News

Ambry hits back at Myriad’s “bad faith enforcement” of breast cancer...

Patents were knocked out by the Supreme Court—but Myriad is still suing competitors.    

If Bruce Schneier ran the NSA, he’d ask a basic question:...

Ars asks a tech and legal all-star team how to fix America's security state.    

Former NSA boss compares privacy activists to al Qaida terrorists

Former NSA chief Michael Hayden, who ran the shady US spying bureaucracy from 1999 to 2009, responded to a question about Edward Snowden by painting privacy activists as terrorists and comparing them to al Qaida."If and when our government grabs Edward Snowden, and brings him back here to the United States for trial, what does this group do?" Hayden asked, reffering to "nihilists, anarchists, activists, Lulzsec, Anonymous, twentysomethings who haven't talked to the opposite sex in five or six years".He continued: "They may want to come after the US government, but frankly, you know, the dot-mil stuff is about the hardest target in the United States".'Dot mil' is American jargon for its military networks."So if they can't create great harm to dot-mil, who are they going after?" Hayden said, according to the Guardian. "Who for them are the World Trade Centers? The World Trade Centers, as they were for al-Qaida".Hayden was in charge of the NSA when it began its unprecedented surveillance operation.

He also ran the CIA.

He conclude that the situation he outlined was speculation and "imaginative", but also that Snowden "has created quite a stir among these folks who are very committed to transparency and global transparency".Big Brother Watch, the British privacy rights group, responded. Speaking with TechEye, its director, Nick Pickles, said: “Given the testimony given under oath about what the NSA was doing, it is understandable that Hayden may be showing signs of nerves, as Edward Snowden’s disclosures blow apart assurances that there  was no surveillance of American citizens.“Perhaps if Mr Hayden had spent more time trying to recruit the people he now so gleefully traduces and compares to terrorists it wouldn’t have been possible to walk out of a high-security facility with so much classified information on a USB stick," Pickles continued."More Americans now think that security measures have gone too far than think we need more surveillance," he said. "If we are to have a sensible debate about what is necessary and proportionate to keep us safe in the modern communications age, we need to start by stopping the utterly ridiculous pastime of some securocrats to brand anyone who disagrees with them a terrorist.”

Apple patents tech to let cops switch off iPhone video, camera...

Police forces around the world have had the problem that when their officers get a bit carried away and start pepper spraying tied captives there is someone on hand filming the event on their mobile phones. While six police lay into prone grannies on the floor with long batons, the pictures can be on the net in seconds, meaning supervisors have to answer embarrassing questions. But they may not need to fear scrutiny much longer - Apple has patented a piece of technology which would allow government and police to block transmission of information, including video and photographs, whenever they like. All the coppers have to do is decide that a public gathering or venue is deemed "sensitive", and needs to be "protected from externalities" and Apple will switch off all its gear. The police can then get on with the very difficult task of kettling protesters without having to worry about a few beating anyone to death. Apple insists that the affected sites are mostly cinemas, theatres, concert grounds and similar locations, but it does admit that it could be used in "covert police or government operations which may require complete 'blackout' conditions". According to RT it could also be used to prevent whistleblowers like Edward Snowden from taking pictures and broadcasting them on the interent. Apple said that the wireless transmission of sensitive information to a remote source is one example of a threat to security. But it said that this sensitive information could be anything from classified government information to questions or answers to an examination administered in an academic setting. Apple patented the means to transmit an encoded signal to all wireless devices, commanding them to disable recording functions. The policies would be activated by GPS, and wi-fi or mobile base-stations, which would ring-fence ("geofence") around a building or a "sensitive area" to prevent phone cameras from taking pictures or recording video. Odd that the company made famous by its 1984 Big Brother video can't really see what it is doing. Perhaps its own secretive culture and an overzealous security treatment of its staff have fostered sympathy for Big Brother after all. [embedded content]  

