Hours after I posted the article about NIST, New York Times reported that the St. Louis Cardinals face Federal investigation for allegations that the team hacked the Houston Astros. Sports commentator Jeff Passan quipped the story has a “Zeitgeist” quality to it: “The best franchise in baseball allegedly hacks a team that has lost 100 games in three consecutive seasons and steals scouting reports, trade talks, and other proprietary data.”
The New York Times speculates that the breach may have occurred when Cardinals officials examined lists of passwords that Jeff Luhnow, currently the GM of the Astros, used while he worked for the Cardinals; Luhnow left the Cards in 2011, and has been joined by former Cardinal employees.
The Cardinals officials are believed to have used those passwords to gain access to the Astros’ network, law enforcement officials said.
That tactic is often used by cybercriminals, who sell passwords from one breach on the underground market, where others buy them and test them on other websites, including banking and brokerage services. The breach on the Astros would be one of the first known instances of a corporate competitor using the tactic against a rival. It is also, security experts say, just one more reason people are advised not to use the same passwords across different sites and services.
While the news of the past several days (Uber, Federal government, Cards) may be less than novel to security specialists (although the Federal government hack is fairly audacious), the publicity surrounding the stories is free advertising to those in the network security field.
When I was installing a home security system several years ago, I discussed some redundancies with the technician. As we mapped the house, he explained that ultimately, all he could do was make things difficult enough to make someone want to go away, or at least next door. “But, if someone wants to get in badly enough,” he explained, “there’s nothing I can do.”
I was reminded of that conversation this morning when I received a link to this article, in which a National Institute of Standards and Technology (NIST) official warns that total security in the Internet of Things may be unobtainable. The money line, quoting Ron Ross, Fellow in the Computer Security Division of NIST: “[H[ackers will still ‘have a slice of that pie that will always be accessible because there are things that are off our radar due to their complexity. . .’”
His conclusion is not surprising; the sheer number of devices and avenues of connectivity render the prospect of securing all points daunting, at the least. Consider the access points for credit cards and bank accounts. Users increase security by establishing different log-in criteria for each account. That way, if one is compromised, the others presumably remain secure. Whether passwords are useful, at all, is a question that has been asked for several years. And, whether biometrics are the answer is another question: passwords must be exact, while biometrics must be “close enough.” This article explains the difference, raising the specter of false positives and accidental access.
For the purposes of this post (which was really to share the NIST-related article), the point may be the same as the alarm tech made to me several years ago – no method is guaranteed, but hardened deterrence can be a good defense.
About a decade ago I learned that the realm of government security clearances has a low threshold for humor. I was offered as a reference for someone who was trying to obtain security clearance for defense related work, and in the opening moments of conversation tried to break the ice with the interviewer. In retrospect, it was neither the time nor place for a quip about college room poker. In that necessarily serious world, even casual gambling could lead to debts that could lead to pressure or blackmail . . . and once the door is opened, the issue is (so I am told) not laid to rest until the answers to some harder and more intrusive questions offer sufficient assurances. At the time, I was probably a relatively low-level interviewee, being asked mostly to confirm residency and other presumably publicly-available information. Last week’s revelation of a wider hack of Federal government records, however, illustrates the depth of security inquiries and the scope of information that is now commonly thought to have been compromised. Read more
(Toronto) Over the past several weeks I have had the opportunity to travel a bit for NTCA, including stops in Memphis for the OECD conference and Columbus for the Ohio Telecom Association meeting. But (and not taking anything from Memphis or my hometown), I noticed that I had a bit more anticipation heading out for this week’s Intelligent Community Forum Summit 2015 meeting in Toronto. And, it is not because Arlington County, Virginia, is a “Top 7” finalist in the international competition; or, because my hometown of Columbus, Ohio, is also a “Top 7” city; or, because Mitchell, South Dakota, is also in the top seven (the others include Ipswich, Queensland, Australia and Surrey, British Columbia, Canada).
The Intelligent Community Forum (ICF) aims to help communities recognize and fulfill the needs of the new broadband economy. Among its programs is an annual competition that recognizes the top 21 Intelligent Communities, then whittles that group to seven before selecting the best exemplar of the organization’s goals as the Intelligent Community of the year. Read more
It’s a well-known fact that Americans love their video and broadband connections. Their providers? Apparently, not so much.
According to the latest American Customer Satisfaction Index (ACSI) report, entitled “ACSI Telecommunications and Information Report 2015,” customer satisfaction with subscription television service is down 3.1% from 2014 to an ACSI benchmark of 63. Satisfaction with Internet service providers remains unchanged at 63. Together, the two are tied for dead last place among the 43 industries rated, lower than airlines, health insurance and the U.S. Postal Service.
ACSI said that the low ratings are “a result of poor customer service combined with higher prices.”
The highest rated industry was televisions and video players, at 86. Cellular telephones (78) and computer software (74) were middle of the pack, while wireless telephone service (70) and fixed-line telephone service (69) joined subscription telephone service and ISPs in the bottom six.
Among individual subscription television services, Verizon FiOS was highest rated at 71, up 4% from 2014. AT&T U-verse was next at 69 (unchanged), followed by closely DirecTV (68, down 1%) and DISH Network (67, unchanged.) The bottom three were Comcast (54, down 10% from 2014), Mediacom Communications (51, not rated last year) and Time Warner Cable (51, down 9%.) Read more
Readers of a certain age might remember Clifford B. Hicks’ The Marvelous Inventions of Alvin Fernald. In a series of ten books written over a period of nearly 50 years, Hicks chronicled the adventures of an Indiana boy whose inventions and ingenuity were employed to solve mysteries while also sparking the imaginations of young readers (Hicks wrote for Popular Mechanics before he wrote children’s books). Among the inventions Hicks devised (but attributed to Master Fernald) was an automatic lawn mower, created by driving a stake into the center of the lawn and tying a self-propelled lawn mower to the stake, with a generous amount of rope. As the mower moved forward, its path was confined by the length of the rope, which wounds around the stake, creating an ever-decreasing radius of cut grass. Since everything is available on the Internet, the results can be viewed here. Read more
(Memphis) If I had to choose a title for this post, it would have been, “Shattering Expectations.” But the title of this post, a quote from a session at the 10th international OECD Rural Development Conference, was just too delicious to not headline.
OECD is the Organisation for Economic Co-operation and Development. Yes, that is “Organization” with an “s;” it is an international organization (organisation?) representing 34 countries (which explains why it got stuck with the European use of “s”).
This year’s conference was the first hosted by the United States. It was by invitation only, and I somehow managed to parlay my interest into an offer to attend. The conference was small – it appeared to have a roster of about 250 attendees, many from other countries which, by design, layered an international flavor of the program (one A/V technician gave up when a speaker and live interpreter talked over each other for an entire session, rendering each of their words unintelligible).
That international flavor emerged as certain of my parochial expectations met different interpretations. Sufficiently immersed in cyber-security and precision agriculture, I expected a session on “food security” to address network security for broadband-enabled agricultural applications. Instead, the session discussed principles relating to the proposition that access to sufficient food is a bedrock concern of societies; therefore, the imperative to preserve the security of the food supply ranks high among public concerns.
The meeting took off when the conversations turned to using data to support rural advocacy. Stories of rural achievement are abundant; accounts of rural ingenuity compelling; tales of perseverance and prevailing are legion. But in the cold-floor halls of Capitol Hill, notwithstanding the connections that can be made with common experiences, the numbers matter. Somewhere, someone wants to know about ROI. For every friend there is a skeptic who must be won. It is not simply a battle for the heart, but a conquest for the mind. Read more