Penguin: Open Source Networking, Telecommunications Waking Up…

Advanced Cyber/IO, Autonomous Internet, Innovation, Knowledge, Money, Security, SmartPlanet, Software

Open Source Networking and a Vision of Fully Automated Networks

Transforming telecom

As an example of transformative change that is now underway, Joshipura pointed to the telecom industry. “For the past 137 years, we saw proprietary solutions,” he said. “But in the past several years, disaggregation has arrived, where hardware is separated from software. If you are a hardware engineer you build things like software developers do, with APIs and reusable modules.  In the telecom industry, all of this is helping to scale networking deployments in brand new, automated ways.”

Continue reading “Penguin: Open Source Networking, Telecommunications Waking Up…”

Penguin: Open Source to Power Security Operations

Who, Me?

Open source to power Telstra security operations centres

Telstra will offer enterprise-grade managed security services from SOCs in Melbourne and Sydney

The telco’s director of security solutions, Neil Campbell, said the new SOCs and Telstra’s new platform are part of “reimagining” how managed security services are delivered, particularly in the context of the vast quantities of data enterprises find themselves grappling with thanks to developments such as the Internet of Things.

Using open source offers “the ability to be master of your own destiny when it comes to features and timelines,” he added, allowing the telco to be flexible in order to meet its clients’ requirements as well as adapt to an evolving market.

Another reason for using open source is that “by contributing to the open source community we put the tools in the hands of users who might otherwise not be able to afford an enterprise-grade SIEM platform or for their own reasons would never outsource and are looking for some flexibility in-house,” Campbell said.

Continue reading “Penguin: Open Source to Power Security Operations”

Berto Jongman: Say NO to Mandated Cyber – Insecurity (“Keys Under Doormats”)

Access, Security
Berto Jongman
Berto Jongman

Keys Under Doormats: Mandating insecurity by requiring government access to all data and communications

We have found that the damage that could be caused by law enforcement exceptional access requirements would be even greater today than it would have been 20 years ago. In the wake of the growing economic and social cost of the fundamental insecurity of today’s Internet environment, any proposals that alter the security dynamics online should be approached with caution. Exceptional access would force Internet system developers to reverse “forward secrecy” design practices that seek to minimize the impact on user privacy when systems are breached. The complexity of today’s Internet environment, with millions of apps and globally connected services, means that new law enforcement requirements are likely to introduce unanticipated, hard to detect security flaws. Beyond these and other technical vulnerabilities, the prospect of globally deployed exceptional access systems raises difficult problems about how such an environment would be governed and how to ensure that such systems would respect human rights and the rule of law.

PDF (34 Pages)

Jean Lievens: European Open Science Cloud

Access, Architecture, Cloud, Data, Design, Economics/True Cost, Innovation, Knowledge, P2P / Panarchy, Politics, Resilience, Science, Security, Software, Sources (Info/Intel), Spectrum
Jean Lievens
Jean Lievens

Towards the European Open Science Cloud

CERN has recently published a paper which outlines the establishment of the European Open Science Cloud that will enable digital science by introducing IT as a Service to the public research sector in Europe.

Continue reading “Jean Lievens: European Open Science Cloud”

Jean Lievens: Can Analytics Save The Earth?

Access, Architecture, Data, Design, Economics/True Cost, Governance, Innovation, Knowledge, P2P / Panarchy, Politics, Resilience, Science, Security, Software
Jean Lievens
Jean Lievens

This Earth Day, Let’s Start Using Analytics To Conserve Energy

The success of new energy projects relies on one crucial skill: the ability to derive insights from massive amounts of rapidly changing data. That’s why utilities and energy companies are adopting analytics to meet the rising demand for renewable energy from more sophisticated customers.

Continue reading “Jean Lievens: Can Analytics Save The Earth?”