TOR advises abandoning Windows

TOR has warned its users to stay away from Windows after it was revealed that US spooks were spreading malware on the anonymising network using a Firefox zero-day vulnerability The zero-day vulnerability allowed the FBI and other spooks to to use JavaScript code to collect crucial identifying information on computers visiting some websites using The Onion Router (TOR) network. According to a security advisory posted by the TOR Project, the work around is switching away from Windows. This is because the malicious Javascript that exploited the zero-day vulnerability was written to target Windows computers running Firefox 17 ESR (Extended Support Release), a version of the browser customised to view websites using TOR. Those using Linux and OS X were unaffected. While there is nothing to stop the spooks writing a version of the code which targets Linux and OS X, it is less likely to happen. The fake Javascript was likely planted on websites where the attacker was interested to see who visited.

The script collected the hostname and MAC address of a person's computer and sent it to a remote computer. The exploit is targeted specifically to unmask Tor Browser Bundle users without actually installing any backdoors on their host. The TOR Project also advised users to turn off Javascript by clicking the blue "S" by the green onion within the TOR browser. "Disabling JavaScript will reduce your vulnerability to other attacks like this one, but disabling JavaScript will make some websites not work like you expect," TOR wrote. "A future version of Tor Browser Bundle will have an easier interface for letting you configure your JavaScript settings." Mozilla has patched the hole in later versions of Firefox, but some people may still be using the older versions of the TOR Browser Bundle. 

Is the smart meter roll-out doomed?

A new select committee report has given the UK's smart meter roll-out a thumbs up. But is the project doomed to failure? Computer Weekly has spoken to experts who have raised concerns over the economic impact and benefits, the technical infrastructure and the IT project management behind the UK's smart meter programme. When engineering consultant Mott MacDonald calculated the cost of the smart meter programme, the firm stated the net present value of the programme would be £4.0bn in the red, according to Alex Henney, an economist and advisor for the electricity industry, who gave evidence to the Smart Meter Select Committee.  Yet the civil service has put the net present value at £4.9bn.  “The civil service went to town to tweak the numbers," said Henney. "It's a political freak to go from -£4bn to +£4.9bn in four years.

If that does not ring a bell, then you can believe pigs can fly.” More expensive than Continental counterparts He said the UK programme is twice as expensive as the Spanish and Italian smart meter programmes. “There are two obvious differences. Firstly, the Italians and Spanish rely on a powerline network [for data communications], which is simpler and cheaper than wireless technology.” Italy and Spain also use a central distributed network operator (DNO) to roll out the smart meters, which, he claims, is simpler than relying on electricity suppliers.  “We have devised the most complex roll-out in the world,” Henney said.

The UK approach, which relies on suppliers rolling out meters, will need an extra large database to collate information on who owns the meter, incurring costs and introducing errors and complexity. It's a political freak to go from -£4.0bn to +£4.9bn in 4 years.

If that does not ring a bell, then you can believe pigs can fly.” Alex Henney The UK's smart meter project will enable consumers to see how much energy they use.

Henney said the programme will require an energy usage display in each household that costs £25 each. That may not seem like much, but over the course of 43 million households, it represents over £1.1bn. Henney believes many people will throw these displays away and they are unlikely to have any impact on people's usage patterns.  "The average residential consumption is 4,000KwH compared with 16,000 KwH in Norway where home heating exclusively uses electricity," he said. "The average UK electricity consumption has not increased very much.

In the case of gas, consumption has gone down." The EU wants member states to provide 80% of all households in member states with smart meters.

A new Ernst & Young study for the German Federal Ministry of Information and Technology has not recommended smart meters in Germany. No major environmental boost From Henney's analysis, smart meters will not give the UK a major environmental boost as many homes now use efficient condenser boilers for heating and energy efficient lighting.

