information security

186 results back to index


pages: 302 words: 82,233

Beautiful security by Andy Oram, John Viega

Albert Einstein, Amazon Web Services, An Inconvenient Truth, Bletchley Park, business intelligence, business process, call centre, cloud computing, corporate governance, credit crunch, crowdsourcing, defense in depth, do well by doing good, Donald Davies, en.wikipedia.org, fault tolerance, Firefox, information security, loose coupling, Marc Andreessen, market design, MITM: man-in-the-middle, Monroe Doctrine, new economy, Nicholas Carr, Nick Leeson, Norbert Wiener, operational security, optical character recognition, packet switching, peer-to-peer, performance metric, pirate software, Robert Bork, Search for Extraterrestrial Intelligence, security theater, SETI@home, Silicon Valley, Skype, software as a service, SQL injection, statistical model, Steven Levy, the long tail, The Wisdom of Crowds, Upton Sinclair, web application, web of trust, zero day, Zimmermann PGP

J IM R OUTH , CISM, has over 20 years of experience in information technology and information security as a practitioner, a management consultant, and a leader of technology functions and information security functions for global financial service firms. He is currently a managing director and chief information security officer for the Depository Trust & Clearing Corporation (DTCC). In this position, Jim designed and implemented an enterprise-wide information security program based on risk-management best practices and the COBIT and ISO 27001 standards. He implemented an innovative information security CONTRIBUTORS 263 risk-assessment process and a security program for software development that has been recognized as an industry leader.

Every CIO and CISO, asked to justify a security budget or particular security expenditure, knows that information security suffers from the inescapable problem of generating little or no direct revenue (an issue also addressed in detail by Peiter “Mudge” Zatko in Chapter 1, Psychological Security Traps). Many pundits have likened information security to an insurance policy: if everything goes well, you don’t even realize you have it. * Ibid. OH NO, HERE COME THE INFOSECURITY LAWYERS! 205 Information security now vies for the top spot in the priority list (and, therefore, for the budget dollars) of many IT departments. Consider information security management’s rating as the number-one technology initiative in a 2008 survey of Certified Information Technology Professionals.† In justifying expenditures for information security, however, this may be one of those rare situations where “lawyers are your friends.”

., whether B is less than PL.”‡ In the context of information security, this could translate to the following analysis: if the burden on an organization to prevent an information security breach or lapse is less than the probability of that breach multiplied by the damages that could result, that organization should seriously consider taking on that burden (or a reasonable alternative approach). Mapping this to pragmatic and proactive information security, the simple shorthand of B < P × L can set the stage for a powerful argument for information security budgets. A company can get a very rough estimate of its security budget by taking a look at all of the threats in its threat and risk assessment (TRA) and ascertaining two things about each threat: the probability that an attack based on that threat will actually affect the business and the cost of the resulting attack.


Engineering Security by Peter Gutmann

active measures, address space layout randomization, air gap, algorithmic trading, Amazon Web Services, Asperger Syndrome, bank run, barriers to entry, bitcoin, Brian Krebs, business process, call centre, card file, cloud computing, cognitive bias, cognitive dissonance, cognitive load, combinatorial explosion, Credit Default Swap, crowdsourcing, cryptocurrency, Daniel Kahneman / Amos Tversky, Debian, domain-specific language, Donald Davies, Donald Knuth, double helix, Dr. Strangelove, Dunning–Kruger effect, en.wikipedia.org, endowment effect, false flag, fault tolerance, Firefox, fundamental attribution error, George Akerlof, glass ceiling, GnuPG, Google Chrome, Hacker News, information security, iterative process, Jacob Appelbaum, Jane Jacobs, Jeff Bezos, John Conway, John Gilmore, John Markoff, John von Neumann, Ken Thompson, Kickstarter, lake wobegon effect, Laplace demon, linear programming, litecoin, load shedding, MITM: man-in-the-middle, Multics, Network effects, nocebo, operational security, Paradox of Choice, Parkinson's law, pattern recognition, peer-to-peer, Pierre-Simon Laplace, place-making, post-materialism, QR code, quantum cryptography, race to the bottom, random walk, recommendation engine, RFID, risk tolerance, Robert Metcalfe, rolling blackouts, Ruby on Rails, Sapir-Whorf hypothesis, Satoshi Nakamoto, security theater, semantic web, seminal paper, Skype, slashdot, smart meter, social intelligence, speech recognition, SQL injection, statistical model, Steve Jobs, Steven Pinker, Stuxnet, sunk-cost fallacy, supply-chain attack, telemarketer, text mining, the built environment, The Death and Life of Great American Cities, The Market for Lemons, the payments system, Therac-25, too big to fail, Tragedy of the Commons, Turing complete, Turing machine, Turing test, Wayback Machine, web application, web of trust, x509 certificate, Y2K, zero day, Zimmermann PGP

References [1] [2] [3] [4] [5] [6] “PKI Seeks a Trusting Relationship”, Audun Jøsang, Ingar Pedersen and Dean Povey, Proceedings of the 5th Australasian Conference on Information Security and Privacy (ACISP’00), Springer-Verlag LNCS No.1841, July 2000, p.191. “Advances and Remaining Challenges to Adoption of Public Key Infrastructure Technology”, United States General Accounting Office report GAO-01-277, February 2001. “Solution and Problems: (Why) It’s a long Way to Interoperability”, Jürgen Schwemmer, Datenschutz und Datensicherheit, No.9, 2001 (September 2001). “Prime-Time Player?”, Leo Pluswich and Darren Hartman, Information Security Magazine, March 2001. “PKI: An Insider View”, Ben Rothke, Information Security Magazine, October 2001.

[463] Joe Faulhaber, private communications, 2 January 2009. [464] Paul Heinz, private communications, 18 January 2010. [465] “Digital Deception: The Practice of Lying in the Digital Age”, Jeffrey Hancock, in “Deception: From Ancient Empires to Internet Dating”, Stanford University Press, 2009, p.109. [466] “Mobile Geräte programmieren”, Ulrich Breyman, Linux Technical Review, No.11 (2009), p.64. [467] “GlobalSign revokes cert of rogue security app: Certified malware exposes shortcomings of digital certificates”, John Leyden, 16 August 2008, http://www.theregister.co.uk/2008/08/16/certified_malware/. [468] “Phishing: Cutting the Identity Theft Line”, Rachael Lininger and Russell Vines, John Wiley and Sons, 2005. [469] “Corporate Identity Theft Used to Obtain Code Signing Certificate”, Jarno Niemelä, 25 August 2010, http://www.f-secure.com/weblog/archives/00002017.html. [470] “Re: [cryptography] How are expired code-signing certs revoked?”, Jon Callas, posting to the cryptography@randombit.net mailing list, message-ID 886A612C-A596-4111-A4AD-5999797F9420@callas.org, 18 December 2011. [471] “Why Information Security is Hard — An Economic Perspective”, Ross Anderson, Proceedings of the 17th Annual Computer Security Applications Conference (ACSAC’01), December 2001, p.358. [472] “The Economics of Information Security”, Ross Anderson and Tyler Moore, Science, Vol.314, No.5799 (27 October 2006), p.610. [473] “The DNS-Based Authentication of Named Entities (DANE) Transport Layer Security (TLS) Protocol: TLSA”, RFC 6698, Paul Hoffman and Jakob Schlyter, August 2012. [474] “Authenticated Names”, Stanley Chow, Christophe Gustave and Dmitri Vinokurov, Proceedings of the 2007 New Security Paradigms Workshop (NSPW’07), September 2007, p.23. [475] “Windows Logo Program: Overview”, http://www.microsoft.com/whdc/winlogo/default.mspx. [476] “What were the tests that WinG did to evaluate video cards?”

id=1234772.1234786. [370] “Mental Models of Home Computer Security”, Rick Wash, Symposium on Usable Privacy and Security (SOUPS’08), Poster Session, July 2008, http://cups.cs.cmu.edu/soups/2008/posters/wash.pdf. [371] “Folk Models of Home Computer Security”, Rick Wash, Proceedings of the 6th Symposium on Usable Privacy and Security (SOUPS’10), July 2010, to appear. [372] “The Commercial Malware Industry”, Peter Gutmann, presentation at Defcon 15, August 2007, https://www.defcon.org/images/defcon-15/dc15presentations/dc-15-gutmann.pdf, updated version at http://www.cs.auckland.ac.nz/~pgut001/pubs/malware_biz.pdf. [373] “Re: Zero Overhead Security”, Rick Wash, posting to the hcisec@yahoogroups.com mailing list, message-ID E0B6251B-FC4E-4FF79DFC-E751C0B25865@umich.edu, 29 September 2008. [374] “Risk”, John Adams, UCL Press, 1995. [375] “The Theory of Risk-Homeostasis: Implications for Safety and Health”, Gerald Wilde, Risk Analysis, Vol.2, No.4 (December 1982), p.209. [376] “Risk Homeostasis Theory and Traffic Accident Data” L.Evans, Risk Analysis, Vol.6, No.1 (March 1986), p.81. [377] “Notes on the Interpretation of Traffic Accident Data and of Risk Homeostasis Theory: A Reply to L. Evans”, Gerald Wilde, Risk Analysis, Vol.6, No.1 (March 1986), p.95. [378] “Risk Homeostasis as a Factor of Information Security”, Malcolm Pattinson, Proceedings of the 2nd Australian Information Security Management Conference (AISM’04), November 2004, p.64. [379] “Department of Homeland Security website hacked! Infected by massive attack sweeping the net”, Dan Goodin, 25 April 2008, http://www.theregister.co.uk/2008/04/25/mass_web_attack_grows/. [380] “Poisoned TV website adverts lead to PC and Mac scareware”, Sophos Labs, 21 February 2008, http://www.sophos.com/pressoffice/news/articles/2008/02/poisoned-adverts.html. [381] “Data theft scam targets Google ads”, Associated Press, 27 April 2007, http://www.msnbc.msn.com/id/18348120/. [382] “Malware delivered by Yahoo, Fox, Google ads”, Elinor Mills, 22 March 2010, http://news.cnet.com/8301-27080_3-20000898-245.html. [383] “Security Beliefs and Barriers for Novice Internet Users”, Steven Furnell, Valleria Tsaganidi and Andy Phippen, Computers & Security, Vol.27, No.7-8 (December 2008), p.235.


Applied Cryptography: Protocols, Algorithms, and Source Code in C by Bruce Schneier

active measures, cellular automata, Claude Shannon: information theory, complexity theory, dark matter, Donald Davies, Donald Knuth, dumpster diving, Dutch auction, end-to-end encryption, Exxon Valdez, fault tolerance, finite state, heat death of the universe, information security, invisible hand, John von Neumann, knapsack problem, MITM: man-in-the-middle, Multics, NP-complete, OSI model, P = NP, packet switching, quantum cryptography, RAND corporation, RFC: Request For Comment, seminal paper, software patent, telemarketer, traveling salesman, Turing machine, web of trust, Zimmermann PGP

Kim, “Attacks on Tanaka’s Non–interactive Key Sharing Scheme,” Proceedings of the 1995 Symposium on Cryptography and Information Security (SCIS 95), Inuyama, Japan, 24–27 Jan 1995, pp. B3.4.1–4. 1229. S.J. Park, K.H. Lee, and D.H. Won, “An Entrusted Undeniable Signature,” Proceedings of the 1995 Japan–Korea Workshop on Information Security and Cryptography, Inuyama, Japan, 24–27 Jan 1995, pp. 120–126. 1230. S.J. Park, K.H. Lee, and D.H. Won, “A Practical Group Signature,” Proceedings of the 1995 Japan–Korea Workshop on Information Security and Cryptography, Inuyama, Japan, 24–27 Jan 1995, pp. 127–133. 1231. S.K. Park and K.W.

The Group shall be composed of six federal employees, three each selected by NIST and NSA and to be augmented as necessary by representatives of other agencies. Issues may be referred to the group by either the NSA Deputy Director for Information Security or the NIST Deputy Director or may be generated and addressed by the group upon approval by the NSA DDI or NIST Deputy Director. Within days of the referral of an issue to the Group by either the NSA Deputy Director for Information Security or the NIST Deputy Director, the Group will respond with a progress report and plan for further analysis, if any. 6. Exchange work plans on an annual basis on all research and development projects pertinent to protection of systems that process sensitive or other unclassified information, including trusted technology, for protecting the integrity and availability of data, telecommunications security and personal identification methods.

Export licenses are approved or denied based upon the type of equipment involved, the proposed end use and the end user. Our analysis indicates that the U.S. leads the world in the manufacture and export of information security technologies. Of those cryptologic products referred to NSA by the Department of State for export licenses, we consistently approve over 90%. Export licenses for information security products under the jurisdiction of the Department of Commerce are processed and approved without referral to NSA or DoD. This includes products using such techniques as the DSS and RSA which provide authentication and access control to computers or networks.


pages: 587 words: 117,894

Cybersecurity: What Everyone Needs to Know by P. W. Singer, Allan Friedman

4chan, A Declaration of the Independence of Cyberspace, air gap, Apple's 1984 Super Bowl advert, barriers to entry, Berlin Wall, bitcoin, blood diamond, borderless world, Brian Krebs, business continuity plan, Chelsea Manning, cloud computing, cognitive load, crowdsourcing, cuban missile crisis, data acquisition, do-ocracy, Dr. Strangelove, drone strike, Edward Snowden, energy security, failed state, fake news, Fall of the Berlin Wall, fault tolerance, Free Software Foundation, global supply chain, Google Earth, information security, Internet of things, invention of the telegraph, John Markoff, John Perry Barlow, Julian Assange, Khan Academy, M-Pesa, military-industrial complex, MITM: man-in-the-middle, mutually assured destruction, Network effects, packet switching, Peace of Westphalia, pre–internet, profit motive, RAND corporation, ransomware, RFC: Request For Comment, risk tolerance, rolodex, Seymour Hersh, Silicon Valley, Skype, smart grid, SQL injection, Steve Jobs, Stuxnet, Twitter Arab Spring, uranium enrichment, vertical integration, We are Anonymous. We are Legion, web application, WikiLeaks, Yochai Benkler, zero day, zero-sum game

Building on its technical experience securing national defense networks, the NSA partnered with the private security training company SANS to develop critical security controls. They built a consortium of representatives from the defense and law enforcement communities, information security companies, and even representatives from the UK government’s information assurance agencies. This public-private partnership developed a set of 20 critical controls, which were then vetted by the larger information security community. These collectively built controls, which lay out the need for such measures as inventories of authorized devices and software, and proper maintenance and analysis of audit logs, give any and every individual organization a set of clear security goals to follow.

It has led to the creation of various new governmental offices and bureaucracies (the US Department of Homeland Security’s National Cyber Security Division has doubled or tripled in size every year since its inception). The same is true for armed forces around the globe like the US Cyber Command and the Chinese “Information Security Base” (xinxi baozhang jidi), new military units whose very mission is to fight and win wars in cyberspace. As we later consider, these aspects of “cyber stuff” raise very real risks, but how we perceive and respond to these risks may be even more crucial to the future, and not just of the Internet.

Not only must internal secrets and sensitive personal data be safeguarded, but transactional data can reveal important details about the relationships of firms or individuals. Confidentiality is supported by technical tools such as encryption and access control as well as legal protections. Integrity is the most subtle but maybe the most important part of the classic information security triumvirate. Integrity means that the system and the data in it have not been improperly altered or changed without authorization. It is not just a matter of trust. There must be confidence that the system will be both available and behave as expected. Integrity’s subtlety is what makes it a frequent target for the most sophisticated attackers.


pages: 328 words: 77,877

API Marketplace Engineering: Design, Build, and Run a Platform for External Developers by Rennay Dorasamy

Airbnb, Amazon Web Services, barriers to entry, business logic, business process, butterfly effect, continuous integration, DevOps, digital divide, disintermediation, fault tolerance, if you build it, they will come, information security, Infrastructure as a Service, Internet of things, Jeff Bezos, Kanban, Kubernetes, Lyft, market fragmentation, microservices, minimum viable product, MITM: man-in-the-middle, mobile money, optical character recognition, platform as a service, pull request, ride hailing / ride sharing, speech recognition, the payments system, transaction costs, two-pizza team, Uber and Lyft, uber lyft, underbanked, web application

This is a significant game changer and although application teams may be satisfied by fronting the interfaces with an API Gateway, this has an enterprise-wide impact and will require participation from various teams – ranging from Information Security to Networks to Forensics, to name a few. Information Security signs off that customer or organization data is only released based on specific security authorization frameworks such as OAuth. It is important to highlight that the Information Security team is a key stakeholder of the API Marketplace and engagement should be ongoing. Information Security should approve every API product to ensure that the right level of information is provided to the right parties with the right level of security.

Infrastructure: Jan Jacobs, Tumelo Malete, George Phage, Maanda Ambani. External: Pieter Myburgh, Lovemore Nalube, Dylan Youens, George Nel, Hardus van der Berg, Akash Shaha, Loyiso Matymza, Damon Vrkoc, Kabelo Mokwana, Henry Oertel. Forensics: Justin Fairhurst. Business Analysis: Tshepo Mekgoe, Kerassa Pillay, Pravesh Mungaldave. Information Security: Phillip Gerber, Tian Gerber, Enzlin Burts. Network Security: Andre Jansen, Jared Camberg, Iaan Botha. Change and Release: Amanda Kopolo, Patiwe Singapi, Stephanie van Ross, Cecil Loots, Marty Dada, Liesl Moss. To the Apress team – Jonathan Gennick, Jill Balzano, Robert Stackowiak, Laura Berendson, and Welmoed Spahr – I cannot thank you enough for this opportunity of a lifetime.

Information Security should approve every API product to ensure that the right level of information is provided to the right parties with the right level of security. From a technical or development perspective, it may appear to be relatively easy to expose or update an API product to provide additional data. However, Information Security has a greater view regarding the sensitivity of data and, as essentially the guardians of enterprise and customer information, must always be consulted. The Network team will also have to determine how requests, now originating from the Internet, traverse the organization’s boundary and are routed to internal services. At this junction, it may be necessary to pause and reflect on the gravity of establishing an API Marketplace from the perspective of a Network Administrator.


pages: 448 words: 117,325

Click Here to Kill Everybody: Security and Survival in a Hyper-Connected World by Bruce Schneier

23andMe, 3D printing, air gap, algorithmic bias, autonomous vehicles, barriers to entry, Big Tech, bitcoin, blockchain, Brian Krebs, business process, Citizen Lab, cloud computing, cognitive bias, computer vision, connected car, corporate governance, crowdsourcing, cryptocurrency, cuban missile crisis, Daniel Kahneman / Amos Tversky, David Heinemeier Hansson, disinformation, Donald Trump, driverless car, drone strike, Edward Snowden, Elon Musk, end-to-end encryption, fault tolerance, Firefox, Flash crash, George Akerlof, incognito mode, industrial robot, information asymmetry, information security, Internet of things, invention of radio, job automation, job satisfaction, John Gilmore, John Markoff, Kevin Kelly, license plate recognition, loose coupling, market design, medical malpractice, Minecraft, MITM: man-in-the-middle, move fast and break things, national security letter, Network effects, Nick Bostrom, NSO Group, pattern recognition, precautionary principle, printed gun, profit maximization, Ralph Nader, RAND corporation, ransomware, real-name policy, Rodney Brooks, Ross Ulbricht, security theater, self-driving car, Seymour Hersh, Shoshana Zuboff, Silicon Valley, smart cities, smart transportation, Snapchat, sparse data, Stanislav Petrov, Stephen Hawking, Stuxnet, supply-chain attack, surveillance capitalism, The Market for Lemons, Timothy McVeigh, too big to fail, Uber for X, Unsafe at Any Speed, uranium enrichment, Valery Gerasimov, Wayback Machine, web application, WikiLeaks, Yochai Benkler, zero day

Association for Computing Machinery (accessed 24 Apr 2018), “Skillsoft Learning Collections,” https://learning.acm.org/e-learning/skillsoft. (ISC)² (accessed 24 Apr 2018), “(ISC)² information security certifications,” https://www.isc2.org/Certifications. 140The International Organization for Standardization (ISO): International Organization for Standardization (accessed 24 Apr 2018), “ISO/IEC 27000 family: Information security management systems,” http://www.iso.org/iso/home/standards/management-standards/iso27001.htm. 141Various reports forecast 1.5 million: Julie Peeler and Angela Messer (17 Apr 2015), “(ISC)² study: Workforce shortfall due to hiring difficulties despite rising salaries, increased budgets and high job satisfaction rate,” (ISC)² Blog, http://blog.isc2.org/isc2_blog/2015/04/isc-study-workforce-shortfall-due-to-hiring-difficulties-despite-rising-salaries-increased-budgets-a.html.

Federal Bureau of Investigation (29 Dec 2014), “Most wanted talent: Seeking tech experts to become cyber special agents,” https://www.fbi.gov/news/stories/fbi-seeking-tech-experts-to-become-cyber-special-agents. 176The reality always falls short: Neil Robinson and Emma Disley (10 Sep 2010), “Incentives and challenges for information sharing in the context of network and information security,” European Network and Information Security Agency, https://www.enisa.europa.eu/publications/incentives-and-barriers-to-information-sharing/at_download/fullReport. 176This is rational: Lawrence A. Gordon, Martin P. Loeb, and William Lucyshyn (Feb 2003), “Sharing information on computer systems security: An economic analysis,” Journal of Accounting and Public Policy 22, no. 6, http://citeseerx.ist.psu.edu/viewdoc/download?

It corralled a wide variety of IoT devices into the world’s largest botnet, and while it was not used to spread ransomware, it could easily have done so. 5 Risks Are Becoming Catastrophic The trends in the previous four chapters are not new—not the technical realities, not the political and economic trends, nothing. What’s changing is how computers are being used in society: the magnitude of their decisions, the autonomy of their actions, and their interactions with the physical world. This increases the threat over several dimensions. INTEGRITY AND AVAILABILITY ATTACKS ARE INCREASING Information security is traditionally described as a triad consisting of confidentiality, integrity, and availability. You’ll see it called the “CIA triad,” which admittedly is confusing in the context of national security. But basically, the three things I can do with your data are steal a copy of it, modify it, or delete it.


pages: 446 words: 102,421

Network Security Through Data Analysis: Building Situational Awareness by Michael S Collins

business process, cloud computing, create, read, update, delete, data science, Firefox, functional programming, general-purpose programming language, index card, information security, Internet Archive, inventory management, iterative process, operational security, OSI model, p-value, Parkinson's law, peer-to-peer, slashdot, statistical model, zero day

Anton Chuvakin, Logging and Log Management: The Authoritative Guide to Dealing with Syslog, Audit Logs, Alerts, and other IT ‘Noise’ (Syngress, 2012). Chapter 4. Data Storage for Analysis: Relational Databases, Big Data, and Other Options This chapter focuses on the mechanics of storing data for traffic analysis. Data storage points to the basic problem in information security analysis: information security events are scattered in a vast number of innocuous logfiles, and effective security analysis requires the ability to process large volumes of data quickly. There are a number of different approaches available for facilitating rapid data access, the major choices being flat files, traditional databases, and the emergent NoSQL paradigm.

For our purposes, situational awareness encompasses understanding the components that make up your network and how those components are used. This awareness is often radically different from how the network is configured and how the network was originally designed. To understand the importance of situational awareness in information security, I want you to think about your home, and I want you to count the number of web servers in your house. Did you include your wireless router? Your cable modem? Your printer? Did you consider the web interface to CUPS? How about your television set? To many IT managers, several of the devices listed didn’t even register as “web servers.”

All security systems ultimately depend on users recognizing the importance of security and accepting it as a necessary evil. Security rests on people: it rests on the individual users of a system obeying the rules, and it rests on analysts and monitors identifying when rules are broken. Security is only marginally a technical problem—information security involves endlessly creative people figuring out new ways to abuse technology, and against this constantly changing threat profile, you need cooperation from both your defenders and your users. Bad security policy will result in users increasingly evading detection in order to get their jobs done or just to blow off steam, and that adds additional work for your defenders.


pages: 570 words: 115,722

The Tangled Web: A Guide to Securing Modern Web Applications by Michal Zalewski

barriers to entry, business process, defense in depth, easy for humans, difficult for computers, fault tolerance, finite state, Firefox, Google Chrome, information retrieval, information security, machine readable, Multics, RFC: Request For Comment, semantic web, Steve Jobs, telemarketer, Tragedy of the Commons, Turing test, Vannevar Bush, web application, WebRTC, WebSocket

I am also proud to be standing on the shoulders of giants. This book owes a lot to the research on browser security done by members of the information security community. Special credit goes to Adam Barth, Collin Jackson, Chris Evans, Jesse Ruderman, Billy Rios, and Eduardo Vela Nava for the advancement of our understanding of this field. Thank you all—and keep up the good work. * * * [1] Confused deputy problem is a generic concept in information security used to refer to a broad class of design or implementation flaws. The term describes any vector that allows the attacker to trick a program into misusing some “authority” (access privileges) to manipulate a resource in an unintended manner—presumably one that is beneficial to the attacker, however that benefit is defined.

Security in the World of Web Applications To provide proper context for the technical discussions later in the book, it seems prudent to first of all explain what the field of security engineering tries to achieve and then to outline why, in this otherwise well-studied context, web applications deserve special treatment. So, shall we? Information Security in a Nutshell On the face of it, the field of information security appears to be a mature, well-defined, and accomplished branch of computer science. Resident experts eagerly assert the importance of their area of expertise by pointing to large sets of neatly cataloged security flaws, invariably attributed to security-illiterate developers, while their fellow theoreticians note how all these problems would have been prevented by adhering to this year’s hottest security methodology.

—Collin Jackson, researcher at the Carnegie Mellon Web Security Group “Perhaps the most thorough and insightful treatise on the state of security for web-driven technologies to date. A must have!” —Mark Dowd, Azimuth Security, author of The Art of Software Security Assessment PRAISE FOR SILENCE ON THE WIRE BY MICHAL ZALEWSKI “One of the most innovative and original computing books available.” —Richard Bejtlich, TaoSecurity “For the pure information security specialist this book is pure gold.” —Mitch Tulloch, Windows Security “Zalewski’s explanations make it clear that he’s tops in the industry.” —Computerworld “The amount of detail is stunning for such a small volume and the examples are amazing. . . . You will definitely think different after reading this title.”


pages: 395 words: 110,994

The Phoenix Project: A Novel About IT, DevOps, and Helping Your Business Win by Gene Kim, Kevin Behr, George Spafford

air freight, anti-work, antiwork, Apollo 13, business intelligence, business process, centre right, cloud computing, continuous integration, dark matter, database schema, DevOps, fail fast, friendly fire, Gene Kranz, index card, information security, inventory management, Kanban, Lean Startup, shareholder value, systems thinking, Toyota Production System

A developer jamming in an urgent change so he could go on vacation—possibly as part of some urgent project being driven by John Pesche, our Chief Information Security Officer. Situations like this only reinforce my deep suspicion of developers: they’re often carelessly breaking things and then disappearing, leaving Operations to clean up the mess. The only thing more dangerous than a developer is a developer conspiring with Security. The two working together gives us means, motive, and opportunity. I’m guessing our CISO probably strong-armed a Development manager to do something, which resulted in a developer doing something else, which broke the payroll run. Information Security is always flashing their badges at people and making urgent demands, regardless of the consequences to the rest of the organization, which is why we don’t invite them to many meetings.

It’s possible—John routinely deals with some pretty powerful people, like Steve and the board as well as the internal and external auditors. However, I’m certain Steve didn’t mention either John or Information Security as reasons for their departure—only the need to focus on Phoenix. I look at Patty questioningly. She just rolls her eyes and then twirls her finger around her ear. Clearly, she thinks John’s theory is crazy. “Has Steve given you any insights on the new org structure?” I ask out of genuine curiosity—John is always complaining that information security was always prioritized too low. He’s been lobbying to become a peer of the CIO, saying it would resolve an inherent conflict of interest.

Tim says, “Good. Let’s move onto the sixteen significant deficiencies.” A half hour later, Tim is still droning on. I stare glumly at the huge stack of findings. Most of these issues are just like the huge, useless reports we get from Information Security, which is another reason why John has such a bad reputation. It’s the never-ending hamster wheel of pain: Information Security fills up people’s inboxes with never-ending lists of critical security remediation work, quarter after quarter. When Tim finally finishes, John volunteers, “We must get these vulnerable systems patched. My team has a lot of experience patching systems, if you require assistance.


pages: 409 words: 112,055

The Fifth Domain: Defending Our Country, Our Companies, and Ourselves in the Age of Cyber Threats by Richard A. Clarke, Robert K. Knake

"World Economic Forum" Davos, A Declaration of the Independence of Cyberspace, Affordable Care Act / Obamacare, air gap, Airbnb, Albert Einstein, Amazon Web Services, autonomous vehicles, barriers to entry, bitcoin, Black Lives Matter, Black Swan, blockchain, Boeing 737 MAX, borderless world, Boston Dynamics, business cycle, business intelligence, call centre, Cass Sunstein, cloud computing, cognitive bias, commoditize, computer vision, corporate governance, cryptocurrency, data acquisition, data science, deep learning, DevOps, disinformation, don't be evil, Donald Trump, Dr. Strangelove, driverless car, Edward Snowden, Exxon Valdez, false flag, geopolitical risk, global village, immigration reform, information security, Infrastructure as a Service, Internet of things, Jeff Bezos, John Perry Barlow, Julian Assange, Kubernetes, machine readable, Marc Benioff, Mark Zuckerberg, Metcalfe’s law, MITM: man-in-the-middle, Morris worm, move fast and break things, Network effects, open borders, platform as a service, Ponzi scheme, quantum cryptography, ransomware, Richard Thaler, Salesforce, Sand Hill Road, Schrödinger's Cat, self-driving car, shareholder value, Silicon Valley, Silicon Valley startup, Skype, smart cities, Snapchat, software as a service, Steven Levy, Stuxnet, technoutopianism, The future is already here, Tim Cook: Apple, undersea cable, unit 8200, WikiLeaks, Y2K, zero day

., 6, 11, 88, 89, 96, 113, 130, 135, 156, 222, 228 California, 117, 123 cameras, 289–90 Carlin, John, 125 cars, driverless, 266–67, 269–70 Carter, Ash, 193, 225 Causes of War, The (Van Evera), 100 Center for Internet Security, 117 Center for Strategic and International Studies (CSIS), 89, 101, 110, 113 certified information security manager, 146 certified information system auditor, 146 certified information systems security professional, 146, 149 Chamber of Commerce, 44, 109–11, 113, 118 Chaudhuri, Swarat, 80 Chemical Facility Anti-Terrorism Standards, 114–15 Chen, Adrian, 219 Cheney, Dick, 275 chief information officers (CIOs), 72, 300 chief information security officers (CISOs), 5, 33, 40, 49, 56, 64, 65, 69, 72, 87, 151, 170, 177, 178, 244, 300 China, 5, 24, 28, 33–34, 39–41, 43, 46, 50, 97, 159–60, 166, 182, 187, 195, 196, 198, 214, 217, 241, 242, 248, 252, 272 5G and, 267–68 internet and Great Firewall of, 87, 205, 206, 208, 210, 211, 215 People’s Liberation Army, 26, 28, 176, 305 quantum computing and, 256, 259, 260, 262, 264 China Telecom, 119–20 CIA, 23–24, 37, 110, 124, 152, 173, 194 Citibank, 8, 38, 136, 284 civil service system, 171, 173 Clarke, Richard A., 3–4, 6, 10–11, 21, 59, 65, 89, 124–25, 156, 168, 220, 254, 291 Cyber War, 6–7, 13, 26, 37, 78, 192, 200 Warnings, 162, 223 CLEAR, 137 Clinton, Bill, 3–4, 6, 11, 88, 113, 168, 221 Clinton, Hillary, 223, 232–33 Clipper chip, 124 cloud, 5–6, 71–77, 104, 206, 215, 291–92, 298, 300 CLOUD Act, 214, 215 Cloudflare, 87, 119 Coats, Dan, 26, 159 Cole, Alma, 170 Columbia University, 102 Comey, James, 124, 125 Commerce Department, 88, 140 see also National Institute of Standards and Technology Comprehensive National Cyber Initiative, 96 CompTIA Security+ certification, 146 Computer Fraud and Abuse Act, 100 Congress, U.S., 99, 109, 114, 116–18, 124, 130, 144, 159, 165–66, 171, 172, 178, 196, 214, 228, 231–33, 259, 268–69 ReallyU and, 138, 140, 141 Senate, 78, 232 Conley, Caitlin, 225–26 Constitution, U.S., 94, 228 containers, 71, 77 contractors, 170–71, 174 Cook, Tim, 124, 125 Cornell University, 250 Council of Europe Convention on Cybercrime, 212–13, 216 credit cards, 286–87, 293 credit reporting, 284 CrowdStrike, 33, 34, 36, 46, 55, 60, 61, 67, 77, 83 cryptocurrencies, 6, 73, 289 Cyber Command, 23, 43, 97, 150–51, 173, 183, 184, 191–98, 220, 233, 300 CyberCorps, 168–70, 172–73, 177, 178 Cyber Defense Matrix, 65–67, 82 Cyber Independent Testing Lab, 82 cyber insurance, 5, 121–23 Cyber Operations Academy Course, 148 cyber resilience, 13–15, 42, 70–72, 82, 104, 105, 296–97 cybersecurity: AI in, 244–48, 252 apprenticeship programs for, 152–53 building in, 67, 72 center for policy on, 101 data on, 39–43, 72 information sharing in, 58–61, 95, 112 as part of national security, 90, 94 personal, 283–93 quantum computing and, 254 as shared responsibility between government and private sector, 10–13, 88–96, 105 spending on, 5, 91 venture capital investment in, see venture capital workforce for, 144–53, 167–78 Cybersecurity and Infrastructure Security Agency (CISA), 171–72, 177, 178, 300 Cybersecurity Talent Initiative, 152–53 Cyberseek, 145, 146 cyberspace, 6, 88, 208, 210 Cyber Threat Alliance, 61 cyber war, 7–10, 19, 182–84, 197–98, 221, 239, 296–97 AI in, 239–41 diplomacy and, 202–3 escalation of instability into, 28–29, 198 naming cyber warriors, 27–28 quantum computing and, 254, 263–64 Cyber War (Clarke and Knake), 6–7, 13, 26, 37, 78, 192, 200 Cyber War Risk Insurance Act (CWRIA), 123, 301 Cylance, 34, 55, 67, 83 Daniel, Michael, 61, 92–93, 205 Darktrace, 246 dark web, 38, 40, 41, 126 data, 257 AI and, 247–48, 251 backing up, 127, 291–92 on security, 39–43, 72 data lake, 247, 301 data mining, 243 DEF CON, 73, 102, 127 Defending Digital Democracy, 225–26 defense, see offense and defense Defense Advanced Research Projects Agency (DARPA), 12, 78, 249–50, 252, 301 Defense Cyber Crime Center, 198 Defense Department (DoD), 6, 27, 79, 81, 94–95, 132, 147, 149, 152, 165, 176, 181–203, 181–203, 221–22, 225, 229–30, 249 budget of, 201 clarity of mission in, 199–200 Cyber Command, see Cyber Command Cyber Strategy of, 181–82, 195 diplomacy and, 202–3 escalation dominance and, 202 five missions of, 184–92 National Security Agency, see National Security Agency and securing arsenal, 200–201 system failure capabilities and, 202 tabletop exercises and, 185–92, 198, 225–26 unity of command in, 198–99 defense industrial base (DIB), 49, 50, 184, 190, 301 Defense Information Systems Agency, 198 Defense Science Board, 190 Demchak, Chris, 120 Democratic Congressional Campaign Committee, 231–32, 302 Democratic National Committee, 26 Democratic Party, 11, 224 Deputies Committee, 222 Deputy Assistant Secretary of Defense (DASD), 198, 225 design basis threat, 115 “detect” function, 45, 66, 70–71 DevOps, 72, 80 Devost, Matt, 295 DiGiovanni, Frank, 143, 147–50, 153 Digital Resilience (Rothrock), 14 Dimon, Jamie, 91, 92, 191 diplomacy, 202–3, 218, 221 direct-recording electronic (DRE) machines, 230–31, 301 distributed denial-of-service (DDoS) attacks, 38, 73, 85–87, 118–19, 191, 215, 268, 276, 301 DLA Piper, 19, 37 Docker, 71, 77 domain names, 88 Domain Name System (DNS), 12, 118–20, 207, 210, 276, 301 Dornbush, Evan, 148, 149 driver’s licenses, 135–37 drones, 248–50 D-Trip, 231–32, 302 Dugan, Regina, 249 Duo, 131–33 Dyn, 276–77 Economist, 103, 181 economy, 8, 109–10 Edelman, David, 210 Einstein, Albert, 9, 256 Einstein program, 95, 96 elections, 219–35 Russia and, 26, 159, 160, 222–23, 227, 228, 230–35 of 2016, 26, 159, 160, 222–23, 227, 228, 230, 232–35 Electronic Frontier Foundation (EFF), 207, 208 Electronic Funds Transfer Act, 115 email, 46, 52–55, 59, 133, 288–89, 291 encryption, 10, 18, 96, 103, 124–25, 260–62, 291, 292, 302 Endgame, 251 endpoint detection and response (EDR), 55, 61, 83, 96–97, 149, 163, 175, 298 endpoints, 65, 245, 302 Energy Services Group, 272, 276 Equifax, 115–16, 284 Escalate, 149, 152 EternalBlue, 18, 22, 23 European Commission, 216 European Union (EU), 206–7, 211–12, 220–21 exploits, 21, 35, 51, 57–58, 302 Extended Area Protection and Survivability System, 190 Facebook, 67, 71, 91, 134, 209, 213, 221, 224, 231, 232, 285, 287–88, 292 Farook, Syed, 123–25 FATF-style regional bodies, 216 FBI, 22, 23, 43, 78, 93, 95, 98, 99, 124–25, 152 Federal Aviation Administration, 279 Federal Communications Commission (FCC), 120, 268–69 Federal Deposit Insurance Corporation, 115 Federal Energy Regulatory Commission (FERC), 158, 279 Federal Financial Institutions Examination Council, 114 Federal Trade Commission, 232 FedEx, 19, 37 Fierce Domain, A (Healey), 102 Financial Action Task Force (FATF), 216, 302 Financial Services Information Sharing and Analysis Center, 59–60 Financial Systemic Analysis & Resilience Center (FSARC), 60 Financial Times, 94 fingerprint readers, 131 FireEye, 34, 36, 53 firewalls, 70, 87, 159, 160 5G mobile telephony, 265–69, 280 Five Guys, 21–22 Fly, Jamie, 223 Food and Drug Administration (FDA), 275–76, 278–79 France, 25, 209 Friedman, Allan, 101 Gable, Jim, 258 Gagnon, Gary, 56–58 Gartner, Inc., 65, 274 gas industry, 272–73 Gates, Bill, 129–31, 133 Geist, Michael, 213 Germany, 209, 214, 215 Gibson, William, 3, 10, 208 Gillespie, Ed, 230 Global Information Assurance Certification, 146 glossary, 299–308 Goldsmith, Jack, 208 Google, 8, 52, 63–64, 74–76, 80, 81, 91, 132, 134, 138, 149, 153, 205, 209, 213, 232, 253, 258, 259, 261, 263 government, 24, 85–88, 109–28, 297 cloud and, 77 cybersecurity as shared responsibility between private sector and, 10–13, 88–96, 105 cybersecurity positions and, 153, 167–78 equities issue and, 21 identification and, 134, 135, 139–41 internet and, 12–13, 86, 88 and naming cyber warriors, 27–28 national security and, 88, 90, 153 Presidential Decision Directive 63 and, 10–11, 59, 89 regulation by, 109–20, 122–23, 139–40, 268–69, 278 smart cards and, 130 state, 117–18, 174–75, 177 Government Accountability Office (GAO), 175, 189, 200 Granholm, Jennifer, 155 Grant, Jeremy, 135, 136 Great Britain, 17–18, 25, 96, 211–12, 220–21 Group of 7, 216 GRU, 19–23, 25–26, 28, 165, 234, 277, 302 Guido, Dan, 81 hackers, 73, 78, 79, 127, 147–48, 251 Hagel, Chuck, 225 Harkins, Malcolm, 83 Harris, Kamala, 117 Harvard University, 44, 152 Belfer Center, 100, 225 Hayden, Michael, 35 Healey, Jason, 102–3 Health and Human Services Department (HHS), 40, 136 health care, 40–42, 83, 123 Hernandez, Steve, 170 Homeland Security, Department of (DHS), 6, 21, 86, 93, 95, 96, 109, 110, 113, 114, 136, 152, 168, 175, 191, 199 Cybersecurity and Infrastructure Security Agency, 171–72, 177, 178 Office of Cybersecurity and Communications, 151 power grid and, 158–59, 162 Homeland Security Council, 102 Homeland Security Policy Directive 7 (HSPD 7), 89 Homeland Security Presidential Directive 12, 130 Homer, Jonathan, 159 honeypots, 246, 303 Howard, Rick, 60–61 Huang Zhenyu, 28 Huawei, 267–68 IBM, 80, 251, 253, 258, 261 Idaho National Laboratory, 157 Idaho State University, 167–70 “identify” function, 45, 66, 70 identity, 133–34, 138 federated, 134 government and, 134, 135, 139–41 ID cards, 135, 137, 139, 140 identity and access management (IAM), 245, 303 personally identifiable information (PII), 115–16, 141, 283–84, 305 proofing, 133–36, 138, 140 see also authentication Immersive Labs, 149–50 industrial control systems (ICS), 163, 270, 271, 303 information sharing, 58–61, 95, 112 information sharing and analysis centers (ISACs), 11, 303 information technology (IT), 18, 36, 37, 50, 53, 54, 65, 66, 68, 70–72, 74, 75, 83, 87, 110, 173, 174, 243, 270, 303 cost of, 201 IT Services Agency proposal, 176–78 OT and, 273–74 Shadow, 72 spending on, 91 statewide departments, 174–75 infrastructure as a service, 75 Initial Occurrence Syndrome, 162, 223 Inskeep, Todd, 40, 45–46 intellectual property, 34, 42–43 “Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains” (Hutchins, Cloppert, and Amin), 49, 51, 52 intercontinental ballistic missile (ICBM), 166, 303 International Conference on Information Warfare, 49 International Strategy for Cyberspace, 205, 210, 295 internet, 8, 9, 11–13, 78, 86, 90, 91, 96, 120, 157, 205–11, 215, 293 government and, 12–13, 86, 88 Russia and, 206, 208, 210, 211, 219–20 Schengen Accord for, 205–18 Internet Corporation for Assigned Names and Numbers (ICANN), 12, 102, 210 Internet of Things (IoT), 265, 266, 268–70, 274–80, 289, 303 vehicles, 266–67, 269–70 Internet Research Agency, 219–20 Interpol, 161, 217 intrusion prevention systems (IPS), 70–71, 94–95, 244 iPhones, 36, 68, 124–25, 292 Iran, 5, 27, 28, 85–87, 98–99, 119, 120, 126, 163, 185–88, 191–96, 198, 208 nuclear program of, 20, 37–38, 85, 87, 97, 160, 193, 194, 270–71 IronNet, 93–94, 246 IRS, 136, 138–40 Islamic State in Syria (ISIS), 193, 201, 303–4 Israel, 23, 160, 185–86, 190, 192 Mossad, 44, 46 IT Services Agency (ITSA), 176–78 Jaffer, Jamil, 94 Janow, Merit, 102 Jenkins, Neil, 61 Joint Improvised Explosive Device Defeat Organization, 51 Joint Worldwide Intelligence Communications System, 189 Joyce, Rob, 73–74, 97 JPMorgan Chase, 9, 49–50, 85, 91–92, 94, 101, 136, 191 Justice Department (DOJ), 10, 12, 22, 27–28, 124, 125, 194, 217 Karagiannis, Konstantinos, 263 Kaspersky Anti-Virus, 22–23, 36 Kennan, George, 13 Kennedy, John F., 9 Kerry, John, 227–28 kill chain, 49–61, 70, 298 Knake, Robert K., 6, 61, 153, 286 Cyber War, 6–7, 13, 26, 37, 78, 192, 200 Koppel, Ted, 155–57 Kurtz, George, 34 Levy, Steven, 207 Lewis, Jim, 89 Lights Out (Koppel), 157 Livingston, John, 271–75 Lockheed Martin, 49–52 Long, Fan, 80 Longhorn, 24, 37 L0pht, 78, 79, 119 machine learning (ML), 42, 53, 80, 81, 243–52, 263–64, 304 see also artificial intelligence Madam Secretary, 157, 161 Maersk, 19, 29, 37 Malik, Tashfeen, 123–25 malware, 46, 53–55, 59–61, 79, 85, 86, 149, 304 managed security service provider (MSSP), 144, 229, 304 Manhattan Project, 9 Mansouri, Mohammad, 126 Markoff, Michele, 210 Marsh, Robert, 88–89 Martin, Harold, 22–23 Mastercard, 152, 153 Mattis, James, 195 McAfee, 33, 61, 67, 251, 288 McAuliffe, Terry, 230–31 McGeehan, Ryan, 71 McKinsey & Company, 8, 271 McLaughlin, Mark, 60–61 medical devices, 275–76, 278–79 Merck, 19, 29, 37 Metcalfe’s Law, 209–10, 245 Mickens, James, 44 microphones, 290 Microsoft, 8, 18, 20–22, 24, 36, 37, 44, 74–76, 81, 129, 131, 152, 213, 253, 261, 285 Windows, 18, 36, 79, 129, 190, 276, 288 military, 11–12, 13, 87, 95, 150, 161, 163, 181–203 Air Force, 50, 102, 166, 183 Army, 150, 170, 183, 195 cybersecurity training and, 143, 147–48 Navy, 95, 150, 163, 183, 189–90, 198, 200, 201 see also Defense Department Mirai, 119, 277 missiles, 165–66, 303 MIT, 80, 152, 169, 263 MITRE Corporation, 55–58, 60, 112 mobile devices, 289–90, 292 5G and, 265–69, 280 Mohammadi, Ehsan, 28 Mollenkopf, Steve, 265 Mondelēz, 19, 37, 121 Moore’s Law, 209–10 Morenets, Alexei, 28 Moss, Jeff, 127, 295 Mossad, 44, 46 Mueller, Robert, 161 multifactor authentication (MFA), 46, 129, 131–34, 137, 304 Murphy, Matt, 181 mutual legal assistance treaties, 215 NAFTA, 213 Nakasone, Paul, 233 NASA, 79, 169, 263 Nash, Lorina, 17 National Academy of Sciences, 3 National Cybersecurity Protection System, 96 National Cyber Strategy, 92, 182 National Defense Authorization Act, 195–96 National Institute of Standards and Technology (NIST), 64–65, 140, 261, 304 Cybersecurity Framework, 44–45, 66, 70, 111, 117 cybersecurity workforce crisis and, 144–45 National Plan for Information Systems Protection, 109 National Science Foundation, 168 national security, 88, 90, 94, 104–5, 153 National Security Agency (NSA), 18, 21–23, 35–37, 43, 68, 73, 93, 96, 103, 124, 125, 168, 189, 194, 200, 233, 254, 267 Tailored Access Operations, 73, 148, 307 National Security Council (NSC), 6, 89, 97, 102, 110, 111, 203, 222, 224 National Security Presidential Memorandum 13, 182, 196 National Strategy for Trusted Identities in Cyberspace (NSTIC), 111–12, 134–36, 138 National Strategy to Secure Cyberspace, 156 National Transportation Safety Board, 273 NATO, 221, 222, 225, 234 natural gas, 272–73 Navy, U.S., 95, 150, 163, 183, 189–90, 198, 200, 201 Navy Marine Corps Intranet, 27 NeSmith, Brian, 144 Netflix, 72, 76 Network Master, 246, 248, 252, 263, 264 neural networks, 80, 243–44 New York, 117, 123, 155–56, 174 New York Cyber Task Force, 75, 101–4 New York Times, 205 New York Times Magazine, 219 Niejelow, Alex, 153 Nikias, C.

Today, the market is (finally) growing and thriving, with almost $2 billion in premiums written in 2017. Long-standing problems created by government, such as barriers to information sharing, have been solved and companies are actually beginning to organize communities not only to share information, but also to provide mutual aid during crises. One chief information security officer (CISO) at a major bank we spoke with thinks that in five years his bank will largely be immune to cyberattacks as it upgrades from legacy systems that are inherently insecure to systems that are secure by design. Many leaders in Silicon Valley, where optimism is never in short supply, would tend to agree.

