to share information in order to protect their computer networks from internet attacks.  Currently, most businesses don’t share security information with third parties for fear of violating privacy or antitrust laws.

Opposition to the bill originates from the overly broad language that may infringe on privacy rights and the expansive definition of cybersecurity threat information.

A company acting for cybersecurity purposes would be able to bypass all existing statutory safeguards and communicate threat information to the government with no judicial oversight.  The company would be immune from both civil and criminal liability for any action, including to violating a user’s privacy, just so long as they did not knowingly and intentionally violate your privacy.

CISPA has such an expansive definition of cybersecurity threat information that many ordinary activities could qualify.  Basic privacy practices—like using an anonymizing service like Tor or even encrypting your emails—could be considered an indicator of a threat.  The bills’ definitions implicate far more than what security experts would reasonably consider to be cybersecurity threat indicators—things like port scans, DDoS traffic, and the like.

Some of the more specific concerns of CISPA were posted by Congresswoman Zoe Lofgren this week.  (Rep. Lofgren’s district includes the heart of Silicon Valley).

  • CISPA allows any private company to share sensitive, private data about its customers with the government.  CISPA would override all other federal and state privacy laws, and allow a private company to share nearly anything, as long as it directly pertains to a cyber threat, which is broadly defined.
  • CISPA does not require that data shared with the government be stripped of unnecessary personally-identifiable information.
  • CISPA would allow the government to use collected private information for reasons other than cybersecurity.
  • CISPA would give Internet Service Providers free rein to monitor the private communications and activities of users on their networks.  ISPs would have latitude to do anything that can be construed as part of a cybersecurity system, regardless of any other privacy or telecommunications law.
  • CISPA would empower the military and NSA to collect information about domestic internet users.  CISPA contains no limit to direct private information from domestic sources to civilian agencies, such as the Department of Homeland Security.  The Department of Defense and NSA could solicity and receive information directly from American companies about users and systems within the United States.
  • CISPA places too much faith in private companies to safeguard their most sensitive customer data from government intrusion.  While information sharing is voluntary under CISPA, the government has a variety of ways to pressure private companies.  With complete legal immunity, private companies have few incentives to resist such pressure.  Also , the bill contains no requirements to ever tell their customers what they have shared, either before or after the fact.

I encourage everyone to contact your representative and voice your opposition to CISPA!  Dr. Paul Broun-GA (broun.house.gov), John Barrow-GA (barrow.house.gov), Joe Wilson-SC (joewilson.house.gov), or Jeff Duncan-SC (jeffduncan.house.gov).  Personal liberty still exists online, but we are going to have to fight to keep it.  Until next time, I’ll see you on the internet.  @gregory_a_baker

 

15 Random Things to Do Online

(Reprinted from the Metro Spirit, 4/19/2012)

Seinfeld tapped into something special when he figured out people would watch a TV show about nothing.  This week at Augusta Tek, you can expect the same – Nothing.

