US Govt proposal to classify Security Tools as Weapons of War w/ Export Regulations.

This would be devastating to US business and security products.

In 2013, WA agreed to add the following to their list of dual-use goods: systems, equipment or components specially designed for the generation, operation or delivery of, or communication with, intrusion software; software specially designed or modified for the development or production of such systems, equipment or components; software specially designed for the generation, operation or delivery of, or communication with, intrusion software; technology required for the development of intrusion software; Internet Protocol (IP) network communications surveillance systems or equipment and test, inspection, production equipment, specially designed components therefor, and development and production software and technology therefor. BIS, the Departments of Defense and State, as well as other agencies have been discussing the best way to add these items, which we have named “cybersecurity items,” to the Commerce Control List (CCL) (Supplement No. 1 to part 774 of the Export Administration Regulations) without reducing encryption controls and while balancing the national security and foreign policy. For resource planning purposes, as well as license requirements, license exceptions, license submission requirements, and internal license reviews and processing planning purposes, this rule is published as a proposed rule.


I-R-C-H AAS Infrastructure, Research, Crimeware and Hacking as a Service

How a botnet works: 1. A botnet operator sends...

How a botnet works: 1. A botnet operator sends out viruses or worms, infecting ordinary users’ computers, whose payload is a malicious application — the bot. 2. The bot on the infected PC logs into a particular command and control (C&C) server (often an IRC server, but, in some cases a web server). 3. A spammer purchases access to the botnet from the operator. 4. The spammer sends instructions via the IRC server to the infected PCs, causing them to send out spam messages to mail servers. (Photo credit: Wikipedia)

If you have not heard of any of these it is not surprising but they are beginning to effect everyones daily lives. All of these have been purchasable in the past but never at the scale that is being exposed today. The advent of the cloud and the proliferation of the internet around the world has brought about a new level of willing hacker. It also has allowed the launching of DDoS attacks that are larger and as complex as the most complex systems in the world.

I recently did an example of an attack that launched 2000 different servers in the matter of minutes to completely flood a switching network shutting off the ability to get any communication out. This shut down everything that ran across an IP network; this included their pbx switch and their building security. It would have only taken a bit more to have caused their cell phones to not work as well leaving the building an island ready for a physical attack.

Crimeware is widely exploited by the criminal underground that seeks to improve its economy by the easiest means. The gist: “Criminals have started to use online cybercrime services instead of having to deal themselves with the technical challenges of running their own Crimeware server, installing Crimeware toolkits or compromising legitimate websites,” says Finjan.  In other words, it’s point, click and hack (Dignan, 2008).

Cybercrime thieves operate in a market that is sensitive to location and economic trends, they cannot use a “one-­‐scheme-­‐fits-­‐all” approach. The attacks must be customized for each geographic region and focus on a selected group of users and/or businesses. These attacks are often called “campaigns” and incorporate Crimeware toolkits, Trojans and Botnets to do their dirty work (Finjan, 2008).

Enhanced by Zemanta

La couverture universelle santé, une bonne idée mais son application est compliquée

RSBY logo

Nice article in France about RSBY. The right to health for all and particularly in developing countries is certainly a noble idea, but how to apply it? The NGO Oxfam , CSU implies that everyone has the same financial protection and access to the same set of quality health services, whatever their employment status and ability to pay. But it can not be a single model and the States will develop tailored approaches to social, economic and political context of the country. In India, the RSBY insurance program for people living below the poverty line is hailed as a great success, but it offers limited financial protection, is riddled with corruption, abuse and rising costs, and mobilizes public resources for curative rather than preventive care.

La couverture universelle santé, une bonne idée mais son application est compliquée | Viva Presse.

Enhanced by Zemanta

Aadhaar-linked accounts to be basis for mobile payments

200 px

I do find it interesting that everyone in the development community is focused on mobile payments and yet the attachment of a higher level of verification using biometrics and a randomly generated 12 digit number and it is a target at every turn.

Over 30 million linked accounts to start DBT payments in most countries would be considered a resounding success. M-Pesa still only has 17 million accounts and a very very low level of security but is considered the gold standard for mobile payments. Praveen Chakravarty, chief executive, Anand Rathi Financial Services, says, the application sounds great conceptually and is in line with the government’s current thrust on financial inclusion. “Of the 600,000 villages in the country, banks are present in only 40,000.”

Now, Aadhaar-linked accounts to be basis for mobile payments | Business Standard.

Enhanced by Zemanta

Deadline for Aadhaar Cards on February 28, 2014 in West Bengal

200 px

The West Bengal government set February 28 as the deadline for distributing Aadhaar cards among all Bengal residents, prompting many to wonder about the feasibility of covering over six crore people in little over five-and-a-half months.

Providing Aadhaar numbers to all citizens above the age of five is the precursor to Prime Minister Manmohan Singh’s dream project of rolling out a direct benefit-transfer scheme, replacing the leak-prone subsidy system. The success of the project will depend on coverage as subsidies will be directly transferred to the 12-digit Aadhaar-linked bank accounts. “We have set a target to complete the process by February 28,” home secretary Basudeb Banerjee said after a review meeting at Writers’ with district magistrates and representatives of the census directorate this afternoon.

Deadline for Aadhaar Cards on February 28, 2014 in West Bengal – Economic Times.

Enhanced by Zemanta

Tesla way ahead on the Auto-Pilot car

Image representing Tesla Motors as depicted in...

Tesla Motors (NASDAQTSLA  ) and its brash CEO, Elon Musk, love nothing more than to name an outrageous-sounding technological goal — and then meet it. The latest: Musk said this week that Tesla will be able to offer cars that are (mostly) self-driving in three years.

That’s way ahead of giants General Motors (NYSE: GM  ) and Toyota (NYSE: TM  ) , which have been saying that 2020 is a more likely date for the arrival of autonomous cars. In this video, Fool contributor John Rosevear looks at what Musk really said and argues that Tesla’s goal this time isn’t revolutionary — instead, it’s more likely to be the basic price of admission to the luxury-car market in a few years’ time.

Enhanced by Zemanta