Staffing those firms with the limited supply of cybersecurity experts and software engineers has, in the words of Ackerman, “spread the peanut butter too thin” on too many pieces of bread. It also makes it difficult for the corporate buyer to sort through a sea of look-alike, sound-alike firms competing for the attention and dollars of chief information security officers. Many of the three thousand cybersecurity companies “are a feature, not a firm,” he said. They solve one narrow problem and really should be part of a platform company offering a mutually supporting mesh of integrated security products. In a rational world, many of the start-ups would be folded into larger companies, but the desire of VC investors to force their firm to someday become a billion-dollar unicorn prevents such needed consolidation.


pages: 383 words: 105,021

Dark Territory: The Secret History of Cyber War by Fred Kaplan

air gap, Big Tech, Cass Sunstein, Charles Babbage, computer age, data acquisition, drone strike, dumpster diving, Edward Snowden, game design, hiring and firing, index card, information security, Internet of things, Jacob Appelbaum, John Markoff, John von Neumann, kremlinology, Laura Poitras, Mikhail Gorbachev, millennium bug, Morris worm, national security letter, Oklahoma City bombing, operational security, packet switching, pre–internet, RAND corporation, Ronald Reagan, seminal paper, Seymour Hersh, Silicon Valley, Skype, Stuxnet, tech worker, Timothy McVeigh, unit 8200, uranium enrichment, Wargames Reagan, Y2K, zero day

Edgar, 251–52 HowlerMonkey, 136 Hussein, Saddam, 21, 22–23, 25, 74, 110, 132, 143, 145, 241 IBM Selectric typewriters, 16 Idaho National Laboratory, 167, 204 Information Assurance Directorate (NSA), 18, 34, 66, 68, 92–93, 128, 133, 181, 201, 234, 257, 260, 276, 293n Information Operations Center (IOC), 113, 134, 161 Information Operations Technology Center (IOTC), 124–26 information security, see cyber security “Information Security: Computer Attacks at Department of Defense Pose Increasing Risks” (GAO report), 47 Information Security Directorate (NSA), 177 Information Sharing and Analysis Centers (ISACs), 97, 104, 139, 176, 274 “Information Terrorism: Can You Trust Your Toaster?” (Devost), 273 information warfare, 41, 58, 119, 161, 169, 208, 289n and anti-Milosevic campaign, 112–18 China and, 224 command-control systems and, see counter command-control (counter-C2) warfare history of, 4, 219–20 and hunt for Serbian war criminals, 110–12 McConnell’s focus on, 31–32, 34–37 U.S. offensive operations in, 108–10; see also specific operations see also cyber attacks, cyber warfare infrastructure, 67 computer networks and, 41, 45, 52–55 cyber attacks on, 166–69, 174, 198, 212, 214, 215 as cyber attack targets, 104, 212 cyber security and, 186–89, 278, 280–84 Gates-Napolitano plan for protection of, 186–89 as targets of terrorist attacks, 39, 41, 42, 53 Infrastructure Protection Task Force: Moonlight Maze investigation of, 86 Solar Sunrise investigation of, 74–75 Inglis, John C.

Much of this hardware and software was used (or copied) in countries worldwide, including the targets of NSA surveillance; if it could easily be hacked, so much the better for surveillance. The NSA had two main directorates: Signals Intelligence and Information Security (later called Information Assurance). SIGINT was the active, glamorous side of the puzzle palace: engineers, cryptologists, and old-school spies, scooping up radio transmissions, tapping into circuits and cables, all aimed at intercepting and analyzing communications that affected national security. Information Security, or INFOSEC, tested the reliability and security of the hardware and software that the SIGINT teams used. But for much of the agency’s history, the two sides had no direct contact.

(Santa Monica: RAND Corporation, 1993), but their use of the phrase was more like what came to be called “netcentric warfare” or the “revolution in military affairs,” not “cyber war” as it later came to be understood. “may have experienced as many as 250,000 attacks”: General Accounting Office, “Information Security: Computer Attacks at Department of Defense Pose Increasing Risks” (GAO/AIMD-96-84), May 22, 1996. The report attributes the estimate to a study by the Pentagon’s Defense Information Security Agency. “Certain national infrastructures”: President Bill Clinton, Executive Order 13010, “Critical Infrastructure Protection,” July 15, 1996, http://fas.org/irp/offdocs/eo13010.htm. “We have not yet had a terrorist”: Jamie Gorelick, Security in Cyberspace: Hearings Before the Permanent Subcommittee on Investigations of the Comm. on Government Affairs. 104th Cong. (1996) (Statement of Jamie Gorelick, Deputy Attorney General of the United States.)


pages: 340 words: 96,149

@War: The Rise of the Military-Internet Complex by Shane Harris

air gap, Amazon Web Services, barriers to entry, Berlin Wall, Brian Krebs, centralized clearinghouse, Citizen Lab, clean water, computer age, crowdsourcing, data acquisition, don't be evil, Edward Snowden, end-to-end encryption, failed state, Firefox, information security, John Markoff, Julian Assange, military-industrial complex, mutually assured destruction, peer-to-peer, Silicon Valley, Silicon Valley startup, Skype, Stuxnet, systems thinking, undersea cable, uranium enrichment, WikiLeaks, zero day

Today most large banks in the United States employ cyber security personnel trained to detect vulnerabilities in software and network configurations, analyze malware to understand how they work and what they’re designed to do, and respond to intrusions. Among the main pools of talent for the banks are the US military and intelligence agencies. The former chief information security officer for Bank of America was previously a senior technology official in the Office of the Director of National Intelligence who began his career as a cryptologic linguist in the air force. The chief information security officer at Wells Fargo served for twenty years in the navy, including stints as an information warfare officer, and later worked for the FBI. The chief information risk officer for JPMorgan Chase never worked in government, but he worked for a year at SAIC, which is largely supported by intelligence agency contracts and is often called “NSA West.”

The first blackout was the largest in North American history, covering a 93,000-square-mile area including Michigan, Ohio, New York, and parts of Canada. An estimated 50 million people were affected. The ensuing panic was so severe that President Bush addressed the nation to assure people the lights would come back on. Within twenty-four hours, power was mostly restored. One information security expert who was under contract to the government and large businesses, dissecting Chinese spyware and viruses found on their computers, claimed that in the second blackout, a Chinese hacker working for the People’s Liberation Army had attempted to case the network of a Florida utility and apparently made a mistake.

“Graduates of the program become invaluable to [the agency] as the solution to universal [computer network operations] problems,” says an NSA brochure, using the technical term for cyber offense. After less than two years Schuh joined the CIA, where he worked in the agency’s technical operations unit, which helps the NSA place surveillance equipment in hard-to-reach places. But soon he was off to the private sector, eventually winding up at Google, where he works as an information security engineer. Google has set up a team, which includes Schuh, devoted to finding security weaknesses and zero day exploits that could be used against Google’s customers and its products, such as its e-mail system and web browser. The company itself has been the target of sophisticated hacking campaigns, most notably one by a Chinese group in 2010, which broke in to a database of proprietary software code.


pages: 523 words: 154,042

Fancy Bear Goes Phishing: The Dark History of the Information Age, in Five Extraordinary Hacks by Scott J. Shapiro

3D printing, 4chan, active measures, address space layout randomization, air gap, Airbnb, Alan Turing: On Computable Numbers, with an Application to the Entscheidungsproblem, availability heuristic, Bernie Sanders, bitcoin, blockchain, borderless world, Brian Krebs, business logic, call centre, carbon tax, Cass Sunstein, cellular automata, cloud computing, cognitive dissonance, commoditize, Compatible Time-Sharing System, Computing Machinery and Intelligence, coronavirus, COVID-19, CRISPR, cryptocurrency, cyber-physical system, Daniel Kahneman / Amos Tversky, Debian, Dennis Ritchie, disinformation, Donald Trump, double helix, Dr. Strangelove, dumpster diving, Edward Snowden, en.wikipedia.org, Evgeny Morozov, evil maid attack, facts on the ground, false flag, feminist movement, Gabriella Coleman, gig economy, Hacker News, independent contractor, information security, Internet Archive, Internet of things, invisible hand, John Markoff, John von Neumann, Julian Assange, Ken Thompson, Larry Ellison, Laura Poitras, Linda problem, loss aversion, macro virus, Marc Andreessen, Mark Zuckerberg, Menlo Park, meta-analysis, Minecraft, Morris worm, Multics, PalmPilot, Paul Graham, pirate software, pre–internet, QWERTY keyboard, Ralph Nader, RAND corporation, ransomware, Reflections on Trusting Trust, Richard Stallman, Richard Thaler, Ronald Reagan, Satoshi Nakamoto, security theater, Shoshana Zuboff, side hustle, Silicon Valley, Skype, SoftBank, SQL injection, Steve Ballmer, Steve Jobs, Steven Levy, Stuxnet, supply-chain attack, surveillance capitalism, systems thinking, TaskRabbit, tech billionaire, tech worker, technological solutionism, the Cathedral and the Bazaar, the new new thing, the payments system, Turing machine, Turing test, Unsafe at Any Speed, vertical integration, Von Neumann architecture, Wargames Reagan, WarGames: Global Thermonuclear War, Wayback Machine, web application, WikiLeaks, winner-take-all economy, young professional, zero day, éminence grise

Rather, they are novel because they can do what bombs have never been able to do, namely, to affect the information security of the target. Malware can steal data; it can change data; it can block data. Fancy Bear implanted X-Agent on DNC servers, not Novichok nerve agent. The GRU wasn’t trying to destroy the DNC servers or its employees, as it tried to kill double agent Sergei Skripal. Fancy Bear was trying to steal information. Because cyberweapons enjoy a functional duality—they can affect physical and information security—it would be a mistake to apply the laws of war to all forms of cyber-conflict. If a state uses malware to produce destructive kinetic effects, then the traditional rules for war should apply.

Along with their software, vendors had to submit a highly formal, mathematical representation of their design and then provide logical proofs showing that the design was secure. They would hand this material over to the NSA’s National Computer Security Center for grading. The military would buy only from vendors who had received a high enough security rating from the NSA. In no other way, the military thought, could their information security needs be met. The story of the VAX VMM Security Kernel demonstrates the pitfalls of this strategy. In 1979, Major Roger Schell led a team to create an operating system that could withstand the NSA’s most rigorous tests and achieve the highest possible score from the NSA—an A1 rating. To do so, his team built the system in a secured laboratory that only the development group could enter.

Many Americans began to see the NSA as their adversary, not their protector. The Eye of Sauron had turned inward and was spying on their private communications. (The first Lord of the Rings movie was released three months after 9/11.) American demands for physical security had led to a loss in their information security. Trustworthy Computing In 2002, Bill Gates penned another memo, titled “Trustworthy Computing,” in which he expressed anxiety about the loss of consumer confidence in Microsoft. The rash of virus and worm attacks were making the company look bad. “Flaws in a single Microsoft product, service or policy not only affect the quality of our platform and services overall, but also our customers’ view of us as a company.”


pages: 299 words: 88,375

Gray Day: My Undercover Mission to Expose America's First Cyber Spy by Eric O'Neill

active measures, autonomous vehicles, Berlin Wall, bitcoin, computer age, cryptocurrency, deep learning, disinformation, Dissolution of the Soviet Union, Edward Snowden, Fall of the Berlin Wall, false flag, fear of failure, full text search, index card, information security, Internet of things, Kickstarter, messenger bag, Mikhail Gorbachev, operational security, PalmPilot, ransomware, rent control, Robert Hanssen: Double agent, Ronald Reagan, Skype, thinkpad, Timothy McVeigh, web application, white picket fence, WikiLeaks, young professional

Another three to the opposite side of the room from Hanssen’s office, where a separate Internet computer station waited. Eight steps in reverse to reach the closed door behind which I could hear the cinematic blades of The Mask of Zorro beat against each other. I was a fidgeter too. Another thing I had in common with the spy. I’d start at the beginning. I uncapped a red dry-erase marker and wrote “Information Security” in big letters on the massive whiteboard between my desk and the door to Hanssen’s office, just under the black words spelling out “Information Assurance Section.” The antiseptic smell of the red ink lingered. I stared at the phrase to pull it forward into my mind. Assurance is not the same as security.

We assure that information will be available, authentic, and confidential. We secure that same information by defending it from attack. Eventually, the term “cybersecurity” would come to encompass both of these poles. But at the time, most technology experts talked about information assurance and information security (INFOSEC) as mutually exclusive practices. I picked up a green pen and finished the full title of our small office in Room 9930. Information Assurance/Security Team. All that Hanssen had told me about the flaws in the ACS and Hanssen’s law flooded forward in my mind until I imagined the answer swimming just behind my eyes.

“All that comes back is a 65A and a bucketload of x’s, but that is enough.” He picked up the eraser. “Our mole now knows that the person he searched is compromised.” How many times had Hanssen searched his own name? “And I suppose he sells that information back to the Russians?” “Exactly.” Hanssen hefted the eraser and struck out my addition. “If information security is the best definition you can come up with, the future of the FBI is doomed.” I sucked down my exasperation. “It’s not my definition of information assurance. I’m working through the problem.” Hanssen tossed the eraser on my desk. “Try harder.” He looked at his watch. “I’m meeting my wife for the Right to Life March and won’t be back for a few hours.


Spies, Lies, and Algorithms by Amy B. Zegart

2021 United States Capitol attack, 4chan, active measures, air gap, airport security, Apollo 13, Bellingcat, Bernie Sanders, Bletchley Park, Chelsea Manning, classic study, cloud computing, cognitive bias, commoditize, coronavirus, correlation does not imply causation, COVID-19, crowdsourcing, cryptocurrency, cuban missile crisis, Daniel Kahneman / Amos Tversky, deep learning, deepfake, DeepMind, disinformation, Donald Trump, drone strike, dual-use technology, Edward Snowden, Elon Musk, en.wikipedia.org, end-to-end encryption, failed state, feminist movement, framing effect, fundamental attribution error, Gene Kranz, global pandemic, global supply chain, Google Earth, index card, information asymmetry, information security, Internet of things, job automation, John Markoff, lockdown, Lyft, Mark Zuckerberg, Nate Silver, Network effects, off-the-grid, openstreetmap, operational security, Parler "social media", post-truth, power law, principal–agent problem, QAnon, RAND corporation, Richard Feynman, risk tolerance, Robert Hanssen: Double agent, Ronald Reagan, Rubik’s Cube, Russian election interference, Saturday Night Live, selection bias, seminal paper, Seymour Hersh, Silicon Valley, Steve Jobs, Stuxnet, synthetic biology, uber lyft, unit 8200, uranium enrichment, WikiLeaks, zero day, zero-sum game

Population estimate as of July 2019 from United States Census Bureau, “Los Angeles city, California,” QuickFacts, https://www.census.gov/quickfacts/losangelescitycalifornia (accessed November 18, 2020). 88. Information Security Oversight Office, “2013 Report to the President,” National Archives and Records Administration, https://www.archives.gov/files/isoo/reports/2013-annual-report.pdf, 6. 89. Information Security Oversight Office, “2016 Report to the President,” National Archives and Records Administration, https://www.archives.gov/files/isoo/reports/2016-annual-report.pdf, 4. Each time anyone with a clearance uses secret materials in another document format (like an email), that subsequent work product must also be classified in a process called a “derivative classification.”

Bradley, “Letter to the President,” August 16, 2019, https://www.archives.gov/files/isoo/images/2018-isoo-annual-report.pdf (accessed June 16, 2020). 90. From 1995 to 1999, the federal government declassified an average of 157 million pages annually. Information Security Oversight Office, “2009 Report to the President,” National Archives and Records Administration, March 31, 2010, https://www.archives.gov/files/isoo/reports/2009-annual-report.pdf (accessed June 16, 2020), 11. In 2017, by contrast, 46 million pages were declassified. Information Security Oversight Office, “2017 Report to the President,” National Archives and Records Administration, May 31, 2018, https://www.archives.gov/files/isoo/reports/2017-annual-report.pdf (accessed April 8, 2020), 14–15.

Information Security Oversight Office, “2017 Report to the President,” National Archives and Records Administration, May 31, 2018, https://www.archives.gov/files/isoo/reports/2017-annual-report.pdf (accessed April 8, 2020), 14–15. Figures exclude mandatory declassification review, which “provides for direct, specific review for declassification of information when requested.” Information Security Oversight Office, “2009 Report to the President,” 11. 91. Information Security Oversight Office, “2017 Report to the President,” 15. 92. Herbert Lin and Amy Zegart, “Introduction,” in Bytes, Bombs, and Spies (Washington, D.C.: Brookings Institution Press, 2019), 5. My Stanford colleague Herb Lin and I were so concerned that classification was impeding the development of strategic thinking in cyber, we asked United States Cyber Command to partner with us and hold a workshop bringing academics and policymakers together to examine the strategic dimensions of offensive cyber operations.


pages: 302 words: 85,877

Cult of the Dead Cow: How the Original Hacking Supergroup Might Just Save the World by Joseph Menn

"World Economic Forum" Davos, 4chan, A Declaration of the Independence of Cyberspace, Andy Rubin, Apple II, autonomous vehicles, Berlin Wall, Bernie Sanders, Big Tech, bitcoin, Black Lives Matter, Cambridge Analytica, Chelsea Manning, Citizen Lab, commoditize, corporate governance, digital rights, disinformation, Donald Trump, dumpster diving, Edward Snowden, end-to-end encryption, fake news, Firefox, Gabriella Coleman, Google Chrome, Haight Ashbury, independent contractor, information security, Internet of things, Jacob Appelbaum, Jason Scott: textfiles.com, John Gilmore, John Markoff, John Perry Barlow, Julian Assange, Laura Poitras, machine readable, Mark Zuckerberg, military-industrial complex, Mitch Kapor, Mondo 2000, Naomi Klein, NSO Group, Peter Thiel, pirate software, pre–internet, Ralph Nader, ransomware, Richard Stallman, Robert Mercer, Russian election interference, self-driving car, Sheryl Sandberg, side project, Silicon Valley, Skype, slashdot, Steve Jobs, Steve Wozniak, Steven Levy, Stewart Brand, Stuxnet, tech worker, Whole Earth Catalog, WikiLeaks, zero day

At the heart of that book was a true tale of Russian intelligence collaborating with criminal hackers, a scenario that went from shocking at the time of publication in 2010 to widely accepted today. Since then, many books have tackled the military-internet complex, intelligence gathering, and cyberwarfare, together with WikiLeaks, Edward Snowden, and the 2016 US election. Missing in all of them has been a compelling account of the people dedicated to information security who are out of the spotlight or even in the shadows, fighting to protect our personal data and freedom as well as our national security. In many cases, these people are more colorful than their adversaries. That is especially true of the people whose tale is told in this book: key members of the Cult of the Dead Cow, who have played a role in all of the major issues cited above.

When Edward Snowden leaked files showing that the NSA was collaborating closely with the big internet companies, especially to scoop up data on people in other countries, Stamos gave a heartfelt talk on ethics at the biggest hacking conference, Def Con. He declared that despite the lack of widely enforced moral codes, security experts should consider resigning their posts rather than violate human rights. For all the stridency, Yahoo hired Stamos as chief information security officer, part of the general public response by Silicon Valley giants to the exposure of complicity. He stayed until 2015, when he quietly quit over the company’s unannounced searches of all user email under a secret court order. Since then he had held the top security job at Facebook, trying to limit the damage of Russian hackers spreading hacked Democratic emails under false pretenses and fighting other battles against propaganda, despite lukewarm support from above.

“We were pirates, not mercenaries,” Beck said. “Pirates have a code.” They rejected illegal jobs and those that would have backfired on the customer. One of @stake’s main grown-ups, CEO Chris Darby, in 2006 became CEO of In-Q-Tel, the CIA-backed venture capital firm in Silicon Valley, and Dan Geer joined as chief information security officer even without an agency clearance. Darby later chaired Endgame, a defense contractor that sold millions of dollars’ worth of zero-days to the government before exiting the business after its exposure by hackers in 2011. On defense, Christien Rioux and Wysopal started Veracode, which analyzed programs for flaws using an automated system dreamed up by Christien in order to make his regular work easier.


pages: 562 words: 153,825

Dark Mirror: Edward Snowden and the Surveillance State by Barton Gellman

4chan, A Declaration of the Independence of Cyberspace, Aaron Swartz, active measures, air gap, Anton Chekhov, Big Tech, bitcoin, Cass Sunstein, Citizen Lab, cloud computing, corporate governance, crowdsourcing, data acquisition, data science, Debian, desegregation, Donald Trump, Edward Snowden, end-to-end encryption, evil maid attack, financial independence, Firefox, GnuPG, Google Hangouts, housing justice, informal economy, information security, Jacob Appelbaum, job automation, John Perry Barlow, Julian Assange, Ken Thompson, Laura Poitras, MITM: man-in-the-middle, national security letter, off-the-grid, operational security, planetary scale, private military company, ransomware, Reflections on Trusting Trust, Robert Gordon, Robert Hanssen: Double agent, rolodex, Ronald Reagan, Saturday Night Live, seminal paper, Seymour Hersh, Silicon Valley, Skype, social graph, standardized shipping container, Steven Levy, TED Talk, telepresence, the long tail, undersea cable, Wayback Machine, web of trust, WikiLeaks, zero day, Zimmermann PGP

Careful readers will know by now that the markings on this document stood for “communications intelligence” and “no foreign distribution.” The designation X1 was a claim of exemption from automatic declassification review after ten years. The governing rule at the time was Information Security Oversight Office, “ISOO Directive No. 1,” October 13, 1995, archived at https://fas.org/sgp/isoo/isoodir1.html. Updated rules, which ended the X-series exemptions, came in Information Security Oversight Office, “Marking Classified National Security Information,” December 2010, at www.archives.gov/files/isoo/training/marking-booklet.pdf. I am indebted to Steven Aftergood, author of the Secrecy News blog at the Federation of American Scientists, for explaining this to me.

I want to expatriate with flair and clandestine meetings!” The wish came true on August 26, 2006. Snowden added “STF,” or staff, to his email address, swapped a green contractor’s badge for a blue one, and received agency identification number 2339176. He was a full-time employee now, soon to be deployable as a telecommunications information security officer. The official designation was TISO, but agency folk, old-timers especially, called the job “commo.” Snowden swallowed a five-figure pay cut to take what he saw as a dream job. The CIA’s public affairs staff answers no questions about Snowden’s job duties or performance, leaving former officials to say what they like without accountability to the documentary record.

I don’t think I’m a bad-looking guy, but I’m not the kind of guy women message out of the blue and invite me to cuddle.” Soltani suspected an intelligence agency setup—“the Chinese government trying to get up on me” in an effort to elicit information about the NSA documents, or to steal the digital files. The two of us talked through a well-known information security scenario known as the evil maid attack, which relies on brief physical access to a computer to steal its encryption credentials. The Snowden files, as it happened, were at that time locked in a Washington Post vault room and kept separate from their keys, but outsiders would not know that.


pages: 363 words: 105,039

Sandworm: A New Era of Cyberwar and the Hunt for the Kremlin's Most Dangerous Hackers by Andy Greenberg

"World Economic Forum" Davos, air freight, air gap, Airbnb, Bellingcat, Bernie Sanders, bitcoin, blockchain, call centre, Citizen Lab, clean water, data acquisition, disinformation, Donald Trump, Edward Snowden, false flag, global supply chain, Hacker News, hive mind, information security, Julian Assange, Just-in-time delivery, Kickstarter, machine readable, Mikhail Gorbachev, no-fly zone, open borders, pirate software, pre–internet, profit motive, ransomware, RFID, speech recognition, Steven Levy, Stuxnet, supply-chain attack, tech worker, undersea cable, unit 8200, uranium enrichment, Valery Gerasimov, WikiLeaks, zero day

After his family had gone to sleep, Yasinsky printed the code and laid the papers across his kitchen table and floor, crossing out lines of camouflaging characters and highlighting commands to see the malware’s true form. Yasinsky had been working in information security for twenty years. After a stint in the army, he’d spent thirteen years as an IT security analyst for Kyivstar, Ukraine’s largest telecommunications firm. He’d managed massive networks and fought off crews of sophisticated cybercriminal hackers. But he’d never analyzed such a well-concealed and highly targeted digital weapon. As a security researcher, Yasinsky had long prided himself on a dispassionate and scientific approach to the problems of information security, drilling into the practical details of digital defense rather than obsessing over the psychology of his adversary.

And that’s where the real toll of its outage would be felt. On the morning of the attack, Jacki Monson was sitting in a conference room in an office park in Roseville, California, a suburb of Sacramento. Monson served as the chief privacy and information security officer for Sutter Health, a network of more than twenty-four hospitals and clinics from Utah to Hawaii. Early that morning, she’d received a jarring message from Merck’s chief information security officer about the company’s crippling NotPetya infection, via a mailing list for the Health Care Industry Cybersecurity Task Force, a group created by the Obama administration to examine cybersecurity risks to medical organizations.

It would be primed to strike. 5 STARLIGHTMEDIA On a calm Sunday morning in October 2015, more than a year before Yasinsky would look out of his kitchen window at a blacked-out skyline, he sat near that same window in his family’s high-rise apartment in Kiev, sipping tea and eating a bowl of cornflakes. Suddenly his phone buzzed with a call from an IT administrator at work. Yasinsky was, at the time, employed as the director of information security at StarLightMedia, Ukraine’s largest TV broadcasting conglomerate. The night before, his colleague on the phone told him, two of StarLight’s servers had inexplicably gone off-line. The admin assured Yasinsky that it wasn’t an emergency. The machines had already been restored from backups. But as Yasinsky quizzed his colleague further about the server outage, one fact immediately made him feel uneasy.


pages: 443 words: 116,832

The Hacker and the State: Cyber Attacks and the New Normal of Geopolitics by Ben Buchanan

active measures, air gap, Bernie Sanders, bitcoin, blockchain, borderless world, Brian Krebs, British Empire, Cass Sunstein, citizen journalism, Citizen Lab, credit crunch, cryptocurrency, cuban missile crisis, data acquisition, disinformation, Donald Trump, drone strike, Edward Snowden, fake news, family office, Hacker News, hive mind, information security, Internet Archive, Jacob Appelbaum, John Markoff, John von Neumann, Julian Assange, Kevin Roose, Kickstarter, kremlinology, Laura Poitras, MITM: man-in-the-middle, Nate Silver, operational security, post-truth, profit motive, RAND corporation, ransomware, risk tolerance, Robert Hanssen: Double agent, rolodex, Ronald Reagan, Russian election interference, seminal paper, Silicon Valley, South China Sea, Steve Jobs, Stuxnet, subscription business, technoutopianism, undersea cable, uranium enrichment, Vladimir Vetrov: Farewell Dossier, Wargames Reagan, WikiLeaks, zero day

Just as the United States holds a home-field advantage, thanks to geography and history, in passive collection, it also enjoys a natural edge when it comes to backdooring encryption. Much of the world’s cryptography is American-made, and NSA files indicate that the agency attempts “to leverage sensitive, co-operative relationships with specific industry partners.” It uses these relationships to gather “cryptographic details of commercial cryptographic information security systems” and to alter the systems in ways that benefit the agency. These modifications introduce weaknesses into the companies’ products with the aim “to make them exploitable” by the NSA’s cryptographers.2 When the agency cannot rely on a partnership, it tries to introduce weaknesses covertly.3 The right flaw in the right spot can offer dramatic geopolitical advantage; just a single tainted encrypted component, endowed with a backdoor known only to its creators, can render entire systems of encryption insecure.

For the definitive report on this series of intrusions and the failure to alert relevant authorities, see “Inquiry into Cyber Intrusions Affecting U.S. Transportation Command Contractors.” 40. Kim Zetter and Andy Greenberg, “Why the OPM Breach Is Such a Security and Privacy Debacle,” Wired, June 11, 2015; US Office of Personnel Management, “Federal Information Security Management Act Audit FY 2014: Final Audit Report,” Office of the Inspector General / Office of Audits Report Number 4A-CI-00-14-016, November 12, 2014, 10; Aliya Sternstein, “Here’s What OPM Told Congress the Last Time Hackers Breached Its Networks,” NextGov, June 15, 2015. 41. David Sanger, “Hackers Took Fingerprints of 5.6 Million U.S.

Waqas Amir, “Iran Hacked Vegas Casino Wiping Hard Drives, Shutting Down Email,” HackRead, December 19, 2014. 36. Elgin and Riley, “Now at the Sands Casino: An Iranian Hacker in Every Server.” 37. This account of the Sands operation is drawn from in-depth media reporting. Many details were confirmed by individuals in the information security community with direct knowledge of the case and the attackers. Jose Pagliery, “Iran Hacked an American Casino, U.S. Says,” CNN, February 27, 2015; Elgin and Riley, “Now at the Sands Casino: An Iranian Hacker in Every Server.” 38. Joseph Marks, “The Cybersecurity 202: Iran’s the Scariest Cyber Adversary, Former NSA Chief Says,” Washington Post, May 3, 2019. 39.


Active Measures by Thomas Rid

1960s counterculture, 4chan, active measures, anti-communist, back-to-the-land, Berlin Wall, Bernie Sanders, bitcoin, Black Lives Matter, call centre, Charlie Hebdo massacre, Chelsea Manning, continuation of politics by other means, cryptocurrency, cuban missile crisis, disinformation, Donald Trump, dual-use technology, East Village, Edward Snowden, en.wikipedia.org, end-to-end encryption, facts on the ground, fake news, Fall of the Berlin Wall, false flag, guest worker program, information security, Internet Archive, Jacob Appelbaum, John Markoff, Julian Assange, kremlinology, Mikhail Gorbachev, military-industrial complex, Norman Mailer, nuclear winter, operational security, peer-to-peer, Prenzlauer Berg, public intellectual, Ronald Reagan, Russian election interference, Silicon Valley, Stewart Brand, technoutopianism, We are Anonymous. We are Legion, Whole Earth Catalog, WikiLeaks, zero day

Committee staffers from both parties wanted me to help present to the American public the available forensic evidence that implicated Russia, evidence that at the time was still hotly contested among the wider public, and that, of course, the Russian government denied—as did the president of the United States. The situation was unprecedented. The other two witnesses were Keith Alexander, former head of the National Security Agency, and Kevin Mandia, CEO of FireEye, a leading information security firm. Just before the hearing began, a staffer brought us from the greenroom to the witness table. Everybody else was seated already. As we walked in, I looked at the row of senators in front of us. Most of the committee members were present. Their faces looked familiar. The room was crowded; press photographers, lying on the floor with cameras slung around their necks, were soon ushered out.

The movement’s breathless optimism expressed itself in slogans and themes: that information wanted to be free, sources open, anonymity protected, and personal secrets encrypted by default, yet government secrets could be exposed by whistle-blowers, preferably anonymously, on peer-to-peer networks. Much of this idealism was and is positive, and in many ways, activist projects have helped strengthen information security and internet freedom. And yet, at the fringes, this emerging subculture embraced a combination of radical transparency and radical anonymity, along with hacking-and-leaking, stealing-and-publishing—and thus created what had existed only temporarily before: the perfect cover for active measures, and not only thanks to the white noise of anonymous publication activity, from torrents to Twitter.

By 2013, only a few Cold War historians and veteran intelligence reporters remembered that Eastern bloc intelligence services had once perfected the art of semi-covert active measures enhanced by skillful falsifications, and that Congress had once held hearings on “the forgery offensive.” At the time of the Snowden leaks, Bruce Schneier was a widely respected cryptographer, an authority on information security, and a keen technical observer of NSA operations. In August 2014, Schneier used his popular online journal to take a close look at various recent NSA leaks and where they may have originated, concluding that the U.S. intelligence community now had “a third leaker.” (The FBI pursued a similar hypothesis.)


Demystifying Smart Cities by Anders Lisdorf

3D printing, artificial general intelligence, autonomous vehicles, backpropagation, behavioural economics, Big Tech, bike sharing, bitcoin, business intelligence, business logic, business process, chief data officer, circular economy, clean tech, clean water, cloud computing, computer vision, Computing Machinery and Intelligence, congestion pricing, continuous integration, crowdsourcing, data is the new oil, data science, deep learning, digital rights, digital twin, distributed ledger, don't be evil, Elon Musk, en.wikipedia.org, facts on the ground, Google Glasses, hydroponic farming, income inequality, information security, Infrastructure as a Service, Internet of things, Large Hadron Collider, Masdar, microservices, Minecraft, OSI model, platform as a service, pneumatic tube, ransomware, RFID, ride hailing / ride sharing, risk tolerance, Salesforce, self-driving car, smart cities, smart meter, software as a service, speech recognition, Stephen Hawking, Steve Jobs, Steve Wozniak, Stuxnet, Thomas Bayes, Turing test, urban sprawl, zero-sum game

While that seems like a lot of devices, it is not when we compare it to the total number of devices on the Internet, which is in the billions range already. Imagine if 100,000 devices can take down the Internet what a million or a billion can do. More and more companies and cities are employing a Chief Information Security Officer (CISO) to be responsible for having adequate policies and standard operating procedures in place. A huge part of his or her job is to gain control of the sprawling array of devices being used. The number of devices is increasing fast, but today this area is the wild west of IT. Whereas earlier the Internet used to be a wild and unregulated place, this is not the case to the same extent anymore.

Standards are important in order to inform people about what to do, since it is too much to expect every one developing solutions to be on top of what makes for good security. Types of security risks Classical security thinking divides security into three aspects that need to be handled:Confidentiality is the ability to protect the data in such a way that only authorized people will be able to access it. According to the Federal Information Security Management Act of 2002 (FISMA), it is defined as “Preserving authorized restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information....” A loss of confidentiality is therefore the unauthorized disclosure of information. In 2017 the credit rating agency Equifax was breached, and sensitive information about 146 million people’s financial situation was stolen.

Strogatz, Nature 393, 440–442 1998 https://web.archive.org/web/20140803231327/http://www.nyc.gov/html/doitt/downloads/pdf/payphone_rfi.pdf (October 2, 2019) the original RFI for what turned out to be LinkNYC from 2012 www1.nyc.gov/office-of-the-mayor/news/923-14/de-blasio-administration-winner-competition-replace-payphones-five-borough (October 2, 2019) press release of the winner of the LinkNYC bid www.citylab.com/life/2015/04/de-blasios-vision-for-new-york-broadband-for-all-by-2025/391092/ (October 2, 2019) an article about Mayor of New York Bill De Blasio’s plan for broadband for all in New York by 2025 www1.nyc.gov/site/doitt/agencies/nycwin.page (October 2, 2019) a description of The New York City Wireless Network, known as NYCWiN www.thethingsnetwork.org (October 5, 2019) a project dedicated to building LoRaWAN solutions Chapter 3 https://dyn.com/blog/dyn-analysis-summary-of-friday-october-21-attack/ (October 2, 2019) the official analysis of the Dyn attack on October 21 https://citiesfordigitalrights.org (October 2, 2019) the official site for the Cities for Digital Rights coalition www.theguardian.com/world/2018/jan/28/fitness-tracking-app-gives-away-location-of-secret-us-army-bases (October 2, 2019) an article about the Strava fitness tracking incident involving a US Army base https://en.wikipedia.org/wiki/Stuxnet (October 2, 2019) a description from Wikipedia of the Stuxnet worm https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.199.pdf (October 2, 2019) the official FIPS 199 standard for categorization of information and information systems https://en.wikipedia.org/wiki/Federal_Information_Security_Management_Act_of_2002 (October 2, 2019) a description of the FISMA framework from Wikipedia https://arrayofthings.github.io/ (October 2, 2019) the official site of the Array of Things project http://maps.nyc.gov/snow/# (October 2, 2019) the PlowNYC site where New Yorkers can track the progress of snow plows during wintertime Chapter 4 https://scijinks.gov/air-quality/ www.epa.gov/pm-pollution/particulate-matter-pm-basics (October 2, 2019) definition of what particulate matter is https://brightplanet.com/2013/06/twitter-firehose-vs-twitter-api-whats-the-difference-and-why-should-you-care/ (October 2, 2019) a description of how the Twitter Firehose works www.waze.com/ccp (October 2, 2019) official site of the Twitter Connected Citizens Program The NIST Definition of Cloud Computing , Peter M.


pages: 568 words: 164,014

Dawn of the Code War: America's Battle Against Russia, China, and the Rising Global Cyber Threat by John P. Carlin, Garrett M. Graff

1960s counterculture, A Declaration of the Independence of Cyberspace, Aaron Swartz, air gap, Andy Carvin, Apple II, Bay Area Rapid Transit, bitcoin, Brian Krebs, business climate, cloud computing, cotton gin, cryptocurrency, data acquisition, Deng Xiaoping, disinformation, driverless car, drone strike, dual-use technology, eat what you kill, Edward Snowden, fake news, false flag, Francis Fukuyama: the end of history, Hacker Ethic, information security, Internet of things, James Dyson, Jeff Bezos, John Gilmore, John Markoff, John Perry Barlow, Ken Thompson, Kevin Roose, Laura Poitras, Mark Zuckerberg, Menlo Park, millennium bug, Minecraft, Mitch Kapor, moral hazard, Morris worm, multilevel marketing, Network effects, new economy, Oklahoma City bombing, out of africa, packet switching, peer-to-peer, peer-to-peer model, performance metric, RAND corporation, ransomware, Reflections on Trusting Trust, Richard Stallman, Robert Metcalfe, Ronald Reagan, Saturday Night Live, self-driving car, shareholder value, side project, Silicon Valley, Silicon Valley startup, Skype, Snapchat, South China Sea, Steve Crocker, Steve Jobs, Steve Wozniak, Steven Levy, Stewart Brand, Stuxnet, The Hackers Conference, Tim Cook: Apple, trickle-down economics, Wargames Reagan, Whole Earth Catalog, Whole Earth Review, WikiLeaks, Y2K, zero day, zero-sum game

Whereas we tend to refer to cyber as encompassing both online offense and defense, both propaganda efforts and covert measures, Chinese strategists define the online realm in a subtly different—and broader—way, speaking of “network strategy” to refer specifically to technical online protections and “information security” to refer to a wide range of tools and operations aimed at influencing others online.19** Operation Allied Force, NATO’s air war in Yugoslavia, is largely forgotten in the United States, but it dramatically changed the approach of the Chinese military. On May 7, 1999, American B-2 stealth bombers accidentally hit the Chinese embassy in Belgrade, killing three, after US targeters mistook it for a warehouse.

He was a Buddhist scholar, publishing essays on the religion online and explaining how Buddhism provided a window on the life of hackers. He had also published two articles in 2008 about computer network exploitation techniques, identifying himself as a researcher affiliated with Shanghai Jiao Tong University’s Information Security Engineering Institute, which was headed by Peng Dequan, a former science and technology director at China’s lead foreign intelligence service, the Ministry of State Security.50 We knew a seemingly incredible amount about Yinan Peng—we had even seen him receive an email from known Chinese government hackers who were part of one of the related Comment Crew teams.51 But, at that time, even being able to trace back the attacks to an individual meant little to the US government—there was no tool in our toolbox to do anything with that information.

Amazingly, the hack continued undetected for nearly two more years, through at least November 2016.15 When the hack was finally caught and reported and the FBI case unfolded, investigators zeroed in on four specific suspects: two FSB officers, Dmitry Aleksandrovich Dokuchaev and Igor Anatolyevich Sushchin, and two criminal hackers, Karim Baratov and Alexsey Belan. Each of the four proved interesting in his own way: Dokuchaev was an officer with the FSB’s Second Division, the Center for Information Security, known as Center 18. It was the equivalent of the FBI’s Cyber Division, the unit tasked with fighting cybercrime. Dokuchaev had a unique background for an intelligence officer: He had spent a decade as a Russian hacker, stealing credit cards and purchasing technology such as “skimmers” and encoders that helped thieves mimic real credit cards with physical plastic.


pages: 392 words: 114,189

The Ransomware Hunting Team: A Band of Misfits' Improbable Crusade to Save the World From Cybercrime by Renee Dudley, Daniel Golden

2021 United States Capitol attack, Amazon Web Services, Bellingcat, Berlin Wall, bitcoin, Black Lives Matter, blockchain, Brian Krebs, call centre, centralized clearinghouse, company town, coronavirus, corporate governance, COVID-19, cryptocurrency, data science, disinformation, Donald Trump, fake it until you make it, Hacker News, heat death of the universe, information security, late fees, lockdown, Menlo Park, Minecraft, moral hazard, offshore financial centre, Oklahoma City bombing, operational security, opioid epidemic / opioid crisis, Picturephone, pirate software, publish or perish, ransomware, Richard Feynman, Ross Ulbricht, seminal paper, smart meter, social distancing, strikebreaker, subprime mortgage crisis, tech worker, Timothy McVeigh, union organizing, War on Poverty, Y2K, zero day

” * * * Sarah is her real name, but White isn’t. She adopted the alias to maintain her privacy and to protect herself against retaliation by ransomware gangs. As of the autumn of 2021, Sarah was in her fourth and final year at Royal Holloway, part of the University of London, majoring in computer science and information security. She didn’t take classes in her third year; instead, she earned school credit, and a salary, as a full-time software developer for Intel. She has also worked part-time for Emsisoft as a ransomware analyst since March 2016, when she was still in high school. Born in 1998, she’s petite, with shoulder-length light brown hair.

Extracting some of the longer keys in a reasonable amount of time required more computing capacity than Michael had at his disposal. By chance, Mission Health, a North Carolina hospital chain where Daniel Gallagher was in charge of cybersecurity, had just bought two high-powered servers. The chief information security officer allowed Daniel to use them to help the task force. “Hey, I got $10,000 servers sitting there that are just idle right now,” Daniel recalled messaging the other members. “Let’s put them to use.” Michael jumped on the offer and sent a script to Daniel. “OK, run this,” Michael told him.

“It was my initiative; I had to fight for the money,” he said. “I was moving data onto Amazon Web Services for four or five months before the attack, anticipating possible threats. You go to sleep every night knowing that something like this could happen.” In 2014, Gayle Guilford became the city’s first chief information security officer, with two part-time engineers on loan from other duties. She scrounged for funding and free expertise wherever she could find it. Whenever Phyllis Schneck, DHS’s cybersecurity chief, spoke at a public event, Gayle showed up. She waited until the talk was over, approached Schneck, proffered a business card, and said, “I know you do vulnerability assessments.


pages: 329 words: 95,309

Digital Bank: Strategies for Launching or Becoming a Digital Bank by Chris Skinner

algorithmic trading, AltaVista, Amazon Web Services, Any sufficiently advanced technology is indistinguishable from magic, augmented reality, bank run, Basel III, bitcoin, Bitcoin Ponzi scheme, business cycle, business intelligence, business process, business process outsourcing, buy and hold, call centre, cashless society, clean water, cloud computing, corporate social responsibility, credit crunch, cross-border payments, crowdsourcing, cryptocurrency, demand response, disintermediation, don't be evil, en.wikipedia.org, fault tolerance, fiat currency, financial innovation, gamification, Google Glasses, high net worth, informal economy, information security, Infrastructure as a Service, Internet of things, Jeff Bezos, Kevin Kelly, Kickstarter, M-Pesa, margin call, mass affluent, MITM: man-in-the-middle, mobile money, Mohammed Bouazizi, new economy, Northern Rock, Occupy movement, Pingit, platform as a service, Ponzi scheme, prediction markets, pre–internet, QR code, quantitative easing, ransomware, reserve currency, RFID, Salesforce, Satoshi Nakamoto, Silicon Valley, smart cities, social intelligence, software as a service, Steve Jobs, strong AI, Stuxnet, the long tail, trade route, unbanked and underbanked, underbanked, upwardly mobile, vertical integration, We are the 99%, web application, WikiLeaks, Y2K

That’s the criminal’s job: to continually test and try to break the security of the bank. This means that the bank must therefore always be one step behind those who want to create cracks in their firewalls. That means continual renewal of information security policies, systems and infrastructures, and making sure that the bank keeps up with the best practices in securing their customer’s data. In conclusion, banks should place themselves firmly at the heart of information security and offer customers a secure data vault. This is the real opportunity for now and the future for financial organisations: to guarantee security of mobile transaction and mobile data.

Customers are more loyal to their mobile connections than their partners, so the question from the people side of change is two-fold: We need to break the shackles of being hamstrung by heritage. As many people tell me, the only place we engage with old technology is when we go to work. We need to work out how to keep our information secure as, right now, it’s not. We also need to analyse customer data to sell more and service better, but the customer doesn’t want to be digitally raped. We talk about permissions based marketing, but the customer wants to keep their privacy. However, conversely, the customer then goes onto Facebook and gives away their email, mobile, relationships and more.

If you give Google or PayPal the opportunity to become the secure financial data manager or the secure data vault of everything, then what is the role of the processor and the bank in that future? Surely this just gives the whole game away to someone else? This is why the focus upon data and data security is the key to the future. It is not a focus upon money and financial security, but data and information security that will differentiate the future winners and losers. In the meantime, banks have to transition from the old world of physical monetary security to this new world of electronic data security. There is a transition time between the old world and the new, and the question is for how long is this transition going to take place?


pages: 374 words: 94,508

Infonomics: How to Monetize, Manage, and Measure Information as an Asset for Competitive Advantage by Douglas B. Laney

3D printing, Affordable Care Act / Obamacare, banking crisis, behavioural economics, blockchain, book value, business climate, business intelligence, business logic, business process, call centre, carbon credits, chief data officer, Claude Shannon: information theory, commoditize, conceptual framework, crowdsourcing, dark matter, data acquisition, data science, deep learning, digital rights, digital twin, discounted cash flows, disintermediation, diversification, en.wikipedia.org, endowment effect, Erik Brynjolfsson, full employment, hype cycle, informal economy, information security, intangible asset, Internet of things, it's over 9,000, linked data, Lyft, Nash equilibrium, Neil Armstrong, Network effects, new economy, obamacare, performance metric, profit motive, recommendation engine, RFID, Salesforce, semantic web, single source of truth, smart meter, Snapchat, software as a service, source of truth, supply-chain management, tacit knowledge, technological determinism, text mining, uber lyft, Y2K, yield curve

Yes, we data professionals have really just been improvising for decades. One of the key issues for chief data officers and those tasked with managing information as an asset is the lack of standards for information. In fact, the only standard related to information management is in the mouthful: “ISO/IEC 27001 Information technology—Security techniques—Information security management systems—Requirements,”1 Currently, this is the only widely accepted international standard which deals at all with managing information.2 The standard calls for the inventorying of all kinds of assets, including documenting their classification, owner, usage rules, labeling, control, and handling guidelines.3 Sure, the Institute of Electrical and Electronics Engineers (IEEE) has standards for information technology, the North Atlantic Treaty Organization (NATO) and the United Nations (UN) have standards for information sharing among military organizations and countries, various multinational industry associations such as the World Bank and the International Astronomical Union and have developed regulations for information sharing among member organizations, and various countries alone or together have laws and regulations for information handling.

Do information management departments or leaders have a global standard for information best practices? Do they have any kind of inventory standard for information assets? Do they have a standard way to document the contractual rights and privileges for information usage, or to track them (other than for information security or privacy regulations)? Is there a recognized standard for reporting on information utilization? At best, the answer to any of these is: hardly. Now, ask yourself: which is more critical to an organization, the customer information or the hardware upon which it resides? It’s no wonder why the ITAM conference attendees I met were dumbfounded when I mentioned no such standards or procedures exist for the management of information assets.

Justifying and Proving the Benefits of Information-Related Initiatives Various leading and trailing indicators, forecasting methods, and value determinations of IAM activities can and should be supported by a range of metrics. Whether it’s determining ROI or simply connecting the dots between information characteristics and business outcomes, quantifying information’s quality and valuation are critical. Improving Information Security Several years ago, I spoke with Carsten Casper, Gartner’s managing vice president of digital workplace security, about how organizations budget for data security if they don’t know the value of what they’re securing. He suggested that most employ one of two methods, either: 1) the “Keep up with the Joneses” method of spending what other organizations like their own do, or 2) waiting until some kind of catastrophic event like a breach, then spending enough to make sure that this or something like it doesn’t happen again.


pages: 1,380 words: 190,710

Building Secure and Reliable Systems: Best Practices for Designing, Implementing, and Maintaining Systems by Heather Adkins, Betsy Beyer, Paul Blankinship, Ana Oprea, Piotr Lewandowski, Adam Stubblefield

air gap, anti-pattern, barriers to entry, bash_history, behavioural economics, business continuity plan, business logic, business process, Cass Sunstein, cloud computing, cognitive load, continuous integration, correlation does not imply causation, create, read, update, delete, cryptocurrency, cyber-physical system, database schema, Debian, defense in depth, DevOps, Edward Snowden, end-to-end encryption, exponential backoff, fault tolerance, fear of failure, general-purpose programming language, Google Chrome, if you see hoof prints, think horses—not zebras, information security, Internet of things, Kubernetes, load shedding, margin call, microservices, MITM: man-in-the-middle, NSO Group, nudge theory, operational security, performance metric, pull request, ransomware, reproducible builds, revision control, Richard Thaler, risk tolerance, self-driving car, single source of truth, Skype, slashdot, software as a service, source of truth, SQL injection, Stuxnet, the long tail, Turing test, undersea cable, uranium enrichment, Valgrind, web application, Y2K, zero day

The operational and organizational approaches to security in large enterprises have varied dramatically over the past 20 years. The most prominent instantiations include fully centralized chief information security officers and core infrastructure operations that encompass firewalls, directory services, proxies, and much more—teams that have grown to hundreds or thousands of employees. On the other end of the spectrum, federated business information security teams have either the line of business or technical expertise required to support or govern a named list of functions or business operations. Somewhere in the middle, committees, metrics, and regulatory requirements might govern security policies, and embedded Security Champions might either play a relationship management role or track issues for a named organizational unit.