  1. http://chir.ag/stuff/sand/  Streams of sand, water, salt and oil fall from the top of the screen.  Build walls, grow plants, start fires – It’s etch-a-sketch on steroids.  Hours and hours of enjoyment are found here!
  2. www.cuteoverload.com – Exactly what is says.  Thousand upon thousands of cute animal pictures.  The ultimate Pinterest board!
  3. www.mymms.com – Did you know that you can order personalized M&M’s?  Choose from 25 different colors.  Add a unique message, clip art or even a face.  Perfect gift for birthdays, weddings or graduations.  BTW – Mother’s Day is next month!
  4. translate.google.com – Hai mai voluto imparare a leggere un’altra lingua? Troppo tardi. Google ha creato la versione 1.0 del traduttore universale di Star Trek. Fare clic sul speaker per ascoltare.  Più di 60 lingue disponibili.
  5. www.martingrund.de/pinguine/index.htm – This German website features webcams in Antarctica.  You know what that means…Penguins!
  6. www.thingsyouneverknew.com – It’s that one stop shop for everything from space alien alarm clocks to Beavis and Butthead bobbleheads to remote control flatulence machines.  And they also have a complete section of As Seen on TV.  Father’s Day in June…this one is for Dad!
  7. www.howtofoldashirt.net – I watched the darn thing 15 times, and I still don’t know how she did it.
  8. www.dailymakeover.com – Interested in a seeing what you would look like with a total makeover?  Upload your picture and try out different hair styles and make-up.  All you metrosexuals, don’t be intimidated.  It’s OK.
  9. www.ted.com – Little known to most people, the intellectuals of the world run a lecture series called TED.  The talks run the gambit of global issues, everything from the hard sciences to technology/business to social concerns.  Very informative and motivational.  Your world will become must bigger.
  10. www.great-prank-ideas.com – It is what it says.  Some are funny.  Some are mean.  I’ll leave it to you to decide.
  11. www.youtube.com/watch?v=r6tlw-oPDBM – What is the world record for the most t-shirts worn at once?  This you tube clip shows Matt McAllister put on 155 t-shirts – all 100 pounds of them.
  12. www.fabricorigami.com – The quilter’s dream for those leftover pieces of fabric.  At least, that is what the site says.
  13. www.wordsmith.org/anagram – Many hours to be found here for those that like to play with words.  I tried for a while to get I Am Lord Voldermort out of Tom Marvolo Riddle.  Maim Overlord Dolt is about as close as I got.
  14. www.network-science.de/ascii – If I had only had this site in the days of dot matrix!  Type your text, and the site will convert it into an ASCII graphic.  Totally 80’s, man!
  15. www.youtube.com/watch?v=6B26asyGKDo – Another You Tuber.  It’s been around for a while, but it’s worth seeing again.  Noah Kalina has taken a picture of himself every day since January 11, 2000.  The video covers Jan 2000-July 2006.

Well, I hope that will keep you until next week.  Until next time, I’ll see you on the internet.  @gregory_a_baker

______                  _   _____  _
| ___                 | | |_   _|| |
| |_/ / ___   __ _   __| |   | |  | |__    ___
|    / / _  / _` | / _` |   | |  | '_   / _ 
| | |  __/| (_| || (_| |   | |  | | | ||  __/
_| _|___| __,_| __,_|   _/  |_| |_| ___|

___  ___       _                 _____         _        _  _
|  /  |      | |               /  ___|       (_)      (_)| |
| .  . |  ___ | |_  _ __  ___    `--.  _ __   _  _ __  _ | |_
| |/| | / _ | __|| '__|/ _    `--. | '_  | || '__|| || __|
| |  | ||  __/| |_ | |  | (_) | /__/ /| |_) || || |   | || |_
_|  |_/ ___| __||_|   ___/  ____/ | .__/ |_||_|   |_| __|
                                       | |
                                       |_|

The End of the Innocence

(Reprinted from the Metro Spirit, 4/12/2012)

Welcome back my fellow Augustans from a long and enjoyable spring break!  I hope that you were able to spend some quality time with your favorite video game, or possibly even a loved one, whatever the case may be.  At any rate, I’m sure it was a complete drag for you to come back to the office on Monday only to discover that the Apple Mac for which you paid a premium has become utterly and completely infected with malware.

Alas, yes, this is no tall tale.  The Great Mac Infection has begun.  Last week we began hearing about an advanced Flashback exploit that takes advantage of unpatched security holes in Java (which Apple has since addressed) to install malware by merely visiting a malicious Web page and not requiring any user attention.  The vulnerability has created Apple’s most widespread security incident with approximately 600,000 Mac systems infected worldwide.

How does it work?  The Flashback malware injects code into applications such as Web browsers that will send screenshots and other personal information to remote servers.  The infection begins when a browser running an unpatched version of Java encounters a Web page containing the malware.  The malware will first execute a small Java applet that will break the Java security and write a small installer program to the user’s account.  The installer downloads the malware and begins the installation process.  The user may be prompted for a password during the installation.  If prompted, not supplying a password will not stop the infection.  It will only change the malware’s mode of operation.  Once infected, the malware will execute to collect personal information when user applications are opened.

If you are familiar with the Terminal application, the Flashback malware is relatively easy to detect.   Open the Terminal app in the /Applications/Utilities/ folder and run the following commands:

defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES

defaults read /Applications/Safari.app/Contents/Info LSEnvironment

defaults read /Applications/Firefox.app/Contents/Info LSEnvironment

If the malware is present, these commands will output a path that points to the malware file.  Also, past variants left invisible .so files in the Shared user directory.  These files can be seen by running the following command:

ls -la ~/../Shared/.*.so

If the files are present, they will be listed.

