11.3 C
Sunday, September 24, 2017

German government denies Windows ‘back door’ claims

The German government doles out common-sense advice on using Windows 8 and TPM 2.0 chips in conjunction, but it's distorted by some observers into wild claims of "back doors." The German government on Thursday publicly denied a German newspaper report...

UK court grants “limited injunction” to halt authorities’ access to seized...

Counsel for David Miranda, Glenn Greenwald's partner, dubs it "partial victory."    

Application Security: 10 Reasons It Must Change to Remain Relevant

Open-Source Usage Continues to Expand You are probably thinking "Yes, I know that Linux, MySQL, are being used.

And, my developers are also using a bunch of open-source tools to h...

Researchers remind us that blocking notorious sites doesn’t really work

Banning the Pirate Bay in the Netherlands has accomplished little.    

PwC hires former head of Met police e-crime unit to advise...

Professional services firm PriceWaterhouseCoopers (PwC) has hired the former head of the central e-crime unit at the Metropolitan Police, Charlie McMurdie, to advise businesses on cyber crime. McMurdie spent more than 30 years at the Metropolitan Police, where she set up and led the e-crime unit.  PwC's cyber security practice advises organisations on issues such as intelligence, detection and prevention of cyber threats in addition to regulation around cybercrime and the overall impact cyber attacks can have on a business. McMurdie will now take up a role across PwC's Forensics, Risk Assurance and Legal Services cyber security teams, while also lecturing on cyber security matters at numerous UK universities.  She said: "I am delighted to be working alongside the skilled professionals in PwC's cyber security practice. PwC has a proven track record helping organisations to tackle the complex and sophisticated threats posed by cyber criminals. "Operating securely in the cyber environment is an urgent issue facing business leaders today.

If organisations are going to combat the incredible resourcefulness and ability of the attackers, they must understand the risks they face and put into place the necessary processes and policies to respond adequately," she added. John Berriman, chairman of the cyber security practice at PwC, said he was "very pleased" that McMurdie had joined the firm. "Charlie is an internationally recognised cyber crime and security expert with extensive experience in the industry, making her a great addition to the team. "Through continually strengthening our cyber security practice, we can better help our clients to recognise and address their cyber vulnerabilities," he said. 

US publishes revealing review on NSA surveillance

The US Foreign Intelligence Surveillance Court (FISC) has deemed the National Security Agency’s email and data programme illegal, according to a declassified 2011 opinion ruling released by the country's government. The Electronic Frontier Foundation (EFF), a civil liberties watchdog, has been fighting the government in federal court for more than a year to publish the 86-page ruling. The heavily redacted document criticised the government’s misrepresentation of the scope of the NSA surveillance activities, revealing the NSA had collected thousands of US communications in 2011. Surveillance conducted by the NSA under the Foreign Intelligence Surveillance Act (FISA) Amendments Act was unconstitutional and violated 'the spirit' of federal law, the ruling found. According to the document, the NSA acquired up to 10,000 "multi-communication transactions” each year that contain at least one wholly domestic communication. The document also said the NSA had been acquiring more than 250 million internet communications in total each year. However, a month after the FISC ruled the collection unconstitutional, the NSA adjusted its collection process to filter out wholly US traffic from international traffic, according to US reports. The EFF said the release of the opinion ruling is just one step in advancing a public debate on the scope and legality of the NSA's domestic surveillance. “The EFF will keep fighting until the NSA's domestic surveillance program is reined in, federal surveillance laws are amended to prevent these kinds of abuse from happening in the future, and government officials are held accountable for their actions,” the watchdog said. The publication of the document comes nearly two months since whistleblower Edward Snowden published secret documents on US surveillance policies and revealed the NSA’s screening practices. US President Barack Obama has since promised sweeping reforms designed to limit data collection by the NSA under the Patriot Act. In a statement following the release of the court opinion ruling, US national intelligence director James Clapper announced he is to set up a group to review the US surveillance capabilities and will issue a report by mid-December. Email Alerts Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox. By submitting you agree to receive email from TechTarget and its partners.

If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy Read More Related content from ComputerWeekly.com

US spying scandal encourages Malaysia to step up internet surveillance

The first global repercussions of the US/UK internet spying scandal have emerged with a plan by the Malaysian government to radically step up internet monitoring - in the name of fighting corruption as the cover. Paul Low, the official in charge of fighting corruption in the South-East Asian country, has told Bloomberg that the country will soon be resorting to phone tapping and wider internet monitoring in a bid to combat corruption. The government is already in the planning stage of new laws that would empower the government to embark on widespread web snooping, he told Bloomberg. "Does Malaysia want to be a failed state or does it want to rise up?" Low asked rhetorically. However, with the debate cast in such terms, the public might expect the government to turn its surveillance apparatus on figures in public life widely suspected of corruption - rather than them. "What the public is expecting them to do is to go after the major perpetrators that are generally publicly known but protected due to politics or so on," Ibrahim Suffian an official at the Merdeka Center for Opinion Research, told Bloomberg. While mass surveillance tools are widely available around the world and deployed in many states, the revelation about the mass internet tapping perpetrated by the US National Security Agency and the UK's GCHQ - which is almost all-encompassing - will encourage governments across the world to do the same. The internet spying activities of the US and UK were sensationally exposed when whistleblower Edward Snowden, a contractor at the US National Security Agency, disclosed a trove of thousands of documents to The Guardian newspaper in mid-July.  Snowden went on the run following the disclosures and has sought asylum in Russia to avoid an inevitable jail sentence running in to several decades under US justice.  