This book is full of useful insights from cover to cover, and each example and anecdote is heavy with authenticity and the wisdom that comes from experimenting, failing and measuring real outcomes at scale. It is a must for anybody looking to build their systems the correct way from day one. Alex Stamos, Director of the Stanford Internet Observatory and former CISO of Facebook and Yahoo This book is a rare treat for industry veterans and novices alike: instead of teaching information security as a discipline of its own, the authors offer hard-wrought and richly illustrated advice for building software and operations that actually stood the test of time. In doing so, they make a compelling case for reliability, usability, and security going hand-in-hand as the entirely inseparable underpinnings of good system design.

In this chapter, we walk through debugging techniques and provide some strategies for what to do when you’re stuck. We then discuss the differences between debugging a system issue and investigating a security concern, and examine tradeoffs to take into account when deciding which logs to retain. Finally, we look at how to keep these valuable sources of information secure and reliable. In an ideal world, we would all build perfect systems, and our users would have only the best of intentions. In reality, you’ll encounter bugs and need to conduct security investigations. As you observe a system running in production over time, you’ll identify areas for improvement and places where you can streamline and optimize processes.


pages: 461 words: 125,845

This Machine Kills Secrets: Julian Assange, the Cypherpunks, and Their Fight to Empower Whistleblowers by Andy Greenberg

air gap, Apple II, Ayatollah Khomeini, Berlin Wall, Bill Gates: Altair 8800, Bletchley Park, Burning Man, Chelsea Manning, computerized markets, crowdsourcing, cryptocurrency, disinformation, domain-specific language, driverless car, drone strike, en.wikipedia.org, Evgeny Morozov, Fairchild Semiconductor, fault tolerance, hive mind, information security, Jacob Appelbaum, John Gilmore, John Perry Barlow, Julian Assange, Lewis Mumford, Mahatma Gandhi, military-industrial complex, Mitch Kapor, MITM: man-in-the-middle, Mohammed Bouazizi, Mondo 2000, Neal Stephenson, nuclear winter, offshore financial centre, operational security, PalmPilot, pattern recognition, profit motive, Ralph Nader, real-name policy, reality distortion field, Richard Stallman, Robert Hanssen: Double agent, Silicon Valley, Silicon Valley ideology, Skype, social graph, SQL injection, statistical model, stem cell, Steve Jobs, Steve Wozniak, Steven Levy, Teledyne, three-masted sailing ship, undersea cable, Vernor Vinge, We are Anonymous. We are Legion, We are the 99%, WikiLeaks, X Prize, Zimmermann PGP

Because as soon as we start to believe that maybe it’s not all black-and-white, that someone can do wrong for a good reason, that not every action of law is inherently infallible, it strikes a very dangerous precedent for the government the way it wants to operate today. After the documentary’s filming was completed in 2003, Hackers Wanted went unreleased for seven years until it was finally leaked in May of 2010 onto copyright-flouting BitTorrent file-sharing networks, where it became a modest hit in the world of hackers and information security. Lamo insists he wasn’t the source of the leak. When fans wrote to Lamo and the film’s director, Sam Bozzo, asking how they could support the film with donations, Lamo wrote on his Twitter feed on May 20 that donors should give their money instead to WikiLeaks, the whistleblower organization that one month before had released Manning’s Apache helicopter video to an explosive response.

Despite signing up a few major banks, Chaum’s crypto-currency never quite caught on, a result of what some say is bad luck and others say was Chaum’s overly controlling style of doing business, which may have quashed many of his company’s attempts to find mainstream partnerships. But few in the computer security world doubt Chaum’s sheer cryptographic brilliance—his patents range from physical locks to software security systems to anonymity and pseudonymity mechanisms that would secure his reputation as a computer science and information security powerhouse. Growing up and attending high school in an L.A. suburb, Chaum lived the rebellious life of a child who understands he is smarter than everyone he knows. He would show up for shop class and then play hooky the rest of the day, crossing town to sneak into computer science classes at UCLA.

In 2002, those gigs led Appelbaum to his first real job: an information technology administrator position at Greenpeace. It was a tougher and more practical education than anything he would have found at Santa Rosa Junior College. Appelbaum learned from a combative, grizzled Linux guru at the NGO who went by the hacker handle Shord. His mentor—and the rest of Greenpeace—took information security seriously. The group’s radical environmentalists often referenced the Rainbow Warrior, a ship Greenpeace used in its antiwhaling activities that was sabotaged and sunk by French intelligence agents in 1985, drowning one of the group’s photographers. “Greenpeace’s security issues are real,” says Appelbaum.


pages: 252 words: 75,349

Spam Nation: The Inside Story of Organized Cybercrime-From Global Epidemic to Your Front Door by Brian Krebs

barriers to entry, bitcoin, Brian Krebs, cashless society, defense in depth, Donald Trump, drop ship, employer provided health coverage, independent contractor, information security, John Markoff, mutually assured destruction, offshore financial centre, operational security, payday loans, pirate software, placebo effect, ransomware, seminal paper, Silicon Valley, Stuxnet, the payments system, transaction costs, web application

The rep points are awarded or subtracted by established forum members and moderators who have earned the right to bestow or revoke such status indicators. This system is remarkably effective at regulating the criminal acts of these crooks against each other. Aleksey Mikhaylov, a native Russian and information security expert who has exhaustively reviewed the documents, chats, and other material leaked from the Spamdot forum, said that the threat of a single negative post on the forum prompts these guys to amicably resolve issues worth tens of thousands of dollars. Access to the forum and their “standing” there preoccupies all of them.

According to the website of Russian software firm Digital Infinity Developers Group, Nechvolod was part of a team of elite programmers that could be hired out for jobs at diginf.ru. The Diginf Team page on that site (now defunct) listed Dmitry Nechvolod as an “administrator of UNIX-based systems,” an “administrator of Cisco routers,” and “a specialist in information security software.” Between Nechvolod’s expertise and that of his team, it is clear from reviewing their résumés that this group of programmers could hack their way in or around virtually any communications or security system. Nechvolod’s cadre maintained a core version of the Cutwail bot code and rented it out to other miscreants on underground forums, where the spamming system was known as “0bulk Psyche Evolution.”

Turns out, I burned my expensive Yamamoto shoes, not the ones I wore home from prison!” During his imprisonment, Vrublevsky signed a full confession stating that he masterminded the attack on Assist, Aeroflot’s credit card processor. Vrublevsky’s confession stated that he had instructed a ChronoPay employee—Maksim Permyakov, an information security specialist for the company—to deposit $20,000 in WebMoney payments into a purse owned by Igor A. Artimovich, the alleged Festi spam botmaster and a former employee of Sun Microsystems in Russia. Indeed, a lengthy email thread in the cache of messages leaked from ChronoPay details this exchange precisely.


pages: 266 words: 79,297

Forge Your Future with Open Source by VM (Vicky) Brasseur

AGPL, anti-pattern, Benevolent Dictator For Life (BDFL), call centre, continuous integration, Contributor License Agreement, Debian, DevOps, don't repeat yourself, en.wikipedia.org, Firefox, FOSDEM, Free Software Foundation, Guido van Rossum, information security, Internet Archive, Larry Wall, microservices, Perl 6, premature optimization, pull request, Richard Stallman, risk tolerance, Turing machine

When you increase the font size, the interface is still readable and usable. There are many other interface elements you can test for accessibility. The WebAIM[90] project maintains resources and a handy list[91] to help you learn more about web accessibility. If you have experience or an interest in information security, you’ll find that your skills are in demand in FOSS projects. More experienced security specialists will be able to review project code to determine whether it leaks or exposes sensitive information or whether it performs adequate validation on all inputs. Less experienced security enthusiasts can be very helpful by performing manual input validation tests, or even automated fuzz testing, to test for vulnerabilities in the project’s interfaces.

This can lead to a lot of frustration and wasted time on all sides, but is relatively easy to avoid simply by taking a “read first, understand second, act third” approach. As you’re reading through the issue, if it appears to be reporting or is at all concerned with a matter of privacy or security, escalate it immediately. Security should never be taken lightly, and it’s always far better to be safe rather than sorry where information security (infosec) is involved. Even if you’re a seasoned infosec specialist, always notify the core project developers that there may be a security problem. This is not the sort of thing you want to surprise people with at the last moment. Notify the team and allow them to prepare to fix the issue, should it prove to be a legitimate concern.

Some common suffixes are -dev for lists dedicated to discussion about the technical development of the project, -user for questions and discussions about and by end users of the project, and -announce as a low-traffic list containing important announcements about things like new releases, conference information, security warnings, and similar things, but no discussions at all. Check the project’s documentation to see what mailing lists it offers and sign up only for those that are relevant to you. You can certainly sign up for all of them, but you may find you’re receiving a lot more email than you want or can handle.


pages: 434 words: 77,974

Mastering Blockchain: Unlocking the Power of Cryptocurrencies and Smart Contracts by Lorne Lantz, Daniel Cawrey

air gap, altcoin, Amazon Web Services, barriers to entry, bitcoin, blockchain, business logic, business process, call centre, capital controls, cloud computing, corporate governance, creative destruction, cross-border payments, cryptocurrency, currency peg, disinformation, disintermediation, distributed ledger, Dogecoin, Ethereum, ethereum blockchain, fault tolerance, fiat currency, Firefox, global reserve currency, information security, initial coin offering, Internet of things, Kubernetes, litecoin, low interest rates, Lyft, machine readable, margin call, MITM: man-in-the-middle, multilevel marketing, Network effects, offshore financial centre, OSI model, packet switching, peer-to-peer, Ponzi scheme, prediction markets, QR code, ransomware, regulatory arbitrage, rent-seeking, reserve currency, Robinhood: mobile stock trading app, Ross Ulbricht, Satoshi Nakamoto, Silicon Valley, Skype, smart contracts, software as a service, Steve Wozniak, tulip mania, uber lyft, unbanked and underbanked, underbanked, Vitalik Buterin, web application, WebSocket, WikiLeaks

It’s a fundamental shift in how financial services are provided, and this fluid situation leads to attackers constantly searching for exploits to profit from. Privacy Public blockchains like Bitcoin and Ethereum are not great when it comes to privacy. When thinking about decentralizing finance and the web, information security must be carefully considered. To conceal identity, a number of solutions are available. Different implementations will make different uses of these solutions, as privacy is an experimental (yet growing) area of blockchain technology. With Bitcoin and Ethereum, all transaction information is visible in the public blockchain, including the transaction amount and addresses of the sender and receiver.

Byzantine agreement, Other Concepts for Consensus Byzantine fault-tolerant agreement, RippleHotStuff algorithm, Borrowing from Existing Blockchains C Cardano, Blockchains to Watch Casper algorithm (proof-of-stake), Ethereum Scaling CCXT (CryptoCurrency eXchange Trading Library), Open Source Trading Tech cell phone porting attacks, Security Fundamentals central bank digital currencies (CBDCs), Central Bank Digital Currencies centralizationcaused by proof-of-work consensus on Bitcoin, Ripple and Stellar decentralization versus, Decentralization Versus Centralization distributed versus centralized versus decentralized systems, Distributed Versus Centralized Versus Decentralized-Bitcoin Predecessors Libra's centralization challenge, Novi centralized exchanges, Decentralized Exchange Contracts, The Role of Exchanges, Jurisdictiondecentralized exchanges versus, Decentralized Versus Centralized Exchanges-Scalabilitycustody and counterparty risk, Custody and counterparty risk exchange rate, Exchange rate infrastructure, Infrastructure Know Your Customer (KYC) rules, Know your customer scalability, Scalability token listing, Token listing infrastructure differences from decentralized exchanges, Decentralized Exchange Contracts CFTC (Commodity Futures Trading Commission), FinCEN Guidance and the Beginning of Regulation Chainalysis, Analytics channels (Lightning), Lightning Chaum, David, DigiCash Chia, Alternative methods Chicago Mercantile Exchange (CME), partnership with Royal Mint, The Royal Mint China, central bank cryptocurrency, China Coburn, Zachary, Skirting the Laws Coin ATM Radar website, Evolution of the Price of Bitcoin Coinbase, Wallet Types: Custodial Versus Noncustodial, Custody Coinbase Pro, ExchangesAPI example, BTC/USD ticker call, Exchange APIs and Trading Bots arbitrage trading on, Arbitrage Trading-Float Configuration 3 custody solutions, robust, Counterparty Risk example order book, Slippage coinbase transaction, Storing Data in a Chain of Blocks, The Coinbase TransactionBitcoin Genesis block, Achieving Consensus Coincheck, Coincheck CoinDesk, Information coins, DigiCash Coinye, More Altcoin Experiments cold storage wallets, Counterparty Risk cold wallets, Wallet Type Variations collisions, cryptographic hashes and, Hashes colored coins, NXT, Colored Coins and Tokens Commodity Exchange Act (CEA), Wash Trading Commodity Futures Trading Commission (CFTC), FinCEN Guidance and the Beginning of Regulation conferences on blockchain industry, Information confidential assets, Liquid confirmations, Confirmations confirmed transactions, Transactionsconfirmed by miner, Transaction life cycle confirmed by network on Bitcoin, Transaction life cycle consensus, Consensus-Alternative methodsAvalanche mechanism, Avalanche in Bitcoin network, Compelling Components-Generating transactions Corda, Corda consensus in decentralized systems, Distributed Versus Centralized Versus Decentralized Libra mechanism for, Borrowing from Existing Blockchains, How the Libra Protocol Works other concepts for, Other Concepts for Consensus proof-of-stake, Proof-of-Stake-Proof-of-Stake proof-of-work, Proof-of-Work-Confirmationsblock discovery, Block discovery confirmations by miners of block to include in blockchain, Confirmations mining process on Bitcoin, The mining process transaction life cycle, Transaction life cycle SCP protocol, Stellar XRP Consensus Protocol, Ripple ConsenSys, ConsenSysTruffle Suite tools for smart contracts, Authoring a smart contract contentious hard forks, Understanding Forks-Replay attacksreplay attacks vulnerability, Replay attacks Corda, Corda-Corda languageconsensus, Corda consensus how it works, How Corda works ledger, Corda ledger network, The Corda network programming language, Corda language Counterparty blockchain, Counterparty counterparty risk, Counterparty Riskon centralized versus decentralized exchanges, Custody and counterparty risk reduced, on decentralized exchanges, Decentralized Exchange Contracts cross-shard communication complexity, Other Altchain Solutions crypto laundering, The Evolution of Crypto Laundering-The Evolution of Crypto Launderinghow funds are laundered, The Evolution of Crypto Laundering cryptocurrencies, Cryptocurrency Fundamentals-Summaryadditional, Mastercoin introducing notion of, Mastercoin and Smart Contracts backing DAI multi-collateral token, DAI and blockchain, leading to new platforms for the web, Web 3.0 blockchain systems and unit of account, Storing Data in a Chain of Blocks consensus, Consensus-Alternative methodsother concepts for, Other Concepts for Consensus proof-of-stake, Proof-of-Stake-Proof-of-Stake proof-of-work, Proof-of-Work-Confirmations cryptographic hashes, Hashes-Custody: Who Holds the Keys custody, Custody: Who Holds the Keys-Security Fundamentals ICOs or fundraising for projects, Use Cases: ICOs illegal uses of, Catch Me If You Can methods of buying and selling, Evolution of the Price of Bitcoin mining, Mining-Block Generation privacy-focused, Privacy-Focused Cryptocurrencies public and private keys in systems, Public and Private Keys in Cryptocurrency Systems-Public and Private Keys in Cryptocurrency Systems regulatory bodies in the US, FinCEN Guidance and the Beginning of Regulation security, Security Fundamentals-Recovery Seed stablecoins based on, Crypto-Based Stablecoins-Tether stakeholders in ecosystem, Stakeholders-Informationanalytics services, Analytics brokerages, Brokerages custody solutions, Custody exchanges, Exchanges information services, Information theft from ownersexchange hacks, Exchange Hacks-NiceHash other hacks, Other Hacks-Summary transactions in, Transactions-Bitcoin Transaction Security UTXO model for Bitcoin transactions, The UTXO Model-The UTXO Model cryptocurrency ATMs, Evolution of the Price of Bitcoin CryptoCurrency eXchange Trading Library (CCXT), Open Source Trading Tech cryptographyBitcoin's use on transactions, Introducing the Timestamp Server cryptographic hashes, Hashes-Custody: Who Holds the Keys ECDSA encryption, signing and verifying transactions, Signing and Validating Transactions enabling proof-of-work on Hashcash, Hashcash public/private key, Bitcoin's use of, Public/private key cryptography-Generating keys use by DigiCash, DigiCash CryptoKitties, ERC-721-ERC-777causing scaling problems on Ethereum, Challenges in Developing Dapps digital cats as nonfungible tokens, Fungible and Nonfungible Tokens CryptoLocker and ransomware, CryptoLocker and Ransomware CryptoNote protocol, Monero currencies, exchanges for, Exchanges(see also exchanges) custodial wallets, Wallet Types: Custodial Versus Noncustodial(see also wallets) custody, Custody: Who Holds the Keys-Security Fundamentalscounterparty risk with exchanges, Counterparty Risk, Custody and counterparty risk crypto custody solutions, Custody custody providers, Counterparty Risk cyberbucks, DigiCash D DAGs (directed acyclic graphs), DAGs DAI stablecoin, DAIsavings rates for, Savings Dai, Wei, B-Money DAML, DAML DAOs (decentralized autonomous organizations), Decentralized Autonomous Organizations-Other Ethereum forks, Important DefinitionsThe DAO project on Ethereum, Initial Coin Offerings dapps (see decentralized applications) Dash, Dash database management systems (DBMSs), Databases and Ledgers databasesbackend/database differences between centralized exchanges and Uniswap, Infrastructure and ledgers, Databases and Ledgers decentralizationversus centralization, Decentralization Versus Centralization decentralizing the web, Web 3.0 distributed versus centralized versus decentralized systems, Distributed Versus Centralized Versus Decentralized-Bitcoin Predecessors decentralized applications (dapps), Ether and Gas, Decentralized Applications (Dapps)-Challenges in Developing Dappsbuilding decentralized web frameworks, Web 3.0 challenges in developing, Challenges in Developing Dapps Corda, Corda language running on top of a blockchain, Deploying and Executing Smart Contracts in Ethereum use cases, Use Cases decentralized autonomous organizations (DAOs), Decentralized Autonomous Organizations-Other Ethereum forks, Important DefinitionsThe DAO project on Ethereum, Initial Coin Offerings decentralized exchange contracts, Decentralized Exchange Contracts-Summary decentralized exchanges, The Role of Exchanges, Decentralized Exchanges-Scalabilityversus centralized exchanges, Decentralized Versus Centralized Exchanges-Scalabilitycustody and counterparty risk, Custody and counterparty risk exchange rate, Exchange rate infrastructure, Infrastructure Know Your Customer (KYC) rules, Know your customer scalability, Scalability token listing, Token listing decentralized finance (DeFi), Decentralizing Finance and the Web-Derivativesflash loans, Flash Loans-The Fulcrum Exploitcreating the flash loan smart contract, Creating a Flash Loan Contract-Deploying the Contract deploying the contract, Deploying the Contract executing a loan, Executing a Flash Loan-Executing a Flash Loan Fulcrum attack, The Fulcrum Exploit important definitions, Important Definitions privacy and information security, Privacy-Ring Signaturesring signatures, Ring Signatures Zcash, Zcash zero-knowledge proof, Zero-Knowledge Proof zk-SNARKs, zk-SNARKs redistribution of trust, Redistribution of Trust-Naming Servicesidentity and dangers of hacking, Identity and the Dangers of Hacking naming services, Naming Services services, DeFi Services-Derivativesderivatives, Derivatives lending, Lending savings, Savings stablecoins, Stablecoins-KYC and pseudonymity traditional versus decentralized financial system, Decentralizing Finance DeFI Pulse website, DeFi Services delegated proof-of-stake, Alternative methods deposit contracts, Ethereum Scaling depth charts, Depth Chartssell wall on, Whales derivatives, Derivativesin decentralized finance, Derivatives derivatives exchanges, The Role of Exchanges desktop wallets, Wallet Type Variations DEXes (see decentralized exchanges; exchanges) dictionary attacks on passwords, Zero-Knowledge Proof difficulty of discovering valid block hash, Block discovery DigiCash, DigiCash digital bonds, Banking digital money, Bitcoin Predecessors(see also cryptocurrencies) creation of, in B-Money, B-Money use of hashing to limit double spend, Hashcash digital signaturesmultisignature system, Hash Time Locked Contracts, Lightning Schnorr algorithm, Privacy signing transactions, Signing and Validating Transactions Digix, Digix directed acyclic graphs (DAGs), DAGs disintermediation, Identity and the Dangers of Hacking distributed ledger technology (DLT), Databases and Ledgers distributed systems, Decentralized Applications (Dapps)Bitcoin, Compelling Components distributed versus centralized versus decentralized systems, Distributed Versus Centralized Versus Decentralized-Bitcoin Predecessors Dogecoin, More Altcoin Experiments Domain Name System (DNS), decentralized version of, Altcoins dot-com crash, Tulip Mania or the internet?

Gox-Bitfinex multisignature wallet contracts, Multisignature Contracts-Multisignature Contracts N Namecoin, Altcoins naming services, Naming Services network hash rate, Block discovery networkscentralized versus decentralized versus distributed design, Distributed Versus Centralized Versus Decentralized Corda, The Corda networknodes having visibility into transactions, Corda ledger DAG design, DAGs Libra's centralization challenge, Novi transactions confirmed by network on Bitcoin, Transaction life cycle New York Department of Financial Services (NYDFS), FinCEN Guidance and the Beginning of Regulation NiceHash, NiceHash Nightfall blockchain, Nightfall nodes, Distributed Versus Centralized Versus Decentralizedin Avalance consensus mechanism, Avalanche Libra, validator and full nodes, How the Libra Protocol Works Lightning, Lightning nodes and wallets in proof-of-stake networks, Proof-of-Stake nonces, The mining processin block discovery on Bitcoin, The mining process running out of nonce space or overflow, The mining process in Satoshi Nakamoto's whitepaper, The Whitepaper noncustodial wallets, Wallet Types: Custodial Versus Noncustodial(see also wallets) nonfungible tokens, Fungible and Nonfungible TokensERC-721 standard for, ERC-721 Nothing-at-Stake problem, Proof-of-Stake Novi wallet, Novi NuBits, NuBits NXT blockchain, NXT O oligarchical model dominating the web, Web 3.0 Omni Core, Understanding Omni Layerlimitations of, Deploying and Executing Smart Contracts in Ethereum Omni Layer, Understanding Omni Layer-Adding custom logicadding custom logical operations to Bitcoin, Adding custom logic-Adding custom logic how it works, How Omni Layer works limitations of, Deploying and Executing Smart Contracts in Ethereum technical stack, overview of, Understanding Omni Layer Tether project built on, Tether opcodes, Gas and Pricing Open Systems Interconnection (OSI) model, The More Things Change operating system platform (EOS), Blockchains to Watch operators, ERC-777, ERC-1155 Optimistic Rollups, Other Altchain Solutions, Lightning nodes and wallets options, Derivatives OP_RETURN field, Adding custom logictranslation of metadata in, Adding custom logic Oracle, Blockchain Platform, Blockchain as a Service oracles, Important Definitionsmanipulation in Fulcrum attack, The Fulcrum Exploit order books, Order Booksthin, slippages and, Slippage over-the-counter (OTC) market, Slippage P paper wallets, Wallet Type Variations Parity, Parity Parity hack (2017), Parity participants, Participants passwordssecurity vulnerabilities, Zero-Knowledge Proof Thinbus Secure Remote Password protocol, Zero-Knowledge Proof pay-to-play, Tools for fundamental analysis payment channels, Lightningnode dropping or losing connection to, Lightning nodes and wallets opening by sending funding transaction, Funding transactions withdrawing funds from, Off-chain transactions payment systemsLibra, Borrowing from Existing Blockchains permissioned ledger uses of blockchain, Payments physical cash versus digital, Electronic Systems and Trust Permacoin, Alternative methods permissioned ledger uses of blockchain, Permissioned Ledger Uses-Paymentsbanking, Banking central bank digital currencies, Central Bank Digital Currencies gaming, Gaming health care, Health Care Internet of Things, Internet of Things IT systems, IT payments systems, Payments permissioned ledgers, Databases and Ledgers permissionless ledgers, Databases and Ledgers person-to-person trading of cryptocurrency, Evolution of the Price of Bitcoin phishing attacks, Security Fundamentals Plasma implementation of sidechains, Other Altchain Solutions Ponzi schemes in cryptocurrency, Skirting the Laws PotCoin, More Altcoin Experiments precompilation of zk-SNARKs, zk-SNARKs preminingissues with, Litecoin premined altcoin, Ixcoin, Altcoins prices (gas), Gas and Pricing Primecoin, Altcoins privacyand censorship resistance with dapps, Use Cases Ethereum-based privacy implementations, Ethereum-Based Privacy Implementations future developments in blockchains, Privacy information security in decentralizing finance and the web, Privacy-Ring Signaturesring signatures, Ring Signatures Zcash, Zcash zero-knowledge proof, Zero-Knowledge Proof zk-SNARKs, zk-SNARKs insufficient anonymity on Bitcoin, The Evolution of Crypto Laundering paired with scalability, Mimblewimble blockchain protocol, Mimblewimble, Beam, and Grin privacy-focused blockchains, PrivacyMonero, Blockchains to Watch-How Monero Works Zcash, Zcash privacy-focused cryptocurrencies, Privacy-Focused CryptocurrenciesDash, Dash Monero, Monero Zcash, Zcash private blockchain networks, Privacy private blockchains, The Enterprise Ethereum Alliance private keys, Public/private key cryptography(see also public/private key cryptography) products/services, buying or selling, Evolution of the Price of Bitcoin proof-of-history, Alternative methods proof-of-stake, Proof-of-Stake-Proof-of-StakeByzantine fault-tolerant algorithm, HotStuff, Borrowing from Existing Blockchains Casper algorithm in Ethereum 2.0, Ethereum Scaling proof-of-stake velocity, More Altcoin Experiments proof-of-storage, Alternative methods proof-of-work, Block Generation, Proof-of-Work-Confirmationsbit gold's client puzzle function type, Bit Gold block discovery, Block discovery confirmations by miners of blocks to include in blockchain, Confirmations criticisms of, Proof-of-Stake, Ripple and Stellar CryptoNote protocol, Monero Ethereum's Ethash protocol, Ethereum: Taking Mastercoin to the Next Level longest chain rule, The mining process mining process for block discovery on Bitcoin, The mining process mining process on Bitcoin, The mining process in Satoshi Nakamoto's whitepaper, The Whitepaper transaction life cycle, Transaction life cycle use by B-Money, B-Money use by Hashcash, Hashcash X11 ASIC-resistant, Dash protocols, Electronic Systems and Trust pseudonimity, KYC rules and, KYC and pseudonymity public keys, Public/private key cryptography(see also public/private key cryptography) public/private key cryptographyBitcoin's use of, Public/private key cryptography examples of public and private keys, Naming Services generating keys, Generating keys private key storage for digital wallets, Authoring a smart contract private keys for wallets, Private Keys public and private keys in cryptocurrency systems, Public and Private Keys in Cryptocurrency Systems-Public and Private Keys in Cryptocurrency Systems unauthorized access to private key, Bitcoin Transaction Security use in controlling access to personal information, Identity and the Dangers of Hacking pull transactions, Bitcoin Transaction Security, ERC-777 push transactions, Bitcoin Transaction Security, ERC-777 Q Quantum Ledger Database (QLDB), Blockchain as a Service Quorum blockchain, Quorum, JPMorgan R ransomware, CryptoLocker and, CryptoLocker and Ransomware rate limiting, Exchange Risk, Rate Limiting real estate transactions, using tokens on a blockchain, Tokens on the Ethereum Platform recovery seed, Recovery Seed recursive call vulnerability, Forking Ethereum and the creation of Ethereum Classic regulationof cryptocurrency exchanges, Jurisdiction FATF and the Travel Rule, The FATF and the Travel Rule FinCEN guidance and beginnings of, FinCEN Guidance and the Beginning of Regulation-FinCEN Guidance and the Beginning of Regulation regulatory challenges in cryptocurrency market, Regulatory Challenges-Basic Mistakes regulatory issues with ICOs, Tokenize Everything regulatory arbitrage, Avoiding Scrutiny: Regulatory Arbitrage-Crypto-Based StablecoinsICOs as example of, Initial Coin Offerings relational databases, Databases and Ledgers replay attacks, Replay attacksprotecting against, on Ethereum and Ethereum Classic, The Ethereum Classic Fork replication systems, Databases and Ledgers REST APIsEthereum network, Interacting with Code WebSocket versus, REST Versus WebSocket ring confidential transactions, Blockchains to Watch, How Monero Works ring signatures, Monero, Ring Signatures, Blockchains to Watchhiding public address of sender on Monero, How Monero Works Ripple, Other Concepts for Consensus, Rippleblock times, Float Configuration 2 Robinhood mobile app, Brokerages Rollups, Zero Knowledge (ZK) and Optimistic, Other Altchain Solutions, Lightning nodes and wallets Royal Mint, The Royal Mint S Santander, blockchain-issued bonds, Banking SAP, Blockchain as a Service, Blockchain as a Service satoshi, Gas and Pricing Satoshi Nakamotobitcoin address related to, The Evolution of Crypto Laundering efforts to establish identity of, Storing Data in a Chain of Blocks identity, guesses at, Bahamas Satoshi's Vision group (Bitcoin SV), The Bitcoin Cash Fork whitepaper, The Whitepaper savings services (DeFi), Savings scalabilitycentralized versus decentralized exchanges, Scalability discontent over Bitcoin network's scaling, The Bitcoin Cash Fork EOS solution to blockchain issues, Tokenize Everything privacy paired with, Mimblewimble blockchain potocol, Mimblewimble, Beam, and Grin Scalable Transparent ARguments of Knowledge (STARKs), STARKs scaling blockchains, Scaling Blockchains-Other Altchain Solutions, The Scaling Problem-Ethereum ScalingAvalanche consensus mechanism, Avalanche DAG network design, DAGs Ethereum, Ethereum Scaling-Ethereum Scaling Lightning solution, Lightning, Lightning-Lightning nodes and wallets Liquid multisignature wallet, Liquid other altchain solutions, Other Altchain Solutions SegWit, SegWit sharding, Sharding sidechains, Sidechains STARKs, STARKs Schnorr algorithm, Privacy Scott, Mark, Skirting the Laws SCP consensus protocol, Stellar scripted money, Improving Bitcoin’s Limited Functionality Scrypt mining, Altcoins, Litecoin Secret Network, Privacy securitiestokens proposed in ICOs, Different Token Types unregistered securities offerings, Skirting the Laws Securities and Exchange Commission (SEC), FinCEN Guidance and the Beginning of Regulation securityBitcoin transaction security, Bitcoin Transaction Security custody infrastructure for exchanges, Counterparty Risk detection of blockchain tampering with Merkle roots, The Merkle Root early vulnerability on Bitcoin, An Early Vulnerability exchanges taking care of private keys, Counterparty Risk flash loans exploiting vulnerabilities in DeFi platforms, The Fulcrum Exploit fundamentals for cryptocurrencies, Security Fundamentals-Recovery Seed identity and dangers of hacking, Identity and the Dangers of Hacking information security in decentralizing finance and the web, Privacy Lightning Network vulnerabilities, Lightning proof-of-stake consensus algorithm, criticisms of, Proof-of-Stake recursive call vulnerability, Forking Ethereum and the creation of Ethereum Classic replay attacks vulnerability, Replay attacks, The Ethereum Classic Fork sharding, vulnerabilities with, Other Altchain Solutions theft of cryptocurrencies in exchange hacks, Exchange Hacks-NiceHash theft of cryptocurrencies in other hacks, Other Hacks-Summary transaction malleability vulnerability, Lightning nodes and wallets security token offerings (STOs), Different Token Types security tokens, Token Economics seeds (recovery), Recovery Seedstorage of, Authoring a smart contract SegWit (Segregated Witness), SegWit, Lightning nodes and wallets self-sovereign identity, Identity and the Dangers of Hacking SHA-256 hash algorithm, Introducing the Timestamp Server, Hashes SHA256 and RIPEMD160 functions, Generating keys shadow market for disinformation, Tools for fundamental analysis sharding, Other Altchain Solutions, Shardingin Ethereum 2.0, Ethereum Scaling Shavers, Trendon, Skirting the Laws Shrem, Charlie, Skirting the Laws sidechains, Other Altchain Solutions, SidechainsLiquid technology and, Liquid Optimistic Rollups and, Lightning nodes and wallets Silk Road, Catch Me If You Cancriminal investigation tracking bitcoin address to operator, The Evolution of Crypto Laundering provision of bitcoin to users without KYC/AML, Skirting the Laws SIM swapping, SIM Swapping-SIM Swapping Singapore, regulatory arbitrage, Singapore single-shard takeover attacks, Other Altchain Solutions slashing algorithms, Proof-of-Stake slippage, Slippage smart contracts, Mastercoin and Smart ContractsDAML language for distributed applications, DAML for decentralized exchanges, Decentralized Exchange Contracts, Custody and counterparty risk deploying and executing in Ethereum, Deploying and Executing Smart Contracts in Ethereum-Interacting with Codeauthoring a smart contract, Authoring a smart contract deployment, Deploying a smart contract-Deploying a smart contract Ethereum Virtual Machine (EVM), The Ethereum Virtual Machine executing a smart contract, Executing a smart contract gas and pricing, Gas and Pricing interacting with a smart contract, Interacting with a smart contract programmatically interacting with Ethereum, Interacting with Code reading a smart contract, Reading a smart contract writing a smart contract, Writing a smart contract deployment for dapps, Challenges in Developing Dapps EOS platform, Blockchains to Watch ERC-20 compliantevents supported by, ERC-20 example of, ERC-20-ERC-20 methods implemented, ERC-20 ERC-compliant, library of, Decentralized Exchange Contracts flash loanscreating the contract, Creating a Flash Loan Contract-Deploying the Contract deploying the contract, Deploying the Contract manipulation of oracles in Fulcrum attack, The Fulcrum Exploit steps in process, Flash Loans Libra support for, Borrowing from Existing Blockchains Omni Layer providing, Understanding Omni Layer publicly viewable record of method call to Uniswap smart contract, Custody and counterparty risk-Exchange rate sending tokens to via push and pull transactions, ERC-777 third-party auditors of, Fungible and Nonfungible Tokens Uniswap contract viewable on Ethereum, Infrastructure social media, campaigns to influence cryptocurrencies, Tools for fundamental analysis soft forks, Understanding Forks software development, changes from use of cryptcurrency and blockchain, Web 3.0 software forks, Understanding Forks software wallets, Wallets Solidcoin, Altcoins Solidity language, Authoring a smart contract South Korean exchanges, Regulatory Challenges speculation in cryptocurrency, Market Infrastructure, Tulip Mania or the internet?


pages: 345 words: 105,722

The Hacker Crackdown by Bruce Sterling

Apple II, back-to-the-land, Future Shock, game design, ghettoisation, Hacker Conference 1984, Haight Ashbury, Howard Rheingold, HyperCard, index card, informal economy, information security, Jaron Lanier, John Gilmore, John Perry Barlow, machine readable, Mitch Kapor, pirate software, plutocrats, radical decentralization, Silicon Valley, Steve Wozniak, Steven Levy, Stewart Brand, Strategic Defense Initiative, technological determinism, The Hackers Conference, the scientific method, Whole Earth Catalog, Whole Earth Review

Whole Earth 'Lectronic Link computer conference (WELL) goes on-line. 1986 Computer Fraud and Abuse Act passed. 1986 Electronic Communications Privacy Act passed. 1987 Chicago prosecutors form Computer Fraud and Abuse Task Force. 1988 July. Secret Service covertly videotapes "SummerCon" hacker convention. September. "Prophet" cracks BellSouth AIMSX computer network and downloads E911 Document to his own computer and to Jolnet. September. AT&T Corporate Information Security informed of Prophet's action. October. Bellcore Security informed of Prophet's action. 1989 January. Prophet uploads E911 Document to Knight Lightning. February 25. Knight Lightning publishes E911 Document in PHRACK electronic newsletter. May. Chicago Task Force raids and arrests "Kyrie."

He was not a voice-communications man, and knew little about the ins and outs of the Baby Bells, but he certainly knew what the 911 System was, and he was angry to see confidential data about it in the hands of a nogoodnik. This was clearly a matter for telco security. So, on September 21, 1988, Boykin made yet ANOTHER copy of the E911 Document and passed this one along to a professional acquaintance of his, one Jerome Dalton, from AT&T Corporate Information Security. Jerry Dalton was the very fellow who would later raid Terminus's house. From AT&T's security division, the E911 Document went to Bellcore. Bellcore (or BELL COmmunications REsearch) had once been the central laboratory of the Bell System. Bell Labs employees had invented the UNIX operating system.

Prophet's illicit copy, at home on his own computer in Decatur, Georgia. 2. Prophet's back-up copy, stored on Rich Andrew's Jolnet machine in the basement of Rich Andrews' house near Joliet Illinois. 3. Charles Boykin's copy on "Killer" in Dallas, Texas, sent by Rich Andrews from Joliet. 4. Jerry Dalton's copy at AT&T Corporate Information Security in New Jersey, sent from Charles Boykin in Dallas. 5. Henry Kluepfel's copy at Bellcore security headquarters in New Jersey, sent by Dalton. 6. Knight Lightning's copy, sent by Prophet from Rich Andrews' machine, and now in Columbia, Missouri. We can see that the "security" situation of this proprietary document, once dug out of AIMSX, swiftly became bizarre.


pages: 181 words: 52,147

The Driver in the Driverless Car: How Our Technology Choices Will Create the Future by Vivek Wadhwa, Alex Salkever

23andMe, 3D printing, Airbnb, AlphaGo, artificial general intelligence, augmented reality, autonomous vehicles, barriers to entry, benefit corporation, Bernie Sanders, bitcoin, blockchain, clean water, correlation does not imply causation, CRISPR, deep learning, DeepMind, distributed ledger, Donald Trump, double helix, driverless car, Elon Musk, en.wikipedia.org, epigenetics, Erik Brynjolfsson, gigafactory, Google bus, Hyperloop, income inequality, information security, Internet of things, job automation, Kevin Kelly, Khan Academy, Kickstarter, Law of Accelerating Returns, license plate recognition, life extension, longitudinal study, Lyft, M-Pesa, Mary Meeker, Menlo Park, microbiome, military-industrial complex, mobile money, new economy, off-the-grid, One Laptop per Child (OLPC), personalized medicine, phenotype, precision agriculture, radical life extension, RAND corporation, Ray Kurzweil, recommendation engine, Ronald Reagan, Second Machine Age, self-driving car, seminal paper, Silicon Valley, Skype, smart grid, stem cell, Stephen Hawking, Steve Wozniak, Stuxnet, supercomputer in your pocket, synthetic biology, Tesla Model S, The future is already here, The Future of Employment, Thomas Davenport, Travis Kalanick, Turing test, Uber and Lyft, Uber for X, uber lyft, uranium enrichment, Watson beat the top human players on Jeopardy!, zero day

“FAQ about cyber attack on VTech Learning Lodge,” VTech 8 August 2016, https://www.vtech.com/en/press_release/2015/faq-about-data-breach-on-vtech-learning-lodge (accessed 21 October 2016). 8. PwC, Managing Cyber Risks in an Interconnected World: Key findings from The Global State of Information Security® Survey 2015, PwC 2014, http://www.pwc.com/gx/en/consulting-services/information-security-survey/assets/the-global-state-of-information-security-survey-2015.pdf (accessed 21 October 2016). 9. “Equipment Authorization Approval Guide,” Federal Communications Commission 21 October 2015, https://www.fcc.gov/engineering-technology/laboratory-division/general/equipment-authorization (accessed 21 October 2016).


pages: 309 words: 54,839

Attack of the 50 Foot Blockchain: Bitcoin, Blockchain, Ethereum & Smart Contracts by David Gerard

altcoin, Amazon Web Services, augmented reality, Bernie Madoff, bitcoin, Bitcoin Ponzi scheme, blockchain, Blythe Masters, Bretton Woods, Californian Ideology, clean water, cloud computing, collateralized debt obligation, credit crunch, Credit Default Swap, credit default swaps / collateralized debt obligations, cryptocurrency, distributed ledger, Dogecoin, Dr. Strangelove, drug harm reduction, Dunning–Kruger effect, Ethereum, ethereum blockchain, Extropian, fiat currency, financial innovation, Firefox, Flash crash, Fractional reserve banking, functional programming, index fund, information security, initial coin offering, Internet Archive, Internet of things, Kickstarter, litecoin, M-Pesa, margin call, Neal Stephenson, Network effects, operational security, peer-to-peer, Peter Thiel, pets.com, Ponzi scheme, Potemkin village, prediction markets, quantitative easing, RAND corporation, ransomware, Ray Kurzweil, Ross Ulbricht, Ruby on Rails, Satoshi Nakamoto, short selling, Silicon Valley, Silicon Valley ideology, Singularitarianism, slashdot, smart contracts, South Sea Bubble, tulip mania, Turing complete, Turing machine, Vitalik Buterin, WikiLeaks

[374] “From shore to plate: Tracking tuna on the blockchain”. Provenance, 15 July 2016. [375] Matt Levine. “Executive Pay and Blood Trouble”. Bloomberg View, 11 July 2016. [376] The only useful past work on this I’ve found: “Distributed Ledger Technology & Cybersecurity: Improving information security in the financial sector”. European Union Agency for Network and Information Security, 18 January 2017. My only qualms are that it uses as references Zero Hedge and Breitbart News. [377] Vitalik Buterin. “On Public and Private Blockchains”. Ethereum Blog, 7 August 2015. [378] Izabella Kaminska. “Exposing the ‘If we call it a blockchain, perhaps it won’t be deemed a cartel?’

(archive) [152] “Craig Steven Wright”. LinkedIn. Archive as of 9 December 2015. [153] “Craig Steven Wright claims to be Satoshi Nakamoto. Is he?” The Economist, 2 May 2016. [154] Craig S. Wright. “The quantification of information systems risk: A look at quantitative responses to information security issues” (doctoral thesis). Charles Sturt University, February 2017. [155] “craig-wright-cpunks-1996.txt”. Cryptome. [156] Craig Wright. “Looking for people interested in starting a new revolution in payments”. Cracked, inSecure and Generally Broken (blog), 4 February 2011. (archive) [157] Craig S.


pages: 598 words: 134,339

Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World by Bruce Schneier

23andMe, Airbnb, airport security, AltaVista, Anne Wojcicki, AOL-Time Warner, augmented reality, behavioural economics, Benjamin Mako Hill, Black Swan, Boris Johnson, Brewster Kahle, Brian Krebs, call centre, Cass Sunstein, Chelsea Manning, citizen journalism, Citizen Lab, cloud computing, congestion charging, data science, digital rights, disintermediation, drone strike, Eben Moglen, Edward Snowden, end-to-end encryption, Evgeny Morozov, experimental subject, failed state, fault tolerance, Ferguson, Missouri, Filter Bubble, Firefox, friendly fire, Google Chrome, Google Glasses, heat death of the universe, hindsight bias, informal economy, information security, Internet Archive, Internet of things, Jacob Appelbaum, James Bridle, Jaron Lanier, John Gilmore, John Markoff, Julian Assange, Kevin Kelly, Laura Poitras, license plate recognition, lifelogging, linked data, Lyft, Mark Zuckerberg, moral panic, Nash equilibrium, Nate Silver, national security letter, Network effects, Occupy movement, operational security, Panopticon Jeremy Bentham, payday loans, pre–internet, price discrimination, profit motive, race to the bottom, RAND corporation, real-name policy, recommendation engine, RFID, Ross Ulbricht, satellite internet, self-driving car, Shoshana Zuboff, Silicon Valley, Skype, smart cities, smart grid, Snapchat, social graph, software as a service, South China Sea, sparse data, stealth mode startup, Steven Levy, Stuxnet, TaskRabbit, technological determinism, telemarketer, Tim Cook: Apple, transaction costs, Uber and Lyft, uber lyft, undersea cable, unit 8200, urban planning, Wayback Machine, WikiLeaks, workplace surveillance , Yochai Benkler, yottabyte, zero day

It’s easier to break things: Ross Anderson (2 Oct 2001), “Why information security is hard: An economic perspective,” University of Cambridge Computer Laboratory, http://www.acsac.org/2001/papers/110.pdf. Matthew Miller, Jon Brickey, and Gregory Conti (29 Nov 2012), “Why your intuition about cyber warfare is probably wrong,” Small Wars Journal, http://smallwarsjournal.com/jrnl/art/why-your-intuition-about-cyber-warfare-is-probably-wrong. Complexity is the worst enemy: Bruce Schneier (19 Nov 1999), “A plea for simplicity: You can’t secure what you don’t understand,” Information Security, https://www.schneier.com/essay-018.html.

Reveron (Summer 2008), “Counterterrorism and intelligence cooperation,” Journal of Global Change and Governance 1, http://www.globalaffairsjournal.com/archive/Summer08/REVERON.pdf. It makes the best sense to join: Ross Anderson (23–24 Jun 2014), “Privacy versus government surveillance: Where network effects meet public choice,” 13th Annual Workshop on the Economics of Information Security, Pennsylvania State University, http://weis2014.econinfosec.org/papers/Anderson-WEIS2014.pdf. the Five Eyes: Nick Perry and Paisley Dodds (16 Jul 2013), “5-nation spy alliance too vital for leaks to harm,” Associated Press, http://bigstory.ap.org/article/experts-say-us-spy-alliance-will-survive-snowden.

Bailey, and Samer Faraj (Mar 2000), “The role of intermediaries in the development of trust on the WWW: The use and prominence of trusted third parties and privacy statements,” Journal of Computer-Mediated Communication 5, http://onlinelibrary.wiley.com/doi/10.1111/j.1083-6101.2000.tb00342.x/full. customers were willing to pay more: Janice Y. Tsai et al. (Jun 2007), “The effect of online privacy information on purchasing behavior: An experimental study,” 6th Workshop on the Economics of Information Security (WEIS), Pittsburgh, Pennsylvania, http://weis2007.econinfosec.org/papers/57.pdf. there are exceptions: Cadie Thompson (7 Mar 2014), “Want privacy online? Start-ups bet users are ready to pay,” NBC News, http://www.nbcnews.com/tech/security/want-privacy-online-start-ups-bet-users-are-ready-pay-n47186.


pages: 282 words: 92,998

Cyber War: The Next Threat to National Security and What to Do About It by Richard A. Clarke, Robert Knake

air gap, barriers to entry, complexity theory, data acquisition, Dr. Strangelove, escalation ladder, Golden arches theory, Herman Kahn, information security, Just-in-time delivery, launch on warning, military-industrial complex, MITM: man-in-the-middle, nuclear winter, off-the-grid, packet switching, RAND corporation, Robert Hanssen: Double agent, Ronald Reagan, Seymour Hersh, Silicon Valley, smart grid, South China Sea, Steve Jobs, systems thinking, Timothy McVeigh, trade route, undersea cable, Y2K, zero day

The crowd are hackers, and in 2009 over four thousand of them showed up for the Black Hat conference, enough information technology skill in one place to wage cyber war on a massive scale. Despite the name, Black Hat is actually now a gathering of “white hat,” or “ethical,” hackers, people who are or work for chief information officers (CIOs) or chief information security officers (CISOs) at banks, pharmaceutical firms, universities, government agencies, almost every imaginable kind of large (and many medium-sized) company. The name Black Hat derives from the fact that the highlights of the show every year are announcements by hackers that they’ve figured out new ways to make popular software applications do things they were not designed to do.

Resilience is the concept that accepts that a disruptive or even destructive attack will occur and advocates planning in advance for how to recover from such devastation. The fourth consensus observation was that there really should be no connectivity between utility networks and the Internet. The idea of separating “critical infrastructure” from the open-to-anyone Internet seemed pretty obvious to the seasoned group of information security specialists. In a ballroom down the hall, however, the Obama Administration’s ideas about a Smart Electric Grid were being flayed by several hundred other security specialists, precisely because the plans would make the electric power grid, that sine qua non for all the other infrastructure, even more vulnerable to unauthorized penetration and disruption from the anonymous creatures who prowl the Internet.