He believes the government's premise that people will manage their energy consumption is flawed. In other parts of the world the largest gains in energy reduction have not come from smart meter roll-outs, but from targeted measures that reduce peak consumption. "In California, the main demand side response is not coming from real-time smart meters, but from electricity suppliers directly controlling air conditioners," he added. Ross Anderson, professor in security engineering at the University of Cambridge Computer Laboratory, warns that the energy industry has no reason to lower energy usage.  "There is no prospect it will meet its energy saving goals as the meters will be controlled by the retailers whose interest is to maximise sales volumes," Anderson said. "The project was sold on the basis of a thoroughly dishonest impact assessment and it's pressing ahead, despite lack of agreement on many aspects of the specification.  "It's a classic IT disaster in the making." IT complexity Beyond the choice of wireless over powerline for smart meter connectivity and the potential ineffectiveness of people to manage their consumption, the software development and project management of the programme may not be robust enough. The costs associated with the IT behind the programme are likely to escalate and timescales will overrun, according to software engineer Martyn Thomas, a member of the IET Information Technology Policy Panel.  "It is a very large IT project, and the government's track record is not good," said Thomas. "The government usually overlooks the amount of business change." Risk is another factor he believes will contribute to the project's demise. "There isn’t a properly constructed risk register with provisions to sort out problems if they should arise," he said. Thomas, who previously worked on tax office IT, said: "One of the ways we managed projects in taxes was by identifying possible outcomes for the project and assigning risk to each." Thomas is a strong proponent of formal methods, which he said will decrease project cost.  "Most of the costs in an IT project are the efforts in finding errors. We’ve known for 40 years that testing only shows the presence of errors, not their absence," he said. According to Thomas, a formal methodology would reduce errors getting into the smart meter programme. Problems areas are identified early. "You save an awful lot of time." Less errors also means less risk of cyber attacks impacting smart meters and people's electricity and gas supplies. The chance of failure is high. In his evidence to the Select Committee Andrew Ward, operations director at Scottish Power highlighted a project oversight which occurred at the company's US division.  "As part of the deployment [the US operations] rolled out 200,000 meters and had to replace 5,000 because they could not update communications over the wire," said Ward.  In other words, the team had failed to identify the potential flaw of meters not being remotely accessible and had to replace 2.5% of them at considerable cost.

If this were to occur in the UK's roll-out, almost a million households would be affected. Email Alerts Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox. By submitting you agree to receive email from TechTarget and its partners.

If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy Read More Related content from ComputerWeekly.com

German justice minister proposes ban for US firms that don’t abide...

Meanwhile, German spy agency (BND) is passing metadata on to the NSA.    

Latvia agrees to extradite man accused of helping Gozi malware creation

Suspect denies involvement: “I don’t know about the Gozi virus."    

Australians revolt over CAPTCHA

Australians do not give an XXXX for the use of CAPTCHA and are now in open revolt. According to IT News, a new campaign calling for the death of CAPTCHA has begun in Earnest, which we think is a small town near Cairns.   They say that the technology to combat spam bots is also blocking people with disabilities and the feature should be removed from websites. A CAPTCHA is a completely automated public Turing test to tell computers and humans apart. They are designed to prevent spammers from automatically sending unsolicited commercial messages to sites and users by requiring people to read unreadable text and numbers. The problem with CAPTCHA is that it hinders people with vision impairments to the point that they cannot use certain websites. Blind Citizens Australia, Able Australia, Media Access Australia and the Australian Deaf-Blind Council are calling on organisations to stop using CAPTCHA, setting up a petition with the Australian Communications Consumer Action Network. Apparently when CAPTCHA uses audio files along with the strings of letters, people with disabilities find these just as tough. Dyslexic, colour-blind and older users often find CAPTCHA hard to get through too. It is starting to look like the use of CAPTCHA may in fact contravene Australia's Disability Discrimination Act. A better way for everyone, critics suggest, would be the use of emails to activate and verify users, instead of CAPTCHA. The W3C web standards organisation has already commented that CAPTCHA has become less effective as an anti-spam measure, with character and image recognition software being able to defeat it.

Researchers find trojanized banking app that exploits critical Android bug

Google's smartphone app verification tool to the rescue.    

“Most” of Apple’s developer site services to be restored “this week”

The handful of services that remain offline should be back soon.    

Attackers wield Firefox exploit to uncloak anonymous Tor users

Publicly available exploit threatens all Tor users unless they take action now.