US to make improvements in facial recognition software

The US federal government is closer to making a surveillance system that would pair computers with video cameras to scan crowds and automatically identify people by their faces. The New York Times has got its paws on reports relating to the Department of Homeland Security's crowd scanning project called the Biometric Optical Surveillance System [BOSS]. The system was not fully baked, but researchers say they are making significant advances. The idea is to have a system that would help match faces in a crowd with names on a watch list. It would allow police to spot suspects at high-profile events like a presidential inaugural parade or find those who have escaped from prison. So far technical specialists say crowd scanning is still too slow and unreliable, but the NSA is still keen on coming up with a workable plan in time for when computer processing power is strong enough. BOSS began as an effort to help the military detect potential suicide bombers and other terrorists overseas at "outdoor polling places in Afghanistan and Iraq". But in 2010, the Department of Homeland Security wanted it to be developed for use by the police in the United States. During a recent test of the system, the department recommended against deploying it until more improvements could be made. However, at this point it is not clear when this may be done. Researchers say they made progress, and independent specialists say it is virtually inevitable that someone will make the broader concept work as camera and compute power continue to improve. The feeling is that it could be in place in five years centred around a two-year, $5.2 million federal contract given to Electronic Warfare Associates. BOSS is handicapped by the fact that taking snaps of crowds from a distance is blighted with lighting problems and faces tend to be partly obscured. Currently BOSS researchers are trying to overcome those challenges by generating far more information for computers to analyse. BOSS consists of two towers bearing "robotic camera structures" with infrared and distance sensors.

They take pictures of the same subject from slightly different angles. A computer then processes the images into a "3D signature" built from data like the ratios between various points on someone's face to be compared against database of faces. A more recent test used 30 volunteers whose facial data would be mingled in a database among 1,000 mug shots.

The agency set up six tests to determine the technology's overall accuracy. The test worked out that the technology was not ready for police to buy. Currently the belief is that the technology could be ready to deploy within five years. 

US spooks snoop more than they say

NSA claims that it is only focused on foreign communications and US citizens are only spied on by accident have been rubbished by new information reported in the Wall Street Journal. The National Security Agency has only limited legal authority to spy on US citizens and yet for some reason it has built a surveillance network that covers more than 75 percent of Americans' web use. The WSJ said that the system has the capacity to reach roughly 75 percent of all US Internet traffic. In some cases, it retains the written content of emails sent between citizens within the US and also filters domestic phone calls made with internet technology. What is weird about some of these disclosures is that they have been public for years. Whistleblower Mark Klein revealed years ago that the NSA has deals with the major telcos which scoop up a huge amount of internet traffic. These programmes were code-named Blarney, Fairview, Oakstar, Lithium and Stormbrew and they filter and gather information at major telecommunications companies. Filtering is carried out at more than a dozen locations at major internet junctions in the US. The NSA was not being exactly truthful when it said that the information copied was just metadata either. The NSA has the capability to track almost anything that happens online, although it does still need a broad court order. There is also some measure of NSA doublespeak. It can claim that it's not "accessing" all of this traffic, because it asks the telcos to do some of the filtering for it. But effectively it amounts to the same thing. The WSJ confirms that while most of the requests are targeted towards foreign communications, there are times when it's quite clear that requests are likely to cover domestic communications. Part of this is because there is a broad interpretation of the FISA Amendments Act, giving the NSA the power to snoop on people "reasonably believed" to be outside the US. This is a much lower legal standard than requiring "probable cause" that they were "an agent of a foreign power. Some of the "mistakes" listed by the NSA which lead to data being collected on everyone in Washington were probably more deliberate than they appeared.

The NSA fessed up to one operator mistake which involved in data being collected on New York instead of Egypt "for three months". However the Journal found that it had three years of illegal collections. 

Manning gets 35 years in clink

Bradley Manning has been sentenced to 35 years in prison for leaking classified US government information to WikiLeaks. According to the Wall Street Journal, presiding judge, Denise Lind, delivered a sentence that means the former intelligence analyst will likely spend at least eight more years behind bars before he could be freed. Manning downloaded some 700,000 classified military and diplomatic documents that he sent to WikiLeaks and admitted doing it. However, his attorneys and anti secrecy advocates have said that it would have a chilling effect on whistleblowers looking to expose government wrongdoing. Manning's sentence was the longest meted out in recent history for a would-be whistleblower, but it was also one of the biggest leaks ever. With Manning's help, WikiLeaks released 250,000 diplomatic cables, nearly 400,000 military reports and an infamous video of a 2007 US airstrike in Baghdad that killed two Reuters employees. There are some who think the punishment is too light, particularly as some of the more right wing types believed he should have been executed for treason. Republican Buck McKeon, who is the chairman of the House Armed Services Committee, said the sentence was "light" given the vast damage Manning did to US national security. McKeon felt there was a need to send a strong signal to others who may be tempted to disclose classified information. Apparently 35 years in jail is not enough to deter anyone from handing over documents. But McKeon's argument depends on the fact that Manning, 25, was found guilding of the most serious charge, aiding the enemy. He wasn't. As it was, the most the prosecution wanted was 60 years, and the defence no more than 25. After he has served his sentence he will be dishonourably discharged, and will forfeit all pay and benefits. Manning is expected to be transferred quickly to Fort Leavenworth to serve his sentence.