Government officials will tell you that the private sector wants it that way, wants to keep the government out of their systems. After all, they are right that no one in government would know how to run a big bank’s networks, or a railroad’s, or a power grid’s. When you talk to CEOs and the other C-level types in big companies (chief operating officers, chief security officers, chief information officers, chief information security officers), they all say pretty much the same things: we will spend enough on computer security to protect against the day-to-day threat of cyber crime. We cannot, they say, be expected to know how to, or spend the money to, defend against a nation-state attack in a cyber war. Then they usually add words to the effect of, “Defending against other nations’ militaries is the government’s job, it’s what we pay taxes for.”


pages: 346 words: 102,666

Infomocracy: A Novel by Malka Older

corporate governance, game design, high-speed rail, information security, land tenure, military-industrial complex, young professional

“They weren’t orders, just suggestions,” Mishima says, but she knows it sounds argumentative, and she manages to keep her mouth shut while the high muckamuck gives her a brief review of chain of command and then unceremoniously dismisses her. At least she knows she’s still too valuable to fire. CHAPTER 16 By the time Suzuki gets back to him, Ken’s already in Chennai. “No, no, I’m fine,” he says, brushing off Ken’s concern. “Really, Information security did a great job. So, down to business! I’ve been meaning to tell you what excellent work that was in Lima.” Ken refrains from mentioning that Lima was a continent and a half ago. “It was so clear,” Ken agrees. “What more could we want?” “Our person in Okinawa got some damning recordings of Liberty too; at this point, we have everything we need on them.

She shuffles into the room in a toe-to-heel formal stance, then hears the whoosh and hiss of a flamethrower and speeds up. She finds herself in a large space, with a couple of desks facing each other in the middle and a row of doors along the back wall. Her attention is immediately grabbed by the combat. The Information security team wears dark blue body armor with complicated iridescent armbands that are near impossible to forge, so the strategic situation is obvious at a glance: four baddies against a pair of InfoSec, now joined by Mazen. Three of the bad guys brandish katanas against an Information fighter who has gotten his own flamethrower out and is waving it between them, holding them off as he backs toward the door.

Once we free the prisoners, they can tell us more.” “Prisoners?” Mishima looks up, and it clicks: the doors along the back wall lead to holding cells. She had known, somewhere in the back of her mind, that the Tokyo hub had detention facilities, but they are so rarely used that she had forgotten until now. Two of the Information security officers are fiddling with the locks. She turns her focus back to stabilizing the man she maimed. They want all the intel they can get out of these guys. CHAPTER 23 The main Information hub for New York City is in the heart of the Bronx, which seemed inconvenient for many years until seawater started to eat away at the edges of Manhattan, and then seemed prescient.


pages: 565 words: 151,129

The Zero Marginal Cost Society: The Internet of Things, the Collaborative Commons, and the Eclipse of Capitalism by Jeremy Rifkin

3D printing, active measures, additive manufacturing, Airbnb, autonomous vehicles, back-to-the-land, benefit corporation, big-box store, bike sharing, bioinformatics, bitcoin, business logic, business process, Chris Urmson, circular economy, clean tech, clean water, cloud computing, collaborative consumption, collaborative economy, commons-based peer production, Community Supported Agriculture, Computer Numeric Control, computer vision, crowdsourcing, demographic transition, distributed generation, DIY culture, driverless car, Eben Moglen, electricity market, en.wikipedia.org, Frederick Winslow Taylor, Free Software Foundation, Garrett Hardin, general purpose technology, global supply chain, global village, Hacker Conference 1984, Hacker Ethic, industrial robot, informal economy, information security, Intergovernmental Panel on Climate Change (IPCC), intermodal, Internet of things, invisible hand, Isaac Newton, James Watt: steam engine, job automation, John Elkington, John Markoff, John Maynard Keynes: Economic Possibilities for our Grandchildren, John Maynard Keynes: technological unemployment, Julian Assange, Kickstarter, knowledge worker, longitudinal study, low interest rates, machine translation, Mahatma Gandhi, manufacturing employment, Mark Zuckerberg, market design, mass immigration, means of production, meta-analysis, Michael Milken, mirror neurons, natural language processing, new economy, New Urbanism, nuclear winter, Occupy movement, off grid, off-the-grid, oil shale / tar sands, pattern recognition, peer-to-peer, peer-to-peer lending, personalized medicine, phenotype, planetary scale, price discrimination, profit motive, QR code, RAND corporation, randomized controlled trial, Ray Kurzweil, rewilding, RFID, Richard Stallman, risk/return, Robert Solow, Rochdale Principles, Ronald Coase, scientific management, search inside the book, self-driving car, shareholder value, sharing economy, Silicon Valley, Skype, smart cities, smart grid, smart meter, social web, software as a service, spectrum auction, Steve Jobs, Stewart Brand, the built environment, the Cathedral and the Bazaar, the long tail, The Nature of the Firm, The Structural Transformation of the Public Sphere, The Wealth of Nations by Adam Smith, The Wisdom of Crowds, Thomas Kuhn: the structure of scientific revolutions, Thomas L Friedman, too big to fail, Tragedy of the Commons, transaction costs, urban planning, vertical integration, warehouse automation, Watson beat the top human players on Jeopardy!, web application, Whole Earth Catalog, Whole Earth Review, WikiLeaks, working poor, Yochai Benkler, zero-sum game, Zipcar

In 2012, the Commission held an intensive three month consultation, bringing together more than 600 leaders from business associations, civil society organizations, and academia, in search of a policy approach that will “foster a dynamic development of the Internet of Things in the digital single market while ensuring appropriate protection and trust of EU citizens.”21 The Commission established a broad principle to guide all future developments of the Internet of Things: In general, we consider that privacy & data protection and information security are complimentary requirements for IoT services. In particular, information security is regarded as preserving the confidentiality, integrity and availability (CIA) of information. We also consider that information security is perceived as a basic requirement in the provision of IoT services for the industry, both with a view to ensure information security for the organization itself, but also for the benefit of citizens.22 To advance these protections and safeguards, the Commission proposed that mechanisms be put in place to ensure that no unwanted processing of personal data takes place and that individuals are informed of the processing, its purposes, the identity of the processor and how to exercise their rights.

“Conclusions of the Internet of Things Public Consultation,” Digital Agenda for Europe, A Europe 2020 Initiative, February 28, 2013, http://ec.europa.eu/digital-agenda/en/news/conclu sions-internet-things-public-consultation (accessed March 21, 2013). 22. “Internet of Things Factsheet Privacy and Security: IoT Privacy, Data Protection, Information Security,” Digital Agenda for Europe, A Europe 2020 Initiative (February 28, 2013): 1, http://ec.europa.eu/digital-agenda/en/news/conclusions-internet-things-public-consultation (accessed March 21. 2013). 23. Ibid., 5. 24. Ibid., 7. 25. “The Internet of Things Business Index,” 11. 26.


pages: 394 words: 117,982

The Perfect Weapon: War, Sabotage, and Fear in the Cyber Age by David E. Sanger

active measures, air gap, autonomous vehicles, Bernie Sanders, Big Tech, bitcoin, Black Lives Matter, Bletchley Park, British Empire, call centre, Cambridge Analytica, Cass Sunstein, Chelsea Manning, computer age, cryptocurrency, cuban missile crisis, disinformation, Donald Trump, drone strike, Edward Snowden, fake news, Google Chrome, Google Earth, information security, Jacob Appelbaum, John Markoff, Kevin Roose, Laura Poitras, Mark Zuckerberg, MITM: man-in-the-middle, mutually assured destruction, off-the-grid, RAND corporation, ransomware, Sand Hill Road, Sheryl Sandberg, Silicon Valley, Silicon Valley ideology, Skype, South China Sea, Steve Bannon, Steve Jobs, Steven Levy, Stuxnet, Tim Cook: Apple, too big to fail, Twitter Arab Spring, undersea cable, unit 8200, uranium enrichment, Valery Gerasimov, WikiLeaks, zero day

documented in a series of reports: US House of Representatives, “The OPM Data Breach: How the Government Jeopardized Our National Security for More than a Generation,” Committee on Oversight and Government Reform, September 7, 2016, oversight.house.gov/wp-content/uploads/2016/09/The-OPM-Data-Breach-How-the-Government-Jeopardized-Our-National-Security-for-More-than-a-Generation.pdf. problems were so acute: U.S. Office of Personnel Management Office of the Inspector General Office of Audits, “Federal Information Security Management Act Audit FY 2014,” November 12, 2014, www.opm.gov/our-inspector-general/reports/2014/federal-information-security-management-act-audit-fy-2014-4a-ci-00-14-016.pdf. shutting down the system was not an option: “Statement of the Honorable Katherine Archuleta,” Hearing before the Senate Committee on Homeland Security and Governmental Affairs, June 25, 2015.

With just a bit of exploration, the Chinese hacking team discovered that the data were being kept at the Department of the Interior—completely unencrypted—because it had spare digital storage space. That meant the records were stored in the same systems used by the national parks for tracking buffalo migration, or managing fishing stocks on federal lands. This was the least of the problems with OPM’s information-security infrastructure. The agency’s IT security environment was appallingly inadequate, as the OPM’s inspector general—the department’s independent watchdog—had documented in a series of reports dating back to 2005. The system itself was outdated, but management made it even worse—they failed to follow nationwide government policy on security protocols, neglected to maintain their systems properly, and ignored advice on best practices.

It was good timing; the Russians were coming. * * * — “Why don’t you come up and we’ll do a little health check?” That was the seemingly benign invitation that Shawn Henry—a former FBI cyber expert whom CrowdStrike had recruited to serve as their chief security officer and president of their information security team—received from Michael Susman that April. Susman had prosecuted cybercrimes for the Justice Department, then moved to Perkins Coie, a law firm that counted both the Hillary Clinton campaign and the DNC among its clients. CrowdStrike was accustomed to such calls, and soon their forensic engineers were tapped into the computers at the DNC, scanning them for signatures of known bad actors in cyberspace.


The Future of Technology by Tom Standage

air freight, Alan Greenspan, barriers to entry, business process, business process outsourcing, call centre, Clayton Christensen, computer vision, connected car, corporate governance, creative destruction, disintermediation, disruptive innovation, distributed generation, double helix, experimental economics, financial engineering, Ford Model T, full employment, hydrogen economy, hype cycle, industrial robot, informal economy, information asymmetry, information security, interchangeable parts, job satisfaction, labour market flexibility, Larry Ellison, Marc Andreessen, Marc Benioff, market design, Menlo Park, millennium bug, moral hazard, natural language processing, Network effects, new economy, Nicholas Carr, optical character recognition, PalmPilot, railway mania, rent-seeking, RFID, Salesforce, seminal paper, Silicon Valley, Silicon Valley ideology, Silicon Valley startup, six sigma, Skype, smart grid, software as a service, spectrum auction, speech recognition, stem cell, Steve Ballmer, Steve Jurvetson, technological determinism, technology bubble, telemarketer, transcontinental railway, vertical integration, Y2K

The dismal science of security But there are other, more subtle ways in which management and security interact. “More than anything else, information security is about work flow,” says Ross Anderson of Cambridge University’s Computer Laboratory. The way to improve security, he says, is to think about people and processes rather than to buy a shiny new box. Mr Anderson is one of a growing number of computer scientists who are applying ideas from economic theory to information security. Insecurity, he says, “is often due to perverse incentives, rather than to the lack of suitable technical protection mechanisms.”

By contrast, in high-security environments such as military facilities or intelligence organisations, where a security breach would have serious consequences, the use of expensive security technology may be justified. In some situations, however, the right response may be to do nothing at all. Standards stuff That different organisations have different security needs is explicitly recognised in the iso 17799, an international standard for “best practices in information security” that was introduced by the International Organisation for Standardisation in 2000. Risk analysis is a basic 71 THE FUTURE OF TECHNOLOGY requirement of the standard, as is the establishment of a security policy. But, says Geoff Davies of i-Sec, a British security consultancy, “an industrial firm and a bank with iso 17799 certification will have totally different systems.”

It would be better to step up intelligence gathering by humans. The second area where security technology could do more harm than good is in the world of business. Technology introduced to improve security often seems to have the side-effect of reinforcing the market dominance of the firm pushing it. “Information-security technologies are more and more used in struggles between one company and another,” says Mr Anderson. “Vendors will build in things that they claim are security mechanisms but are actually there for anti-competitive reasons.” One highly controversial example is Palladium, Microsoft’s proposed technology for fencing off secure areas inside a computer.


The Code Book: The Science of Secrecy From Ancient Egypt to Quantum Cryptography by Simon Singh

Bletchley Park, Charles Babbage, Donald Davies, friendly fire, information security, Leo Hollis, Mikhail Gorbachev, old-boy network, operational security, quantum cryptography, Ronald Reagan, Schrödinger's Cat, Simon Singh, Turing machine, unbiased observer, undersea cable, Zimmermann PGP

I would like to thank Whitfield Diffie and Martin Hellman, who took the time to describe their work to me while I was in sunny California. Similarly, Clifford Cocks, Malcolm Williamson and Richard Walton were enormously helpful during my visit to cloudy Cheltenham. In particular, I am grateful to the Information Security Group at Royal Holloway College, London, who allowed me to attend the M.Sc. course on information security. Professor Fred Piper, Simon Blackburn, Jonathan Tuliani, and Fauzan Mirza all taught me valuable lessons about codes and ciphers. While I was in Virginia, I was fortunate to be given a guided tour of the Beale treasure trail by Peter Viemeister, an expert on the mystery.

Despite the failure of clipper and capstone, many governments remain convinced that key escrow can be made to work, as long as the keys are sufficiently well protected from criminals and as long as there are safeguards to reassure the public that the system is not open to government abuse. Louis J. Freeh, Director of the FBI, said in 1996: “The law enforcement community fully supports a balanced encryption policy … Key escrow is not just the only solution; it is, in fact, a very good solution because it effectively balances fundamental societal concerns involving privacy, information security, electronic commerce, public safety, and national security.” Although the U.S. Government has backtracked on its escrow proposals, many suspect that it will attempt to reintroduce an alternative form of key escrow at some time in the future. Having witnessed the failure of optional escrow, governments might even consider compulsory escrow.

The latter has only one setting, but has a second window that shows the scramblers moving and the subsequent effect on the electrical path. Phil Zimmermann and PGP http://www.nai.com/products/security/phil/phil.asp Electronic Frontier Foundation http://www.eff.org/ An organization devoted to protecting rights and promoting freedom on the Internet. Centre for Quantum Computation http://www.qubit.org/ Information Security Group, Royal Holloway College http://isg.rhbnc.ac.uk/ National Cryptologic Museum http://www.nsa.gov:8080/museum/ American Cryptogram Association (ACA) http://www.und.nodak.edu/org/crypto/crypto/ An association which specializes in setting and solving cipher puzzles. Cryptologia http://www.dean.usma.edu/math/ resource/pubs/cryptolo/index.htm A quarterly journal devoted to all aspects of cryptology.


pages: 338 words: 92,465

Reskilling America: Learning to Labor in the Twenty-First Century by Katherine S. Newman, Hella Winston

active measures, blue-collar work, business cycle, collective bargaining, Computer Numeric Control, deindustrialization, desegregation, factory automation, high-speed rail, information security, intentional community, interchangeable parts, invisible hand, job-hopping, knowledge economy, longitudinal study, low skilled workers, performance metric, proprietary trading, reshoring, Ronald Reagan, Silicon Valley, social intelligence, two tier labour market, union organizing, upwardly mobile, W. E. B. Du Bois, War on Poverty, Wolfgang Streeck, working poor

Notably, the demand for IT jobs is high in the finance and insurance sectors, at two times greater than national demand. In ten middle-skill technology occupations, which include those for information security analysts and help desk or entry-level computer support, median hourly salaries range from $26 to $56. These jobs are in high demand in New York City, ranging from twenty-five hundred postings for information security analysts to more than fifty-one hundred postings for computer user support specialists. Entry-level IT support roles, such as help desk or entry-level computer support, account for over half (57 percent) of middle-skill IT jobs in New York.

Workers without a college degree represent 80 percent of total employment in travel.13 In 2012, in New York City alone, there were 363,050 hospitality and leisure jobs, a 27.4 percent increase since 2006.14 The leisure and hospitality sector is expected to produce 3.3 million jobs between 2010 and 2023.15 Information Technology While IT has a much larger share of workers with advanced degrees (66 percent) than workers with an associate’s degrees or some college/training (28 percent),16 there are a number of IT occupations—including for network and computer system administrators and information security analysts—for which less than four years of postsecondary education is acceptable. “Available tech jobs aren’t just for people with bachelor’s degrees,” said Hagos Mehreteab, head of talent acquisition of AppNexus. “New York City’s technology sector also desperately needs people that have specialized skills training and the motivation and passion for learning new things.”17 New York City’s technology sector comprises nearly sixty-six thousand jobs and is expected to grow by 15 percent over the next five years.


pages: 317 words: 98,745

Black Code: Inside the Battle for Cyberspace by Ronald J. Deibert

4chan, air gap, Any sufficiently advanced technology is indistinguishable from magic, Brian Krebs, call centre, citizen journalism, Citizen Lab, cloud computing, connected car, corporate social responsibility, crowdsourcing, cuban missile crisis, data acquisition, digital divide, disinformation, end-to-end encryption, escalation ladder, Evgeny Morozov, failed state, Firefox, Gabriella Coleman, global supply chain, global village, Google Hangouts, Hacker Ethic, Herman Kahn, informal economy, information security, invention of writing, Iridium satellite, jimmy wales, John Gilmore, John Markoff, Kibera, Kickstarter, knowledge economy, Lewis Mumford, low earth orbit, Marshall McLuhan, military-industrial complex, MITM: man-in-the-middle, mobile money, mutually assured destruction, Naomi Klein, new economy, Occupy movement, off-the-grid, Panopticon Jeremy Bentham, planetary scale, rent-seeking, Ronald Reagan, Ronald Reagan: Tear down this wall, Silicon Valley, Silicon Valley startup, Skype, smart grid, South China Sea, Steven Levy, Streisand effect, Stuxnet, Ted Kaczynski, the medium is the message, Turing test, Twitter Arab Spring, undersea cable, unit 8200, We are Anonymous. We are Legion, WikiLeaks, Yochai Benkler, zero day

According to a 2010 White Paper published by the Chinese government: No organization or individual may produce, duplicate, announce or disseminate information having the following contents: being against the cardinal principles set forth in the Constitution; endangering state security, divulging state secrets, subverting state power and jeopardizing national unification; damaging state honor and interests; instigating ethnic hatred or discrimination and jeopardizing ethnic unity; jeopardizing state religious policy, propagating heretical or superstitious ideas; spreading rumors, disrupting social order and stability; disseminating obscenity, pornography, gambling, violence, brutality and terror or abetting crime; humiliating or slandering others, trespassing on the lawful rights and interests of others; and other contents forbidden by laws and administrative regulations. These regulations are the legal basis for the protection of Internet information security within the territory of the People’s Republic of China. All Chinese citizens, foreign citizens, legal persons and other organizations within the territory of China must obey these provisions. (If the Puritans suffered from a profound fear that someone, somewhere was having a good time, given these “provisions” what can we say about the Chinese government?)

A week before Facebook released the identities of the Koobface perpetrators, Dancho Danchev independently released the identity of the leader of Koobface, Anton Nikolaevich Korotchenko of St. Petersburg, in “Who’s Behind the Koobface Botnet? – An OSINT Analysis,” Dancho Danchev’s Blog – Mind Streams of Information Security Knowledge, January 9, 2012, http​://d​danche​v.bl​ogspo​t.ca​/2​012​/0​1/​who​s-beh​ind-koo​bfac​e-bot​net-os​int.ht​ml. The public exposure and the release of the Sophos report led to immediate action by Koobface: its command-and-control servers stopped responding, and the gang started removing traces of themselves off the Net.

See Eric Chien and Gavin O’Gorman, “The Nitro Attacks: Stealing Secrets from the Chemical Industry,” Symantec Security Response, http:/​/www.sym​antec.com​/conte​nt/en/u​s/enter​prise/​media​/securit​y_resp​onse/w​hitepap​ers/t​he_nit​ro_at​tacks​.pdf; and “Nitro Attackers Have Some Gall,” Symantec, December 12, 2011, http​://​www.sy​mante​c.com​/​conn​ect​/​blo​gs​/​nit​ro-at​tack​ers-ha​ve-s​ome-g​all. 9 in 2009, Koobface left a Christmas greeting for security researchers: The greeting can be found at Dancho Danchev, “The Koobface Gang Wishes the Industry ’Happy Holidays,” Dancho Danchev’s Blog – Mind Streams of Information Security Knowledge, December 26, 2009, http​://​ddanc​hev.​blog​spot​.ca​/​20​09​/​12​/​koob​face​-ga​ng-​wish​es-​indu​str​y​-ha​pp​y.html. 9: DIGITALLY ARMED AND DANGEROUS 1 the SEA boasted about it on their Arabic Facebook page: The Syrian Electronic Army (SEA) is an open and organized pro-government computer attack group that is actively targeting political opposition and Western websites.


Alpha Girls: The Women Upstarts Who Took on Silicon Valley's Male Culture and Made the Deals of a Lifetime by Julian Guthrie

"Susan Fowler" uber, "World Economic Forum" Davos, Airbnb, Alan Greenspan, Andy Rubin, Apollo 11, Apple II, barriers to entry, Bear Stearns, Benchmark Capital, blockchain, Bob Noyce, call centre, cloud computing, credit crunch, deal flow, disruptive innovation, Elon Musk, equal pay for equal work, Fairchild Semiconductor, fear of failure, game design, Gary Kildall, glass ceiling, hiring and firing, information security, Jeff Bezos, Larry Ellison, Louis Pasteur, Lyft, Marc Benioff, Mark Zuckerberg, Menlo Park, Mitch Kapor, new economy, PageRank, peer-to-peer, pets.com, phenotype, place-making, private spaceflight, retail therapy, ROLM, Ronald Reagan, Rosa Parks, Salesforce, Sand Hill Road, Sheryl Sandberg, Silicon Valley, Silicon Valley startup, Skype, Snapchat, software as a service, South of Market, San Francisco, stealth mode startup, Steve Jobs, Steve Jurvetson, Steve Wozniak, Susan Wojcicki, TaskRabbit, Teledyne, Tim Cook: Apple, Timothy McVeigh, Travis Kalanick, uber lyft, unpaid internship, upwardly mobile, urban decay, UUNET, web application, William Shockley: the traitorous eight, women in the workforce

He’d kicked around several concepts for a new approach to online security and had landed on an idea that felt big enough and important enough to pursue. The name for his new company was WebCohort. Theresia had arranged to take Shlomo around to a handful of Wall Street banks while she was in New York, to meet with chief information security officers to gauge their interest and solicit feedback on his idea. The bank security officers were happy to meet with Shlomo, given that he had already built Check Point into a multibillion-dollar public company. After the board meeting, Theresia and Shlomo headed to their first stop, Goldman Sachs.

Shlomo had landed on the idea after reading a report on the growth of Web application servers, which host a combination of files and programs to implement applications accessed remotely. Shlomo realized that security would be needed to protect the server and keep the Web applications secure. Theresia told the information security officers, “Your crown jewels—your database—are only one, two clicks away from hackers.” Hackers could easily create fake log-in credentials, she said, that would take them straight to the bank’s Web server and data server and into customer accounts and records. Shlomo added, “That’s where everything personal is, including all your credit card info.

The hackers who penetrate applications are interested in the data and the database, and they get in using sequel queries,” or sequel injection attacks. “The Web applications are the front door to this data.” After Goldman Sachs, Theresia and Shlomo went to see executives at several other banks, including J.P. Morgan and Citibank. As they asked the information security chiefs about their systems and needs, their interest in what Shlomo was proposing ranged from enthusiastic to tepid. But most of the responses were favorable, no mean feat given the tough economic times, when budgets were tight. “We had enough good hits that I feel encouraged,” Shlomo said after the meetings.


pages: 651 words: 186,130

This Is How They Tell Me the World Ends: The Cyberweapons Arms Race by Nicole Perlroth

4chan, active measures, activist lawyer, air gap, Airbnb, Albert Einstein, Apollo 11, barriers to entry, Benchmark Capital, Bernie Sanders, Big Tech, bitcoin, Black Lives Matter, blood diamond, Boeing 737 MAX, Brexit referendum, Brian Krebs, Citizen Lab, cloud computing, commoditize, company town, coronavirus, COVID-19, crony capitalism, crowdsourcing, cryptocurrency, dark matter, David Vincenzetti, defense in depth, digital rights, disinformation, don't be evil, Donald Trump, driverless car, drone strike, dual-use technology, Edward Snowden, end-to-end encryption, failed state, fake news, false flag, Ferguson, Missouri, Firefox, gender pay gap, George Floyd, global pandemic, global supply chain, Hacker News, index card, information security, Internet of things, invisible hand, Jacob Appelbaum, Jeff Bezos, John Markoff, Ken Thompson, Kevin Roose, Laura Poitras, lockdown, Marc Andreessen, Mark Zuckerberg, mass immigration, Menlo Park, MITM: man-in-the-middle, moral hazard, Morris worm, move fast and break things, mutually assured destruction, natural language processing, NSO Group, off-the-grid, offshore financial centre, open borders, operational security, Parler "social media", pirate software, purchasing power parity, race to the bottom, RAND corporation, ransomware, Reflections on Trusting Trust, rolodex, Rubik’s Cube, Russian election interference, Sand Hill Road, Seymour Hersh, Sheryl Sandberg, side project, Silicon Valley, Skype, smart cities, smart grid, South China Sea, Steve Ballmer, Steve Bannon, Steve Jobs, Steven Levy, Stuxnet, supply-chain attack, TED Talk, the long tail, the scientific method, TikTok, Tim Cook: Apple, undersea cable, unit 8200, uranium enrichment, web application, WikiLeaks, zero day, Zimmermann PGP

I memorized bylines and imagined Times reporters being greeted like emissaries from the Lord himself. Not so in cybersecurity. Most people treated me like a child—the less I knew, they told me, the better. Also, as many, many men on Twitter regularly point out to me, nobody in cybersecurity actually uses “cyber” anymore. It’s “information security,” or preferably “infosec.” More than a few times, after introducing myself as a cybersecurity reporter at a hacking conference, I was told to GTFO. (Dear reader, I leave the deciphering of that code to you.) As it turns out, introducing yourself as “cyber” anything is the quickest way to the door.

He’d neglected to mention that the entrance to the trailer was four feet off the ground. The analysts scavenged the lot for cinder blocks and empty wire spools to get themselves up and in. Deeley didn’t bother with niceties. “We’re meeting here in this fucking shithole because I don’t want any rubberneckers in OPS3 [the main information security building] getting curious. You’ve all been told this project is VRK [very restricted knowledge], right?” The analysts nodded and murmured “yes” in agreement. Their supervisors had instructed them to mention their task to no one, not their colleagues, not their spouses, not even their dogs.

With so many new blips popping up on Google’s screens that December, it was simply human nature to prefer the simple, benevolent explanation—a disoriented intern—to the reality, an imminent nation-state attack. “We weren’t trained to think about spies,” Heather Adkins, the freckled, thirtysomething director of Google’s information security team, would later recall. That Monday afternoon, Adkins was just wrapping up another Google meeting about China. The company had tiptoed into the Chinese market three years earlier and was still struggling to navigate Beijing’s draconian censorship rules. Adkins was something of an anomaly among the mostly male, testosterone-fueled coders she managed.


pages: 224 words: 45,431

Python Web Penetration Testing Cookbook by Cameron Buchanan, Terry Ip, Andrew Mabbitt, Benjamin May, Dave Mound

en.wikipedia.org, information security, Kickstarter, Minecraft, MITM: man-in-the-middle, SQL injection, web application

He has a broad interest in security across all aspects of the technology field, from reverse engineering embedded devices to hacking with Python and participating in CTFs. He is a husband and a father. Dave Mound is a security consultant. He is a Microsoft Certified Application Developer but spends more time developing Python programs these days. He has been studying information security since 1994 and holds the following qualifications: C|EH, SSCP, and MCAD. He recently studied for OSCP certification but is still to appear for the exam. He enjoys talking and presenting and is keen to pass on his skills to other members of the cyber security community. When not attached to a keyboard, he can be found tinkering with his 1978 Chevrolet Camaro.

He's been programming since he was 9 and has built a wide variety of software, from those meant to run on a calculator to those intended for deployment in multiple data centers around the world. Trained as a Microsoft Certified System Engineer and certified by Linux Professional Institute, he has also dabbled in reverse engineering, information security, hardware programming, and web development. His current interests lie in developing cryptographic peer-to-peer trustless systems, polishing his penetration testing skills, learning new languages (both human and computer), and playing table tennis. Matt Watkins is a final year computer networks and cyber security student.


pages: 372 words: 100,947

An Ugly Truth: Inside Facebook's Battle for Domination by Sheera Frenkel, Cecilia Kang

"World Economic Forum" Davos, 2021 United States Capitol attack, affirmative action, augmented reality, autonomous vehicles, Ben Horowitz, Bernie Sanders, Big Tech, Black Lives Matter, blockchain, Cambridge Analytica, clean water, coronavirus, COVID-19, data science, disinformation, don't be evil, Donald Trump, Edward Snowden, end-to-end encryption, fake news, George Floyd, global pandemic, green new deal, hockey-stick growth, Ian Bogost, illegal immigration, immigration reform, independent contractor, information security, Jeff Bezos, Kevin Roose, Marc Andreessen, Marc Benioff, Mark Zuckerberg, Menlo Park, natural language processing, offshore financial centre, Parler "social media", Peter Thiel, QAnon, RAND corporation, ride hailing / ride sharing, Robert Mercer, Russian election interference, Salesforce, Sam Altman, Saturday Night Live, Sheryl Sandberg, Shoshana Zuboff, Silicon Valley, Snapchat, social web, Steve Bannon, Steve Jobs, Steven Levy, subscription business, surveillance capitalism, TechCrunch disrupt, TikTok, Travis Kalanick, WikiLeaks

Wasserman Schultz was forced to resign: Jonathan Martin and Alan Rappeport, “Debbie Wasserman Schultz to Resign D.N.C. Post,” New York Times, July 24, 2016. 5. The Podesta emails, which highlighted mudslinging: Scott Detrow, “What’s in the Latest WikiLeaks Dump of Clinton Campaign Emails,” NPR, October 12, 2016. 6. Stamos was Yahoo’s information security officer: Arik Hesseldahl, “Yahoo to Name TrustyCon Founder Alex Stamos as Next Chief Information Security Officer,” Vox, February 28, 2014. 7. he discovered that the vulnerability: Joseph Menn, “Yahoo Scanned Customer Emails for U.S. Intelligence,” Reuters, October 4, 2016. 8. “Russia, if you’re listening”: Michael S. Schmidt, “Trump Invited the Russians to Hack Clinton.

In April 2015, he threw open the doors of the company’s offices in downtown San Francisco and invited several hundred journalists, cybersecurity experts, and academics to a conference he had named an “un-conference.” The gathering was intended to point out failures to protect internet users, rather than to celebrate the newest technology often promoted at cybersecurity conferences. At the time, Stamos was Yahoo’s information security officer and one of the youngest and most high-profile cybersecurity experts in Silicon Valley.6 He had grown up in California’s hacker community, a precocious coder with a degree in electrical engineering and computer science from the University of California, Berkeley. By age thirty-five, he had started and sold a successful cybersecurity company, iSEC Partners.


pages: 502 words: 107,657

Predictive Analytics: The Power to Predict Who Will Click, Buy, Lie, or Die by Eric Siegel

Alan Greenspan, Albert Einstein, algorithmic trading, Amazon Mechanical Turk, Apollo 11, Apple's 1984 Super Bowl advert, backtesting, Black Swan, book scanning, bounce rate, business intelligence, business process, butter production in bangladesh, call centre, Charles Lindbergh, commoditize, computer age, conceptual framework, correlation does not imply causation, crowdsourcing, dark matter, data is the new oil, data science, driverless car, en.wikipedia.org, Erik Brynjolfsson, Everything should be made as simple as possible, experimental subject, Google Glasses, happiness index / gross national happiness, information security, job satisfaction, Johann Wolfgang von Goethe, lifelogging, machine readable, Machine translation of "The spirit is willing, but the flesh is weak." to Russian and back, mass immigration, Moneyball by Michael Lewis explains big data, Nate Silver, natural language processing, Netflix Prize, Network effects, Norbert Wiener, personalized medicine, placebo effect, prediction markets, Ray Kurzweil, recommendation engine, risk-adjusted returns, Ronald Coase, Search for Extraterrestrial Intelligence, self-driving car, sentiment analysis, Shai Danziger, software as a service, SpaceShipOne, speech recognition, statistical model, Steven Levy, supply chain finance, text mining, the scientific method, The Signal and the Noise by Nate Silver, The Wisdom of Crowds, Thomas Bayes, Thomas Davenport, Turing test, Watson beat the top human players on Jeopardy!, X Prize, Yogi Berra, zero-sum game

And so, beyond storing and indexing a table of “signatures” that betray the perpetration of known fraud schemes, the modeling process generates detection schemes that cast a wider net. It predicts forthcoming forms of fraud by generalizing from previously observed examples. This is the defining characteristic of a learning system. This Means War It’s a war like any other. In fact, cyber warfare itself follows the same rules. PA bolsters information security by detecting hackers and viruses that exploit online weaknesses, such as system bugs or other vulnerabilities. After all, the Internet’s underlying networking technology, TCP/IP, is a platform originally designed only for interactions between mutually entrusted parties. As the broad, commercial system it evolved to be, the Internet is, underneath the hood, something of a slapped-together hack with regard to security.

KDnuggets. www.kdnuggets.com/2012/01/wcai-research-opportunity-siriusxm-predicting-customer-acquisition-retention.html. EMVIC 2012: “The First Eye Movement Identification and Verification Competition.” www.emvic.org/. Aspiring Minds Machine Learning Competition. www.aspiringminds.in/mlCompetition/. Information Security Amazon Data Security Competition. https://sites.google.com/site/amazonaccessdatacompetition/. Approaches to the Netflix Prize: Clive Thompson, “If You Liked This, You’re Sure to Love That,” New York Times, November 21, 2008. www.nytimes.com/2008/11/23/magazine/23Netflix-t.html. Regarding collaboration rather than competition on the Netflix Prize: Jordan Ellenberg, “This Psychologist Might Outsmart the Math Brains Competing for the Netflix Prize,” Wired, February 25, 2008. www.wired.com/techbiz/media/magazine/16-03/mf_netflix.

Chicago Police Department: Megan A. Alderden and Timothy A. Lavery, “Predicting Homicide Clearances in Chicago: Investigating Disparities in Predictors across Different Types of Homicide,” Sage Journals Homicide Studies, May 5, 2007. http://hsx.sagepub.com/content/11/2/115.abstract. Amazon.com: Amazon Information Security Data Science Competition. http://sites.google.com/site/amazonaccessdatacompetition. Researchers (hacker and virus detection): Chih-Fong Tsai, Yu-Feng Hsu, Chia-Ying Lin, and Wei-Yang Lin, “Intrusion Detection by Machine Learning: A Review.” ScienceDirect Online, May 29, 2009. www.sciencedirect.com/science/article/pii/S0957417409004801.


pages: 412 words: 104,864

Silence on the Wire: A Field Guide to Passive Reconnaissance and Indirect Attacks by Michal Zalewski

active measures, Alan Turing: On Computable Numbers, with an Application to the Entscheidungsproblem, AltaVista, Charles Babbage, complexity theory, dark matter, data acquisition, Donald Knuth, fault tolerance, information security, MITM: man-in-the-middle, NP-complete, OSI model, Silicon Valley, speech recognition, Turing complete, Turing machine, Vannevar Bush

In SotW, Michal has provocatively chosen to leave out all the well known yet highly dangerous and widespread vulnerabilities and attacks being discussed and worked on today by most in the information security community. He will teach you about subtle keystroke timing attacks, but you will not be reminded that “trojan horse” software with key logging capabilities is currently both more common and easier to use than any of such attacks could ever be. Why mention keystroke timings while leaving the trojans out? Because timing attacks are largely underappreciated and misunderstood even by information security professionals, whereas trojans are a widely known and obvious threat. Vulnerability to timing attacks is a property of the design of many components involved, whereas to implant a trojan requires either a software bug or an end-user error.

It uses a traditional “one can talk, others listen” media access control scheme, the only difference being that instead of a pair of wires, the carrier of the signal is now just a designated radio frequency. Which brings us to 802.11’s first problem. In May 2004, the Queensland University of Technology’s Information Security Research Centre (ISRC) announced its findings that any 802.11 network in any enterprise could be brought to a grinding halt in a matter of seconds simply by transmitting a signal that inhibits other parties from trying to talk. Naturally, the same is true for Ethernet, except that you must be able to connect to a network plug first, which of course makes the attacker much easier to track and the problem easier to solve.


Smart Grid Standards by Takuro Sato

business cycle, business process, carbon footprint, clean water, cloud computing, data acquisition, decarbonisation, demand response, distributed generation, electricity market, energy security, exponential backoff, factory automation, Ford Model T, green new deal, green transition, information retrieval, information security, Intergovernmental Panel on Climate Change (IPCC), Internet of things, Iridium satellite, iterative process, knowledge economy, life extension, linear programming, low earth orbit, machine readable, market design, MITM: man-in-the-middle, off grid, oil shale / tar sands, OSI model, packet switching, performance metric, RFC: Request For Comment, RFID, smart cities, smart grid, smart meter, smart transportation, Thomas Davenport

He is the leader of several projects of the National Natural Science Foundation of China (NSFC) in the field of Smart Grid, and the Vice Leader of a Foundation Project of National 863 Plan of China. He is the Vice Dean of Standardization Research Institute for Campus Card of Education Management Information Center, Ministry of Education, China. His research interests include information security, Smart Grid, and software engineering. He has published two books, obtained five patents, and published numerous papers in top Chinese journals and related SCI/EI international journals as well as conferences. He is a senior member of the Chinese Electrotechnical Society. He is also a member of IEEE.

Supports Open and Interoperable Standards The standards should be developed and maintained through a collaborative process that is open to participation by all relevant groups and not dominated by or under the control of a single organization. Two or more HANs are able to directly exchange information securely and seamlessly. 5.4.3.2 Architecture In HAN SRS, no specific requirement is given regarding the HAN architecture. The HAN architecture allows for more than one ESI in consumer premises, which provides a particular logical function in the HAN. Utility ESI is important because it provides the real-time energy-usage information from the AMI meter to HAN devices and is protected with cryptographic methods.

It enables two devices from different vendors to work together. In fact, interoperability does not have one formally established definition. The most concrete definition of interoperability is mentioned in [1] as “the capability of two or more networks, systems, devices, applications, or components to exchange and readily use information securely, effectively, and with little or no inconvenience to the user.” There are many elements in interoperable equipment that coordinate and work together technically to perform useful work. This explanation provides a solid starting point for the consideration of interoperability in the Smart Grid’s standards development process.


Digital Accounting: The Effects of the Internet and Erp on Accounting by Ashutosh Deshmukh

accounting loophole / creative accounting, AltaVista, book value, business continuity plan, business intelligence, business logic, business process, call centre, computer age, conceptual framework, corporate governance, currency risk, data acquisition, disinformation, dumpster diving, fixed income, hypertext link, information security, interest rate swap, inventory management, iterative process, late fees, machine readable, money market fund, new economy, New Journalism, optical character recognition, packet switching, performance metric, profit maximization, semantic web, shareholder value, six sigma, statistical model, supply chain finance, supply-chain management, supply-chain management software, telemarketer, transaction costs, value at risk, vertical integration, warehouse automation, web application, Y2K

If the same username and password is used at every site, that can become a security risk. These Web sites also have different forms to fill in and different information is asked for. A few online merchants have simplified the process; for example, Amazon.com’s single-click system. Electronic wallets simplify the online shopping process by storing necessary information securely and making it accessible. There are two types of electronic wallets — client side and server side. Client-side electronic wallets need to be downloaded and installed on the consumer’s machine. Such installation ensures security of the information, since the information is stored on the individual machine.

Appropriate physical security for computing facilities also prevents social engineering attempts. Standard security precautions are simple, though are frequently ignored in favor of expediency. Standard security techniques against social engineering are examined in a later section. A global information security survey carried out by InformationWeek in 2002 found the following reasons for network break-ins. The reasons are arranged in descending order of importance. The listing of reasons highlights the role of human error in network breakins. • Known operating system vulnerability • Known application vulnerability • Use of valid user account • Unintended misconfiguration or human error • Poor access control • External denial of service attack • Exploited unknown vulnerability • Guessed passwords The validity of transactions over the Internet is a legal issue.

Certification BNS – Brainbench Network Security Certification CCISM – Certified Counterespionage and Security Manager CIA – Certified Internal Auditor CCSA – Certification in Control Self-Assessment CFE – Certified Fraud Examiner CISA – Certified Information Systems Auditor CISSP –Certified Information Systems Security Professional SSCP – System Security Certified Practitioner CPP – Certified Protection Professional CWP – Certified Web Professional GIAC – Global Information Assurance Certification SCNA – Security Certified Network Architect SCNP – Security Certified Network Professional Organization Area Brainbench Network security Espionage Research Institute Counterespionage and information security Institute of Internal Auditors Association of Certified Fraud Examiners Information Systems Audit and Control Association (ISC)2 – International Information Systems Security Certification Consortium, Inc. American Society for Industrial Security International Webmasters Association SANS Institute Security Certified Program Security Certified Program Internal auditing Control self-assessment White collar crime IS audit, control, and security Network and system security Technical and procedural security topics and technologies Web security Technical knowledge of information systems and networks Network security Network security logic.


The Fugitive Game: Online With Kevin Mitnick by Jonathan Littman

Apple's 1984 Super Bowl advert, centre right, computer age, disinformation, game design, Hacker Ethic, Howard Rheingold, information security, John Markoff, John Perry Barlow, Kevin Kelly, Menlo Park, Michael Milken, Mitch Kapor, power law, profit motive, Silicon Valley, Steven Levy, telemarketer

I ask, referring to the bank executive. "Sandy. One of the past presidents of information security, Security Pacific." Now I can hear Mitnick tapping away on his keyboard. "You're logging in while we're speaking. You're multiprocessing?" "I'm reading your e-mail," Mitnick teases. "It's probably pretty boring today. So what were you going to do at the bank?" "I was going to be writing policies, I was learning about banking security systems." "So you would eventually have been doing security?" "They were hiring me into the information security department as a security analyst. I told Lenny [an old accomplice] if I get the job I'm not going to hack anymore.

I told Lenny [an old accomplice] if I get the job I'm not going to hack anymore. I met the president, Ed, the president of the area," Mitnick recalls nostalgically. "Three interviews. Then, she [Sandy, the president of information security] called me." Mitnick, half laughing, mimicks how the bank vice president asked him if he had ever "dug in anyone's garbage cans." Mitnick says he joked that was only when he was "looking for food." An hour later personnel called and told him his references didn't check out. The incident happened years ago, but Mitnick's bitterness makes it sound like yesterday. "Lewis was one of the references, but they were all legit.


pages: 240 words: 65,363

Think Like a Freak by Steven D. Levitt, Stephen J. Dubner

Albert Einstein, Anton Chekhov, autonomous vehicles, Barry Marshall: ulcers, behavioural economics, call centre, carbon credits, Cass Sunstein, colonial rule, Donald Shoup, driverless car, Edward Glaeser, Everything should be made as simple as possible, fail fast, food miles, gamification, Gary Taubes, Helicobacter pylori, income inequality, information security, Internet Archive, Isaac Newton, medical residency, Metcalfe’s law, microbiome, prediction markets, randomized controlled trial, Richard Thaler, Scramble for Africa, self-driving car, Silicon Valley, sunk-cost fallacy, Tony Hsieh, transatlantic slave trade, Wayback Machine, éminence grise

See also: Eli Sa’adi, The Ayalon Institute: Kibbutzim Hill—Rehovot (pamphlet, available on-site). 154 WHY DO NIGERIAN SCAMMERS SAY THEY ARE FROM NIGERIA? This section was drawn from author interviews with Cormac Herley and from Herley’s fascinating paper “Why Do Nigerian Scammers Say They Are from Nigeria?,” Workshop on Economics of Information Security, Berlin, June 2012. Thanks to Nathan Myhrvold for bringing Herley’s paper to our attention. / 154 Dear Sir/Madam, TOP SECRET: This letter is a mashup of various scam e-mails, a catalog of which can be found at 419eater.com, a community of scam baiters. Our letter draws heavily on one letter in a 419eater.com thread entitled “A Convent Schoolgirl Goes Missing in Africa.” / 157 Firm numbers are hard to come by: For overall fraud amount, see Ross Anderson, et al., “Measuring the Cost of Cybercrime,” paper presented at the Workshop on the Economics of Information Security, Berlin, Germany, June 26, 2012; and Internet Crime Complaint Center, “2012 Internet Crime Report,” 2013. / 157 One California victim lost $5 million: See Onell R.

Our letter draws heavily on one letter in a 419eater.com thread entitled “A Convent Schoolgirl Goes Missing in Africa.” / 157 Firm numbers are hard to come by: For overall fraud amount, see Ross Anderson, et al., “Measuring the Cost of Cybercrime,” paper presented at the Workshop on the Economics of Information Security, Berlin, Germany, June 26, 2012; and Internet Crime Complaint Center, “2012 Internet Crime Report,” 2013. / 157 One California victim lost $5 million: See Onell R. Soto, “Fight to Get Money Back a Loss,” San Diego Union-Tribune, August 14, 2004. / 158 Roughly 95 percent of the burglar alarms . . . are false alarms: See Stephen J.


pages: 52 words: 13,257

Bitcoin Internals: A Technical Guide to Bitcoin by Chris Clark

bitcoin, fiat currency, information security, peer-to-peer, Satoshi Nakamoto, transaction costs, Turing complete

[8] Satoshi Nakamoto, e-mail to cryptography@metzdowd.com mailing list, November 14, 2008. http://www.mail-archive.com/cryptography@metzdowd.com/msg10001.html [9] Adrianne Jeffries, "Four years and $100 million later, Bitcoin’s mysterious creator remains anonymous," The Verge, May 6, 2013. http://www.theverge.com/2013/5/6/4295028/report-satoshi-nakamoto [10] Timothy Lee, "An Illustrated History Of Bitcoin Crashes," Forbes, April 11, 2013. http://www.forbes.com/sites/timothylee/2013/04/11/an-illustrated-history-of-bitcoin-crashes/ [11] Laurie Law, Susan Sabett, Jerry Solinas, "How to make a mint: the cryptography of anonymous electronic cash," National Security Agency, Office of Information Security Research and Technology, Cryptology Division, June 18, 1996. http://groups.csail.mit.edu/mac/classes/6.805/articles/money/nsamint/nsamint.htm [12] David Chaum, "Blind signatures for untraceable payments," Advances in Cryptology Proceedings of Crypto 82 (3) (1983): 199-203. [13] David Chaum, Amos Fiat, Moni Naor, "Untraceable Electronic Cash," CRYPTO ’88 Proceedings on Advances in cryptology (1990): 319-327. http://citeseerx.ist.psu.edu/viewdoc/summary?


pages: 254 words: 76,064

Whiplash: How to Survive Our Faster Future by Joi Ito, Jeff Howe

3D printing, air gap, Albert Michelson, AlphaGo, Amazon Web Services, artificial general intelligence, basic income, Bernie Sanders, Big Tech, bitcoin, Black Lives Matter, Black Swan, Bletchley Park, blockchain, Burning Man, business logic, buy low sell high, Claude Shannon: information theory, cloud computing, commons-based peer production, Computer Numeric Control, conceptual framework, CRISPR, crowdsourcing, cryptocurrency, data acquisition, deep learning, DeepMind, Demis Hassabis, digital rights, disruptive innovation, Donald Trump, double helix, Edward Snowden, Elon Musk, Ferguson, Missouri, fiat currency, financial innovation, Flash crash, Ford Model T, frictionless, game design, Gerolamo Cardano, informal economy, information security, interchangeable parts, Internet Archive, Internet of things, Isaac Newton, Jeff Bezos, John Harrison: Longitude, Joi Ito, Khan Academy, Kickstarter, Mark Zuckerberg, microbiome, move 37, Nate Silver, Network effects, neurotypical, Oculus Rift, off-the-grid, One Laptop per Child (OLPC), PalmPilot, pattern recognition, peer-to-peer, pirate software, power law, pre–internet, prisoner's dilemma, Productivity paradox, quantum cryptography, race to the bottom, RAND corporation, random walk, Ray Kurzweil, Ronald Coase, Ross Ulbricht, Satoshi Nakamoto, self-driving car, SETI@home, side project, Silicon Valley, Silicon Valley startup, Simon Singh, Singularitarianism, Skype, slashdot, smart contracts, Steve Ballmer, Steve Jobs, Steven Levy, Stewart Brand, Stuxnet, supply-chain management, synthetic biology, technological singularity, technoutopianism, TED Talk, The Nature of the Firm, the scientific method, The Signal and the Noise by Nate Silver, the strength of weak ties, There's no reason for any individual to have a computer in his home - Ken Olsen, Thomas Kuhn: the structure of scientific revolutions, Two Sigma, universal basic income, unpaid internship, uranium enrichment, urban planning, warehouse automation, warehouse robotics, Wayback Machine, WikiLeaks, Yochai Benkler

The PLCs, programmable logic controllers, that controlled the turbines not only lacked a mechanism to detect malicious code designed to alter the behavior of the motors, but also had no means of detecting attempts to avoid detection by faking the data displayed to the system. Once Stuxnet bypassed the walls used to maintain security at the nuclear facilities, it never encountered another defensive measure. This failure of imagination, this inability to resist the allure of the impervious defense, is hardly limited to Iran or even nuclear plants. The information security field is littered with Maginot Lines, despite their repeated failures to keep the bad guys at bay. Today when we think about cybersecurity we immediately think about computers and their vulnerabilities, but cybersecurity evolved from the basic need of protecting information—a need that dates back to the earliest days of written language.