Disinfecting the system can be a rather lengthy process.  In the blog of this article (www.cmaaugusta.com), I’ve posted the manual disinfection procedure provided by F-Secure.  (UPDATE: F-Secure has created a removal tool…see this post.)  Automatic disinfection apps are also showing-up, but unfortunately some of those appear to be delivering additional malware as well.  Reputable malware apps will be posted on our blog as well.  If you are fortunate enough not to be infected, please take the time to apply software updates to your system.  Apple has released updates that fix the vulnerability in supported versions of OS X (Unfortunately fixes for Tiger and Leopard have not been released), and you should get it on you system as soon as possible.

While this is a new experience for most Mac users, this event also provides an opportunity to highlight some good news in securing your system.  The vast majority of computer infections that occur require the user to take an action to enable the infection.  The vast majority of vulnerabilities that do not require user action usually have a security update which closes the vulnerability.  So quite simply, if you don’t go places that you shouldn’t go, don’t click things that you shouldn’t click and keep your system patched, you will be protected from the overwhelming majority of internet threats.

Before signing off for the week, I have one quick comment on the tournament.  Many folks have already written about Bubba Watson’s unconventional approach to the game.  His unconventional approach includes starting a “boy band” with fellow PGA golfers Ben Crane, Hunter Mahan and Rickie Fowler.  Their first video “Oh Oh Oh” was published on You Tube last summer, and Farmers Insurance is donating $1,000 for every 100,000 views of the video.  I know that many of you have already seen them in action.  If you haven’t, google “golf boys” and be sure to share with others.

Until next time, I’ll see you on the internet.  @gregory_a_baker

 

Top 10 in Georgia Technology

(Reprinted from the Metro Spirit, 4/5/2012)

Last week, the Augusta Chapter of the Technology Association of Georgia (TAG) participated in TAG’s annual Georgia Technology Summit.  The theme of this year’s event was “Innovation: Path to a Bright Future” and highlighted several areas of Georgia’s technology industry.  The Top 10 Innovative Companies in Georgia were featured.  These companies were  selected due to their degree of innovation, the scope and financial impact of their innovations and effect of innovation in promoting Georgia’s technology industry throughout the U.S. and globally.

The 2012 Top 10 Innovative Companies are:

  • AirWatch – Enterprise-grade mobile device management, mobile application management and mobile content management solutions.
  • Brightwhistle – Digital patient acquisition solution provider for hospitals and large physician practices.
  • First Data – Electronic commerce and payment processing.
  • Innovolt – Comprehensive electronics power protection and management, protecting equipment from common power grid disturbances.
  • NexTraq – GPS fleet tracking and vehicle management solutions.
  • Podponics – Converting used shipping containers into modular controlled-environment growth pods to enable the growth of fresh produce in urban centers.
  • Proximus Mobility – Location-based, proximity marketing that delivers relevant content to consumers’ mobile devices at the point of purchase, regardless of phone type and without an app.
  • Red Bag Solutions – A company that offers patented technology and equipment for the on-site processing of regulated medical waste.
  • SalesLoft – Automates sales research and generates new leads through data analytics  for business-to-business organizations.
  • Velocity Medical Solutions – The next generation of intelligent radiation treatment tools, providing clinicians a fully integrated record of all diagnostic, planning and delivery data.

The event also featured Farhad Manjoo, columnist at Slate and Fast Company, speaking on the looming tech battle between Apple, Facebook, Google and Amazon (good stuff – see more at bit.ly/Hj0Nzy), and John Hinshaw, Executive VP of Global Technology and Business Processes at HP, speaking on the transformation currently underway at HP.  In my opinion, Duncan Angove, President of Infor, delivered the most powerful talk when describing the changes made at Infor over the past year.  Infor is the number three provider of enterprise software (behind Oracle and SAP).  His leadership team has recognized a few trends in the software market, namely industry specialization and the consumerization of enterprise software.  In response, they have created a start-up culture within their organization to deliver innovative solutions that will allow Infor to surpass the market leaders.  At least, they hope so.

Enjoy the tournament!  Until next time, I’ll see you on the internet.  @gregory_a_baker