Mongoose: UNASUR Opens Defense School Focused on Peace and Stability

Economics/True Cost, Governance, Innovation, Politics, Resilience, Security

Unasur opens Defense School to elaborate a shared doctrine of peace and stability

The Union of South American Nations, Unasur will celebrate this Friday its eighth anniversary with the official opening of the South American Defense School (Esude) created to instruct on defense and security issues, both at civil and military level, following ‘the principles of a regional strategic vision’.

Continue reading “Mongoose: UNASUR Opens Defense School Focused on Peace and Stability”

Mongoose: Security flaw gave researcher the power to erase every video on YouTube

Commerce, Corruption, Government, IO Impotency, Security

Security flaw gave researcher the power to erase every video on YouTube

Today’s tale of apocalyptic internet near-misses comes from software developer Kamil Hismatullin, who discovered a security flaw in YouTube that allowed him to delete any video he wanted—or all of them, if he so desired. Fortunately, he did not so desire (although he apparently had some thoughts about doing a number on Justin Bieber’s channel), and instead he reported the bug to Google and collected a $5000 reward.

Continue reading “Mongoose: Security flaw gave researcher the power to erase every video on YouTube”

Jean Lievens: Tim O’Reilly on Open Data and Best (Open) Security

Data, Security
Jean Lievens
Jean Lievens

Opening up open data: An interview with Tim O’Reilly | McKinsey & Company

The tech entrepreneur, author, and investor looks at how open data is becoming a critical tool for business and government, as well as what needs to be done for it to be more effective. A McKinsey & Company article.January 2014

Interview transcript

Continue reading “Jean Lievens: Tim O’Reilly on Open Data and Best (Open) Security”

Patrick Meier: #Westgate Tweets One Hour Before Attacks to Two Hours Afterwards — Who, What, When, Where…

Crowd-Sourcing, Governance, Innovation, Resilience, Security
Patrick Meier
Patrick Meier

#Westgate Tweets: A Detailed Study in Information Forensics

My team and I at QCRI have just completed a detailed analysis of the 13,200+ tweets posted from one hour before the attacks began until two hours into the attack. The purpose of this study, which will be launched at CrisisMappers 2013 in Nairobi tomorrow, is to make sense of the Big (Crisis) Data generated during the first hours of the siege. A summary of our results are displayed below. The full results of our analysis and discussion of findings are available as a GoogleDoc and also PDF. The purpose of this public GoogleDoc is to solicit comments on our methodology so as to inform the next phase of our research. Indeed, our aim is to categorize and study the entire Westgate dataset in the coming months (730,000+ tweets). In the meantime, sincere appreciation go to my outstanding QCRI Research Assistants, Ms. Brittany Card and Ms. Justine MacKinnon for their hard work on the coding and analysis of the 13,200+ tweets. Our study builds on this preliminary review.

The following 7 figures summarize the main findings of our study. These are discussed in more detail in the GoogleDoc/PDF.

Figure 1: Who Authored the Most Tweets?

Figure 2: Frequency of Tweets by Eyewitnesses Over Time?

Continue reading “Patrick Meier: #Westgate Tweets One Hour Before Attacks to Two Hours Afterwards — Who, What, When, Where…”

Berto Jongman: Google Evil – Exploits All Wi-Fi Passwords

Berto Jongman
Berto Jongman

Google knows nearly every Wi-Fi password in the world


Computer World, September 12, 2013

If an Android device (phone or tablet) has ever logged on to a particular Wi-Fi network, then Google probably knows the Wi-Fi password. Considering how many Android devices there are, it is likely that Google can access most Wi-Fi passwords worldwide.

Recently IDC reported that 187 million Android phones were shipped in the second quarter of this year. That multiplies out to 748 million phones in 2013, a figure that does not include Android tablets.

Many (probably most) of these Android phones and tablets are phoning home to Google, backing up Wi-Fi passwords along with other assorted settings. And, although they have never said so directly, it is obvious that Google can read the passwords.

Full article with many links below the line.