In the perpetual game of cyber offense vs. cyber defense, offense has been winning, but lately it’s become a rout. Some eight hundred million credit card numbers were stolen in 2013, three times the number taken in 2012.10 This gargantuan figure—representing over 10 percent of the world’s population—still does sparse justice to the breadth and severity of the problem. Try this, from the chief information security officer of a Fortune 500 company: “Our operating assumption is that within ten minutes of booting up a new server it’s been ‘owned,’” industry parlance for successfully infiltrating a device. The unifying theme in the cryptography example, Stuxnet, and the current state of cyber security is not that we are bad at creating strong systems, but rather that we aren’t always quick enough to adopt new defensive strategies as our attackers adapt.


pages: 372 words: 67,140

Jenkins Continuous Integration Cookbook by Alan Berg

anti-pattern, continuous integration, Debian, don't repeat yourself, en.wikipedia.org, Firefox, information security, job automation, One Laptop per Child (OLPC), performance metric, revision control, web application

Add the following details:User Search Base:ou=people,ou=mycompany,dc=nodomain User Search filter:uid={0} Group Search base:ou=groups,ou=mycompany,dc=nodomain How it works... The test LDAP server supports anonymous binding — you can search the server without authenticating. Most LDAP servers allow this approach. However, some servers are configured to enforce specific information security policies. For example, your policy might enforce being able anonymously to verify that a user's record exists, but you may not be able to retrieve specific attributes, such as their e-mail or postal address. Anonymous binding simplifies configuration, otherwise you will need to add account details for a user in LDAP with the rights to perform the searches.

The two main errors consistently made are: Misconfigured DN: A misconfigured DN for either User Search Base or Group Search Base will have the relevant log entry similar to the following:org.acegisecurity.AuthenticationServiceException: LdapCallback;[LDAP: error code 32 - No Such Object]; nested exception is javax.naming.NameNotFoundException: [LDAP: error code 32 - No Such Object]; remaining name 'ou=people,dc=mycompany ,dc=nodomain' Bad Credentials: If the user does not exist in LDAP, you have either typed in the wrong password or you have accidently searched the wrong part of the LDAP tree; the log error will start with the following text:org.acegisecurity.BadCredentialsException: Bad credentials Searching Applications retrieve information from LDAP in a number of ways: Anonymously for generic information. This approach works only for information that is exposed to the world. However, the LDAP server can limit the search queries to specific IP addresses as well. The application will then be dependent on the attributes that your organization is prepared to disclose. If the information security policy changes, the risk is that your application might break accidently. Self-bind: The application binds as a user and then searches with the user's rights. This approach is the cleanest. However, it is not always clear in the logging whether the application is behind these actions. Using an application-specific admin account with many rights: The account gets all the information that your application requires, but if disclosed to the wrong people, can cause significant issues quickly.


pages: 468 words: 137,055

Crypto: How the Code Rebels Beat the Government Saving Privacy in the Digital Age by Steven Levy

Albert Einstein, Bletchley Park, Claude Shannon: information theory, cognitive dissonance, Compatible Time-Sharing System, computer age, disinformation, Donald Knuth, Eratosthenes, Extropian, Fairchild Semiconductor, information security, invention of the telegraph, Jim Simons, John Gilmore, John Markoff, John Perry Barlow, Kevin Kelly, knapsack problem, Marc Andreessen, Mitch Kapor, MITM: man-in-the-middle, Mondo 2000, Network effects, new economy, NP-complete, quantum cryptography, Ronald Reagan, Saturday Night Live, Silicon Valley, Simon Singh, Stephen Hawking, Steven Levy, Watson beat the top human players on Jeopardy!, web of trust, Whole Earth Catalog, zero-sum game, Zimmermann PGP, éminence grise

He went to another friend, Lew Morris, who was an early participant in Sun Microsystems, and they began to explore the idea of making a business out of it. They wrote a business plan, and started making the rounds of venture capitalists. This was in 1984, about the same time that RSA was going through its roughest period. Omura and Morris didn’t find the going any easier. “The venture community then couldn’t have cared less about information security,” says Omura. It was only through a private referral that the business plan fell into the hands of Jim Simons, who was not only a mathematician and cryptographer (he’d been one of the early reviewers of Lucifer) but dabbled in venture capital as well. He agreed to help put the newly dubbed Cylink company on its feet.

That organization, the research arm of Congress, undertook a comprehensive examination of the national crypto policy, and recruited a panel of experts from all sides of the issue, including former cabinet members, officials from the NSA, and critics from business and academia like Ray Ozzie and Marty Hellman. Their report, “Cryptography’s Role in Securing the Information Society,” was a surprisingly strong criticism of government policy, and recommended continued freedom for domestic encryption, relaxed export controls, and, above all, “a mechanism to promote information security in the private sector.” In other words, more crypto. Perhaps the most interesting observation of the study came as a result of the classified briefings its members had received. (Three of the sixteen members declined clearances and did not attend.) Though they could not of course reveal what they had heard in the briefings, they could—and did—evaluate the importance of that secret knowledge in determining national policy.

Page 128 Diffie later recounted Diffie, “The First Ten Years of Public Key Cryptography,” op. cit. 129 seen this territory Diffie, Privacy on the Line, p. 283. Patents and Keys Page 157 Project Overtake Bob Davis, “A Supersecret Agency Finds Selling Secrecy to Others Isn’t Easy,” Wall Street Journal, March 28, 1988. 158 public interview The official was David McMais, chief of staff for information security. 165 “mental poker” A. Shamir, R. A. Rivest, and L. Adleman, “Mental Poker,” MIT/LCS Technical Memo 125, February 1979. 165 “secret sharing” A. Shamir, “How to Share a Secret,” Communications of the ACM, Vol. 24, No. 11, November 1979, pp. 612–13. Shamir and G. R. Blakley are generally granted shared credit for the innovation. 166 Mafia-owned store A.


pages: 689 words: 134,457

When McKinsey Comes to Town: The Hidden Influence of the World's Most Powerful Consulting Firm by Walt Bogdanich, Michael Forsythe

"RICO laws" OR "Racketeer Influenced and Corrupt Organizations", "World Economic Forum" Davos, activist fund / activist shareholder / activist investor, Affordable Care Act / Obamacare, Alistair Cooke, Amazon Web Services, An Inconvenient Truth, asset light, asset-backed security, Atul Gawande, Bear Stearns, Boris Johnson, British Empire, call centre, Cambridge Analytica, carbon footprint, Citizen Lab, cognitive dissonance, collective bargaining, compensation consultant, coronavirus, corporate governance, corporate social responsibility, Corrections Corporation of America, COVID-19, creative destruction, Credit Default Swap, crony capitalism, data science, David Attenborough, decarbonisation, deindustrialization, disinformation, disruptive innovation, do well by doing good, don't be evil, Donald Trump, double entry bookkeeping, facts on the ground, failed state, financial engineering, full employment, future of work, George Floyd, Gini coefficient, Glass-Steagall Act, global pandemic, illegal immigration, income inequality, information security, interchangeable parts, Intergovernmental Panel on Climate Change (IPCC), invisible hand, job satisfaction, job-hopping, junk bonds, Kenneth Arrow, Kickstarter, load shedding, Mark Zuckerberg, megaproject, Moneyball by Michael Lewis explains big data, mortgage debt, Multics, Nelson Mandela, obamacare, offshore financial centre, old-boy network, opioid epidemic / opioid crisis, profit maximization, public intellectual, RAND corporation, Rutger Bregman, scientific management, sentiment analysis, shareholder value, Sheryl Sandberg, Silicon Valley, smart cities, smart meter, South China Sea, sovereign wealth fund, tech worker, The future is already here, The Nature of the Firm, too big to fail, urban planning, WikiLeaks, working poor, Yogi Berra, zero-sum game

But according to one former McKinsey employee familiar with the firm’s work in Saudi Arabia, it wasn’t for lack of trying. McKinsey had pitched for such work but lost out. “It went to BCG,” the person said. In 2019 internal records show that McKinsey took on work for a government-owned company, the Al-Elm Information Security Company, which contracts with the Interior and Justice Ministries. McKinsey said it doesn’t do work for these ministries and doesn’t advise private companies “as to how to engage with these ministries.” “I feel so naive now looking back,” a former McKinsey consultant involved in the Saudi work on sentiment analysis said via a secure messaging system.

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A AAA insurance, 197 ABC TV, 68, 111 Abdulaziz, Omar, 252–56 Abdullah, King of Saudi Arabia, 246 Accelerating Claims Excellence, 197 addiction, 110–12, 114, 125, 127, 131–44, 278 aducanumab (Aduhelm), 67–69 aerospace industry, 102 Aetna, 53 Affordable Care Act (ACA, 2010), 62–63, 65, 273 Afghanistan War, 155–56 Africa, 101 African National Congress (ANC), 224–25 Afrika Korps, 258 Agarwal, Vishal, 166–67 AIG, 172, 188, 190 Aitken, Christopher, 12, 15 Alattas, Ahmad, 252 Albemarle, 158 Alberta, 164 Alcoa, 4 Aldridge, Jason, 191–92, 194, 203 Al-Elm Information Security Company, 256 Alexander, Caleb, 145 Al-Jubeir, Adel, 248 Al-Jubeir, Mazen, 248 Alkhedheiri, Sarah, 248 Allison, Andy, 61 Allstate, 191–95, 197–203, 212 Altria (formerly Philip Morris), 119–20, 125–27, 129 Altuve, José, 220 Alzheimer’s, 67–68 amaBhungane, 237, 279 American Academy of Pediatrics, 124, 129 American Express, 18, 40 American Journal of Public Health, 119, 132 American League, 216–20 Ameriquest, 187 Anderson, Roger, 175 Antarctica, 152 Anthem, 56 apartheid, 224 Apgar, Sandy, 243 Apple, 98, 100 Arab oil embargo (1973), 243 Arab Spring (2011–12), 245, 251 Aramco, 156, 163, 243–44, 247–48 Aris, Stephen, 261 Arkansas Medicaid program, 18, 57, 60–62 Arlington National Cemetery, 155 Arrizola, Jonathan, 6 Arrizola, Whitney, 6 Arrow, Kenneth, 264 Arthur Andersen, 205 Asia, 101, 164–65, 168–69, 185 Aspen Consensus, 154–55 Aspen Ideas Festival, 149–51, 153–55, 160, 166 Assan, Jeff, 220 “asset light” approach, 207 Associated Press, 105 AT&T, 47–48 Athletic, The, 211, 218–19 Atlantic, The, 38 Atlas Shrugged (Rand), 9 AT Medics, 274 Attenborough, David, 150 austerity, 266, 271 “Austerity Measures in Saudi Arabia” report, 252–55 Australia, 23, 151, 156–62, 166, 168 authoritarian governments, 25, 74, 108, 257, 279.

., 3–4, 19, 34, 174 McKinsey & Company Abdulaziz suit vs., 255–56 ACA and, 62–65 accountability and, 16, 25, 28, 236–41, 277 addictive products and, 129, 278 Al-Elm Information Security and, 256–57 Allstate and, 192–203, 212 alumni network, 17–18, 22, 38, 93, 161, 272 Alzheimer’s drug approval and, 67–68 Aramco and, 243–44, 247–48 Arkansas Medicaid program and, 57, 60–62 Aspen Ideas Festival and, 149–51, 153–55 AT&T and, 48–49 at-risk contracts and, 232–34 Australian Green Team and, 159 autocratic states and, 25–28, 74, 108–9, 279 China, 92–109, 257 Russia, 108, 257 Saudi Arabia, 108, 243–57 Ukraine, 257, 279 auto industry and, 29, 32–33, 37 auto insurance and, 191–94 auto loans and, 172, 182, 182–84 Azar as HHS and, 146–47 banks as clients and, 172–89 matrix management, 175–79 securitization of credit, 182–89 BCG as rival of, 246, 248–49 Belt and Road strategy and, 101–3 Britain and Chairman’s Dinners, 262 “clubbable” consultants, 260–61, 275 Health and Social Care Act, 271–74 manufacturers in, 261–62 NHS cost-cutting, 259, 262, 264–75, 280 rail privatization, 263–65 steel privatization, 261 Budlender report and, 236–38 Buttigieg as consultant for, 26–27, 76 campaign contributions and, 65–66 carbon emissions and messaging by, 150–55, 159, 161–62, 164–70 CBP and, 83, 87 Centene purchase of AT Medics and, 274 Center for Drug Evaluation and Research and, 141–42, 145–46 Center for Societal Benefit Through Healthcare created by, 144 Chase as client of, 177–78, 180 Chevron and, 163 China and, 26, 46, 91–109, 165–66, 257, 279 consultants and, 95–103 financial crisis of 2007–10 and, 189 Muslim Uyghur detentions and, 105–6 SOEs and, 26, 91–93, 96–102, 107–8 Chinese copycat of, 99 client and billing lists and, 55, 107–8, 162–63, 168, 278, 280 client interests and, 18–19, 22, 24–25 clients and regulators both represented by, 22–23 clients competing in same market and, 22–23, 278, 281 client selection democracy index, 108–9 harms and, 25–28, 30–31, 143, 154, 161, 278 new oversight of 2019, 257 public-sector work, 242 values of, 18, 23–31, 108–9, 161–62 climate change and, 150–55, 166–69 CMS contract and, 70 coal-mining clients of, 28, 156–58, 160–69 companies acquired by, 30 compensation system of, 180–81 confidentiality and, 18, 22–23, 25, 28–29, 59, 66–67, 69–70, 83–84, 107–8, 168–69, 239, 278, 281 conflicts of interest and, 22, 35, 55–56, 59, 61–62, 66, 68, 74, 120, 123–29, 145–46, 238, 272, 278, 281 consultants advancement by, 21–22, 28, 38, 160 ability to do good, 20–21, 25 ability to opt out on ethical grounds, 28, 78, 158–60 China-based, 95–98, 103, 108 earnings and investments by, 180 number of, 22, 30–31 “on the beach” status, 22, 158–60 recruitment and training, 17, 19–22, 25, 28–31, 152–53, 161–63, 167, 249 up-or-out policy and, 38, 207 consultants’ dissent and, 24–28, 31, 278 disallowed in Saudi Arabia, 249–50 Edstrom, 160–62, 167 Elfenbein, 83–85, 88–90 ICE revelations and, 76–79, 83–90 Naveed, 169–70 opioid work and, 148 polluting clients and, 155–63, 167–70 Continental Illinois collapse and, 177–80, 186 corporate downsizing and, 33, 36–39 COVID-19 and, 71–73, 274–75 data analytics and, 204–22 athlete injury prediction, 210–12 Houston Astros, 204–6, 212–22 prescriptions, 130–31, 139–40 Davos and, 149–50 Disneyland and, 9–16, 281 Earth Day and, 168 Elixir bought by, 249–50 employee layoffs by clients of, 27–29, 34, 37–41, 44–46, 48–49 Enron and, 25, 42, 173, 187, 190, 204–9 environmentally focused work of, 152, 158–61, 165, 170 Eskom and Trillian and, 231–37, 239–42 executive compensation vs. worker wages and, 32–35, 41–43, 50, 180–81, 194, 198 FARA filings and, 246 FDA as client of, 22, 66–70, 145–46, 281 cigarettes and, 73, 120–22 contracts awarded 2008–2021, 145–46 e-cigarettes and vaping, 122–29 fees, 66, 68, 120, 145–46 no-bid contracts, 69–70 opioids and, 132, 134, 137, 141–42, 144–47, 280 pharmaceutical clients and, 22, 66–69, 141, 145–47, 281 federal contracts COVID-19, 71–73 GSA, 69–70 health-care industry, 65–72 ICE, 74–90 Federal Reserve report on, 186 financial industry and, 171–90 deregulation, 171–74 financial crisis of 2008–10 and, 173–74, 176–77, 188–90, 265 Financial Institutions Group, 180 financialization and, 180, 194, 196–97 foreign governments as clients of, 18 Britain, 258–75 corruption and, 25–28, 279 secrecy and, 239 Saudi Arabia, 108, 243–57, 279–80 South Africa, 223–42 fossil fuel companies and, 26, 156–59, 162–64, 166, 168 founding of, 3–4, 19, 159 Gary, Indiana, and, 1–9 George Floyd protests and, 107 globalization and, 41, 43, 189 Global Energy and Materials team, 166 global reach of, 18, 20, 39, 43, 94, 97, 189–90 GM and, 32–33, 37, 260 gold-mining clients of, 162 greenwashing and, 162, 165, 169 GSA on federal contracts with, 69–71 health-care benefits by clients of, 45–47 health-care industry clients of, 61–66, 148, 280 ACA and, 62–65 Centene, 274 NHS overhaul and, 259, 262, 264–75 state and federal clients and, 51–73, 280 home mortgage lending and, 181–82, 187–89 homeowners’ insurance, 194, 199–200 human rights and, 31, 99–101, 104–7 Chinese Uyghurs, 100, 104–6, 160 Hong Kong protests, 106–7 Moscow protests, 31 ICE and, 26, 74–90, 279 Illinois Medicaid program and, 51–57, 61 inequality and, 27–28, 32–50, 147–48, 278 influence and status of, 17–23, 28, 30, 64, 199, 278 insurance claims payouts and, 180, 191–203 Interior Department contract and, 70 job security and loyalty downplayed by, 37–38, 44–45 Johnson & Johnson as client of, 133–35 Juul as client of, 123–29 Khashoggi murder and, 253–54, 256–57 Made in China 2025 and, 102–3 maintenance cuts advised by, 1–16, 264, 280–81 Malaysia and, 26, 102 management philosophy and, 2–3, 17–18 shift to strategic planning, 36–37 management structure and style of, 26, 121, 278 managing partners Barton, 63, 86, 99, 101–2, 106, 165, 238, 241, 257, 272 Bower, 19, 32–33 Daniel, 98, 181 Davis, 98, 241, 249 Gupta, 39, 206 Sneader, 29–31, 74–75, 86, 90, 106–7, 143, 168, 239, 241, 254, 255, 257 Strenfels, 127–30, 168–70 Marshall Field’s and, 34 Massachusetts future of work study and, 148 matrix management and, 175–79, 260 media exposés of, 23, 25–28, 74–76, 79–85, 107–8, 133, 146, 148, 168–69, 257 Missouri Medicaid program and, 57–61 MLB review by, 221 Monitor as client of, 266–69 multinationals and, 95–96, 98–99 New York City contracts and, 225 New York Knicks and, 211 NOAA contract and, 70 nondisclosure agreements and, 27, 278 oil and gas companies and, 155–58, 162–64, 166 Aramco, 156, 243–44, 248 BP, 164 Chevron, 163–64 China and, 99 Enron and, 206–9 ExxonMobil, 20, 156–57, 163 Gazprom, 163, 257 PDVSA, 156 Pemex, 156 Royal Dutch Shell, 156, 163, 260–61 Texaco, 156–57 outsourcing and offshoring and, 33, 39–46, 49–50 partners compensation of, 18, 135 election of, 22 number of, 30 Peters’s critique of, 27–28, 36–37, 179 pharmaceutical companies and, 20, 22, 73, 281 FDA and, 66–69 opioids and, 26–27, 74, 109, 130–48, 280 opioid settlement and, 143, 148 polluters as clients of, 162, 164–70, 278 profit maximization and, 35–39, 198 public scrutiny of, 25–28, 74, 107, 148, 277–78 public-sector practice begun, 94 Purdue Pharma and, 109, 131–45, 148, 280 QuantumBlack bought by, 210–12 Railtrack maintenance and, 263–64 revenues and profits of, 24, 242, 257 Rice as consultant for, 224 Russia and, 26, 31, 108, 257 Saudi Arabia and, 108, 243–57, 279–80 consultants hired in, 248 ministries as clients of, 243–45, 249–51, 256 NEOM project and, 247, 256 purge of 2017 and, 250 sentiment analysis and, 251–57 “Saudi Arabia Beyond Oil” report and, 247–48 Saudi Center for International Strategic Partnerships and, 247 Seafirst and, 177–78, 180 secrecy and, 18, 25, 27, 54–58, 107, 111–12, 120, 136, 162, 168, 256–57, 277–78 securitization of credit and, 172 Enron and, 187, 207–9 financial crisis and, 188–90 launched by Bryan, 182–87, 189–90 Shanghai urban planning and, 99 shareholder profits and stock prices and, 24, 27–28, 36, 38–39, 42–43, 49–50, 198 shell companies and, 18 smart cities and, 103–4 South Africa and, 26, 30, 74, 223–42, 250, 257, 279–80 state capture investigations and, 236–42 South African Airways and Regiments and, 239–40 sovereign wealth funds and, 18, 165, 257 sports and, 209–22 steel industry and British, 261 coking coal and, 164–66 maintenance and safety in, 1–9, 280–81 U.S. steel, 1–10, 16, 280–81 St.


pages: 677 words: 206,548

Future Crimes: Everything Is Connected, Everyone Is Vulnerable and What We Can Do About It by Marc Goodman

23andMe, 3D printing, active measures, additive manufacturing, Affordable Care Act / Obamacare, Airbnb, airport security, Albert Einstein, algorithmic trading, Alvin Toffler, Apollo 11, Apollo 13, artificial general intelligence, Asilomar, Asilomar Conference on Recombinant DNA, augmented reality, autonomous vehicles, Baxter: Rethink Robotics, Bill Joy: nanobots, bitcoin, Black Swan, blockchain, borderless world, Boston Dynamics, Brian Krebs, business process, butterfly effect, call centre, Charles Lindbergh, Chelsea Manning, Citizen Lab, cloud computing, Cody Wilson, cognitive dissonance, computer vision, connected car, corporate governance, crowdsourcing, cryptocurrency, data acquisition, data is the new oil, data science, Dean Kamen, deep learning, DeepMind, digital rights, disinformation, disintermediation, Dogecoin, don't be evil, double helix, Downton Abbey, driverless car, drone strike, Edward Snowden, Elon Musk, Erik Brynjolfsson, Evgeny Morozov, Filter Bubble, Firefox, Flash crash, Free Software Foundation, future of work, game design, gamification, global pandemic, Google Chrome, Google Earth, Google Glasses, Gordon Gekko, Hacker News, high net worth, High speed trading, hive mind, Howard Rheingold, hypertext link, illegal immigration, impulse control, industrial robot, information security, Intergovernmental Panel on Climate Change (IPCC), Internet of things, Jaron Lanier, Jeff Bezos, job automation, John Harrison: Longitude, John Markoff, Joi Ito, Jony Ive, Julian Assange, Kevin Kelly, Khan Academy, Kickstarter, Kiva Systems, knowledge worker, Kuwabatake Sanjuro: assassination market, Large Hadron Collider, Larry Ellison, Laura Poitras, Law of Accelerating Returns, Lean Startup, license plate recognition, lifelogging, litecoin, low earth orbit, M-Pesa, machine translation, Mark Zuckerberg, Marshall McLuhan, Menlo Park, Metcalfe’s law, MITM: man-in-the-middle, mobile money, more computing power than Apollo, move fast and break things, Nate Silver, national security letter, natural language processing, Nick Bostrom, obamacare, Occupy movement, Oculus Rift, off grid, off-the-grid, offshore financial centre, operational security, optical character recognition, Parag Khanna, pattern recognition, peer-to-peer, personalized medicine, Peter H. Diamandis: Planetary Resources, Peter Thiel, pre–internet, printed gun, RAND corporation, ransomware, Ray Kurzweil, Recombinant DNA, refrigerator car, RFID, ride hailing / ride sharing, Rodney Brooks, Ross Ulbricht, Russell Brand, Salesforce, Satoshi Nakamoto, Second Machine Age, security theater, self-driving car, shareholder value, Sheryl Sandberg, Silicon Valley, Silicon Valley startup, SimCity, Skype, smart cities, smart grid, smart meter, Snapchat, social graph, SoftBank, software as a service, speech recognition, stealth mode startup, Stephen Hawking, Steve Jobs, Steve Wozniak, strong AI, Stuxnet, subscription business, supply-chain management, synthetic biology, tech worker, technological singularity, TED Talk, telepresence, telepresence robot, Tesla Model S, The future is already here, The Future of Employment, the long tail, The Wisdom of Crowds, Tim Cook: Apple, trade route, uranium enrichment, Virgin Galactic, Wall-E, warehouse robotics, Watson beat the top human players on Jeopardy!, Wave and Pay, We are Anonymous. We are Legion, web application, Westphalian system, WikiLeaks, Y Combinator, you are the product, zero day

Though TJX reached a settlement with Visa, MasterCard, and its customers in the amount of $256 million, many analysts believe the true costs could easily have been closer to $1 billion. One of the most authoritative sources for research on the cost of data breaches comes from the Ponemon Institute, which conducts independent research on data protection and information security policy. In calculating cybersecurity breaches, it notes it is important to extend the loss analysis well beyond direct consumer theft amounts. For example, the victim company targeted in the attacks, such as TJX, must spend handsomely on detecting the breach, containing the attackers, investigating the matter, identifying the perpetrators, and repairing and recovering its computer network.

He maintains so-called bulletproof untraceable computer servers and contracts with crooked Internet service provider hosting companies to ensure his crimeware remains beyond the reach of global law enforcement. The CIO helps maintain “customer” databases and botnet armies and is responsible for information security, including the management of “proxy networks” that preserve his employees’ activities and ensure that they cannot be traced. The CIO also handles the encryption of corporate criminal data, ensuring it is unreadable and unusable by either the authorities or competitor criminal hacking organizations.

Needless to say, Crime, Inc. too is eager to learn what your outlets know: you may find that with each new Wi-Fi lightbulb and door lock you buy, you are unwittingly providing hackers all they need to find new ways to haunt your house from afar. Business Attacks and Building Hacks Businesses too are jumping on the IoT bandwagon to further drive cost savings, and though the majority of corporations do have chief information security officers, the technological battleground that is the office is proving extremely difficult to navigate. Unbeknownst to most, since 2002, nearly all photocopiers have come with internal hard drives that store every document copied or scanned. Because many of these devices are leased or eventually sold, the data they contain is wide open for pilfering, as a CBS News investigative report demonstrated.


pages: 80 words: 21,077

Stake Hodler Capitalism: Blockchain and DeFi by Amr Hazem Wahba Metwaly

altcoin, Amazon Web Services, bitcoin, blockchain, business process, congestion charging, COVID-19, crowdsourcing, cryptocurrency, Ethereum, ethereum blockchain, fiat currency, information security, Internet of things, Network effects, non-fungible token, passive income, prediction markets, price stability, Satoshi Nakamoto, seigniorage, Skype, smart contracts, underbanked, Vitalik Buterin

More generally, encryption is creating and analyzing a protocol that prevents third parties or the public from reading or accessing data stored or transferred through a communication medium. The human-readable format for the DeFinition of encryption is a BlackBox that you enter a piece of data to and use a key to encode it, and this process can't be reversed except with a unique key that two or more parties can share. At the heart of modern encryption are various aspects of information security such as data confidentiality, integrity, authenticity, and non-denial. Modern cryptography is at the intersection of mathematics, computer science, electrical engineering, communications, and physics. Cryptographic applications include e-commerce, chip-based debit cards, digital currencies, computer cryptography, and military communications.


pages: 295 words: 84,843

There's a War Going on but No One Can See It by Huib Modderkolk

AltaVista, ASML, Berlin Wall, Big Tech, call centre, COVID-19, disinformation, Donald Trump, drone strike, Edward Snowden, end-to-end encryption, Evgeny Morozov, fake news, Fall of the Berlin Wall, Firefox, Google Chrome, information security, Jacob Appelbaum, John Markoff, Julian Assange, Laura Poitras, machine translation, millennium bug, NSO Group, ransomware, Skype, smart meter, speech recognition, Stuxnet, undersea cable, unit 8200, uranium enrichment, WikiLeaks, zero day

Those were the days of the first Macs and the fall of the Berlin Wall. When he joined the team at GovCERT in 2007, it was a rather stuffy organisation tasked with drafting security recommendations for Dutch government ministries. Aart Jochem was a serious, level-headed professional. Colleagues liked his affability, innovative drive and terrific knowledge of information security. And that he’d held on to the idealism of the eighties and nineties, believing technology exists to give the people more freedom. In the four years, eight months and thirty days Jochem had worked at GovCERT, he never felt things were sliding beyond his control − until the evening of 31 August 2011.

For the CIA it was golden opportunity, because rarely were all these analysts physically present in one place. Some would also be attending the RSA Conference afterwards at the RAI convention centre, just south of the city centre, where in hall G107 – one of the smaller halls – the team’s Romanian leader Costin Raiu would be debating a new and ‘controversial’ issue in information security, known as advanced persistent threats. Were APTs a serious menace? Or a security hype? More important for the CIA was the three-day gathering that twelve people from Kaspersky would be holding on their own. Initially, the AIVD and CIA considered bugging their hotel conference room, but that plan was aborted as being too complicated.


Mastering Blockchain, Second Edition by Imran Bashir

3D printing, altcoin, augmented reality, autonomous vehicles, bitcoin, blockchain, business logic, business process, carbon footprint, centralized clearinghouse, cloud computing, connected car, cryptocurrency, data acquisition, Debian, disintermediation, disruptive innovation, distributed ledger, Dogecoin, domain-specific language, en.wikipedia.org, Ethereum, ethereum blockchain, fault tolerance, fiat currency, Firefox, full stack developer, general-purpose programming language, gravity well, information security, initial coin offering, interest rate swap, Internet of things, litecoin, loose coupling, machine readable, MITM: man-in-the-middle, MVC pattern, Network effects, new economy, node package manager, Oculus Rift, peer-to-peer, platform as a service, prediction markets, QR code, RAND corporation, Real Time Gross Settlement, reversible computing, RFC: Request For Comment, RFID, ride hailing / ride sharing, Satoshi Nakamoto, seminal paper, single page application, smart cities, smart contracts, smart grid, smart meter, supply-chain management, transaction costs, Turing complete, Turing machine, Vitalik Buterin, web application, x509 certificate

Get in touch with us at service@packtpub.com for more details. At www.PacktPub.com, you can also read a collection of free technical articles, sign up for a range of free newsletters, and receive exclusive discounts and offers on Packt books and eBooks. Contributors About the author Imran Bashir has an M.Sc. in Information Security from Royal Holloway, University of London, and has a background in software development, solution architecture, infrastructure management, and IT service management. He is also a member of the Institute of Electrical and Electronics Engineers (IEEE) and the British Computer Society (BCS). Imran has sixteen years' of experience in the public and financial sectors.

If you are running a version other than 1.0.2g, the examples may still work but that is not guaranteed, as older versions lack the features used in the examples and newer versions may not be backward compatible with version 1.0.2g. In the sections that follow, the theoretical foundations of cryptography are first discussed and then a series of relevant practical experiments will be presented. Introduction Cryptography is the science of making information secure in the presence of adversaries. It does so under the assumption that limitless resources are available to adversaries. Ciphers are algorithms used to encrypt or decrypt data, so that if intercepted by an adversary, the data is meaningless to them without decryption, which requires a secret key.

This trend is expected to grow as ample efforts discussed previously in this chapter are being made to improve the technology and address any technical limitations such as scalability and privacy. Security is also another general concern which has been highlighted by many researchers and is especially applicable to the finance and health sectors. A report by the European Union Agency for Network and Information Security (ENISA) has highlighted distributed ledger specific concerns that should be addressed. The report is available at https://www.enisa.europa.eu/news/enisa-news/enisa-report-on-blockchain-technology-and-security. Some concerns highlighted in the report include smart contract management, key management, Anti Money Laundering (AML), and anti-fraud tools.


pages: 260 words: 40,943

Hacking Exposed: Network Security Secrets and Solutions by Stuart McClure, Joel Scambray, George Kurtz

AltaVista, bash_history, Dennis Ritchie, end-to-end encryption, information security, Ken Thompson, Larry Wall, MITM: man-in-the-middle, Morris worm, Multics, peer-to-peer, remote working, systems thinking, web application

Consider using a toll-free number or a number that is not in your organization’s phone exchange. In addition, we have seen several organizations list a fictitious administrative contact, hoping to trip up a would-be social engineer. If any employee receives an email or calls to or from the fictitious contact, it may tip off the information security department that there is a potential problem. Another hazard with domain registration arises from the way that some registrars allow updates. For example, the current Network Solutions implementation allows automated online changes to domain information. Network Solutions authenticates the domain registrant’s identity through three different methods: the FROM field in an email, a password, or via a Pretty Good Privacy (PGP) key.

Webhits lends “hit highlighting” functionality to Index Server, which shows the exact portions of a document that satisfy an Index Server query. Webhits is invoked by requesting .htw files, and several vulnerabilities are associated with Webhits functionality. Each of them was discovered by David Litchfield while working at Cerberus Information Security. ▼ The first .htw attack works by using an existing .htw sample file to view the source of other files, even those outside of Webroot. These samples are optionally installed on IIS 4, not 5. A sample attack might look like this: http://victim.com/iissamples/issamples/oop/qfullhit.htw? CiWebHitsFile=/../..


pages: 342 words: 95,013

The Zenith Angle by Bruce Sterling

airport security, Burning Man, cuban missile crisis, digital map, Dr. Strangelove, glass ceiling, Grace Hopper, half of the world's population has never made a phone call, information security, Iridium satellite, Larry Ellison, market bubble, military-industrial complex, new economy, off-the-grid, packet switching, pirate software, profit motive, RFID, Richard Feynman, Richard Feynman: Challenger O-ring, Ronald Reagan, satellite internet, Silicon Valley, space junk, Steve Jobs, systems thinking, thinkpad, Y2K

Another tough break: there was no wireless signal for his laptop’s Wi-Fi card, either. As Van was accustoming himself to complete defeat, the overhead light poles winked out. How very bright a million stars were in the mountains, suddenly. Van opened his laptop. The federal dot-pdf on his screen was horribly titled “Draft Reporting Instructions for the Government Information Security Reform Act and Updated Guidance on Security Plans of Action and Milestones.” Van did not have to read any more of this awful document, though. Instead, his computer was going to give him enough light and heat to survive the night. Van dug in his pack and wrapped himself in a four-dollar NASA surplus astronaut blanket.

The very kind of thing that Delta Force liked to carry way behind the lines of enemies (and allies). Wi-Fi was just getting started, and when Van thought about it, it filled him with chills. Wi-Fi carried data that was fast, cheap, anonymous, wide-open, wireless, portable, great big bleeding menaces to data protection, to intellectual property, to information security, sold in shrink-wrap packs as if they were bubble gum . . . Wi-Fi was a nightmare. The stuff coming down the pike was worse. It was like it was evolving on purpose to make a secure life impossible. Van shifted Ted from his right hip to his left. Someone tapped Van’s shoulder. It was Tony.


pages: 324 words: 96,491

Messing With the Enemy: Surviving in a Social Media World of Hackers, Terrorists, Russians, and Fake News by Clint Watts

4chan, active measures, Affordable Care Act / Obamacare, barriers to entry, behavioural economics, Bellingcat, Berlin Wall, Bernie Sanders, Black Lives Matter, Cambridge Analytica, Chelsea Manning, Climatic Research Unit, crowdsourcing, Daniel Kahneman / Amos Tversky, disinformation, Donald Trump, drone strike, Edward Snowden, en.wikipedia.org, Erik Brynjolfsson, failed state, fake news, Fall of the Berlin Wall, false flag, Filter Bubble, global pandemic, Google Earth, Hacker News, illegal immigration, information security, Internet of things, Jacob Silverman, Julian Assange, loss aversion, Mark Zuckerberg, Mikhail Gorbachev, mobile money, mutually assured destruction, obamacare, Occupy movement, offshore financial centre, operational security, pre–internet, Russian election interference, Sheryl Sandberg, side project, Silicon Valley, Snapchat, Steve Bannon, the long tail, The Wisdom of Crowds, Turing test, University of East Anglia, Valery Gerasimov, WikiLeaks, Yochai Benkler, zero day

They employed hashtags to signal major releases and even paid spammers to send out tweets on their behalf. They launched campaigns on Twitter in concert with distribution on Facebook and on a host of other social media applications. ISIS also upgraded its social media teams by pairing them with hackers, who formed a kind of technical brigade. The technical brigade worked on hacking and information security for the group. Together, the teams found workarounds to avoid Twitter’s shutdowns and maximized support from its online fan base. Social bots promoting ISIS appeared, and ISIS and its supporters worked continuously to avoid Twitter’s controls and account closures. Twitter’s closures ultimately became an exhausting battle for ISIS, so the group moved its operations to the social media platform Telegram, whose encryption and more closed network blended the terrorist forums of the old internet with new social media applications.

Kristinn Hrafnsson, another WikiLeaks spokesperson, repeated the warning on October 26, 2010: “Russians are going to find out a lot of interesting facts about their country.”6 Audiences and journalists waited in anticipation for the Russia bombshells, but they never came. The following day, October 27, 2010, an unnamed official at the FSB’s Center for Information Security, Russia’s internal intelligence arm, issued a statement: “It’s essential to remember that given the will and the relevant orders, [WikiLeaks] can be made inaccessible forever.”7 The Russian secrets never surfaced at WikiLeaks, and instead Assange’s next posting, on November 28, 2010, showcased U.S.


Data and the City by Rob Kitchin,Tracey P. Lauriault,Gavin McArdle

A Declaration of the Independence of Cyberspace, algorithmic management, bike sharing, bitcoin, blockchain, Bretton Woods, Chelsea Manning, citizen journalism, Claude Shannon: information theory, clean water, cloud computing, complexity theory, conceptual framework, corporate governance, correlation does not imply causation, create, read, update, delete, crowdsourcing, cryptocurrency, data science, dematerialisation, digital divide, digital map, digital rights, distributed ledger, Evgeny Morozov, fault tolerance, fiat currency, Filter Bubble, floating exchange rates, folksonomy, functional programming, global value chain, Google Earth, Hacker News, hive mind, information security, Internet of things, Kickstarter, knowledge economy, Lewis Mumford, lifelogging, linked data, loose coupling, machine readable, new economy, New Urbanism, Nicholas Carr, nowcasting, open economy, openstreetmap, OSI model, packet switching, pattern recognition, performance metric, place-making, power law, quantum entanglement, RAND corporation, RFID, Richard Florida, ride hailing / ride sharing, semantic web, sentiment analysis, sharing economy, Silicon Valley, Skype, smart cities, Smart Cities: Big Data, Civic Hackers, and the Quest for a New Utopia, smart contracts, smart grid, smart meter, social graph, software studies, statistical model, tacit knowledge, TaskRabbit, technological determinism, technological solutionism, text mining, The Chicago School, The Death and Life of Great American Cities, the long tail, the market place, the medium is the message, the scientific method, Toyota Production System, urban planning, urban sprawl, web application

For data, provenance has many related meanings, but broadly refers to ‘information about the origin, context, or history of the data’ (Cheney et al. 2009: 959). The US Department of Homeland Security (2009) has identified data provenance as one of the ‘hardest and most critical challenges that must be addressed’ for information security (INFOSEC Research Council 2005), one whose solution would significantly improve the nation’s national information security infrastructure. This understanding of data provenance conceptualizes it as a technical question about metadata, one that presumes a technical solution is not only possible, but desirable, not only for data practitioners, but as a general good for everyone.


pages: 419 words: 102,488

Chaos Engineering: System Resiliency in Practice by Casey Rosenthal, Nora Jones

Amazon Web Services, Asilomar, autonomous vehicles, barriers to entry, blockchain, business continuity plan, business intelligence, business logic, business process, cloud computing, cognitive load, complexity theory, continuous integration, cyber-physical system, database schema, DevOps, fail fast, fault tolerance, hindsight bias, human-factors engineering, information security, Kanban, Kubernetes, leftpad, linear programming, loose coupling, microservices, MITM: man-in-the-middle, no silver bullet, node package manager, operational security, OSI model, pull request, ransomware, risk tolerance, scientific management, Silicon Valley, six sigma, Skype, software as a service, statistical model, systems thinking, the scientific method, value engineering, WebSocket

Large-scale coordinated events occur throughout the year and teams proactively test their systems and themselves regularly. Some level of participation in DiRT is mandatory from SRE teams and highly encouraged for service owners everywhere in the company. A significant portion of participation comes from more than just software engineering and SRE organizations: physical security, information security, datacenter operations, communications, facilities, IT, human resources, and finance business units have all designed and executed DiRT tests. There has been a focus in recent years on providing a standardized suite of automated tests for network and software systems. Engineers can use pre-constructed automated tests out of the box to verify their system’s behavior given failures in shared infrastructure and storage systems.

Failure to correctly implement basic configurations and appropriate technical controls lead the pack of contributing factors to security incidents.2 Organizations are being asked to do so much with so few resources, just to maintain the security status quo. All the while there is a conflict in the way we approach security engineering and the way systems are being built in tandem. The need to think differently about information security is paramount as the movement toward complex, distributed systems threatens the ability of security to keep pace. Engineering practices have reached a state where the systems we are designing are impossible for the human mind to mentally model. Our systems are now vastly distributed and operationally ephemeral.


pages: 178 words: 33,275

Ansible Playbook Essentials by Gourav Shah

Amazon Web Services, cloud computing, Debian, DevOps, fault tolerance, information security, web application

Ansible-playbooks, being a source code, are most commonly stored in version control repositories such as a git, which makes it even more difficult to protect this sensitive information in a collaborative environment. Starting with version 1.5, Ansible provides a solution called vault to store and retrieve such sensitive information securely, using proven encryption technologies. The objective of using vault is to encrypt data that can then be stored and shared freely with a version control system, such as git, without the values being compromised. In this chapter, we will learn about the following topics: Understanding the Ansible-vault Securing data using the Ansible-vault Encryption, decryption, and rekeying operations Ansible-vault Ansible provides a utility named Ansible-vault, which as the name suggests, lets you manage data securely.


pages: 416 words: 106,582

This Will Make You Smarter: 150 New Scientific Concepts to Improve Your Thinking by John Brockman

23andMe, adjacent possible, Albert Einstein, Alfred Russel Wallace, Anthropocene, banking crisis, Barry Marshall: ulcers, behavioural economics, Benoit Mandelbrot, Berlin Wall, biofilm, Black Swan, Bletchley Park, butterfly effect, Cass Sunstein, cloud computing, cognitive load, congestion charging, correlation does not imply causation, Daniel Kahneman / Amos Tversky, dark matter, data acquisition, David Brooks, delayed gratification, Emanuel Derman, epigenetics, Evgeny Morozov, Exxon Valdez, Flash crash, Flynn Effect, Garrett Hardin, Higgs boson, hive mind, impulse control, information retrieval, information security, Intergovernmental Panel on Climate Change (IPCC), Isaac Newton, Jaron Lanier, Johannes Kepler, John von Neumann, Kevin Kelly, Large Hadron Collider, lifelogging, machine translation, mandelbrot fractal, market design, Mars Rover, Marshall McLuhan, microbiome, Murray Gell-Mann, Nicholas Carr, Nick Bostrom, ocean acidification, open economy, Pierre-Simon Laplace, place-making, placebo effect, power law, pre–internet, QWERTY keyboard, random walk, randomized controlled trial, rent control, Richard Feynman, Richard Feynman: Challenger O-ring, Richard Thaler, Satyajit Das, Schrödinger's Cat, scientific management, security theater, selection bias, Silicon Valley, Stanford marshmallow experiment, stem cell, Steve Jobs, Steven Pinker, Stewart Brand, Stuart Kauffman, sugar pill, synthetic biology, the scientific method, Thorstein Veblen, Turing complete, Turing machine, twin studies, Vilfredo Pareto, Walter Mischel, Whole Earth Catalog, WikiLeaks, zero-sum game

To get a more concrete sense of some of the underlying design issues, it helps to walk through an example in a little detail—a basic kind of situation, in which we try to achieve a desired outcome with information and actions that are divided among multiple participants. The example is the problem of sharing information securely: Imagine trying to back up a sensitive database on multiple computers while protecting the data so that it can be reconstructed only if a majority of the backup computers cooperate. But since the question of secure information-sharing ultimately has nothing specifically to do with computers or the Internet, let’s formulate it instead using a story about a band of pirates and a buried treasure.

Risk literacy should be taught beginning in elementary school. Let’s dare to know—risks and responsibilities are chances to be taken, not avoided. Science Versus Theater Ross Anderson Professor of security engineering, University of Cambridge Computer Laboratory; researcher in the economics and psychology of information security Modern societies waste billions on protective measures whose real aim is to reassure rather than to reduce risk. Those of us who work in security engineering refer to this as “security theater,” and there are examples all around us. We’re searched going into buildings that no terrorist would attack.


pages: 409 words: 105,551

Team of Teams: New Rules of Engagement for a Complex World by General Stanley McChrystal, Tantum Collins, David Silverman, Chris Fussell

Airbus A320, Albert Einstein, Apollo 11, Atul Gawande, autonomous vehicles, bank run, barriers to entry, Black Swan, Boeing 747, butterfly effect, call centre, Captain Sullenberger Hudson, Chelsea Manning, clockwork universe, crew resource management, crowdsourcing, driverless car, Edward Snowden, Flash crash, Frederick Winslow Taylor, global supply chain, Henri Poincaré, high batting average, Ida Tarbell, information security, interchangeable parts, invisible hand, Isaac Newton, Jane Jacobs, job automation, job satisfaction, John Nash: game theory, knowledge economy, Mark Zuckerberg, Mohammed Bouazizi, Nate Silver, Neil Armstrong, Pierre-Simon Laplace, pneumatic tube, radical decentralization, RAND corporation, scientific management, self-driving car, Silicon Valley, Silicon Valley startup, Skype, Steve Jobs, supply-chain management, systems thinking, The Wealth of Nations by Adam Smith, urban sprawl, US Airways Flight 1549, vertical integration, WikiLeaks, zero-sum game

An investigation identified the soldier, who by then had been demoted to private first class, as Bradley Manning.* A Fox News op-ed asked with outrage how “all this leaked information was the work of a single 22-year-old enlisted man in the Army.” The author was incredulous: “How could one individual gain such access to all that classified material? Clearly we have grossly under-prioritized information security.” Since The 9/11 Commission Report famously concluded that the U.S. intelligence community had all the pieces of the puzzle but had failed to put them together and protect the country, the national security community has seen a gradual but undeniable paradigm shift toward greater information sharing.

Since The 9/11 Commission Report famously concluded that the U.S. intelligence community had all the pieces of the puzzle but had failed to put them together and protect the country, the national security community has seen a gradual but undeniable paradigm shift toward greater information sharing. Ten years after September 11, fact finders for the Senate Committee on Homeland Security and Government Affairs reported, “the attacks on 9/11 showed all of us that the Cold War ‘need to know’ system for managing classified and sensitive information drove a culture of information security that resulted in countless stovepipes and secretive pockets of the nation’s most valuable information.” At the same time, the national security apparatus has ballooned in size. As of this writing, 854,000 people hold clearance at the top secret level and a third of them are private contractors.


pages: 324 words: 106,699

Permanent Record by Edward Snowden

A Declaration of the Independence of Cyberspace, Aaron Swartz, air gap, Berlin Wall, call centre, Chelsea Manning, cloud computing, cognitive dissonance, company town, disinformation, drone strike, Edward Snowden, Fall of the Berlin Wall, Free Software Foundation, information security, it's over 9,000, job-hopping, John Perry Barlow, Julian Assange, Laura Poitras, Mark Zuckerberg, McMansion, Neal Stephenson, Occupy movement, off-the-grid, operational security, pattern recognition, peak oil, pre–internet, Rubik’s Cube, Silicon Valley, Skype, Snow Crash, sovereign wealth fund, surveillance capitalism, trade route, WikiLeaks, zero day

A double-tap meant to incapacitate, followed by an aimed shot meant to execute. I was there as a member of class 6-06 of the BTTP, the Basic Telecommunications Training Program, whose intentionally beige name disguises one of the most classified and unusual curricula in existence. The purpose of the program is to train TISOs (Technical Information Security Officers)—the CIA’s cadre of elite “communicators,” or, less formally, “commo guys.” A TISO is trained to be a jack-of-all-trades, a one-person replacement for previous generations’ specialized roles of code clerk, radioman, electrician, mechanic, physical and digital security adviser, and computer technician.