The case will be immediately appealed, and he could be granted clemency by the Army parole board. David Coombs, Manning's lead attorney, and others, said they would launch a new campaign urging President Barack Obama to pardon Manning although at the moment it is unlikely to see him do that. Obama only lets corporate stars like Apple off the hook. Manning is also an example of Obama's crackdown on leaks. His administration has used the 1917 Espionage Act to prosecute more than twice as many people for mishandling secret government information as all other administrations combined. Central Intelligence Agency officer John Kiriakou is serving a 30 month sentence after being convicted of sharing classified information with a reporter about the agency's controversial waterboarding interrogation technique. 

Charlie McMurdie joins PwC’s cyber practice

Charlie McMurdie, former head of the central e-crime unit, at the Metropolitan police, is joining business consultancy firm PricewaterhouseCoopers (PwC) as its senior crime adviser. McMurdie has more than 30 years’ service in the Metropolitan Police where she set up and led the Police Central e-crime Unit, with the national remit to undertake cyber crime investigations that impact the UK. She chose not to stay with the force ahead of its merger with the cyber arm of the Serious Organised Crime Agency (SOCA) into the National Cyber Crime Unit (NCCU) in October. McMurdie will work across PwC’s Forensics, Risk Assurance and Legal services cyber security teams and will lecture on cyber security matters at a variety of UK universities. “Operating securely in the cyber environment is an urgent issue facing business leaders today,” said McMurdie. “If organisations are going to combat the incredible resourcefulness and ability of the attackers they must understand the risks they face and put into place the necessary processes and policies to respond adequately,” she said. John Berriman, chairman of the Cyber Security practice at PwC said McMurdie is an internationally recognised cyber crime and security expert with extensive experience in the industry. “Through continually strengthening our cyber security practice we can better help our clients to recognise and address their cyber vulnerabilities,” he said. Berriman said that because the battle with cyber criminals is fast paced with risks constantly evolving and increasing in scope, it was a necessity that business leaders understand the impact that a cyber breach could have on their organisation and place cyber security firmly on their board’s agenda. Email Alerts Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox. By submitting you agree to receive email from TechTarget and its partners.

If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy Read More Related content from ComputerWeekly.com

NHS at 65: The First Steps Into a Digitised NHS

It has been 65 years since the birth of the NHS. Since its inception, the NHS has been at the forefront of healthcare provision in the UK.

Along its 65-year journey, the NHS has undergone many changes, both in the provision of healthcare and in the way it treats patients whilst remaining true to Bevan's initial vision. Dedicating time to patient care is as taxing now as it was all those years ago.

A recent survey from the Royal College of Nursing highlighted that nurses spend a staggering 2.5 million hours per week on paperwork. In an aim to reduce this, earlier this year, the Health Secretary Jeremy Hunt announced a goal that the NHS would become fully digitised by 2018.

A key part of dedicating more time to care is allowing clinicians and nurses to remain mobile and digitise all information at patients' bedside, instead of wandering between the ward and the office to input information. While David Cameron has pledged £100m to the NHS to accelerate the adoption of mobile technology to reduce the amount of red tape and improve the time spent on patient care, it doesn't mean that Trusts should plan to automatically splash out on the fanciest gadgets.

Any new technology acquisition should be chosen on the basis of how easy it is to implement, how much bespoke development is required, when the ROI can be achieved and most importantly how much time it frees up to dedicate to patient care. One of the major concerns with introducing new technologies is the associated capital, training and operational costs, along with issues of effectiveness and usability.

A study by industry analysts Quocirca suggests that technology can sometimes be thrown at problems in the healthcare sector without fully considering and understanding of the underlying processes or the needs of the clinicians and carers. Where laptops, tablets and smartphones have a high penetration in the healthcare sector, it can be tricky to input single-handedly or while standing up, difficult to clean, easily damaged and prone to theft and loss.

All of this hinders their effective use and drives costs upwards. Quality of patient care is the NHS's top priority, and correctly capturing patient data digitally is critical to that as typified by Cameron's pledge.

The problem is that most healthcare processes today are still paper-based, due to the risk to the accuracy and quality of patient care involved in adopting complicated data capture tools such as laptops or tablet PCs, and lack of time to familiarise with new technology.

Due to these factors, an update to the most traditional of input devices - the simple pen - has been generating traction. [Turn to next page]