Continue reading “Berto Jongman: Google Evil – Exploits All Wi-Fi Passwords”

Stephen E. Arnold: IBM Has Security Flaws

Security, Software
Stephen E. Arnold
Stephen E. Arnold

IBM Has Security Flaws

September 8, 2013

IBM is a respected technology company and it appears that hardly anything can bad can be said about them. There comes a time when every company must admit they have a fault in their product and IBM must step up to the plate this time. The news comes to us from Secunia, a Web site that monitors technology security, in the warning, “Security Advisory SA54460-IBM Content Analytics With Enterprise Search Multiple Vulnerabilities.”The warning is labeled as moderately critical and should worry organizations that use the software to manage their data. The bug messes with cross site scripting, manipulates data, exposes sensitive information, and a DoS.

Here is the official description:

“IBM has acknowledged a weakness and multiple vulnerabilities in IBM Content Analytics with Enterprise Search, which can be exploited by malicious people to disclose certain sensitive information, conduct cross-site scripting attacks, manipulate certain data, and cause a DoS (Denial of Service).”

Ouch! IBM must not be happy about this, but at least they discovered the problem and Content Analytics users can expect a patch at some point. Hate to bring up Microsoft at this venture, but whenever a big company has a problem I can’t help but think about how Microsoft never has a product launch without some issues. IBM is reliable and hopefully they will not go down the same path as Windows 8.

Whitney Grace, September 08, 2013

Sponsored by, developer of Beyond Search

Tom Atlee: Surveillance and parasitism harm society’s collective intelligence

Crowd-Sourcing, Design, Economics/True Cost, Education, Governance, Innovation, Knowledge, P2P / Panarchy, Politics, Resilience, Security, Sources (Info/Intel), Transparency
Tom Atlee
Tom Atlee

Surveillance and parasitism harm society’s collective intelligence

What this post is about:  Society’s collective intelligence needs to be able to see clearly what’s going on and take action about it.  Both NSA surveillance and corporate suppression of activism interfere with that vital dynamic.  This post clarifies what’s going on in these dynamics and suggests strategies to counter them and increase society’s collective intelligence.

Any healthy living system will try to weed out challenges that threaten its functioning. That’s what immune systems do: they preserve business-as-usual in a body.

But this natural maintenance activity of a system can be counterproductive:
(a) when changing circumstances demand adaptive responses, when the system NEEDS to change its business-as-usual – and
(b) when the system has been parasitized by something that is using it for the parasite’s own purposes at the larger system’s expense.

Entire post below the line, with links.

Continue reading “Tom Atlee: Surveillance and parasitism harm society’s collective intelligence”

99% Android Devices Totally Open — How Long Before Open Source Security and Code Level Integrity Are Appreciated?

Security, Software
Click on Image to Enlarge
Click on Image to Enlarge

Mobile security startup Bluebox Security has unearthed a vulnerability in Android’s security model which it says means that the nearly 900 million Android phones released in the past four years could be exploited, or some 99% of Android devices. The vulnerability has apparently been around since Android v1.6 (Donut), and was disclosed by the firm to Google back in February. The Samsung Galaxy S4 has already apparently been patched.

It’s likely that Google is working on a patch for the vulnerability. We’ve reached out to the company for comment and will update this story with any response.

Bluebox intends to detail the flaw at the Black Hat USA conference at the end of this month but in the meanwhile it’s written a blog delving into some detail. The vulnerability apparently allows a hacker to turn a legitimate app into a malicious Trojan by modifying APK code without breaking the app’s cryptographic signature. Bluebox says the flaw exploits discrepancies in how Android apps are cryptographically verified and installed. Specifically it allows a hacker to change an app’s code, leaving its cryptographic signature unchanged — thereby tricking Android into believing the app itself is unchanged, and allowing the hacker to wreak their merry havoc.

Read full article.

Continue reading “99% Android Devices Totally Open — How Long Before Open Source Security and Code Level Integrity Are Appreciated?”