While I was setting up the projector so I could share slides showing how easy it was to run a Tor server to help, for example, the citizens of Iran—but also the citizens of Australia, the UK, and the States—my students drifted in, a diverse crew of strangers and a few new friends I’d only met online. All in all, I’d say about twenty people showed up that December night to learn from me and my co-lecturer, Runa Sandvik, a bright young Norwegian woman from the Tor Project. (Runa would go on to work as the senior director of information security for the New York Times, which would sponsor her later CryptoParties.) What united our audience wasn’t an interest in Tor, or even a fear of being spied on as much as a desire to re-establish a sense of control over the private spaces in their lives. There were some grandparent types who’d wandered in off the street, a local journalist covering the Hawaiian “Occupy!”


pages: 338 words: 104,815

Nobody's Fool: Why We Get Taken in and What We Can Do About It by Daniel Simons, Christopher Chabris

Abraham Wald, Airbnb, artificial general intelligence, Bernie Madoff, bitcoin, Bitcoin "FTX", blockchain, Boston Dynamics, butterfly effect, call centre, Carmen Reinhart, Cass Sunstein, ChatGPT, Checklist Manifesto, choice architecture, computer vision, contact tracing, coronavirus, COVID-19, cryptocurrency, DALL-E, data science, disinformation, Donald Trump, Elon Musk, en.wikipedia.org, fake news, false flag, financial thriller, forensic accounting, framing effect, George Akerlof, global pandemic, index fund, information asymmetry, information security, Internet Archive, Jeffrey Epstein, Jim Simons, John von Neumann, Keith Raniere, Kenneth Rogoff, London Whale, lone genius, longitudinal study, loss aversion, Mark Zuckerberg, meta-analysis, moral panic, multilevel marketing, Nelson Mandela, pattern recognition, Pershing Square Capital Management, pets.com, placebo effect, Ponzi scheme, power law, publication bias, randomized controlled trial, replication crisis, risk tolerance, Robert Shiller, Ronald Reagan, Rubik’s Cube, Sam Bankman-Fried, Satoshi Nakamoto, Saturday Night Live, Sharpe ratio, short selling, side hustle, Silicon Valley, Silicon Valley startup, Skype, smart transportation, sovereign wealth fund, statistical model, stem cell, Steve Jobs, sunk-cost fallacy, survivorship bias, systematic bias, TED Talk, transcontinental railway, WikiLeaks, Y2K

In the end, he didn’t respond because he was sure that at some point before receiving the investment, he would be asked to help these rich folks pay some minor expenses, probably because their overseas funds had all been frozen by sanctions—except, somehow, the €200 million “investment.” Unlike many phishing attempts that superficially mimic the appearance of legitimate queries, these “out of the blue” emails make transparently ridiculous pitches. That seems counterproductive, which is why the information security researcher Cormac Herley asked in the title of a 2012 paper, “Why Do Nigerian Scammers Say They Are from Nigeria?”8 Herley explained that the obviousness is the point. It costs the scammers virtually nothing to spam the world, but it costs them a lot to conduct all the follow-up necessary to reel a victim in.

Kouwenhoven and W. Heck, “Separated from the Netherlands, with 1.5 Million Euros Added,” NRC, April 21, 2022 [https://www.nrc.nl/nieuws/2022/04/21/losgemaakt-van-nederland-met-15-miljoen-euro-toe-a4116891]. 8. C. Herley, “Why Do Nigerian Scammers Say They Are from Nigeria?,” Proceedings of the Workshop on Information Security, Berlin, June 25–26, 2012 [https://www.microsoft.com/en-us/research/wp-content/uploads/2016/02/WhyFromNigeria.pdf]. 9. G. B. Trudeau, Doonesbury, January 27, 1985 [https://www.gocomics.com/doonesbury/1985/01/27]. 10. Raniere was sentenced to 120 years in prison after convictions for racketeering, racketeering conspiracy, sex trafficking, attempted sex trafficking, sex trafficking conspiracy, forced labor conspiracy, and wire fraud conspiracy [https://www.justice.gov/usao-edny/pr/nxivm-leader-keith-raniere-sentenced-120-years-prison-racketeering-and-sex-trafficking].


pages: 629 words: 109,663

Docker in Action by Jeff Nickoloff, Stephen Kuenzli

air gap, Amazon Web Services, cloud computing, computer vision, continuous integration, database schema, Debian, end-to-end encryption, exponential backoff, fail fast, failed state, information security, Kubernetes, microservices, MITM: man-in-the-middle, peer-to-peer, software as a service, web application

They bring their own nuances, benefits, and required skillsets. Their use can be more than worth the effort. Support for each varies by Linux distribution, so you may be in for a bit of work. But once you’ve adjusted your host configuration, the Docker integration is simpler. Security research The information security space is complicated and constantly evolving. It’s easy to feel overwhelmed when reading through open conversations between InfoSec professionals. These are often highly skilled people with long memories and very different contexts from developers or general users. If you can take away any one thing from open InfoSec conversations, it is that balancing system security with user needs is complex.

For example, if you use Docker to distribute cryptographic material, confidentiality will be a major concern. Artifact integrity and confidentiality features vary across the spectrum. Overall, the out-of-the-box distribution security features won’t provide the tightest confidentiality or integrity. If that’s one of your needs, an information security professional will need to implement and review a solution. Expertise The last thing to consider when choosing a distribution method is the level of expertise required. Using hosted methods can be simple and requires little more than a mechanical understanding of the tools. Building custom image or image source-distribution pipelines requires expertise with a suite of related technologies.


pages: 266 words: 38,397

Mastering Ember.js by Mitchel Kelonye

Firefox, information security, MVC pattern, off-the-grid, Ruby on Rails, single page application, web application, WebRTC, WebSocket

James A Rosen is a senior user happiness engineer at Zendesk. He writes Ruby and JavaScript and is currently working on improving performance, scalability, and developer happiness on large-scale distributed web applications. He holds a BS degree in Computer Science and Music from Washington University in St. Louis and an MS degree in Information Security Policy and Management from Carnegie Mellon University. He has written for the Zendesk Developers blog and contributed to technical books, including editing Understanding the Four Rules of Simple Design, Corey Haines. www.PacktPub.com Support files, eBooks, discount offers, and more For support files and downloads related to your book, please visit www.PacktPub.com.


pages: 161 words: 39,526

Applied Artificial Intelligence: A Handbook for Business Leaders by Mariya Yao, Adelyn Zhou, Marlene Jia

Airbnb, algorithmic bias, AlphaGo, Amazon Web Services, artificial general intelligence, autonomous vehicles, backpropagation, business intelligence, business process, call centre, chief data officer, cognitive load, computer vision, conceptual framework, data science, deep learning, DeepMind, en.wikipedia.org, fake news, future of work, Geoffrey Hinton, industrial robot, information security, Internet of things, iterative process, Jeff Bezos, job automation, machine translation, Marc Andreessen, natural language processing, new economy, OpenAI, pattern recognition, performance metric, price discrimination, randomized controlled trial, recommendation engine, robotic process automation, Salesforce, self-driving car, sentiment analysis, Silicon Valley, single source of truth, skunkworks, software is eating the world, source of truth, sparse data, speech recognition, statistical model, strong AI, subscription business, technological singularity, The future is already here

Other Important Roles The roles that we highlighted tend to be executives with sufficient technical expertise, organizational resources, and enterprise clout to lead major AI initiatives. However, successful investments can be led by a myriad of roles including Chief Digital Officers, Chief Security Officers / Chief Information Security Officers, Chief Risk Officers, Chief Innovation Officers, Chief Science Officers, Chief Strategy Officers, etc. The exact scope and role of these positions in the C-Suite hierarchy can vary widely across organizations, so you’ll need to clarify their responsibilities within your own organization before pitching them to be your champion.


pages: 395 words: 116,675

The Evolution of Everything: How New Ideas Emerge by Matt Ridley

"World Economic Forum" Davos, adjacent possible, affirmative action, Affordable Care Act / Obamacare, Albert Einstein, Alfred Russel Wallace, AltaVista, altcoin, An Inconvenient Truth, anthropic principle, anti-communist, bank run, banking crisis, barriers to entry, bitcoin, blockchain, Boeing 747, Boris Johnson, British Empire, Broken windows theory, carbon tax, Columbian Exchange, computer age, Corn Laws, cosmological constant, cotton gin, creative destruction, Credit Default Swap, crony capitalism, crowdsourcing, cryptocurrency, David Ricardo: comparative advantage, demographic transition, Deng Xiaoping, discovery of DNA, Donald Davies, double helix, Downton Abbey, driverless car, Eben Moglen, Edward Glaeser, Edward Lorenz: Chaos theory, Edward Snowden, endogenous growth, epigenetics, Ethereum, ethereum blockchain, facts on the ground, fail fast, falling living standards, Ferguson, Missouri, financial deregulation, financial innovation, flying shuttle, Frederick Winslow Taylor, Geoffrey West, Santa Fe Institute, George Gilder, George Santayana, Glass-Steagall Act, Great Leap Forward, Greenspan put, Gregor Mendel, Gunnar Myrdal, Henri Poincaré, Higgs boson, hydraulic fracturing, imperial preference, income per capita, indoor plumbing, information security, interchangeable parts, Intergovernmental Panel on Climate Change (IPCC), invisible hand, Isaac Newton, Jane Jacobs, Japanese asset price bubble, Jeff Bezos, joint-stock company, Joseph Schumpeter, Kenneth Arrow, Kevin Kelly, Khan Academy, knowledge economy, land reform, Lao Tzu, long peace, low interest rates, Lyft, M-Pesa, Mahatma Gandhi, Mark Zuckerberg, means of production, meta-analysis, military-industrial complex, mobile money, Money creation, money: store of value / unit of account / medium of exchange, Mont Pelerin Society, moral hazard, Necker cube, obamacare, out of africa, packet switching, peer-to-peer, phenotype, Pierre-Simon Laplace, precautionary principle, price mechanism, profit motive, RAND corporation, random walk, Ray Kurzweil, rent-seeking, reserve currency, Richard Feynman, rising living standards, road to serfdom, Robert Solow, Ronald Coase, Ronald Reagan, Satoshi Nakamoto, scientific management, Second Machine Age, sharing economy, smart contracts, South Sea Bubble, Steve Jobs, Steven Pinker, Stuart Kauffman, tacit knowledge, TED Talk, The Wealth of Nations by Adam Smith, Thorstein Veblen, transaction costs, twin studies, uber lyft, women in the workforce

While there are plenty of us who would like to see abusive internet commentators stripped of their anonymity, so would the leaders of repressive regimes like to see dissidents exposed. Russian President Vladimir Putin has been explicit that his goal is ‘establishing international control over the Internet’ through the ITU. In 2011 Russia joined with China, Tajikistan and Uzbekistan to propose an ‘International Code of Conduct for Information Security’ to the UN General Assembly. The issue came to a head at a meeting of the ITU in Dubai in December 2012, where member countries voted by eighty-nine to fifty-five to give the United Nations agency unprecedented power over the internet, with Russia, China, Saudi Arabia, Algeria and Iran leading the charge for regulation.

‘Mahatma’ 178 Garzik, Jeff 312 Gas Research Institute 136 Gassendi, Pierre 12, 13 Gates, Bill 222 Gaua 81 Gazzaniga, Michael 144, 147 GCHQ 303 genes: background 59–61; function of 65; and the genome 62–4; and junk or surplus DNA 66–72; mutation 72–5; selfish gene 66, 68 Genghis Khan 87, 223 geology 17 George III 245 Georgia Inst. of Technology 272 German Society for Racial Hygiene 198, 202 Germany 12, 29, 101, 122, 138, 231, 243, 247, 251, 253, 318 Ghana 181, 229 Giaever, Ivar 273 Gilder, George 287 Gilfillan, Colum 127 Gladstone, William Ewart 246 Glaeser, Edward 92 Glasgow University 22, 25 Glass-Steagall Act 287 global warming 271–6 Glorious Revolution (England) 243 Gobi desert 92 Goddard, Robert 138 Godkin, Ed 250 Goethe, Charles 202 Goethe, Johann Wolfgang von 248 Goldberg, Jonah 252; Liberal Fascism 199, 251 Goldman Sachs 3 Goldsmith, Sir Edward 211 Goodenough, Oliver 36 Google 120, 130, 132, 188 Gore, A1205, 211, 273, 274 Gosling, Raymond 121 Gottlieb, Anthony 41 Gottlieb, Richard 11 Gould, Stephen Jay 38, 53, 69 government: commerce and freedom 243–4; counterrevolution of 247–50; definition 236; free trade and free thinking 244–6; as God 254–5; and the Levellers 241–2; liberal fascism 250–2; libertarian revival 252–3; prison system 237–8; and protection rackets 238–41; and the wild west 235–6 Grant, Madison 202; The Passing of the Great Race 200–1 Graur, Dan 71, 72 Gray, Asa 44; Descent of Man 44–5 Gray, Elisha 119 Great Depression 105, 125, 318 Great Recession (2008–09) 97, 297 Greece 259 Green, David 115 Green, Paul 226 Green Revolution 208, 210 Greenblatt, Stephen 9, 11n Greenhalgh, Susan 212; Just One Child 210–11 Greenspan Put 289 Gregory, Ryan 71 Gregory VII, Pope 239 Gresham’s Law 279 Guardian (newspaper) 53 Gulf War 298 Gutenberg, Johannes 220 Hadiths 262 Haeckel, Ernst 197, 198 Hahnemann, Samuel 271 Haig, David 57 Hailey, Malcolm, Lord 231 Hailo 109 Haiti 207 Hamel, Gary 224 Hamilton, Alexander 244 Hannan, Daniel 35, 242, 315 Hannauer, Nick 107 Hansen, Alvin 105 Hanson, Earl Parker, New Worlds Emerging 209 Harford, Tim, Adapt: Why Success Always Starts With Failure 127, 255 Harriman, E.H. 200 Harris, Judith Rich 155–6, 158–65, 169; The Nurture Assumption 160–1 Harris, Sam 147, 148, 149–50, 151, 152 Harvard Business Review 224 Harvard University 9, 28, 57, 155, 159, 300 Hayek, Friedrich 35, 102, 128, 133, 230, 232, 243; The Constitution of Liberty 300; The Road to Serfdom 253 Haynes, John Dylan 146–7 Hazlett, Tom 223 Heidegger, Martin 201 Helsinki 211, 212 Henrich, Joe 89 Henry II 34 Henry VII 240 Henry the Navigator, Prince 134 Heraclius 262 Heritage Foundation 241 Higgs, Robert 240 Hill, P.J. 235–6 Hines, Melissa 169 Hitler, Adolf 198, 201, 217, 251, 252, 253; Mein Kampf 252 Hobbes, Thomas 8, 12, 197–8, 243 Holdren, John 208 Holland 142 Holland, Tom, In the Shadow of the Sword 261–2 Holocaust 214 Hong Kong 31, 92, 97, 101, 190, 191, 233–4 Hood, Bruce 148; The Self Illusion 145 Horgan, John 60 Hortlund, Per 284 ‘How Aid Underwrites Repression in Ethiopia’ (2010) 232 Howard, John 273 Hu Yaobang 212 Human Genome Project 64 Human Rights Watch 232 Hume, David 20, 21–2, 40–1, 54, 276; Concerning Natural Religion 39–40; Natural History of Religion 257 Humphrey, Nick 144, 154 Hussein, Saddam 298 Hutcheson, Francis 22, 25 Hutchinson, Allan 33 Hutton, James 17 Huxley, Aldous, Brave New World 167 Huxley, Julian 205, 211 Hyderabad 181 Ibsen, Henrik 249 Iceland 32 Iliad 87 Immigration Act (US, 1924) 201 Incas 86, 259 India 34, 87, 108, 125, 177–8, 181, 183, 196, 204, 206, 213, 214, 258, 259 Industrial (R)evolution 63, 104, 108,109–10, 135, 220, 248, 254–5, 277 Infoseek (search engine) 120 Intel 223 Intergovernmental Panel on Climate Change (IPCC) 273–4 International Code of Conduct for Information Security 305 International Federation of Eugenics Organisations 202 International Monetary Fund (IMF) 286 International Telecommunications Union (ITU) 305 internet: balkanisation of the web 302–6; and bitcoin 308–12; and blockchains 306–9, 313–14; central committee of 305–6; complexity of 300–1; emergence of 299–300; individuals associated with 301–2; and politics 314–16 Internet Corporation for Assigned Names and Numbers (ICANN) 305–6 Iraq 32, 255 Ireland 213, 246 Irish Republican Army (IRA) 240 Islam 259, 260, 262–3 Islamabad 92 Islamic State 240 Israel, Paul 119 Italian city states 101 Italy 34, 247, 251 Ive, Sir Jonathan 319 Jablonka, Eva 56, 57 Jackson, Doug 309 Jacobs, Jane 92 Jagger, Bianca 211 Jainism 260 Japan, Japanese 32, 122, 125, 231, 232, 288 Jefferson, Thomas 15, 20, 114, 244 Jehovah 13, 276 Jerome, St 11 Jesus Christ 8, 9, 88, 257, 258, 263, 266 Jevons, William Stanley 63, 106 Jews 29, 142, 197, 202–3, 257 Jobs, Steve 119, 222 Johnson, Boris 166; The Churchill Factor: How One Man Made History 217 Johnson, Lyndon B. 206, 207, 289 Johnson, Steven Berlin 220; Where Good Ideas Come From: The Natural History of Innovation 127 Jones, Judge John 49, 50, 51 Jonson, Ben 15 J.P.


pages: 420 words: 119,928

The Three-Body Problem (Remembrance of Earth's Past) by Cixin Liu

Apollo 13, back-to-the-land, cosmic microwave background, Deng Xiaoping, game design, Henri Poincaré, horn antenna, information security, invisible hand, Isaac Newton, Norbert Wiener, Panamax, quantum entanglement, RAND corporation, Search for Extraterrestrial Intelligence, Von Neumann architecture

Wang glanced at his watch: It was three in the morning. Wang arrived at Da Shi’s chaotic office and saw that it was already filled with a dense cloud of cigarette smoke. A young woman police officer who shared the office fanned the smoke away from her nose with a notebook. Da Shi introduced her as Xu Bingbing, a computer specialist from the Information Security Division. The third person in the office surprised Wang. It was Wei Cheng, the reclusive, mysterious husband of Shen Yufei from the Frontiers of Science. Wei’s hair was a mess. He looked up at Wang, but seemed to have forgotten they had met. “I’m sorry to bother you, but at least it looks like you weren’t asleep,” Da Shi said.

I’ll leave the paperwork until tomorrow, because we have to move right away.” He turned to Wang. “No rest for the weary. I have to ask you to come and advise me some more.” Then he turned to Xu Bingbing, who’d been silent the whole time. “Bingbing, right now I have only two men on duty, and that’s not enough. I know the Information Security Division isn’t used to fieldwork, but I need you to come along.” Xu nodded, glad to leave the smoke-filled office. * * * In addition to Da Shi and Xu, the team for conducting the search consisted of Wang Miao, Wei Cheng, and two other officers from the Criminal Division. The six of them rode through the predawn darkness in two police cars, heading toward Wei’s neighborhood at the edge of the city.


pages: 440 words: 117,978

Cuckoo's Egg by Clifford Stoll

affirmative action, call centre, Golden Gate Park, hiring and firing, information security, John Markoff, Menlo Park, old-boy network, Paul Graham, Richard Stallman, Silicon Valley, Strategic Defense Initiative, undersea cable

Aletha didn’t care about computers, but had a wary eye for problems on the horizon. She wasted no time in calling the FBI. Our local FBI office didn’t raise an eyebrow. Fred Wyniken, special agent with the Oakland resident agency, asked incredulously, “You’re calling us because you’ve lost seventy-five cents in computer time?” Aletha tried explaining information security, and the value of our data. Wyniken interrupted and said, “Look, if you can demonstrate a loss of more than a million dollars, or that someone’s prying through classified data, then we’ll open an investigation. Until then, leave us alone.” Right. Depending on how you looked at it, our data was worth either nothing or zillions of dollars.

“OK,” Ann replied, “it’s not within my command.” I didn’t like leaving Berkeley, partly because I missed my sweetheart, but also because it left the hacker unwatched. I was to talk to the NTISSIC, a governmental organization whose acronym has never been decoded. Bob Morris said they set policy for telecommunications and information security, so I could guess some of the letters. “While you’re in the area,” Teejay said, “how about stopping by our headquarters in Langley?” Me? Visit the CIA? I’m in way over my head now. Meeting the spooks on their own ground. I could just imagine it: hundreds of spies in trench coats, skulking around hallways.


pages: 397 words: 110,222

Habeas Data: Privacy vs. The Rise of Surveillance Tech by Cyrus Farivar

Apple's 1984 Super Bowl advert, autonomous vehicles, call centre, citizen journalism, cloud computing, computer age, connected car, do-ocracy, Donald Trump, Edward Snowden, en.wikipedia.org, failed state, Ferguson, Missouri, Frank Gehry, Golden Gate Park, information security, John Markoff, Laura Poitras, license plate recognition, lock screen, Lyft, national security letter, Occupy movement, operational security, optical character recognition, Port of Oakland, RAND corporation, Ronald Reagan, sharing economy, Silicon Valley, Silicon Valley startup, Skype, Steve Jobs, Steven Levy, tech worker, The Hackers Conference, Tim Cook: Apple, transaction costs, uber lyft, WikiLeaks, you are the product, Zimmermann PGP

“I didn’t like the idea that Google was going to be profiling people’s private messages for advertising,” Levison said. “I was creating the type of service that I wanted to use myself. It was developed with the type of features that I would choose to use. You have to remember, I was involved in that information security community and I wanted to build the type of service that my friends couldn’t break into.” Early on, Levison offered TLS support, and thought user-level encryption was a way to secure himself against NSLs. “I knew about the PATRIOT Act, I remember thinking that it was slightly too aggressive, that the pendulum had swung too far,” he said.

Available at: https://arstechnica.com/​tech-policy/​2015/​03/​we-know-where-youve-been-ars-acquires-4-6m-license-plate-scans-from-the-cops/​. In the latter half of the twentieth century: Luisa Parraguez Kobek and Erick Caldera, “Cyber Security and Habeas Data: The Latin American Response to Information Security and Data Protection,” Oasis 24 (July–December 2016), pp. 109–128. Available at: http://revistas.uexternado.edu.co/​index.php/​oasis/​article/​view/​4679/​5673. However, there is a historical skepticism: Ellen M. Kirsh, David W. Phillips, and Donna E. McIntyre, “Recommendations for the Evolution of Cyberlaw,” Journal of Computer-Mediated Communication 2 (September 1996).


pages: 444 words: 118,393

The Nature of Software Development: Keep It Simple, Make It Valuable, Build It Piece by Piece by Ron Jeffries

Amazon Web Services, anti-pattern, bitcoin, business cycle, business intelligence, business logic, business process, c2.com, call centre, cloud computing, continuous integration, Conway's law, creative destruction, dark matter, data science, database schema, deep learning, DevOps, disinformation, duck typing, en.wikipedia.org, fail fast, fault tolerance, Firefox, Hacker News, industrial robot, information security, Infrastructure as a Service, Internet of things, Jeff Bezos, Kanban, Kubernetes, load shedding, loose coupling, machine readable, Mars Rover, microservices, Minecraft, minimum viable product, MITM: man-in-the-middle, Morris worm, move fast and break things, OSI model, peer-to-peer lending, platform as a service, power law, ransomware, revision control, Ruby on Rails, Schrödinger's Cat, Silicon Valley, six sigma, software is eating the world, source of truth, SQL injection, systems thinking, text mining, time value of money, transaction costs, Turing machine, two-pizza team, web application, zero day

The overwhelming majority of malicious users are known as “script kiddies.” Don’t let the diminutive name fool you. Script kiddies are dangerous because of their sheer numbers. Although the odds are low that you will be targeted by a true cracker, your systems are probably being probed by script kiddies right now. This book is not about information security or online warfare. A robust approach to defense and deterrence is beyond my scope. I will restrict my discussion to the intersection of security and stability as it pertains to system and software architecture. The primary risk to stability is the now-classic distributed denial-of-service (DDoS) attack.

(Note that MongoDB, the company, has a thorough guide for securing the database;[61] it’s unfortunate that the default installation at the time was not secured.) Remember the install script is the first step in installation, not the last. Another common security misconfiguration relates to servers listening too broadly. We first encountered this in ​Programming for Multiple Networks​. You can improve information security right away by splitting internal traffic onto its own NIC separate from public-facing traffic. Security professionals talk about the “attack surface,” meaning the sum of all IP addresses, ports, and protocols reachable to attackers. Split those admin interfaces to reduce the attack surface.


pages: 133 words: 42,254

Big Data Analytics: Turning Big Data Into Big Money by Frank J. Ohlhorst

algorithmic trading, bioinformatics, business intelligence, business logic, business process, call centre, cloud computing, create, read, update, delete, data acquisition, data science, DevOps, extractivism, fault tolerance, information security, Large Hadron Collider, linked data, machine readable, natural language processing, Network effects, pattern recognition, performance metric, personalized medicine, RFID, sentiment analysis, six sigma, smart meter, statistical model, supply-chain management, warehouse automation, Watson beat the top human players on Jeopardy!, web application

Thinking through such tactics will lead you to consider protecting phone lists, shredding the papers in the recycling bins, convening an internal council to approve your R&D scientists’ publications, and coming up with other worthwhile ideas for your particular business. These guidelines can be applied to almost any information security paradigm that is geared toward protecting IP. The same guidelines can be used when designing IP protection for a Big Data platform. Chapter 8 The Evolution of Big Data To truly understand the implications of Big Data analytics, one has to reach back into the annals of computing history, specifically business intelligence (BI) and scientific computing.


Google AdWords by Anastasia Holdren

bounce rate, information security, Network effects, search engine result page

Rules About Ad Functionality Malware (malicious software) Advertisers cannot promote software that steals, spams, commits fraud, disrupts usage, or the like. Malicious or not, advertisers cannot trick people into installing software. Deception Advertisers cannot promote products or services that mislead people for financial gain. AdWords also prohibits deceptive practices like phishing. Personal information security Advertisers must use secure servers when collecting personal or financial information. In addition, advertisers must clearly disclose when they do this and request permission from visitors. Sites collecting payment or financial information must disclose prices and billing practices in an easy-to-understand way.


pages: 159 words: 42,401

Snowden's Box: Trust in the Age of Surveillance by Jessica Bruder, Dale Maharidge

air gap, anti-communist, Bay Area Rapid Transit, Berlin Wall, Black Lives Matter, blockchain, Broken windows theory, Burning Man, Cambridge Analytica, cashless society, Chelsea Manning, citizen journalism, computer vision, crowdsourcing, deep learning, digital rights, disinformation, Donald Trump, Edward Snowden, Elon Musk, end-to-end encryption, Evgeny Morozov, Ferguson, Missouri, Filter Bubble, Firefox, information security, Internet of things, Jeff Bezos, Jessica Bruder, John Perry Barlow, Julian Assange, Laura Poitras, license plate recognition, Mark Zuckerberg, mass incarceration, medical malpractice, messenger bag, Neil Armstrong, Nomadland, Occupy movement, off grid, off-the-grid, pattern recognition, Peter Thiel, Robert Bork, Seymour Hersh, Shoshana Zuboff, Silicon Valley, Skype, social graph, Steven Levy, surveillance capitalism, tech bro, Tim Cook: Apple, web of trust, WikiLeaks

To anyone else, the encrypted email would look like an inscrutable string of nonsense, something like this: Less than a month after Micah launched the Freedom of the Press Foundation’s website, he received an encrypted email from an anonymous source. This triggered a sequence of events Micah would later recount at the Intercept. Decrypted, the email read: From: anon108@XXXXX To: Micah Lee Date: Fri, 11 Jan 2013 Micah, I’m a friend. I need to get information securely to Laura Poitras and her alone, but I can’t find an email/gpg key for her. Can you help? Micah didn’t know it at the time, but a month earlier the same mysterious source had contacted another Freedom of the Press Foundation board member: Glenn Greenwald. The source wanted to have a private conversation with him and urged him to set up encryption.


pages: 960 words: 125,049

Mastering Ethereum: Building Smart Contracts and DApps by Andreas M. Antonopoulos, Gavin Wood Ph. D.

air gap, Amazon Web Services, bitcoin, blockchain, business logic, continuous integration, cryptocurrency, Debian, digital divide, Dogecoin, domain-specific language, don't repeat yourself, Edward Snowden, en.wikipedia.org, Ethereum, ethereum blockchain, fault tolerance, fiat currency, Firefox, functional programming, Google Chrome, information security, initial coin offering, intangible asset, Internet of things, litecoin, machine readable, move fast and break things, node package manager, non-fungible token, peer-to-peer, Ponzi scheme, prediction markets, pull request, QR code, Ruby on Rails, Satoshi Nakamoto, sealed-bid auction, sharing economy, side project, smart contracts, transaction costs, Turing complete, Turing machine, Vickrey auction, Vitalik Buterin, web application, WebSocket

Eventually, the development of the Ethereum platform will slow down and its interfaces will become fixed. But in the meantime, innovation is the driving principle. You’d better keep up, because no one will slow down for you. Why Learn Ethereum? Blockchains have a very steep learning curve, as they combine multiple disciplines into one domain: programming, information security, cryptography, economics, distributed systems, peer-to-peer networks, etc. Ethereum makes this learning curve a lot less steep, so you can get started quickly. But just below the surface of a deceptively simple environment lies a lot more. As you learn and start looking deeper, there’s always another layer of complexity and wonder.

Then we will look at how keys are generated, stored, and managed. Finally, we will review the various encoding formats used to represent private keys, public keys, and addresses. Public Key Cryptography and Cryptocurrency Public key cryptography (also called “asymmetric cryptography”) is a core part of modern-day information security. The key exchange protocol, first published in the 1970s by Martin Hellman, Whitfield Diffie, and Ralph Merkle, was a monumental breakthrough that incited the first big wave of public interest in the field of cryptography. Before the 1970s, strong cryptographic knowledge was kept secret by governments.


pages: 320 words: 87,853

The Black Box Society: The Secret Algorithms That Control Money and Information by Frank Pasquale

Adam Curtis, Affordable Care Act / Obamacare, Alan Greenspan, algorithmic trading, Amazon Mechanical Turk, American Legislative Exchange Council, asset-backed security, Atul Gawande, bank run, barriers to entry, basic income, Bear Stearns, Berlin Wall, Bernie Madoff, Black Swan, bonus culture, Brian Krebs, business cycle, business logic, call centre, Capital in the Twenty-First Century by Thomas Piketty, Chelsea Manning, Chuck Templeton: OpenTable:, cloud computing, collateralized debt obligation, computerized markets, corporate governance, Credit Default Swap, credit default swaps / collateralized debt obligations, crowdsourcing, cryptocurrency, data science, Debian, digital rights, don't be evil, drone strike, Edward Snowden, en.wikipedia.org, Evgeny Morozov, Fall of the Berlin Wall, Filter Bubble, financial engineering, financial innovation, financial thriller, fixed income, Flash crash, folksonomy, full employment, Gabriella Coleman, Goldman Sachs: Vampire Squid, Google Earth, Hernando de Soto, High speed trading, hiring and firing, housing crisis, Ian Bogost, informal economy, information asymmetry, information retrieval, information security, interest rate swap, Internet of things, invisible hand, Jaron Lanier, Jeff Bezos, job automation, John Bogle, Julian Assange, Kevin Kelly, Kevin Roose, knowledge worker, Kodak vs Instagram, kremlinology, late fees, London Interbank Offered Rate, London Whale, machine readable, Marc Andreessen, Mark Zuckerberg, Michael Milken, mobile money, moral hazard, new economy, Nicholas Carr, offshore financial centre, PageRank, pattern recognition, Philip Mirowski, precariat, profit maximization, profit motive, public intellectual, quantitative easing, race to the bottom, reality distortion field, recommendation engine, regulatory arbitrage, risk-adjusted returns, Satyajit Das, Savings and loan crisis, search engine result page, shareholder value, Silicon Valley, Snapchat, social intelligence, Spread Networks laid a new fibre optics cable between New York and Chicago, statistical arbitrage, statistical model, Steven Levy, technological solutionism, the scientific method, too big to fail, transaction costs, two-sided market, universal basic income, Upton Sinclair, value at risk, vertical integration, WikiLeaks, Yochai Benkler, zero-sum game

Professor Helen Nissenbaum at NYU looks to creative obfuscation: her browser extension TrackMeNot floods your search engine with so many random queries that companies like Google can’t compile an accurate psychological or marketing profile.198 Presumably the same technology could be applied to Gmail by sending dozens of fake e-mails to dummy accounts. Other apps offer to watch our backs and tell us exactly who is sharing our data with others, and how.199 There are “personal data vaults” in which we can store our information securely and then bargain, oneon-one, with anyone who wants access to it.200 But self-help can take us only so far. For nearly every “Privacy Enhancing Technology” (PET) developed, a “Privacy Eviscerating Technology” may arise. Week by week the PET recommendations of digital gurus are rendered obsolete by countermeasures.

Jerry Kang, Katie Shilton, Deborah Estrin and Jeff Burke, “SelfSurveillance Privacy,” Iowa Law Review 97 (2010): 809–848; Jonathan Zittrain, “What the Publisher Can Teach the Patient: Intellectual Property and Privacy in an Era of Trusted Privication,” Stanford Law Review 52 (2000): 1201–1250; Latanya Sweeney, The Data Map (2012), http://thedatamap.org/maps.html. 201. Though some regulators are setting security standards, the leading policy response is simply to notify people that the breach occurred. Gina Stevens, Federal Information Security and Data Breach Notifi cation Laws, CRS Report for Congress, RL34120 (2010). 202. Kim Zetter, “Use These Secret NSA Google Search Tips to Become Your Own Spy Agency,” Wired, May 8, 2013, http://www.wired.com /threatlevel /2013/05/nsa-manual-on-hacking-internet /. 203. Lucas Mearian, “ ‘Wall of Shame’ Exposes 21M Medical Record Breaches,” Computerworld, August 7, 2012, http://www.computerworld.com /s /article/9230028.


pages: 525 words: 116,295

The New Digital Age: Transforming Nations, Businesses, and Our Lives by Eric Schmidt, Jared Cohen

access to a mobile phone, additive manufacturing, airport security, Amazon Mechanical Turk, Amazon Web Services, Andy Carvin, Andy Rubin, anti-communist, augmented reality, Ayatollah Khomeini, barriers to entry, bitcoin, borderless world, call centre, Chelsea Manning, citizen journalism, clean water, cloud computing, crowdsourcing, data acquisition, Dean Kamen, disinformation, driverless car, drone strike, Elon Musk, Evgeny Morozov, failed state, false flag, fear of failure, Filter Bubble, Google Earth, Google Glasses, Hacker Conference 1984, hive mind, income inequality, information security, information trail, invention of the printing press, job automation, John Markoff, Julian Assange, Khan Academy, Kickstarter, knowledge economy, Law of Accelerating Returns, market fundamentalism, Mary Meeker, means of production, military-industrial complex, MITM: man-in-the-middle, mobile money, mutually assured destruction, Naomi Klein, Nelson Mandela, no-fly zone, off-the-grid, offshore financial centre, Parag Khanna, peer-to-peer, peer-to-peer lending, personalized medicine, Peter Singer: altruism, power law, Ray Kurzweil, RFID, Robert Bork, self-driving car, sentiment analysis, Silicon Valley, Skype, Snapchat, social graph, speech recognition, Steve Jobs, Steven Pinker, Stewart Brand, Stuxnet, Susan Wojcicki, The Wisdom of Crowds, upwardly mobile, Whole Earth Catalog, WikiLeaks, young professional, zero day

Over the past several years, the growth of mobile phones in Somalia has been one of the few success stories to emerge amid this anarchy. Even in the absence of security or a functioning government, the telecommunications industry has come to play a critical role in many aspects of society, providing Somalis with jobs, information, security and critical connections to the outside world. In fact, the telecoms are just about the only thing in Somalia that is organized, that transcends clan and tribal dynamics, and that functions across all three regions: South Central Somalia (Mogadishu), Puntland in the northeast and Somaliland in the northwest.

“war as a continuation of policy by other means”: Carl von Clausewitz, On War (Baltimore: Penguin Books, 1968). The original quote is “war as a continuation of politik by other means.” “it’s just much harder to know who took the shot at you”: Craig Mundie in discussion with the authors, November 2011. Mundie calls cyber-espionage tactics “weapons of mass disruption”: Craig Mundie, “Information Security in the Digital Decade.” Remarks at the American Chamber of Commerce in Bangkok, Thailand, October 20, 2003, http://www.microsoft.com/en-us/news/exec/craig/10-20security.aspx. until a virus known as Flame, discovered in 2012, claimed that title: “Resource 207: Kaspersky Lab Research Proves That Stuxnet and Flame Developers Are Connected,” Kaspersky Lab, June 11, 2012, http://www.kaspersky.com/about/news/virus/2012/Resource_207_KasperskyLab_Research_Proves_that_Stuxnet_and_Flame_Developers_are_Connected.


pages: 457 words: 126,996

Hacker, Hoaxer, Whistleblower, Spy: The Story of Anonymous by Gabriella Coleman

1960s counterculture, 4chan, Aaron Swartz, Amazon Web Services, Bay Area Rapid Transit, bitcoin, Chelsea Manning, citizen journalism, cloud computing, collective bargaining, corporate governance, creative destruction, crowdsourcing, data science, David Graeber, Debian, digital rights, disinformation, do-ocracy, East Village, Eben Moglen, Edward Snowden, false flag, feminist movement, Free Software Foundation, Gabriella Coleman, gentrification, George Santayana, Hacker News, hive mind, impulse control, information security, Jacob Appelbaum, jimmy wales, John Perry Barlow, Julian Assange, Laura Poitras, lolcat, low cost airline, mandatory minimum, Mohammed Bouazizi, Network effects, Occupy movement, Oklahoma City bombing, operational security, pirate software, power law, Richard Stallman, SETI@home, side project, Silicon Valley, Skype, SQL injection, Steven Levy, Streisand effect, TED Talk, Twitter Arab Spring, WikiLeaks, zero day

The encryption was too strong to crack on their own, but by utilizing the brute force of a pool of GPUs (graphics processing unit), they were able to crack the hashes in a number of hours. One of the passwords, “kibafo33,” granted access to Barr’s Gmail-hosted email account. There the Anons saw the jubilant internal HBGary email exchanges. Naturally, the hackers tried the password on all of Barr’s social media accounts and found that he violated the first rule of informational security: never use the same password across platforms. The team could now commandeer all of Barr’s social media accounts for lulz and worse. Getting in was just the beginning. “Good drama must be drastic”23 It was Super Bowl Sunday. Millions of Americans were glued to the tube watching overgrown bulky men pounce on each other for the purpose of kicking a ball through two goal posts.

I actually appreciated the productive discussions—much more than the veiled threats. Sometime in 2010 an email arrived in my inbox from a respected hacker encouraging me to attend NYSEC, the informal New York City gathering of security professionals and hackers held monthly at a bar. Or as their Twitter bio describes it, “A drinking meetup with an information security problem.” I figured why not. This was the cordial way of telling me: get real, start hanging out with real hackers. Others were less amicable. One of these “hackers” contacted me by email to generously offer me his entire collection of the hacker zine 2600 for my research. I was excited to add the zines to my personal library, and we met at a tiny New York City cafe.


pages: 444 words: 127,259

Super Pumped: The Battle for Uber by Mike Isaac

"Susan Fowler" uber, "World Economic Forum" Davos, activist fund / activist shareholder / activist investor, Airbnb, Albert Einstein, always be closing, Amazon Web Services, Andy Kessler, autonomous vehicles, Ayatollah Khomeini, barriers to entry, Bay Area Rapid Transit, Benchmark Capital, Big Tech, Burning Man, call centre, Cambridge Analytica, Chris Urmson, Chuck Templeton: OpenTable:, citizen journalism, Clayton Christensen, cloud computing, corporate governance, creative destruction, data science, Didi Chuxing, don't be evil, Donald Trump, driverless car, Elon Musk, end-to-end encryption, fake news, family office, gig economy, Google Glasses, Google X / Alphabet X, Greyball, Hacker News, high net worth, hockey-stick growth, hustle culture, impact investing, information security, Jeff Bezos, John Markoff, John Zimmer (Lyft cofounder), Kevin Roose, Kickstarter, Larry Ellison, lolcat, Lyft, Marc Andreessen, Marc Benioff, Mark Zuckerberg, Masayoshi Son, mass immigration, Menlo Park, Mitch Kapor, money market fund, moral hazard, move fast and break things, Network effects, new economy, off grid, peer-to-peer, pets.com, Richard Florida, ride hailing / ride sharing, Salesforce, Sand Hill Road, self-driving car, selling pickaxes during a gold rush, shareholder value, Shenzhen special economic zone , Sheryl Sandberg, side hustle, side project, Silicon Valley, Silicon Valley startup, skunkworks, Snapchat, SoftBank, software as a service, software is eating the world, South China Sea, South of Market, San Francisco, sovereign wealth fund, special economic zone, Steve Bannon, Steve Jobs, stock buybacks, super pumped, TaskRabbit, tech bro, tech worker, the payments system, Tim Cook: Apple, Travis Kalanick, Uber and Lyft, Uber for X, uber lyft, ubercab, union organizing, upwardly mobile, Vision Fund, WeWork, Y Combinator

After years in government suits, he compromised with dadcore jeans and button-downs, and eventually moved to a more tech-friendly jeans and T-shirt combo. His high cheekbones, broad forehead, and wide-set eyes made his default expression a kind of restful stoicism, even in the face of complex information security problems. He spoke quickly and clinically, his dispassionate attitude forged over his years as a lawyer. The most emotion you’d see was a raised eyebrow, or perhaps a knowing smirk when telling war stories from his days as a prosecutor. Laughter never came in more than a chuckle, like the joke was a secret he kept to himself.

Before I left my house, I was to delete my Uber app and check the setting buried in the app submenu that deleted my contact information from Uber’s servers. One of Uber’s features requested users to upload their phone books to the cloud. If two friends or colleagues took a ride together, this feature allowed them to quickly split the fare. For most users, this was a nifty, convenient feature. For Bob and me, it was a liability; if Uber’s information security team wanted, they could spy on the rides I’d taken, the names and numbers of my contacts and sources—any information I’d willingly given over to Uber. Better I delete Uber from my phone entirely. I was to leave my phone in the car, turned off, and bring nothing but a pen and notebook. He’d find me when I got there.


pages: 200 words: 47,378

The Internet of Money by Andreas M. Antonopoulos

AltaVista, altcoin, bitcoin, blockchain, clean water, cognitive dissonance, cryptocurrency, disruptive innovation, Dogecoin, Ethereum, ethereum blockchain, financial exclusion, global reserve currency, information security, litecoin, London Interbank Offered Rate, Marc Andreessen, Oculus Rift, packet switching, peer-to-peer lending, Ponzi scheme, QR code, ransomware, reserve currency, Satoshi Nakamoto, self-driving car, skeuomorphism, Skype, smart contracts, the medium is the message, trade route, Tragedy of the Commons, underbanked, WikiLeaks, zero-sum game

There are really two types of companies out there: those that have failed to take the necessary action to secure the credit cards that you entrusted them with; and those that will soon fail to take the necessary security action to protect the credit cards you’ve entrusted them with. You’ve either been hacked or you will be hacked—those are the two categories. Nobody’s immune to this. No one can invent a way to protect millions of secure access tokens from motivated attackers. It’s impossible to do. We don’t know how to do it. There is no information security trick that can protect for all possible types of attacks. Credit cards are broken by design because the token itself is the secret key. If you transmit that token, you expose your entire account to risk. 9.2. Bitcoin Transactions: Secure by Design Bitcoin is fundamentally different.


pages: 312 words: 52,762

Gray Hat Python: Python Programming for Hackers and Reverse Engineers by Justin Seitz

Firefox, information security, web application

The book is designed to allow you to learn some theory behind most hacking tools and techniques, including debuggers, backdoors, fuzzers, emulators, and code injection, while providing you some insight into how prebuilt Python tools can be harnessed when a custom solution isn't needed. You'll learn not only how to use Python-based tools but how to build tools in Python. But be forewarned, this is not an exhaustive reference! There are many, many infosec (information security) tools written in Python that I did not cover. However, this book will allow you to translate a lot of the same skills across applications so that you can use, debug, extend, and customize any Python tool of your choice. There are a couple of ways you can progress through this book. If you are new to Python or to building hacking tools, then you should read the book front to back, in order.


pages: 271 words: 52,814

Blockchain: Blueprint for a New Economy by Melanie Swan

23andMe, Airbnb, altcoin, Amazon Web Services, asset allocation, banking crisis, basic income, bioinformatics, bitcoin, blockchain, capital controls, cellular automata, central bank independence, clean water, cloud computing, collaborative editing, Conway's Game of Life, crowdsourcing, cryptocurrency, data science, digital divide, disintermediation, Dogecoin, Edward Snowden, en.wikipedia.org, Ethereum, ethereum blockchain, fault tolerance, fiat currency, financial innovation, Firefox, friendly AI, Hernando de Soto, information security, intangible asset, Internet Archive, Internet of things, Khan Academy, Kickstarter, Large Hadron Collider, lifelogging, litecoin, Lyft, M-Pesa, microbiome, Neal Stephenson, Network effects, new economy, operational security, peer-to-peer, peer-to-peer lending, peer-to-peer model, personalized medicine, post scarcity, power law, prediction markets, QR code, ride hailing / ride sharing, Satoshi Nakamoto, Search for Extraterrestrial Intelligence, SETI@home, sharing economy, Skype, smart cities, smart contracts, smart grid, Snow Crash, software as a service, synthetic biology, technological singularity, the long tail, Turing complete, uber lyft, unbanked and underbanked, underbanked, Vitalik Buterin, Wayback Machine, web application, WikiLeaks

Different parties have different definitions of what constitutes a Dapp. For example, Ethereum defines a smart contract/Dapp as a transaction protocol that executes the terms of a contract or group of contracts on a cryptographic blockchain.65 Our working definition of a Dapp is an application that runs on a network in a distributed fashion with participant information securely (and possibly pseudonymously) protected and operation execution decentralized across network nodes. Some current examples are listed in Table 2-4. There is OpenBazaar (a decentralized Craigslist), LaZooz (a decentralized Uber), Twister (a decentralized Twitter), Bitmessage (decentralized SMS), and Storj (decentralized file storage).


pages: 525 words: 142,027

CIOs at Work by Ed Yourdon

8-hour work day, Apple's 1984 Super Bowl advert, business intelligence, business process, call centre, cloud computing, crowdsourcing, distributed generation, Donald Knuth, fail fast, Flash crash, Free Software Foundation, Googley, Grace Hopper, information security, Infrastructure as a Service, Innovator's Dilemma, inventory management, Julian Assange, knowledge worker, Mark Zuckerberg, Multics, Nicholas Carr, One Laptop per Child (OLPC), rolodex, Salesforce, shareholder value, Silicon Valley, six sigma, Skype, smart grid, smart meter, software as a service, Steve Ballmer, Steve Jobs, Steven Levy, the new new thing, the scientific method, WikiLeaks, Y2K, Zipcar

The opportunity for compromise, for attack, I think one of the metaphors for the second half of the 20th century and now for this 21st century, is that society trails technology. Society evolves slower and the conventions of society and its mechanisms evolve far slower than technology does across a broad landscape in technology. Yourdon: Right. Fried: And I think this is true in these areas related to information security, information warfare. These things are deeply concerning to me, because, the technology’s evolved at such a rapid rate and these are powerful, powerful tools with a powerful, powerful ability to be misused, with many, many opportunities for attack. I’m really concerned about vulnerabilities and people’s ability to take advantage of them.

Yourdon: [laughter] Wakeman: It is disconcerting to know that there are organized groups out there, very sophisticated groups, that seek to steal information or shut down a company’s ability to operate on the Internet. Yourdon: Yeah. Wakeman: We work hard to protect the information we are entrusted with and use leading edge technologies to do so. A few years ago I created the position of Chief Information Security Officer and was fortunate enough to staff it with an outstanding security leader. He has built a great team that works every day to improve our ability to protect ETS’s information assets and monitor for potential threats. Yourdon: Right. Wakeman: His team is constantly looking for vulnerabilities and we always take care of them.


pages: 629 words: 142,393

The Future of the Internet: And How to Stop It by Jonathan Zittrain

A Declaration of the Independence of Cyberspace, algorithmic bias, Amazon Mechanical Turk, Andy Kessler, barriers to entry, behavioural economics, book scanning, Brewster Kahle, Burning Man, c2.com, call centre, Cass Sunstein, citizen journalism, Citizen Lab, Clayton Christensen, clean water, commoditize, commons-based peer production, corporate governance, Daniel Kahneman / Amos Tversky, digital divide, disruptive innovation, distributed generation, en.wikipedia.org, end-to-end encryption, Firefox, folksonomy, Free Software Foundation, game design, Hacker Ethic, Howard Rheingold, Hush-A-Phone, illegal immigration, index card, informal economy, information security, Internet Archive, jimmy wales, John Markoff, John Perry Barlow, license plate recognition, loose coupling, mail merge, Morris worm, national security letter, old-boy network, One Laptop per Child (OLPC), OSI model, packet switching, peer-to-peer, post-materialism, pre–internet, price discrimination, profit maximization, radical decentralization, Ralph Nader, RFC: Request For Comment, RFID, Richard Stallman, Richard Thaler, risk tolerance, Robert Bork, Robert X Cringely, SETI@home, Silicon Valley, Skype, slashdot, software patent, Steve Ballmer, Steve Jobs, Ted Nelson, Telecommunications Act of 1996, the Cathedral and the Bazaar, the long tail, The Nature of the Firm, The Wisdom of Crowds, Tragedy of the Commons, web application, wikimedia commons, Yochai Benkler, zero-sum game

Through a combination of regulatory suasion and industry best practices, such policies are now found on many Web sites, comprising little-read boilerplate answering questions about what information a Web site gathers about a user and what it does with the information. Frequently the answers are, respectively, “as much as it can” and “whatever it wants”—but, to some, this is progress. It allows scholars and companies alike to say that the user has been put on notice of privacy practices. Personal information security is another area of inquiry, and there have been some valuable policy innovations in this sphere. For example, a 2003 California law requires firms that unintentionally expose their customers’ private data to others to alert the customers to the security breach.14 This has led to a rash of well-known banks sending bashful letters to millions of their customers, gently telling them that, say, a package containing tapes with their credit card and social security numbers has been lost en route from one processing center to another.15 Bank of America lost such a backup tape with 1.2 million customer records in 2005.16 That same year, a MasterCard International security breach exposed information of more than 40 million credit card holders.17 Boston College lost 120,000 alumni records to hackers as a result of a breach.18 The number of incidents shows little sign of decreasing,19 despite the incentives provided by the embarrassment of disclosure and the existence of obvious ways to improve security practices.

., 18, 29, 57–59; and Internet compatibility, 28–29; lockdown of, 4, 5, 57, 102, 155–56, 164, 165; model of computing, 17; modularization of, 156; PC revolution, 3, 18; potential functionality sold with, 13; regulability of, 106; search across computers, 185; security dilemma of, 241; in sites where users are not owners, 4; and third-party storage, 186–88; “trapped,” 77; unsecured on Internet, 45; users as programmers for, 14, 15; virtual, 156; zombies, 46, 52, 54, 57, 166 personal identity management, 32–33 Pew Internet & American Life Project, 51 phishing, 47, 53, 99 photo recognition, 214–15 physical layer, 67–69 placeholders, 56 plagiarism, 244 plastic, adaptability of, 72 PlayMedia, 104, 108 Pledgebank, 148, 243 pornography, child, 111 Posner, Eric, 213 Post, David, 123 Postel’s Law, 134 post hoc remedies, 122 post hoc scrubs, 116 Postman, Neil, 93 preemption, 108 press conference behavior, 212–13, 229 prime time, being ready for (and the generative Net), 153–54 prior restraints, 115, 122 Privacy Act (1974), 202 privacy: administrative burdens of, 221–22; and captchas, 208; and cheap sensors, 206, 208–9, 210, 216, 221; code-backed norms, 223–28; Constitutional support of, 112, 185–86, 188; and consumer protection law, 177; contextualization, 229–31; data genealogy, 225–28; enforceability of, 112–14; and generation gap, 231–34; and government power, 117–19, 186–88; HEW report (1973) on, 201–5, 222, 233–34; and industry self-regulation, 203; involuntary celebrities, 210–14; “just deal with it,” 111–12; and peer production, 206–16; personal information security, 203–4; Privacy 1.0, 201–5, 208, 215, 216, 222, 232; Privacy 2.0, 205–34; as proxies for other limitations, 112; public vs. private behavior, 212–16; and reputation, 216–21, 228–29; search and seizure, 112; sensitivity identified with, 202; and third-party storage, 185–88; and ubiquitous surveillance, 109–10, 206, 209–16; on Web sites, 203, 226 privacy “tags,” 227 procrastination principle: and Digital Millennium Copyright Act, 119–20; in generative systems, 152, 164, 180, 242, 245; in Internet design, 33, 34; and Morris worm, 39–40; in networks, 31, 33, 99, 164; in operating systems, 69; and Wikipedia, 134, 135; in XO, 237, 240 Prodigy, 7, 23, 24, 81, 157 proprietary rights thickets, 188–92 protocol layer, 39, 67–69 punch card system, 11 QTel, 157 quasi-contracts, 184 Radin, Margaret, 233 radio broadcasts, jamming of, 106 radio frequency identifiers (RFIDs), 203 Radio Shack, 75-in-1 Electronic Project Kit, 14, 73 Rand, Ayn, 143 Raymond, Eric, 137 “Realtime Blackhole List,” 169 reCAPTCHA, 208, 227 Reed, David, 31 Reidenberg, Joel, 104 reputation bankruptcy, 228–29 reputationdefender.com, 230 reputation systems, 216–21; buddy lists, 219–20; correcting or identifying mistakes on, 220; identity systems, 220; search engines, 217, 220–21; user rankings, 146, 217–18, 221; whole-person ratings, 218–19 RFC 1135, “The Helminthiasis of the Internet,” 39 robots, spam messages from, 207–8 robot signaling, 223 robots.txt, 223–25, 227, 243 Rosen, Jeffrey, 216 RSS (really simple syndication), 56 Saltzer, Jerry, 31 Samuelson, Pamela, 225–26 Sanger, Larry, 133, 142–43, 145 Sapphire/Slammer worm, 47 satellite TV, 181, 182 Saudi Arabia, information control in, 113, 180 Scherf, Steve, 145–46 search engines, 220–21, 223, 226, 227; creation of, 224; user rankings, 217 Second Amendment, 117 SEC v.


pages: 548 words: 147,919

How Everything Became War and the Military Became Everything: Tales From the Pentagon by Rosa Brooks

airport security, Albert Einstein, Berlin Wall, big-box store, clean water, cognitive dissonance, continuation of politics by other means, different worldview, disruptive innovation, driverless car, drone strike, Edward Snowden, facts on the ground, failed state, illegal immigration, information security, Internet Archive, John Markoff, Mark Zuckerberg, moral panic, no-fly zone, Oklahoma City bombing, operational security, pattern recognition, Peace of Westphalia, personalized medicine, RAND corporation, Silicon Valley, South China Sea, technological determinism, Timothy McVeigh, Turing test, unemployed young men, Valery Gerasimov, Wall-E, War on Poverty, WikiLeaks, Yochai Benkler

Throw in the people with lower-level clearances and we get up to more than four million, or nearly 2 percent of the adult population of the United States.50 Who let all those people into the club? As a result, the government keeps finding new ways to distinguish between levels and types of access, and more and more documents and programs are reflexively given a high classification, even when there’s really no secret to keep. The government’s Information Security Oversight Office reported that 92 million decisions to classify information were made in 2011 alone, representing a 20 percent increase in classification decisions from 2010 and a 40 percent increase from 2009.51 And as I said, this problem isn’t new. A 2011 report by the Brennan Center for Justice offers some choice glimpses into history.

., 81, 93 Hussein, Saddam, 26, 29, 31, 98, 144, 266, 329 idealism, American, harmful consequences of, 97–101 Iliad, The (Homer), 170 Imagined Communities (Anderson), 400 immigration: data collection and, 302 war on terror and, 301–3 Immigration and Customs Enforcement (ICE), 302 Immigration and Naturalization Service, 301–2 imminent threat, U.S. definition of, 286–87, 291 improvised explosive devices (IEDs), 78, 89, 98, 100, 135, 159, 260, 329, 331, 333 India, 183–84 British rule in, 257 Indonesia, 241 Industrial Revolution, 264 information, classified: in court cases, 301 declassification of, 126–27 overclassification of, 124–28, 301 unauthorized disclosure of, 127–28 information revolution, 264 Information Security Oversight Office, 125 infrastructure, cyber warfare and, 131 Innocent II, Pope, 109 Institute for Policy Studies, 271 insurgents, 41 Intelligence Authorization Act, 122 intelligence community, U.S., 258 blurred line between military and, 118, 122–23 budget of, 19 lethal covert action eschewed by, 118–19 post-9/11 refocusing of, 119 interconnectedness, global, 10, 11, 23 cyber warfare and, 130–31 downside of, 263 geopolitical uncertainty and, 261–67 rule of law of, 283 International Commission on Intervention and State Sovereignty (ICISS), 249, 250 Responsibility to Protect report of, 235–38, 249 International Committee of the Red Cross, 54, 189, 229, 391 international community: diverse makeup of, 226–27 failed states and, 225, 226 human rights and, 243, 340–41 Rwanda genocide and, 234 sovereignty and, 243 viewed as failed state, 227–28 International Criminal Court, 232–33, 243 International Criminal Tribunal for the Former Yugoslavia, see Hague Tribunal international governance, 253, 262 international law, 273 ambiguity and vagueness in, 283, 407 duress and, 204, 347 extrajudicial executions in, 274 general adherence to, 283 human rights and, see human rights law piracy and, 42–43, 49 sovereignty and, 227, 339, 356, 407 see also rule of law International Review of the Red Cross, 172 “International Strategy for Cyberspace,” 12 international system, 233, 245, 340, 364 effectiveness of, 282–83 gaps in, 290–91 need for new categories and rules in, 356, 357 and response to cataclysmic wars, 343–44 International Tennis Federation, 221 Internet, 10, 129, 130, 132 interrogation, enhanced, see torture interstate conflicts, decline in, 262, 264–65 Invention of Peace, The (Howard), 348–49 Iran, 259 Iraq, 12, 226, 227 author in, 30–32 Kuwait invaded by, 283 Iraq War, 4, 13, 29, 30–32, 33, 81–82, 83, 117, 143, 160, 218, 250, 258, 259, 291, 318, 332, 349 cost of, 103, 157 drone strikes in, 106 insurgency in, 92–93, 94, 97, 144, 329 Iraqi casualties in, 5, 97, 136–37, 157 long-term instability in wake of, 97–98, 101 Obama and, 103 private contractors and, 123 U.S. casualties in, 16, 18, 148, 157 WMD claims as justification for, 88 Irish Republic Army, 339 Iron Age, 264 Islamic extremism, 232, 259 Islamic State (ISIS), 10, 12, 97, 99, 133, 227, 273, 276–77, 285, 294, 295, 329, 332, 338, 348, 349 Italy, unification of, 229, 348 James II, king of England, 256 Japan: atomic bombing of, 133, 190, 191 World War II atrocities of, 190 Jara, Víctor, 272 Jefferson, Thomas, 48 Jews, 190 Jibaro Indians, 173–74 Johnson, Jeh, 34, 279 Joint Chiefs of Staff, 6, 15, 16, 71 Journal of International Law, 199 “JP 3–0: Doctrine for Joint Operations,” 82 Judge Advocate General’s Corps, 197–98 functions of, 198 Rule of Law Handbook of, 73 Judge Advocate General’s School, 199 justice, law vs., 362–63 Justice Department, U.S., 119, 202, 203 “imminent threat” as interpreted by, 286–87 Office of Legal Counsel at, 200 justice system, U.S., war on terror and, 296–97, 299–301 Kabbah, Ahmad Tejan, 27 Kabul, Afghanistan, 74–75, 76, 77 Kandahar, Afghanistan, 77 Kane, Tim, 327 Kansas State University, 147 Karadzic, Radovan, 26, 206, 207 Karsten, Rafael, 174 Karzai, Hamid, 76 Kellogg-Briand Pact, 189, 191 Kenya, 27 bombing of U.S. embassy in, 83, 223 Khadr, Omar, 60 “kill lists,” 115, 116, 133, 355 Klaidman, Daniel, 110 Knife Fights (Nagl), 92 Koh, Harold Hongju, 53, 115, 248 Kony, Joseph, 27 “Kony 2012” (video), 177 Koran, 184 Korean War, 257, 349 Kosovo, 80, 101, 241, 280 NATO bombing campaign in, 27, 243–44, 249, 401 Kotler, Steven, 134 Kuwait, 26, 142, 150–51, 153–54 Iraqi invasion of, 283 Kuwait City, 153 Kyrgyzstan, 307–9 Lakwena, Alice, 177 Lancaster, James, 256–57 law: categorization in, 346–47 humanitarian, see human rights law justice vs., 362–63 morality and, 363–64 as optimistic enterprise, 204, 339 see also international law; rule of law law of armed conflict, 55–57, 65, 66, 171–72, 183–203, 220, 224, 274–78, 283, 362–63 allowable use of force in, 194–95, 339 autonomous weapons and, 138 and blurred line between war and peace, 342 combatant immunity in, 195–96 cyber warfare as subject to, 131 distinction in, 196–97, 275, 405 drone strikes and, 288–89 due process and, 57, 63, 133 Dunant and, 187–89, 204, 216, 229–30, 365 Erdemovic case and, 204–16 Geneva Conventions and, 193–94 historical evolution of, 183–89 human rights and, 193 individualization of war and, 132–33 justified vs. unjustified violence in, 196–97 Lieber Code and, 185–87, 189, 204, 216, 348, 349, 365 9/11 attacks and, 275–76 private contractors and, 123 proportionality in, 196–97 protected persons in, 196–97 status-based killing scrutinized by, 133, 275–76, 289, 355 U.N.


pages: 579 words: 160,351

Breaking News: The Remaking of Journalism and Why It Matters Now by Alan Rusbridger

"World Economic Forum" Davos, accounting loophole / creative accounting, Airbnb, Andy Carvin, banking crisis, Bellingcat, Bernie Sanders, Bletchley Park, Boris Johnson, Brexit referendum, Cambridge Analytica, centre right, Chelsea Manning, citizen journalism, country house hotel, cross-subsidies, crowdsourcing, data science, David Attenborough, David Brooks, death of newspapers, Donald Trump, Doomsday Book, Double Irish / Dutch Sandwich, Downton Abbey, Edward Snowden, Etonian, Evgeny Morozov, fake news, Filter Bubble, folksonomy, forensic accounting, Frank Gehry, future of journalism, G4S, high net worth, information security, invention of movable type, invention of the printing press, Jeff Bezos, jimmy wales, Julian Assange, Large Hadron Collider, Laura Poitras, Mark Zuckerberg, Mary Meeker, Menlo Park, natural language processing, New Journalism, offshore financial centre, oil shale / tar sands, open borders, packet switching, Panopticon Jeremy Bentham, post-truth, pre–internet, ransomware, recommendation engine, Ruby on Rails, sexual politics, Silicon Valley, Skype, Snapchat, social web, Socratic dialogue, sovereign wealth fund, speech recognition, Steve Bannon, Steve Jobs, the long tail, The Wisdom of Crowds, Tim Cook: Apple, traveling salesman, upwardly mobile, WikiLeaks, Yochai Benkler

The pair would not be specific about what kind of law: whether the police would march through the front door or the government would go down the civil route to injunct us and order us to return all the Snowden material. I said we were still working on the documents and that it wasn’t for politicians to determine when a newspaper story had run its course. If they were worried about the Chinese in the flats opposite, why not send in some information security advisers to see if there were any flaws in the way we were holding the material? Of course, I could see their anxiety. The trouble was that the British authorities were stuck in a mindset about official secrecy that was the polar opposite of the Americans’ (‘we hate you having it, but we recognise and respect your right to report’).

We were left with the dossier intact – in New York – and a variety of mangled circuit boards in London. Quite what the point of the exercise was remains a mystery. The UK authorities showed little interest in the material we held at 536 Broadway – either in destroying it or advising on keeping it securely. Similarly, they offered no guidance to the NYT, Washington Post or Greenwald on information security. It felt like a piece of theatre designed to satisfy hawks in Whitehall. The former deputy prime minister Nick Clegg gave a glimpse of the mood towards Snowden inside government in his autobiography:‘The whole security establishment, backed by Number 10, the Home Office and all Conservative ministers, focused exclusively on the man and not the ball, working themselves up into a lather of indignation at his personal conduct, rather than grappling with the wider issues that his revelations clearly raised.’


pages: 214 words: 57,614

America at the Crossroads: Democracy, Power, and the Neoconservative Legacy by Francis Fukuyama

affirmative action, Ayatollah Khomeini, Berlin Wall, Bretton Woods, cuban missile crisis, David Brooks, European colonialism, failed state, Francis Fukuyama: the end of history, information security, Internet Archive, John Perry Barlow, Mikhail Gorbachev, Monroe Doctrine, mutually assured destruction, New Journalism, no-fly zone, oil-for-food scandal, race to the bottom, RAND corporation, rent-seeking, road to serfdom, Ronald Reagan, Ronald Reagan: Tear down this wall, transaction costs, uranium enrichment, War on Poverty, Washington Consensus

In most earlier historical periods the ability to inflict serious damage to a society lay only within the purview of states: the entire edifice of international relations theory is built around the presumption that states are the only Threat, Risk, and Preventive War significant players in world politics. If catastrophic destruction can be inflicted by non-state actors, then many of the concepts that informed security policy over the past two centuries— balance of power, deterrence, containment, and the like—lose their relevance. Deterrence theory in particular depends on the deployer of any form of WMD having a return address and with it equities that could be threatened in retaliation. The real question concerns the likelihood that Islamist terrorists could actually get their hands on a nuclear device, smallpox, or some other mass casualty-inducing weapon and use it on U.S. territory.


pages: 176 words: 55,819

The Start-Up of You: Adapt to the Future, Invest in Yourself, and Transform Your Career by Reid Hoffman, Ben Casnocha

Airbnb, Andy Kessler, Apollo 13, Benchmark Capital, Black Swan, business intelligence, Cal Newport, Clayton Christensen, commoditize, David Brooks, Donald Trump, Dunbar number, en.wikipedia.org, fear of failure, follow your passion, future of work, game design, independent contractor, information security, Jeff Bezos, job automation, Joi Ito, late fees, lateral thinking, Marc Andreessen, Mark Zuckerberg, Max Levchin, Menlo Park, out of africa, PalmPilot, Paul Graham, paypal mafia, Peter Thiel, public intellectual, recommendation engine, Richard Bolles, risk tolerance, rolodex, Salesforce, shareholder value, Sheryl Sandberg, side project, Silicon Valley, Silicon Valley startup, social web, Steve Jobs, Steve Wozniak, the strength of weak ties, Tony Hsieh, transaction costs, Tyler Cowen

When eBay acquired the company for $1.5 billion, PayPal staked its claim as a great Silicon Valley success story. Yet the PayPal Plan A did not look anything like the company looks today. In 1998 programmer Max Levchin teamed with derivatives trader Peter Thiel to create a “digital wallet”—an encryption platform that allowed you to store cash and information securely on your mobile phone. That soon evolved to software that allowed you to send and receive digital cash wirelessly and securely via a Palm Pilot (the first of several iterations) so that two friends could split a dinner tab using their PDAs. It was a neat idea that leveraged Max’s and Peter’s technology and finance backgrounds, respectively (complementary assets that gave them a competitive edge as founders).


pages: 198 words: 57,703

The World According to Physics by Jim Al-Khalili

accounting loophole / creative accounting, Albert Einstein, butterfly effect, clockwork universe, cognitive dissonance, cosmic microwave background, cosmological constant, dark matter, double helix, Ernest Rutherford, fake news, Fellow of the Royal Society, germ theory of disease, gravity well, heat death of the universe, Higgs boson, information security, Internet of things, Isaac Newton, Large Hadron Collider, Murray Gell-Mann, post-truth, power law, publish or perish, quantum entanglement, Richard Feynman, Schrödinger's Cat, Stephen Hawking, supercomputer in your pocket, the scientific method, time dilation

For example, highly accurate quantum gravimeters will be able to map tiny changes in the Earth’s gravitational field, so that geologists can locate new mineral deposits or locate pipes under roads to minimise disruption when workers need to access them. Quantum cameras will have sensors that let us see behind obstacles; quantum imaging will allow non-intrusive mapping of brain activity with the potential to tackle conditions like dementia. Quantum key distribution (QKD) will enable us to exchange information securely from one place to another. Quantum technologies will also help us build artificial molecular machines that can carry out a multitude of tasks. Medicine in particular is a good example of where the quantum world is likely to have a big impact in the coming years. Down at length scales even smaller than living cells, we are going to see a range of spectacular new technologies emerging, such as nanoparticles with unique quantum properties that allow them to attach to antibodies to help tackle infections, or to be ‘programmed’ to replicate only inside tumor cells, and even to take images of cells from the inside.


pages: 247 words: 60,543

The Currency Cold War: Cash and Cryptography, Hash Rates and Hegemony by David G. W. Birch

"World Economic Forum" Davos, Alan Greenspan, algorithmic management, AlphaGo, bank run, Big Tech, bitcoin, blockchain, Bretton Woods, BRICs, British Empire, business cycle, capital controls, cashless society, central bank independence, COVID-19, cross-border payments, cryptocurrency, Diane Coyle, disintermediation, distributed ledger, Donald Trump, driverless car, Elon Musk, Ethereum, ethereum blockchain, facts on the ground, fault tolerance, fiat currency, financial exclusion, financial innovation, financial intermediation, floating exchange rates, forward guidance, Fractional reserve banking, global reserve currency, global supply chain, global village, Hyman Minsky, information security, initial coin offering, Internet of things, Jaron Lanier, Kenneth Rogoff, knowledge economy, M-Pesa, Mark Zuckerberg, market clearing, market design, Marshall McLuhan, mobile money, Money creation, money: store of value / unit of account / medium of exchange, moral hazard, Network effects, new economy, Northern Rock, one-China policy, Overton Window, PalmPilot, pattern recognition, Pingit, QR code, quantum cryptography, race to the bottom, railway mania, ransomware, Real Time Gross Settlement, reserve currency, Satoshi Nakamoto, seigniorage, Silicon Valley, smart contracts, social distancing, sovereign wealth fund, special drawing rights, subscription business, the payments system, too big to fail, transaction costs, Vitalik Buterin, Washington Consensus

These algorithms are, essentially, from three different ‘families’ that rely on different sources of mathematical difficulty. Lattice cryptosystems are built using geometric structures known as lattices and are represented using matrices. Code-based systems use error-correcting codes, which have been used in information security for decades. Multivariate systems depend on the difficulty of solving a system of quadratic polynomial equations over a finite field. Early opinion sees lattice cryptosystems as both the most actively studied and the most flexible (Buchanan and Woodward 2016). They are capable of key exchanges, digital signatures and far more sophisticated constructions, such as fully homomorphic encryption, which, while not widely used now, might well be at the heart of future business infrastructure in response to the continuing cyberwar around us.


pages: 505 words: 161,581

The Founders: The Story of Paypal and the Entrepreneurs Who Shaped Silicon Valley by Jimmy Soni

activist fund / activist shareholder / activist investor, Ada Lovelace, AltaVista, Apple Newton, barriers to entry, Big Tech, bitcoin, Blitzscaling, book value, business logic, butterfly effect, call centre, Carl Icahn, Claude Shannon: information theory, cloud computing, Colonization of Mars, Computing Machinery and Intelligence, corporate governance, COVID-19, crack epidemic, cryptocurrency, currency manipulation / currency intervention, digital map, disinformation, disintermediation, drop ship, dumpster diving, Elon Musk, Fairchild Semiconductor, fear of failure, fixed income, General Magic , general-purpose programming language, Glass-Steagall Act, global macro, global pandemic, income inequality, index card, index fund, information security, intangible asset, Internet Archive, iterative process, Jeff Bezos, Jeff Hawkins, John Markoff, Kwajalein Atoll, Lyft, Marc Andreessen, Mark Zuckerberg, Mary Meeker, Max Levchin, Menlo Park, Metcalfe’s law, mobile money, money market fund, multilevel marketing, mutually assured destruction, natural language processing, Network effects, off-the-grid, optical character recognition, PalmPilot, pattern recognition, paypal mafia, Peter Thiel, pets.com, Potemkin village, public intellectual, publish or perish, Richard Feynman, road to serfdom, Robert Metcalfe, Robert X Cringely, rolodex, Sand Hill Road, Satoshi Nakamoto, seigniorage, shareholder value, side hustle, Silicon Valley, Silicon Valley startup, slashdot, SoftBank, software as a service, Startup school, Steve Ballmer, Steve Jobs, Steve Jurvetson, Steve Wozniak, technoutopianism, the payments system, transaction costs, Turing test, uber lyft, Vanguard fund, winner-take-all economy, Y Combinator, Y2K

In the days before Don’t Ask, Don’t Tell—when gays, lesbians, and bisexuals were forbidden from serving in the military—such “army marriages” were common. “I grew up a lot by watching all this,” Levchin said. Soon, one dark reality hit close to home. During Levchin’s tenure, the Army Corps of Engineers grew concerned about foreign employees and information security. Unfortunately for the research outpost at Urbana-Champaign, that meant potentially losing the vast share of its programming talent and leaving a complex computer system in the hands of staff unfamiliar with its upkeep. Levchin was on the chopping block as well, but his manager intervened: Levchin would continue working on his helicopter software, and he’d receive off-the-books payment in the form of computer parts.

“The development team was very in sync on values,” David Gausebeck recalled. “About the standard we should build to, especially around security and guarantees of correctness, it was, ‘Of course we have to make sure that this is bulletproof.’ ” The “impenetrable Russian” had come to feel that the financial services industry didn’t take information security seriously enough. Levchin and his team had closely studied the industry’s cybersecurity standards and came away underwhelmed. If the PayPal system was to be truly secure, hitting those marks wouldn’t be nearly enough. “There were standards already about how you’re supposed to secure them, but they covered maybe one-tenth of the way that an adversary could attack your system,” engineer Bob McGrew recalled.


Likewar: The Weaponization of Social Media by Peter Warren Singer, Emerson T. Brooking

4chan, active measures, Airbnb, augmented reality, barriers to entry, battle of ideas, Bellingcat, Bernie Sanders, Black Lives Matter, British Empire, Cambridge Analytica, Cass Sunstein, citizen journalism, Citizen Lab, Comet Ping Pong, content marketing, crony capitalism, crowdsourcing, data science, deep learning, digital rights, disinformation, disintermediation, Donald Trump, drone strike, Edward Snowden, en.wikipedia.org, Erik Brynjolfsson, Evgeny Morozov, fake news, false flag, Filter Bubble, global reserve currency, Google Glasses, Hacker Conference 1984, Hacker News, illegal immigration, information security, Internet Archive, Internet of things, invention of movable type, it is difficult to get a man to understand something, when his salary depends on his not understanding it, Jacob Silverman, John Gilmore, John Markoff, Kevin Roose, Kickstarter, lateral thinking, lolcat, Mark Zuckerberg, megacity, Menlo Park, meta-analysis, MITM: man-in-the-middle, Mohammed Bouazizi, Moneyball by Michael Lewis explains big data, moral panic, new economy, offshore financial centre, packet switching, Panopticon Jeremy Bentham, Parag Khanna, pattern recognition, Plato's cave, post-materialism, Potemkin village, power law, pre–internet, profit motive, RAND corporation, reserve currency, sentiment analysis, side project, Silicon Valley, Silicon Valley startup, Snapchat, social web, South China Sea, Steve Bannon, Steve Jobs, Steven Levy, Stewart Brand, systems thinking, too big to fail, trade route, Twitter Arab Spring, UNCLOS, UNCLOS, Upton Sinclair, Valery Gerasimov, We are Anonymous. We are Legion, We are as Gods, Whole Earth Catalog, WikiLeaks, Y Combinator, yellow journalism, Yochai Benkler

Galeotti, “The ‘Gerasimov Doctrine.’” 106 enshrined in Russian military theory: See Embassy of the Russian Federation to the United Kingdom of Great Britain and Northern Island, “The Military Doctrine of the Russian Federation,” news release, June 29, 2015 (policy adopted December 25, 2014), https://rusemb.org.uk/press/2029; Ministry of Foreign Affairs of the Russian Federation, “Doctrine of Information Security of the Russian Federation,” December 5, 2016, http://www.mid.ru/en/foreign_policy/official_documents/-/asset_publisher/CptICkB6BZ29/content/id/2563163. 106 “war on information warfare”: Jolanta Darczewska, The Anatomy of Russian Information Warfare: The Crimean Operation, a Case Study, Point of View, no. 42 (Centre for Eastern Studies, May 2014), 10https://www.osw.waw.pl/sites/default/files/the_anatomy_of_russian_information_warfare.pdf, 13. 107 conglomerate of nearly seventy-five: Ibid., 10. 107 the “4 Ds”: Ben Nimmo, “Anatomy of an Info-War: How Russia’s Propaganda Machine Works, and How to Counter It,” StopFake, May 19, 2015, https://www.stopfake.org/en/anatomy-of-an-info-war-how-russia-s-propaganda-machine-works-and-how-to-counter-it/. 107 identity and mission shifted: Dougherty, “How the Media Became.” 107 $30 million: Simon Shuster, “Russia Today: Inside Putin’s On-Air Machine,” Time, March 5, 2015, http://time.com/rt-putin/. 107 approximately $400 million: Gabrielle Tetrault-Farber, “Looking West, Russia Beefs Up Spending on Global Media Giants,” Moscow Times, September 23, 2014, https://themoscowtimes.com/articles/looking-west-russia-beefs-up-spending-on-global-media-giants-39708. 107 “weapons system”: Shuster, “Russia Today.” 107 “The phone exists”: Ibid. 107 more YouTube subscribers: “Assessing Russian Activities and Intentions in Recent US Elections” (Intelligence Community Assessment, Office of the Director of National Intelligence, January 6, 2017), 10, https://www.dni.gov/files/documents/ICA_2017_01.pdf. 108 RT has promoted: Matthew Bodner, Matthew Kupfer, and Bradley Jardine, “Welcome to the Machine: Inside the Secretive World of RT,” Moscow Times, June 1, 2017, https://themoscowtimes.com/articles/welcome-to-the-machine-inside-the-secretive-world-of-rt-58132. 108 “‘Question More’ is not about”: Matthew Armstrong, “RT as a Foreign Agent: Political Propaganda in a Globalized World,” War on the Rocks, May 4, 2015, https://warontherocks.com/2015/05/rt-as-a-foreign-agent-political-propaganda-in-a-globalized-world/. 108 Sputnik International: “Major News Media Brand ‘Sputnik’ Goes Live November 10,” Sputnik, October 11, 2014, https://sputniknews.com/russia/201411101014569630/. 108 Baltica targets audiences: Inga Springe et al., “Sputnik’s Unknown Brother,” Re:Baltica, April 6, 2017, https://en.rebaltica.lv/2017/04/sputniks-unknown-brother/. 108 first source of this false report: Ben Nimmo, “Three Thousand Fake Tanks,” @DFRLLab (blog), Medium, January 12, 2017, https://medium.com/@DFRLab/three-thousand-fake-tanks-575410c4f64d. 109 all-out assault: Matthew Sparkes, “Russian Government Edits Wikipedia on Flight MH17,” The Telegraph, July 18, 2014, http://www.telegraph.co.uk/technology/news/10977082/Russian-government-edits-Wikipedia-on-flight-MH17.html. 109 “Questions over Why”: Paul Szoldra, “Here’s the Ridiculous Way Russia’s Propaganda Channel Is Covering the Downed Malaysia Airliner,” Business Insider Australia, July 19, 2014, https://www.businessinsider.com.au/rt-malaysia-airlines-ukraine-2014-7#JhJsCOWZzphQ00IG.99. 109 Russian Union of Engineers: Eliot Higgins, “SU-25, MH17 and the Problems with Keeping a Story Straight,” Bellingcat, January 10, 2015, https://www.bellingcat.com/news/uk-and-europe/2015/01/10/su-25-mh17-and-the-problems-with-keeping-a-story-straight/. 110 bad photoshop job: Veli-Pekka Vivimäki, “Russian State Television Shares Fake Images of MH17 Being Attacked,” Bellingcat, November 14, 2014, https://www.bellingcat.com/news/2014/11/14/russian-state-television-shares-fake-images-of-mh17-being-attacked/. 110 “It came from”: Max Seddon, “Russian TV Airs Clearly Fake Image to Claim Ukraine Shot Down MH17,” BuzzFeed, November 15, 2014, https://www.buzzfeed.com/maxseddon/russian-tv-airs-clearly-fake-image-to-claim-ukraine-shot-dow?

,” Comparative Strategy 12, no. 2 (1993): 141–65, https://www.rand.org/content/dam/rand/pubs/reprints/2007/RAND_RP223.pdf. 182 “information is becoming”: Ibid. 183 “It means trying”: Ibid. 183 essentially a dead topic: Ronfeldt interview. 183 “Our hope was”: John Arquilla, phone interview with author, November 3, 2014. 184 “global information warfare”: Jolanta Darczewska, The Anatomy of Russian Information Warfare: The Crimean Operation, A Case Study, Point of View, no. 42 (Centre for Eastern Studies, May 2014). 184 release of an atomic bomb: Ulrik Franke, “War by Non-military Means: Understanding Russian Information Warfare” (report, Swedish Ministry of Defense, March 2015), 27, http://johnhelmer.net/wp-content/uploads/2015/09/Sweden-FOI-Mar-2015-War-by-non-military-means.pdf. 184 “blur the traditional”: Ministry of Foreign Affairs of the Russian Federation, “Doctrine of Information Security of the Russian Federation,” December 5, 2016, http://www.mid.ru/en/foreign_policy/official_documents/-/asset_publisher/CptICkB6BZ29/content/id/2563163. 184 “a system of spiritual”: Franke, “War by Non-military Means,” 12. 184 “measures aiming to pre-empt”: Ibid., 11. 184 “three warfares”: Information at War: From China’s Three Warfares to NATO’s Narratives, Beyond Propaganda (Transitions Forum, Legatum Institute, September 2015), https://stratcomcoe.org/legatum-institute-information-war-chinas-three-warfares-natos-narratives. 185 “War is accelerating”: State Council Information Office of the People’s Republic of China, “China’s Military Strategy (2015)” (report, May 2015), https://jamestown.org/wp-content/uploads/2016/07/China%E2%80%99s-Military-Strategy-2015.pdf. 185 Operation Earnest Voice: Nick Fielding and Ian Cobain, “Revealed: US Spy Operation That Manipulates Social Media,” The Guardian, March 17, 2011, https://www.theguardian.com/technology/2011/mar/17/us-spy-operation-social-networks. 185 “allow one U.S. serviceman”: Ibid. 185 In 2015, Britain formed: Ewen MacAskill, “British Army Creates Team of Facebook Warriors,” The Guardian, January 31, 2015, https://www.theguardian.com/uk-news/2015/jan/31/british-army-facebook-warriors-77th-brigade. 185 “agent of change”: “77th Brigade,” British Army, accessed October 5, 2017, http://www.army.mod.uk/structure/39492.aspx?


PostgreSQL Cookbook by Chitij Chauhan

database schema, Debian, fault tolerance, GnuPG, Google Glasses, index card, information security

Since all company-related information is stored in databases, it becomes imperative that controls be placed on data access and only authorized persons be allowed to access relevant data. It is in this context that database security is of utmost importance because it is important to ensure that the information stored in databases is protected against malicious attempts to view and modify data by hackers or people with malicious intent. Database security deals with the information security measures that are undertaken to protect databases in order to ensure confidentiality, integrity, and availability of data. Databases need to be protected against various risks and threats, such as misuse by authorized database users, malicious attempts made by hackers to steal information or damage data, design flaws and software bugs in databases that lead to various security vulnerabilities that are exploited by hackers, data corruption that might be caused by wrong input and mistakes by humans, the possibility of data being sabotaged, and the administrator tendency of keeping a default schema password which might lead to unauthorized access to data by people with malicious intent.


The Techno-Human Condition by Braden R. Allenby, Daniel R. Sarewitz

"World Economic Forum" Davos, Abraham Maslow, airport security, Anthropocene, augmented reality, carbon credits, carbon footprint, clean water, cognitive dissonance, cognitive load, coherent worldview, conceptual framework, creative destruction, Credit Default Swap, decarbonisation, different worldview, Edward Jenner, facts on the ground, friendly fire, Hans Moravec, industrial cluster, information security, Intergovernmental Panel on Climate Change (IPCC), invisible hand, Isaac Newton, Jane Jacobs, land tenure, Lewis Mumford, life extension, Long Term Capital Management, market fundamentalism, mutually assured destruction, Nick Bostrom, nuclear winter, Peter Singer: altruism, planetary scale, precautionary principle, prediction markets, radical life extension, Ralph Waldo Emerson, Ray Kurzweil, Silicon Valley, smart grid, source of truth, stem cell, Stewart Brand, synthetic biology, technoutopianism, the built environment, The Wealth of Nations by Adam Smith, transcontinental railway, We are as Gods, Whole Earth Catalog

For a fuller treatment of these issues, see Sarewitz et al. 2000. 3. Such failures are systemic. Even today, the educational process that creates the civil, environmental, mechanical, and industrial engineering graduates who are designing ICT functionality into these systems are seldom if ever introduced to concepts of information security. 4. Standards arise when technology systems must work with other technologies (in which case the standard governs interfaces between technologies), or when standards are necessary for a technology to link more widely. An example of the latter is rail gauges: interconnectivity of rail systems required standards (Shapiro and Varian 1999, who suggest this example, also illustrate its strategic use in noting that the Finns deliberately chose rail gauges different from the Soviet rail system to help prevent invasion).


pages: 257 words: 64,973

Intrusion Detection With Snort, Apache, Mysql, Php, and Acid by Rafeeq Ur Rehman

Chuck Templeton: OpenTable:, database schema, Free Software Foundation, information security, stealth mode startup, web application

Some vendor-specific IDS need updates from the vendor to add new signatures when a new type of attack is discovered. In other IDS, like Snort, you can update signatures yourself. 1.1.1.5 Alerts Alerts are any sort of user notification of an intruder activity. When an IDS detects an intruder, it has to inform security administrator about this using alerts. Alerts may be in the form of pop-up windows, logging to a console, sending e-mail and so on. Alerts are also stored in log files or databases where they can be viewed later on by security experts. You will find detailed information about alerts later in this book.


pages: 238 words: 46

When Things Start to Think by Neil A. Gershenfeld

3D printing, Ada Lovelace, Bretton Woods, cellular automata, Charles Babbage, Claude Shannon: information theory, Computing Machinery and Intelligence, disinformation, Dynabook, Hedy Lamarr / George Antheil, I think there is a world market for maybe five computers, information security, invention of movable type, Iridium satellite, Isaac Newton, Jacquard loom, Johannes Kepler, John von Neumann, low earth orbit, means of production, new economy, Nick Leeson, packet switching, RFID, speech recognition, Stephen Hawking, Steve Jobs, telemarketer, the medium is the message, Turing machine, Turing test, Vannevar Bush, world market for maybe five computers

Without entanglement a quantum computer would have the same problem as a DNA computer, trying many answers at the same time and then having to locate the correct one, like trying to find a needle in a haystack. With entanglement, a single quantum computer can be certain to solve a factoring problem. Naturally, the three-letter agencies (NSA, CIA, ... ) panicked. Here was a very real threat to information security, coming from an entirely unexpected quarter. Since by that time the result was already widely known they couldn't cover it up, but they could try to keep ahead of the competition. So they started showing up at meetings, in effect offering a purchase order to anyone who would build them a quantum computer.


pages: 212 words: 68,690

Independent Diplomat: Dispatches From an Unaccountable Elite by Carne Ross

Abraham Maslow, barriers to entry, blood diamond, carbon tax, cuban missile crisis, Doha Development Round, energy security, Francis Fukuyama: the end of history, Global Witness, income inequality, information security, iterative process, meta-analysis, oil-for-food scandal, one-China policy, Peace of Westphalia, Pearl River Delta, stakhanovite, Thomas Kuhn: the structure of scientific revolutions, Tragedy of the Commons, zero-sum game

There exactly the same arguments would be repeated, except by different people and with more or less fluency, depending on the individual — the Russian ambassador, for instance, was not only a brilliant and lucid advocate in English, but also had a thorough familiarity with the arguments. The only other significant difference was that the ambassadorial discussion would take place in another room, this time the “informal” Security Council chamber. The result, needless to say, was total deadlock. Negotiation became a tedious recitation of their “facts” and our “facts”, thrown to and fro across the table. We only persisted in this trench warfare because each of us was trying to convince the non-permanent members that we were right, in the hope that this would convince them later to vote for this or that proposal in the resolution.


pages: 234 words: 63,149

Every Nation for Itself: Winners and Losers in a G-Zero World by Ian Bremmer

airport security, banking crisis, barriers to entry, Berlin Wall, blood diamond, Bretton Woods, BRICs, capital controls, clean water, creative destruction, Deng Xiaoping, Doha Development Round, energy security, European colonialism, failed state, global rebalancing, global supply chain, Global Witness, income inequality, informal economy, information security, Intergovernmental Panel on Climate Change (IPCC), Julian Assange, Kickstarter, Martin Wolf, mass immigration, Mikhail Gorbachev, military-industrial complex, mutually assured destruction, Nelson Mandela, Nixon shock, Nixon triggered the end of the Bretton Woods system, no-fly zone, nuclear winter, Parag Khanna, purchasing power parity, reserve currency, Ronald Reagan, smart grid, South China Sea, sovereign wealth fund, special economic zone, Stuxnet, trade route, uranium enrichment, Washington Consensus, WikiLeaks, Yom Kippur War

At the same time, governments have discovered both opportunities to use the Internet for their own purposes and vulnerabilities that must be protected. Those that can afford it have begun to develop the technology needed to militarize cyberspace. Today, ICANN faces considerable pressure from several governments, particularly China and Russia, to provide tools that enhance their “information security,” a move that amounts to a declaration of sovereignty over sections of the Internet and the beginnings of a surveillance society online. The threats that governments are trying to manage via the Internet include some that almost anyone would consider legitimate, like terrorism, and others more likely to excite controversy, like control of political activism.


pages: 420 words: 61,808

Flask Web Development: Developing Web Applications With Python by Miguel Grinberg

business logic, database schema, Firefox, full text search, information security, Minecraft, platform as a service, web application

When the user clicks the link, the view function that handles this route receives the user id to confirm as an argument and can easily update the confirmed status of the user. But this is obviously not a secure implementation, as any user who figures out the format of the confirmation links will be able to confirm arbitrary accounts just by sending random numbers in the URL. The idea is to replace the id in the URL with a token that contains the same information securely encrypted. If you recall the discussion on user sessions in Chapter 4, Flask uses cryptographically signed cookies to protect the content of user sessions against tampering. These secure cookies are signed by a package called itsdangerous. The same idea can be applied to confirmation tokens.


pages: 226 words: 65,516

Kings of Crypto: One Startup's Quest to Take Cryptocurrency Out of Silicon Valley and Onto Wall Street by Jeff John Roberts

4chan, Airbnb, Alan Greenspan, altcoin, Apple II, Bernie Sanders, Bertram Gilfoyle, Big Tech, bitcoin, blockchain, Blythe Masters, Bonfire of the Vanities, Burning Man, buttonwood tree, cloud computing, coronavirus, COVID-19, creative destruction, Credit Default Swap, cryptocurrency, democratizing finance, Dogecoin, Donald Trump, double helix, driverless car, Elliott wave, Elon Musk, Ethereum, ethereum blockchain, family office, financial engineering, Flash crash, forensic accounting, hacker house, Hacker News, hockey-stick growth, index fund, information security, initial coin offering, Jeff Bezos, John Gilmore, Joseph Schumpeter, litecoin, Marc Andreessen, Mark Zuckerberg, Masayoshi Son, Menlo Park, move fast and break things, Multics, Network effects, offshore financial centre, open borders, Paul Graham, Peter Thiel, Ponzi scheme, prediction markets, proprietary trading, radical decentralization, ransomware, regulatory arbitrage, reserve currency, ride hailing / ride sharing, Robert Shiller, rolodex, Ross Ulbricht, Sam Altman, Sand Hill Road, Satoshi Nakamoto, sharing economy, side hustle, Silicon Valley, Silicon Valley ideology, Silicon Valley startup, smart contracts, SoftBank, software is eating the world, Startup school, Steve Ballmer, Steve Jobs, Steve Wozniak, transaction costs, Vitalik Buterin, WeWork, work culture , Y Combinator, zero-sum game

In 2016, Balaji’s expertise on genetics had led the new Trump administration to interview him to run the Food and Drug Administration. As for crypto, Balaji saw it as a subject best left to geniuses. “Blockchains are the most complicated piece of technology to arrive since browsers or operating systems,” he declares. “They require a deep understanding of cryptography, game theory, networking, information security, distributed systems, databases, and systems programming. Only a handful of people have that sort of knowledge.” Left unspoken was that Balaji saw himself as one of those people. Coinbase, though, had sought out Balaji for more than his smarts. Since Fred’s departure in early 2017, Brian had found it lonely at the top.


Team Topologies: Organizing Business and Technology Teams for Fast Flow by Matthew Skelton, Manuel Pais

anti-pattern, business logic, business process, call centre, cognitive load, continuous integration, Conway's law, database schema, DevOps, different worldview, Dunbar number, holacracy, information security, Infrastructure as a Service, Internet of things, Jeff Bezos, Kanban, Kickstarter, knowledge worker, Kubernetes, Lean Startup, loose coupling, meta-analysis, microservices, Norbert Wiener, operational security, platform as a service, pull request, remote working, systems thinking, two-pizza team, web application

Pact has really helped us to adopt a clear, defined approach to testing services, setting expectations across all teams about how to test and interact with other teams. Most of our delivery teams are aligned to business domain bounded contexts such as email, calendar, people, surveys, and so on. We also have a few parts of the system that align to regulatory boundaries (particularly ISO 27001 for information security management) and to the need for cross-domain reporting of feature usage. These areas are handled by either a small specialist team or through collaboration across several teams. We also have a team that helps to provide consistent user experience (UX) across all parts of the software. The UX team acts as internal consultants across all the delivery teams, enabling them to adopt good UX practices quickly.


pages: 1,302 words: 289,469

The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws by Dafydd Stuttard, Marcus Pinto

business logic, call centre, cloud computing, commoditize, database schema, defense in depth, easy for humans, difficult for computers, Firefox, information retrieval, information security, lateral thinking, machine readable, MITM: man-in-the-middle, MVC pattern, optical character recognition, Ruby on Rails, SQL injection, Turing test, Wayback Machine, web application

Josh Pauli received his Ph.D. in Software Engineering from North Dakota State University (NDSU) with an emphasis in secure requirements engineering and now serves as an Associate Professor of Information Security at Dakota State University (DSU). Dr. Pauli has published nearly 20 international journal and conference papers related to software security and his work includes invited presentations from the Department of Homeland Security and Black Hat Briefings. He teaches both undergraduate and graduate courses in system software security and web software security at DSU. Dr. Pauli also conducts web application penetration tests as a Senior Penetration Tester for an Information Security consulting firm where his duties include developing hands-on technical workshops in the area of web software security for IT professionals in the financial sector.

Although a full-blown description is outside the scope of this book, the following are some useful resources if you want to know more about reverse engineering of native code components and related topics: ■ Reversing: Secrets of Reverse Engineering by Eldad Eilam ■ Hacker Disassembling Uncovered by Kris Kaspersky ■ The Art of Software Security Assessment by Mark Dowd, John McDonald, and Justin Schuh ■ Fuzzing for Software Security Testing and Quality Assurance (Artech House Information Security and Privacy ) by Ari Takanen, Jared DeMott, and Charlie Miller ■ The IDA Pro Book: The Unofficial Guide to the World's Most Popular Disassembler by Chris Eagle ■ www.acm.uiuc.edu/sigmil/RevEng ■ www.uninformed.org/?v=l&a=7 154 Chapter 5 Bypassing Client-Side Controls Handling Client-Side Data Securely As you have seen, the core security problem with web applications arises because client-side components and user input are outside the server's direct control.


pages: 263 words: 75,610

Delete: The Virtue of Forgetting in the Digital Age by Viktor Mayer-Schönberger

digital divide, en.wikipedia.org, Erik Brynjolfsson, Firefox, full text search, George Akerlof, information asymmetry, information retrieval, information security, information trail, Internet Archive, invention of movable type, invention of the printing press, John Markoff, Joi Ito, lifelogging, moveable type in China, Network effects, packet switching, Panopticon Jeremy Bentham, pattern recognition, power law, RFID, slashdot, Steve Jobs, Steven Levy, systematic bias, The Market for Lemons, The Structural Transformation of the Public Sphere, Vannevar Bush, Yochai Benkler

This is a tall order, and one not likely to be accomplished any time soon, but it may possibly be the only path forward in creating a technical solution—a DRM system—to manage and enforce individuals’ control over their personal information.25 Until then, such comprehensive DRM systems offer no help in finding a suitable response to digital remembering. Perhaps though, we have simply envisioned DRM systems as too comprehensive and all-encompassing. Maybe a system offering a much less wide-ranging solution could be achieved using existing technology, while retaining efficiency. This is what Princeton information security expert Edward Felten and his colleagues have proposed: a “privacy management system” that facilitates negotiating usage and enforcement of control over personal information between two parties.26 Unlike a pure property system, Felten’s is based on direct and shared consent between the parties involved.


pages: 266 words: 80,018

The Snowden Files: The Inside Story of the World's Most Wanted Man by Luke Harding

affirmative action, air gap, airport security, Anton Chekhov, Apple's 1984 Super Bowl advert, Berlin Wall, Big Tech, Bletchley Park, Chelsea Manning, disinformation, don't be evil, drone strike, Edward Snowden, Etonian, Firefox, Google Earth, information security, Jacob Appelbaum, job-hopping, Julian Assange, Khan Academy, kremlinology, Laura Poitras, Mark Zuckerberg, Maui Hawaii, MITM: man-in-the-middle, national security letter, operational security, Panopticon Jeremy Bentham, pre–internet, Ralph Waldo Emerson, rolodex, Rubik’s Cube, Silicon Valley, Skype, social graph, Steve Jobs, TechCrunch disrupt, undersea cable, web application, WikiLeaks

So was Oliver Robbins, the deputy national security adviser who had forced the Guardian to bash up its own laptops. Lawyers acting for Miranda challenged his detention in the High Court. In a blistering affidavit, Robbins said the Snowden disclosures had hurt national security. He offered no proof but accused Greenwald of ‘very poor information security practice’. This was ironic: it was the British agency GCHQ that had lost control of sensitive information, not the Guardian. Robbins made no mention of the UK’s dysfunctional intelligence-sharing deal with the NSA, which apparently meant thousands of American officials – and passing private contractors – could read top-secret GCHQ files.


pages: 255 words: 78,207

Web Scraping With Python: Collecting Data From the Modern Web by Ryan Mitchell

AltaVista, Amazon Web Services, Apollo 13, cloud computing, Computing Machinery and Intelligence, data science, en.wikipedia.org, Firefox, Guido van Rossum, information security, machine readable, meta-analysis, natural language processing, optical character recognition, random walk, self-driving car, Turing test, web application

This is most commonly accomplished by writing an automated program that queries a web server, requests data (usually in the form of the HTML and other files that comprise web pages), and then parses that data to extract needed informa‐ tion. In practice, web scraping encompasses a wide variety of programming techniques and technologies, such as data analysis and information security. This book will cover the basics of web scraping and crawling (Part I), and delve into some of the advanced topics in Part II. Why Web Scraping? If the only way you access the Internet is through a browser, you’re missing out on a huge range of possibilities. Although browsers are handy for executing JavaScript, displaying images, and arranging objects in a more human-readable format (among other things), web scrapers are excellent at gathering and processing large amounts of data (among other things).


pages: 290 words: 73,000

Algorithms of Oppression: How Search Engines Reinforce Racism by Safiya Umoja Noble

A Declaration of the Independence of Cyberspace, affirmative action, Airbnb, algorithmic bias, Alvin Toffler, Black Lives Matter, borderless world, cloud computing, conceptual framework, critical race theory, crowdsourcing, data science, desegregation, digital divide, disinformation, Donald Trump, Edward Snowden, fake news, Filter Bubble, Firefox, Future Shock, Gabriella Coleman, gamification, Google Earth, Google Glasses, housing crisis, illegal immigration, immigration reform, information retrieval, information security, Internet Archive, Jaron Lanier, John Perry Barlow, military-industrial complex, Mitch Kapor, Naomi Klein, new economy, Northpointe / Correctional Offender Management Profiling for Alternative Sanctions, PageRank, performance metric, phenotype, profit motive, Silicon Valley, Silicon Valley ideology, Snapchat, the long tail, Tim Cook: Apple, union organizing, women in the workforce, work culture , yellow journalism

So when accidents happen—if your computer crashes or gets stolen—you can be up and running again in seconds. Lastly, we rigorously track the location and status of each hard drive in our data centers. We destroy hard drives that have reached the end of their lives in a thorough, multi-step process to prevent access to the data. Our security team is on-duty 24x7. Our full-time Information Security Team maintains the company’s perimeter defense systems, develops security review processes, and builds our customized security infrastructure. It also plays a key role in developing and implementing Google’s security policies and standards. At the data centers themselves, we have access controls, guards, video surveillance, and perimeter fencing to physically protect the sites at all times.20 The language of privacy and security, as articulated by Google’s statements on data protection, does not address what happens when you want your data to be deleted or forgotten.


pages: 264 words: 74,313

Wars, Guns, and Votes: Democracy in Dangerous Places by Paul Collier

business cycle, carbon tax, dark matter, deskilling, failed state, information security, military-industrial complex, moral hazard, Nelson Mandela, out of africa, price stability, structural adjustment programs, Suez crisis 1956, zero-sum game

Inside the Cauldron 87 The key question was whether this guarantee had actually reduced the incidence of civil war. This question needs a model of the risk of civil war. Such a model can be used to address a range of important questions, but here I will just give you this particular answer. Did the French informal security guarantee reduce the incidence of civil war? We found that it was highly effective. Francophone Africa had characteristics that would otherwise have made it prone to warfare: the actual incidence was much lower than would have been expected. Statistically, the guarantee significantly and substantially reduced the risk of conflict by nearly three-quarters.


Raw Data Is an Oxymoron by Lisa Gitelman

23andMe, collateralized debt obligation, computer age, continuous integration, crowdsourcing, disruptive innovation, Drosophila, Edmond Halley, Filter Bubble, Firefox, fixed income, folksonomy, Google Earth, Howard Rheingold, index card, informal economy, information security, Isaac Newton, Johann Wolfgang von Goethe, knowledge worker, Large Hadron Collider, liberal capitalism, lifelogging, longitudinal study, Louis Daguerre, Menlo Park, off-the-grid, optical character recognition, Panopticon Jeremy Bentham, peer-to-peer, RFID, Richard Thaler, Silicon Valley, social graph, software studies, statistical model, Stephen Hawking, Steven Pinker, text mining, time value of money, trade route, Turing machine, urban renewal, Vannevar Bush, WikiLeaks

The concepts of “personal” and “nonpersonal” are, as one would expect, somewhat mutable in the context of dataveillance. The single cookie assigned to each machine is not automatically attached to an individual identity so, while sexual preference might in certain legal statutes be defined as “personal,” in the context of information security it would be considered nonpersonal. Personally identifiable information (PII), on the other hand, includes social security numbers, genetic information, biometric data, date of birth, and in some cases vehicle registration numbers, bank numbers, and IP addresses, although the increasingly widespread use of proxies makes the last more complicated.


pages: 265 words: 74,000

The Numerati by Stephen Baker

Berlin Wall, Black Swan, business process, call centre, correlation does not imply causation, Drosophila, full employment, illegal immigration, index card, information security, Isaac Newton, job automation, job satisfaction, junk bonds, McMansion, Myron Scholes, natural language processing, off-the-grid, PageRank, personalized medicine, recommendation engine, RFID, Silicon Valley, Skype, statistical model, surveillance capitalism, Watson beat the top human players on Jeopardy!, workplace surveillance

When I log on to the website, I find a list of five women who have the right levels of serotonin and estrogen for people like me. My wife isn't one of them. There's an insurance manager from West Orange—a Negotiator-Explorer—who says "we all have to laugh every day, especially at ourselves." A Negotiator-Builder, from Rochelle Park, works in information security and likes ballroom dancing. These and three others are the machine's choices. Many other subscribers, however, have access to my profile. And regardless of the chemistry, they're free to express interest. Whether they're Builder-Directors from Tarrytown or fellow Explorer-Negotiators from Toms River, I learn that each one is a "great match."


pages: 1,136 words: 73,489

Working in Public: The Making and Maintenance of Open Source Software by Nadia Eghbal

Amazon Web Services, Apollo 11, barriers to entry, Benevolent Dictator For Life (BDFL), Big Tech, bitcoin, Clayton Christensen, cloud computing, commoditize, commons-based peer production, context collapse, continuous integration, crowdsourcing, cryptocurrency, David Heinemeier Hansson, death of newspapers, Debian, disruptive innovation, Dunbar number, en.wikipedia.org, eternal september, Ethereum, Firefox, Free Software Foundation, Guido van Rossum, Hacker Ethic, Hacker News, Induced demand, informal economy, information security, Jane Jacobs, Jean Tirole, Kevin Kelly, Kickstarter, Kubernetes, leftpad, Mark Zuckerberg, Menlo Park, Neal Stephenson, Network effects, node package manager, Norbert Wiener, pirate software, pull request, RFC: Request For Comment, Richard Stallman, Ronald Coase, Ruby on Rails, side project, Silicon Valley, Snapchat, social graph, software as a service, Steve Jobs, Steve Wozniak, Steven Levy, Stewart Brand, tacit knowledge, the Cathedral and the Bazaar, The Death and Life of Great American Cities, The Nature of the Firm, TikTok, Tragedy of the Commons, transaction costs, two-sided market, urban planning, web application, wikimedia commons, Yochai Benkler, Zimmermann PGP

Hackers are characterized by bravado, showmanship, mischievousness, and a deep mistrust of authority. Hacker culture still lives on today, in the way that beatniks, hippies, and Marxists still exist, but hackers don’t capture the software cultural zeitgeist in the same way that they used to. The generational successor to hackers today might be cryptographers and those who dabble in information security: those who flirt with the law, and do so with a wink and a bow. Although Levy doesn’t focus exclusively on free and open source developers in his book, hacker culture in the 1980s and ’90s was closely intertwined with the early generation of free and open source software, as evinced by a trio of leaders: Richard Stallman, Eric S.


pages: 269 words: 70,543

Tech Titans of China: How China's Tech Sector Is Challenging the World by Innovating Faster, Working Harder, and Going Global by Rebecca Fannin

"World Economic Forum" Davos, Adam Neumann (WeWork), Airbnb, augmented reality, autonomous vehicles, Benchmark Capital, Big Tech, bike sharing, blockchain, call centre, cashless society, Chuck Templeton: OpenTable:, clean tech, cloud computing, computer vision, connected car, corporate governance, cryptocurrency, data is the new oil, data science, deep learning, Deng Xiaoping, Didi Chuxing, digital map, disruptive innovation, Donald Trump, El Camino Real, electricity market, Elon Musk, fake news, family office, fear of failure, fulfillment center, glass ceiling, global supply chain, Great Leap Forward, income inequality, industrial robot, information security, Internet of things, invention of movable type, Jeff Bezos, Kickstarter, knowledge worker, Lyft, Mark Zuckerberg, Mary Meeker, megacity, Menlo Park, money market fund, Network effects, new economy, peer-to-peer lending, personalized medicine, Peter Thiel, QR code, RFID, ride hailing / ride sharing, Sand Hill Road, self-driving car, sharing economy, Shenzhen was a fishing village, Silicon Valley, Silicon Valley startup, Skype, smart cities, smart transportation, Snapchat, social graph, SoftBank, software as a service, South China Sea, sovereign wealth fund, speech recognition, stealth mode startup, Steve Jobs, stock buybacks, supply-chain management, tech billionaire, TechCrunch disrupt, TikTok, Tim Cook: Apple, Travis Kalanick, Uber and Lyft, Uber for X, uber lyft, urban planning, Vision Fund, warehouse automation, WeWork, winner-take-all economy, Y Combinator, young professional

Alibaba, which was caught in the headwinds, is pivoting after a block on its affiliate Ant Financial from acquiring Dallas-based money transfer service Money-Gram for $1.2 billion in 2017. US regulators had raised issues about security and privacy risks for stateside users. To push the deal past national security concerns, Ant Financial had promised to keep the MoneyGram personal financial information secure by storing the data on servers in the United States. But the deal wasn’t approved and Alibaba paid a $30 million termination fee to MoneyGram. Following that rejection, Alibaba has made only a few tech deals in America, and those were highly strategic, smaller ones, such as an acquisition of New York–based social shopping marketplace OpenSky.


pages: 231 words: 71,299

Culture Warlords: My Journey Into the Dark Web of White Supremacy by Talia Lavin

4chan, Bellingcat, Black Lives Matter, coronavirus, COVID-19, dark triade / dark tetrad, deplatforming, disinformation, Donald Trump, end-to-end encryption, epigenetics, fake news, feminist movement, Ferguson, Missouri, game design, information security, Kevin Roose, lockdown, mass immigration, Minecraft, move fast and break things, Overton Window, phenotype, Scientific racism, Silicon Valley, Snapchat, Social Justice Warrior, Steve Bannon, Susan Wojcicki, The Turner Diaries, Timothy McVeigh, zero-sum game, éminence grise

He dropped out of public view entirely—but not before pretending to be his own mother on Twitter and email, begging Bellingcat to unpublish the story, and offering monetary bribes to the journalists to take his name out of circulation. He also deleted all his social-media pages. He seemed genuinely afraid, and embarrassed—and his peers reacted with contempt toward him. Brenton Tarrant’s Lads announced his expulsion from the chat room and sent out an increasingly unhinged series of warnings about information security, the need to avoid “e-girls,” and the need to not be stupid. I had outed a violent Nazi—perhaps one with the potential to become a mass shooter—and sown dissension and fear in the ranks of extremists. How could they rebuild the white race, and preserve a future for the white children they claimed to want, if any woman could be a trap?


The Secret World: A History of Intelligence by Christopher Andrew

Able Archer 83, active measures, Admiral Zheng, airport security, anti-communist, Atahualpa, Ayatollah Khomeini, Bletchley Park, British Empire, Chelsea Manning, classic study, colonial rule, cuban missile crisis, disinformation, Edward Snowden, en.wikipedia.org, Etonian, Fellow of the Royal Society, Francisco Pizarro, Google Earth, information security, invention of movable type, invention of the telegraph, Julian Assange, Khyber Pass, Mahatma Gandhi, Mikhail Gorbachev, Murano, Venice glass, RAND corporation, Robert Hanssen: Double agent, Ronald Reagan, Skype, South Sea Bubble, spice trade, Suez canal 1869, Suez crisis 1956, the market place, trade route, two and twenty, union organizing, uranium enrichment, Vladimir Vetrov: Farewell Dossier, WikiLeaks, éminence grise

., Hannibal’s War: A Military History of the Second Punic War (Warminster: Aris and Phillips, 1978) Le Naour, Jean-Yves, L’Affaire Malvy: Le Dreyfus de la Grande Guerre (Paris: Hachette, 2007) Le Roy Ladurie, Emmanuel, Montaillou: Cathars and Catholics in a French Village 1294–1324 (London: Penguin Books, 1980) Leeuw, Karl de, ‘The Black Chamber in the Dutch Republic during the War of the Spanish Succession and Its Aftermath, 1707–1715’, The Historical Journal, Vol. 42 (1999), no. 1 —, Cryptology and Statecraft in the Dutch Republic (Amsterdam: University of Amsterdam, 2000) —, ‘Cryptology in the Dutch Republic: A Case-Study’, in Karl de Leeuw and Jan Bergstra (eds.), The History of Information Security: A Comprehensive Handbook (Amsterdam: Elsevier, 2007) — and Jan Bergstra (eds.), The History of Information Security: A Comprehensive Handbook (Amsterdam: Elsevier, 2007) Lefauconnier, Camille, ‘François Sublet de Noyers (1589–1645): Ad majorem regis et Dei gloriam’, MA thesis (École des Chartes, Paris, 2008) Leggett, George, The Cheka: Lenin’s Political Police (London: Clarendon Press, 1981) Leggiere, Michael V., Blücher: Scourge of Napoléon (Norman: University of Oklahoma Press, 2014) Leidinger, Hannes, ‘The Case of Alfred Redl and the Situation of Austro-Hungarian Military Intelligence on the Eve of World War I’, Contemporary Austrian Studies, vol. 23 (2014) Leimon, M., and G.

.: Yale University Press, 2009) Black, Jeremy, Pitt the Elder: The Great Commoner (Cambridge: Cambridge University Press, 1992) —, British Diplomats and Diplomacy, 1688–1800 (Exeter: University of Exeter Press, 2001) —, ‘Intelligence and the Emergence of the Information Society in Eighteenth-Century Britain’, in Karl de Leeuw and Jan Bergstra (eds.), The History of Information Security: A Comprehensive Handbook (Amsterdam: Elsevier, 2007) —, George III: America’s Last King (New Haven, Conn.: Yale University Press, 2008) Blair, Ann, ‘Reading Strategies for Coping with Information Overload, ca. 1550–1700’, Journal of the History of Ideas, vol. 64 (2003), no. 1 —, Too Much to Know: Managing Scholarly Information before the Modern Age (New Haven, Conn.: Yale University Press, 2010) Blair, Tony, A Journey (London: Hutchinson, 2010) Blaisdell, Lowell L., ‘Aloysius Huber and May 15, 1848: New Insights into an Old Mystery’, International Review of Social History, vol. 29 (April 1984), no. 1 Blanning, Tim, The Pursuit of Glory: Europe 1648–1815 (London: Penguin Books, 2008) —, Frederick the Great: King of Prussia (London: Allen Lane, 2015) Blanqui, Louis-Auguste, ‘Réponse du citoyen Auguste Blanqui’ (Paris: Imprimerie Blondeau, 1848) Blount, Thomas, Boscobel; or, The history of the most miraculous preservation of King Charles II after the battle of Worcester, September the third, 1651.

/London: Yale University Press, 2011) Storrs, Christopher, ‘Intelligence and the Formulation of Policy and Strategy in Early Modern Europe: The Spanish Monarchy in the Reign of Charles II (1665–1700)’, Intelligence and National Security, vol. 21 (2006), no. 4 Stout, Felicity, Exploring Russia in the Elizabethan Commonwealth: The Muscovy Company and Giles Fletcher, the Elder (1546–1611) (Manchester: Manchester University Press, 2014) Stout, Mark, ‘American Intelligence Assessment of the Jihadists, 1989–2011’, in Paul Maddrell (ed.), The Image of the Enemy: Intelligence Analysis of Adversaries since 1945 (Washington, DC: Georgetown University Press, 2015) Strasser, G.F., ‘The rise of cryptography in the European Renaissance’, in Karl de Leeuw and Jan Bergstra (eds.), The History of Information Security: A Comprehensive Handbook (Amsterdam: Elsevier, 2007) Strauss, Barry, The Battle of Salamis: The Naval Encounter That Saved Greece – and Western Civilization (New York: Simon & Schuster, 2004) Stuart, Hannah, Islamist Terrorism: Analysis of Offences and Attacks in the UK (1998–2015) (London: Henry Jackson Society, 2017) Stubbs, John, Reprobates: The Cavaliers of the English Civil War (London: Viking, 2011) Sullivan, Brian R., ‘“A Highly Commendable Action”: William J.


pages: 322 words: 84,752

Pax Technica: How the Internet of Things May Set Us Free or Lock Us Up by Philip N. Howard

Aaron Swartz, Affordable Care Act / Obamacare, Berlin Wall, bitcoin, blood diamond, Bretton Woods, Brian Krebs, British Empire, butter production in bangladesh, call centre, Chelsea Manning, citizen journalism, Citizen Lab, clean water, cloud computing, corporate social responsibility, creative destruction, crowdsourcing, digital map, Edward Snowden, en.wikipedia.org, Evgeny Morozov, failed state, Fall of the Berlin Wall, feminist movement, Filter Bubble, Firefox, Francis Fukuyama: the end of history, Google Earth, Hacker News, Howard Rheingold, income inequality, informal economy, information security, Internet of things, John Perry Barlow, Julian Assange, Kibera, Kickstarter, land reform, M-Pesa, Marshall McLuhan, megacity, Mikhail Gorbachev, mobile money, Mohammed Bouazizi, national security letter, Nelson Mandela, Network effects, obamacare, Occupy movement, off-the-grid, packet switching, pension reform, prediction markets, sentiment analysis, Silicon Valley, Skype, spectrum auction, statistical model, Stuxnet, Tactical Technology Collective, technological determinism, trade route, Twitter Arab Spring, undersea cable, uranium enrichment, WikiLeaks, zero day

Competing networks exist in several forms, and to make this sociotechnical system function fairly, we need to work to strengthen the information infrastructures that have the most open standards, the widest reach, and the greatest potential for innovation. We all need to take a more active interest in our own information security and in international affairs. We need to make sure the internet of things works for us. Program or be programmed, as hackers say. If we aren’t purposeful in designing the internet of things, we’ll find that those with power will make decisions using data gleaned about us, and without our informed consent.


pages: 301 words: 85,126

AIQ: How People and Machines Are Smarter Together by Nick Polson, James Scott

Abraham Wald, Air France Flight 447, Albert Einstein, algorithmic bias, Amazon Web Services, Atul Gawande, autonomous vehicles, availability heuristic, basic income, Bayesian statistics, Big Tech, Black Lives Matter, Bletchley Park, business cycle, Cepheid variable, Checklist Manifesto, cloud computing, combinatorial explosion, computer age, computer vision, Daniel Kahneman / Amos Tversky, data science, deep learning, DeepMind, Donald Trump, Douglas Hofstadter, Edward Charles Pickering, Elon Musk, epigenetics, fake news, Flash crash, Grace Hopper, Gödel, Escher, Bach, Hans Moravec, Harvard Computers: women astronomers, Higgs boson, index fund, information security, Isaac Newton, John von Neumann, late fees, low earth orbit, Lyft, machine translation, Magellanic Cloud, mass incarceration, Moneyball by Michael Lewis explains big data, Moravec's paradox, more computing power than Apollo, natural language processing, Netflix Prize, North Sea oil, Northpointe / Correctional Offender Management Profiling for Alternative Sanctions, p-value, pattern recognition, Pierre-Simon Laplace, ransomware, recommendation engine, Ronald Reagan, Salesforce, self-driving car, sentiment analysis, side project, Silicon Valley, Skype, smart cities, speech recognition, statistical model, survivorship bias, systems thinking, the scientific method, Thomas Bayes, Uber for X, uber lyft, universal basic income, Watson beat the top human players on Jeopardy!, young professional

Hacking already plagues hospitals: if you recall the big ransomware attacks of 2017 (like WannaCry), you may also recall that hospitals were disproportionately hit. These hospitals probably weren’t doing anything AI-related with their data, but that kind of activity would hardly have entailed a higher security risk than what was already present. Hospitals should obviously plug their existing information-security holes—probably, as many experts suggest, by moving to some kind of cloud-based infrastructure run by a firm who thinks about security full time. But this has nothing to do with whether the data already sitting on hospital servers should be used to improve health care. Postscript As you now appreciate, when it comes to widespread adoption of AI, the health-care system faces very few barriers of technology, but enormous barriers of culture, law, and incentives.


pages: 301 words: 88,082

The Great Tax Robbery: How Britain Became a Tax Haven for Fat Cats and Big Business by Richard Brooks

accounting loophole / creative accounting, bank run, Big bang: deregulation of the City of London, bonus culture, Bretton Woods, carried interest, Celtic Tiger, collateralized debt obligation, commoditize, Corn Laws, corporate social responsibility, crony capitalism, cross-border payments, Double Irish / Dutch Sandwich, financial deregulation, financial engineering, haute couture, information security, intangible asset, interest rate swap, Jarndyce and Jarndyce, mega-rich, Northern Rock, offshore financial centre, race to the bottom, shareholder value, short selling, supply-chain management, The Chicago School, The Wealth of Nations by Adam Smith, transfer pricing, two and twenty

Sell-Out 1‌ Based on personal recollection and believed to be a reasonable paraphrase. 2‌ ‘Review of Links with Business’, Inland Revenue, November 2001. 3‌ Nick Davies, Guardian, 23 and 24 July 2002. 4‌ HMRC departmental board meeting 13 August 2007; http://www.hmrc.gov.uk/about/minutes-aug07.htm 5‌ ‘Review of Information Security’, Kieron Poynter, June 2008. 6‌ CBI press release, 4 November 2005. 7‌ CBI Annual Conference, 28 November 2005. 8‌ Make-up and remit explained in Large Corporates presentation 18 May 2006; http://www.hmrc.gov.uk/lbo/review-of-links.pdf 9‌ Whistle-blower letter to Private Eye, July 2012. 10‌ Interview with author. 11‌ ‘UK business tax: a compelling case for change’, CBI, November 2006; http://www.cbi.org.uk/media/999090/cbi_tax_report_text.pdf 12‌ Financial Times comment piece, ‘Why the Chancellor is Missing the Point’, 15 July 1999. 13‌ Freedom of information response to author, October 2008; http://www.hmrc.gov.uk/freedom/board-hospitality.pdf 14‌ A review by the Bureau of Investigative Journalism, June 2010, found Hartnett had received hospitality on 107 occasions between April 2007 and September 2009, which was in fact a lower rate than for previous periods; http://www.thebureauinvestigates.com/2010/06/17/bureau-publishes-comprehensive-civil-service-hospitality-database/ 15‌ Discussion with author, September 2009. 16‌ Reported in trade magazine the Post, 9 September 2009; http://www.postonline.co.uk/post/news/1532892/rsa-launches-reinsurer-scrapping-tax 17‌ Email from HMRC press office to author, 23 September 2009. 18‌ See, for example, Public Accounts Committee hearing 12 October 2011; http://www.publications.parliament.uk/pa/cm201012/cmselect/cmpubacc/uc1531-i/uc153101.htm 19‌ BT 2006/07 third quarter results announcement, transcript at http://www.btplc.com/Sharesandperformance/Quarterlyresults/Financialpresentations/q307transcript.pdf 20‌ See, for example, evidence of Judith Freedman to Treasury Select Committee, 29 June 2011; http://www.publications.parliament.uk/pa/cm201012/cmselect/cmtreasy/uc731-v/uc73101.htm 21‌ Information provided to author and reported in Private Eye, May 2008, issue 1211. 22‌ Interview with Guardian Tax Gap reporting team, reported in Guardian, 6 February 2009; http://www.guardian.co.uk/business/2009/feb/06/tax-gap-gamekeeper-inland-revenue 23‌ National Audit Office report on HMRC annual accounts 2010/11 shows ‘value of open issues for Large Business Service Companies’ falling from £35.1bn in 2007 to £25.5bn in 2011.


pages: 250 words: 87,722

Flash Boys: A Wall Street Revolt by Michael Lewis

automated trading system, bash_history, Berlin Wall, Bernie Madoff, collateralized debt obligation, computerized markets, drone strike, Dutch auction, Fall of the Berlin Wall, financial intermediation, Flash crash, High speed trading, information security, latency arbitrage, National best bid and offer, pattern recognition, payment for order flow, Pershing Square Capital Management, proprietary trading, risk tolerance, Rubik’s Cube, Sergey Aleynikov, Small Order Execution System, Spread Networks laid a new fibre optics cable between New York and Chicago, the new new thing, too big to fail, trade route, transaction costs, Vanguard fund

He was making Goldman’s bulky, inefficient system faster, but he could never make it as fast as a system built from scratch, without the burden of 60 million lines of old code underneath it. Or a system that, to change it in any major way, did not require six meetings and signed documents from informational security officers. Goldman hunted in the same jungle as the small HFT firms, but it could never be as quick or as nimble as those firms: No big Wall Street bank could. The only advantage a big bank enjoyed was its special relationship to the prey: its customers. (As the head of one high-frequency trading firm put it, “When one of these people from the banks interviews with us for a job, he always talks about how smart his algos are, but sooner or later he’ll tell you that without his customer he can’t make any money.”)


pages: 269 words: 83,307

Young Money: Inside the Hidden World of Wall Street's Post-Crash Recruits by Kevin Roose

activist fund / activist shareholder / activist investor, Basel III, Bear Stearns, Carl Icahn, cognitive dissonance, collateralized debt obligation, Credit Default Swap, credit default swaps / collateralized debt obligations, deal flow, discounted cash flows, Donald Trump, East Village, eat what you kill, eurozone crisis, financial engineering, fixed income, forward guidance, glass ceiling, Goldman Sachs: Vampire Squid, hedonic treadmill, information security, Jane Street, jitney, junk bonds, Kevin Roose, knowledge worker, Michael Milken, new economy, Occupy movement, off-the-grid, plutocrats, proprietary trading, Robert Shiller, selection bias, shareholder value, side project, Silicon Valley, Skype, Steve Jobs, tail risk, The Predators' Ball, too big to fail, two and twenty, urban planning, We are the 99%, work culture , young professional

But as much as 200 West Street seemed familiar, it also had an odd sterility to it. Samson wasn’t sure how to characterize it, but something about the building felt fortified—as if the entire place had been sanded down to make it a little more secure and a little less welcoming. The new building felt designed to keep employees and information securely inside, while keeping outsiders at a total remove. Maybe it was in his head. In the nine months since his internship, Goldman had undergone a massive transformation in the public imagination. Once a relatively anonymous investment bank, it had taken on the image of a global financial villain—a firm whose name was shorthand for unrepentant greed and vice.


pages: 309 words: 79,414

Going Dark: The Secret Social Lives of Extremists by Julia Ebner

23andMe, 4chan, Airbnb, anti-communist, anti-globalists, augmented reality, Ayatollah Khomeini, Bellingcat, Big Tech, bitcoin, blockchain, Boris Johnson, Cambridge Analytica, citizen journalism, cognitive dissonance, Comet Ping Pong, crisis actor, crowdsourcing, cryptocurrency, deepfake, disinformation, Donald Trump, Dunning–Kruger effect, Elon Musk, fake news, false flag, feminist movement, game design, gamification, glass ceiling, Google Earth, Greta Thunberg, information security, job satisfaction, Mark Zuckerberg, mass immigration, Menlo Park, Mikhail Gorbachev, Network effects, off grid, OpenAI, Overton Window, pattern recognition, pre–internet, QAnon, RAND corporation, ransomware, rising living standards, self-driving car, Silicon Valley, Skype, Snapchat, social intelligence, Social Justice Warrior, SQL injection, Steve Bannon, Steve Jobs, Transnistria, WikiLeaks, zero day

She compares cyber-security measures to rocks rather than a wall: there always remain gaps in between. To walk around the rocks and get to the valuable thing in the middle, you need the right equipment and you have to know the path, but in theory anybody can get in. ‘You can never have one hundred per cent cyber and information security.’ Even the Israelis admit that. When I enter the headquarters of Cyberbit, one of the world’s leading cyber-security firms, on the outskirts of the Israeli city Ra’anana, their vice president for Europe, the Middle East and North Africa explains: ‘The mean time to identify a cyberattack is 206 days.


pages: 265 words: 80,510

The Enablers: How the West Supports Kleptocrats and Corruption - Endangering Our Democracy by Frank Vogl

"World Economic Forum" Davos, active measures, Alan Greenspan, Asian financial crisis, bank run, Bear Stearns, Bernie Sanders, blood diamond, Brexit referendum, Carmen Reinhart, centre right, corporate governance, COVID-19, crony capitalism, cryptocurrency, Donald Trump, F. W. de Klerk, failed state, Global Witness, Greensill Capital, income inequality, information security, joint-stock company, London Interbank Offered Rate, Londongrad, low interest rates, market clearing, military-industrial complex, moral hazard, Nelson Mandela, offshore financial centre, oil shale / tar sands, profit maximization, quantitative easing, Renaissance Technologies, Silicon Valley, Silicon Valley startup, stock buybacks, too big to fail, WikiLeaks

On January 1, 2021, the US Senate voted to approve the National Defense Authorization Act for Fiscal Year 2021, which included as Division F, Title LXIII, extensive improvements in the US government’s AML operations, including improved interagency coordination and consultation, establishment of Bank Secrecy Act information security officers, training for examiners on AML/CFT, obtaining foreign bank records from banks with US correspondent accounts, prohibitions on concealment of the source of assets in monetary transactions, and improved incentives and protections for whistleblowers. The following section of the legislation, Title LXIV, was designated as the Corporate Transparency Act.


pages: 422 words: 86,414

Hands-On RESTful API Design Patterns and Best Practices by Harihara Subramanian

blockchain, business logic, business process, cloud computing, continuous integration, create, read, update, delete, cyber-physical system, data science, database schema, DevOps, disruptive innovation, domain-specific language, fault tolerance, information security, Infrastructure as a Service, Internet of things, inventory management, job automation, Kickstarter, knowledge worker, Kubernetes, loose coupling, Lyft, machine readable, microservices, MITM: man-in-the-middle, MVC pattern, Salesforce, self-driving car, semantic web, single page application, smart cities, smart contracts, software as a service, SQL injection, supply-chain management, web application, WebSocket

Importance of penetration tests Before we delve into the details, the following rationalizations will help us understand why pen tests are so crucial in API testing: No compromise to data privacy Guaranteed and secured financial transactions and financial data over the network Discover security vulnerabilities and loopholes in APIs and in underlying systems Simulate, forecast, understand, and assess the impacts of attacks Make APIs fully information security compliant Pen testing lifecycle Now that we have a good understanding of vulnerability causes from the earlier section, let's look at the five stages of pen tests in this section: The preceding diagram depicts the life cycle of pen tests, involving five phases of activities such as Preparation, Scanning, Gaining Access and Maintaining Access, and reporting.


pages: 306 words: 82,909

A Hacker's Mind: How the Powerful Bend Society's Rules, and How to Bend Them Back by Bruce Schneier

4chan, Airbnb, airport security, algorithmic trading, Alignment Problem, AlphaGo, Automated Insights, banking crisis, Big Tech, bitcoin, blockchain, Boeing 737 MAX, Brian Krebs, Capital in the Twenty-First Century by Thomas Piketty, cloud computing, computerized trading, coronavirus, corporate personhood, COVID-19, cryptocurrency, dark pattern, deepfake, defense in depth, disinformation, Donald Trump, Double Irish / Dutch Sandwich, driverless car, Edward Thorp, Elon Musk, fake news, financial innovation, Financial Instability Hypothesis, first-past-the-post, Flash crash, full employment, gig economy, global pandemic, Goodhart's law, GPT-3, Greensill Capital, high net worth, Hyman Minsky, income inequality, independent contractor, index fund, information security, intangible asset, Internet of things, Isaac Newton, Jeff Bezos, job automation, late capitalism, lockdown, Lyft, Mark Zuckerberg, money market fund, moral hazard, move fast and break things, Nate Silver, offshore financial centre, OpenAI, payday loans, Peter Thiel, precautionary principle, Ralph Nader, recommendation engine, ride hailing / ride sharing, self-driving car, sentiment analysis, Skype, smart cities, SoftBank, supply chain finance, supply-chain attack, surveillance capitalism, systems thinking, TaskRabbit, technological determinism, TED Talk, The Wealth of Nations by Adam Smith, theory of mind, TikTok, too big to fail, Turing test, Uber and Lyft, uber lyft, ubercab, UNCLOS, union organizing, web application, WeWork, When a measure becomes a target, WikiLeaks, zero day

Krawiec and Scott Baker (2006), “Incomplete contracts in a complete contract world,” Florida State University Law Review 33, https://scholarship.law.duke.edu/faculty_scholarship/2038. 27systems of trust: Bruce Schneier (2012), Liars and Outliers: Enabling the Trust that Society Needs to Thrive, John Wiley & Sons. 28complexity is the worst enemy of security: Bruce Schneier (19 Nov 1999), “A plea for simplicity: You can’t secure what you don’t understand,” Information Security, https://www.schneier.com/essays/archives/1999/11/a_plea_for_simplicit.html. 6. ATM HACKS 31Saunders withdrew $1.6 million: Jack Dutton (7 Apr 2020), “This Australian bartender found an ATM glitch and blew $1.6 million,” Vice, https://www.vice.com/en_au/article/pa5kgg/this-australian-bartender-dan-saunders-found-an-atm-bank-glitch-hack-and-blew-16-million-dollars. 33changes in ATM design: Z.


pages: 287 words: 92,118

The Blue Cascade: A Memoir of Life After War by Mike Scotti

Bear Stearns, call centre, collateralized debt obligation, Donald Trump, fixed income, friendly fire, index card, information security, London Interbank Offered Rate, military-industrial complex, rent control

It had been five months since I’d graduated from Stern and a year since Rob was killed. I spent the summer after graduation in the Credit Suisse associate training program, along with the others who had been hired from various MBA programs. Kevin and I worked in the private side of finance. We had access to sensitive information. Security was tight. We worked behind electronically locked access doors where you had to swipe your ID card to get through the carefully constructed information wall that separated us from the other parts of the bank. Those doors were in addition to card swipes in the lobby and just outside the elevators on our floor.


pages: 320 words: 90,526

Squeezed: Why Our Families Can't Afford America by Alissa Quart

Affordable Care Act / Obamacare, Airbnb, Alvin Toffler, antiwork, Automated Insights, autonomous vehicles, barriers to entry, basic income, Bernie Sanders, business intelligence, do what you love, Donald Trump, Downton Abbey, East Village, Elon Musk, emotional labour, full employment, future of work, gentrification, gig economy, glass ceiling, haute couture, income inequality, independent contractor, information security, Jaron Lanier, Jeremy Corbyn, job automation, late capitalism, Lyft, minimum wage unemployment, moral panic, new economy, nuclear winter, obamacare, peak TV, Ponzi scheme, post-work, precariat, price mechanism, rent control, rent stabilization, ride hailing / ride sharing, school choice, sharing economy, Sheryl Sandberg, Silicon Valley, Skype, Snapchat, stop buying avocado toast, surplus humans, TaskRabbit, tech worker, TED Talk, Travis Kalanick, Uber and Lyft, Uber for X, uber lyft, union organizing, universal basic income, upwardly mobile, wages for housework, WeWork, women in the workforce, work culture , working poor

Before he went to ITT, Rodriguez had been working as a high school–educated graphic designer. After he was “enticed” into enrolling by a visit to a nearby suburban ITT campus, where admissions staff told him that they’d help him find a job upon graduation, he signed up; eventually he obtained a bachelor’s degree in information security systems, but went into serious debt in the process. His fellow students were mostly in their thirties and forties, he said. The ITT representatives pitched the program to older students predominantly. Now, eight years later, he was $59,000 in debt to a school that was under investigation by the Obama administration.


pages: 343 words: 91,080

Uberland: How Algorithms Are Rewriting the Rules of Work by Alex Rosenblat

"Susan Fowler" uber, Affordable Care Act / Obamacare, Airbnb, algorithmic management, Amazon Mechanical Turk, autonomous vehicles, barriers to entry, basic income, big-box store, bike sharing, Black Lives Matter, business logic, call centre, cashless society, Cass Sunstein, choice architecture, cognitive load, collaborative economy, collective bargaining, creative destruction, crowdsourcing, data science, death from overwork, digital divide, disinformation, disruptive innovation, don't be evil, Donald Trump, driverless car, emotional labour, en.wikipedia.org, fake news, future of work, gender pay gap, gig economy, Google Chrome, Greyball, income inequality, independent contractor, information asymmetry, information security, Jaron Lanier, Jessica Bruder, job automation, job satisfaction, Lyft, marginal employment, Mark Zuckerberg, move fast and break things, Network effects, new economy, obamacare, performance metric, Peter Thiel, price discrimination, proprietary trading, Ralph Waldo Emerson, regulatory arbitrage, ride hailing / ride sharing, Salesforce, self-driving car, sharing economy, side hustle, Silicon Valley, Silicon Valley ideology, Skype, social software, SoftBank, stealth mode startup, Steve Jobs, strikebreaker, TaskRabbit, technological determinism, Tim Cook: Apple, transportation-network company, Travis Kalanick, Uber and Lyft, Uber for X, uber lyft, union organizing, universal basic income, urban planning, Wolfgang Streeck, work culture , workplace surveillance , Yochai Benkler, Zipcar

I mention their application as part of my methods because the collaborative, interdisciplinary conversations I had at different stages helped me process and analyze what I continued to observe in my qualitative research, as well as suggested what to look for as my research project evolved and continued. For example, I intermittently consulted with computer scientists, both regarding what was technically possible and about information security practices for conducting my research. In particular, the Labor Tech group run by Winifred Poster and the Privacy Law Scholars Conference are generative spaces for receiving invaluable feedback from engaged scholars. Throughout the course of this research, I’ve also benefited from conversations with leaders across many different communities: academic, policy, regulatory, and business.


pages: 304 words: 91,566

Bitcoin Billionaires: A True Story of Genius, Betrayal, and Redemption by Ben Mezrich

airport security, Albert Einstein, bank run, Ben Horowitz, Big Tech, bitcoin, Bitcoin Ponzi scheme, blockchain, Burning Man, buttonwood tree, cryptocurrency, East Village, El Camino Real, Elon Musk, fake news, family office, fault tolerance, fiat currency, financial engineering, financial innovation, game design, information security, Isaac Newton, junk bonds, Marc Andreessen, Mark Zuckerberg, Max Levchin, Menlo Park, Metcalfe’s law, Michael Milken, new economy, offshore financial centre, paypal mafia, peer-to-peer, Peter Thiel, Ponzi scheme, proprietary trading, QR code, Ronald Reagan, Ross Ulbricht, Sand Hill Road, Satoshi Nakamoto, Savings and loan crisis, Schrödinger's Cat, self-driving car, Sheryl Sandberg, side hustle, side project, Silicon Valley, Skype, smart contracts, South of Market, San Francisco, Steve Jobs, Susan Wojcicki, transaction costs, Virgin Galactic, zero-sum game

Tyler also saw true protocol royalty in the form of Bram Cohen, who had built BitTorrent and essentially invented decentralized, peer-to-peer file sharing. Cohen was perhaps the greatest living protocol developer alive after Satoshi. Maybe, Tyler mused, he was Satoshi? And then there were fellow early Bitcoiners like Paul Bohm, an information security expert who had written one of the earliest blogs explaining Bitcoin mining; Mike Belshe, one of the first engineers to work the SPDY protocol used by Google in its Chrome browser; Matt Pauker and Balaji Srinivasan, who had cofounded a Bitcoin mining company called 21e6 (the scientific notation for the number twenty-one million, the total number of bitcoin that would ever be created); Srinivasan was also on the way to becoming the CTO of a company called Coinbase, a cryptocurrency exchange on a rapid rise in the industry.


pages: 307 words: 90,634

Insane Mode: How Elon Musk's Tesla Sparked an Electric Revolution to End the Age of Oil by Hamish McKenzie

Airbnb, Albert Einstein, augmented reality, autonomous vehicles, barriers to entry, basic income, Bay Area Rapid Transit, Ben Horowitz, business climate, car-free, carbon footprint, carbon tax, Chris Urmson, Clayton Christensen, clean tech, Colonization of Mars, connected car, crony capitalism, Deng Xiaoping, Didi Chuxing, disinformation, disruptive innovation, Donald Trump, driverless car, Elon Musk, Fairchild Semiconductor, Ford Model T, gigafactory, Google Glasses, Hyperloop, information security, Internet of things, Jeff Bezos, John Markoff, low earth orbit, Lyft, Marc Andreessen, margin call, Mark Zuckerberg, Max Levchin, megacity, Menlo Park, Nikolai Kondratiev, oil shale / tar sands, paypal mafia, Peter Thiel, ride hailing / ride sharing, Ronald Reagan, self-driving car, Shenzhen was a fishing village, short selling, side project, Silicon Valley, Silicon Valley startup, Snapchat, Solyndra, South China Sea, special economic zone, stealth mode startup, Steve Jobs, tech worker, TechCrunch disrupt, TED Talk, Tesla Model S, Tim Cook: Apple, Tony Fadell, Uber and Lyft, uber lyft, universal basic income, urban planning, urban sprawl, Zenefits, Zipcar

The well-put-together Brit had left the brave new world of Silicon Valley for the decidedly old-school confines of one of the world’s most iconic car brands. At Tesla’s headquarters, a visitor must drive into the parking lot off Deer Creek Road, just outside Palo Alto, hand their keys to a valet, then sign in on an iPad in the reception area. For my visit to Aston Martin, I drove down a private road called Kingsway, informed security guards at a checkpoint that I was there to see Sproule, and was then directed to the VIP entrance, where I pushed a buzzer by a large locked gate. Walking past a private lot of million-dollar cars, I entered a brightly lit lobby with a high ceiling under which had been parked a series of Aston Martins—the Zagato, the Rapide, the Vulcan—just waiting for 007 to come in and select one for his next impossible escape across the continent.


pages: 209 words: 89,619

The Precariat: The New Dangerous Class by Guy Standing

8-hour work day, banking crisis, barriers to entry, basic income, behavioural economics, Bertrand Russell: In Praise of Idleness, bread and circuses, call centre, Cass Sunstein, centre right, collective bargaining, company town, corporate governance, crony capitalism, death from overwork, deindustrialization, deskilling, emotional labour, export processing zone, fear of failure, full employment, Herbert Marcuse, hiring and firing, Honoré de Balzac, housing crisis, illegal immigration, immigration reform, income inequality, independent contractor, information security, it's over 9,000, job polarisation, karōshi / gwarosa / guolaosi, labour market flexibility, labour mobility, land reform, libertarian paternalism, low skilled workers, lump of labour, marginal employment, Mark Zuckerberg, mass immigration, means of production, mini-job, moral hazard, Naomi Klein, nudge unit, old age dependency ratio, Panopticon Jeremy Bentham, pension time bomb, pensions crisis, placebo effect, post-industrial society, precariat, presumed consent, quantitative easing, remote working, rent-seeking, Richard Thaler, rising living standards, Ronald Coase, Ronald Reagan, science of happiness, shareholder value, Silicon Valley, technological determinism, The Market for Lemons, The Nature of the Firm, The Spirit Level, Tobin tax, transaction costs, universal basic income, unpaid internship, winner-take-all economy, working poor, working-age population, young professional

The precariat lives in public spaces but is vulnerable to surveillance and undemocratic nudging. It should demand regulations to give individuals the right to see and correct information that any organisation holds on them, to require firms to inform employees, including outworkers, if any security breach occurs affecting them, to require organisations to undergo annual information-security audits 168 THE PRECARIAT by an accredited third party, to put expiry dates on information and to limit use of data profiling on the basis of some probability of behaviour. Data protection and freedom-of-information laws have been a step in the right direction but do not go far enough. Active Voice is required.


pages: 305 words: 93,091

The Art of Invisibility: The World's Most Famous Hacker Teaches You How to Be Safe in the Age of Big Brother and Big Data by Kevin Mitnick, Mikko Hypponen, Robert Vamosi

4chan, big-box store, bitcoin, Bletchley Park, blockchain, connected car, crowdsourcing, data science, Edward Snowden, en.wikipedia.org, end-to-end encryption, evil maid attack, Firefox, Google Chrome, Google Earth, incognito mode, information security, Internet of things, Kickstarter, Laura Poitras, license plate recognition, Mark Zuckerberg, MITM: man-in-the-middle, off-the-grid, operational security, pattern recognition, ransomware, Ross Ulbricht, Salesforce, self-driving car, Silicon Valley, Skype, Snapchat, speech recognition, Tesla Model S, web application, WikiLeaks, zero day, Zimmermann PGP

When the ex-wife and her boyfriend were out of town, the General claimed he would jack up the temperature in the house and then lower it back down before they returned: “I can only imagine what their electricity bills might be. It makes me smile.”1 Researchers at Black Hat USA 2014, a conference for people in the information security industry, revealed a few ways in which the firmware of a Nest thermostat could be compromised.2 It is important to note that many of these compromises require physical access to the device, meaning that someone would have to get inside your house and install a USB port on the thermostat. Daniel Buentello, an independent security researcher, one of four presenters who talked about hacking the device, said, “This is a computer that the user can’t put an antivirus on.


pages: 295 words: 89,441

Aiming High: Masayoshi Son, SoftBank, and Disrupting Silicon Valley by Atsuo Inoue

Adam Neumann (WeWork), air freight, Apple II, bitcoin, Black Lives Matter, business climate, cloud computing, coronavirus, COVID-19, fixed income, game design, George Floyd, hive mind, information security, interest rate swap, Internet of things, Jeff Bezos, Kickstarter, Kōnosuke Matsushita, Larry Ellison, lateral thinking, Masayoshi Son, off grid, popular electronics, self-driving car, shareholder value, sharing economy, Silicon Valley, social distancing, SoftBank, Steve Ballmer, Steve Jobs, Steve Wozniak, TikTok, Vision Fund, WeWork

What I want to make perfectly clear, however, and what I’ve always maintained, is that we are an investment company. The consolidated totals concerning the valuation of the companies we invest in is irrelevant when looking at our own valuation.’ Goto Yoshimitsu (SoftBank Group director, senior managing executive officer, chief financial officer, chief information security officer and chief sustainability officer) gives his assessment, his tone calm and measured as ever. ‘Take the current situation, for example. Having an operating loss of 1.3 trillion yen is unthinkably bad but you only have to look at the financial results for 2019 where we posted an operating profit of 2.3 trillion yen – an extraordinary good result, second only to Toyota.


pages: 277 words: 91,698

SAM: One Robot, a Dozen Engineers, and the Race to Revolutionize the Way We Build by Jonathan Waldman

Burning Man, computer vision, Ford paid five dollars a day, glass ceiling, helicopter parent, Hyperloop, industrial robot, information security, James Webb Space Telescope, job automation, Lean Startup, minimum viable product, off grid, Ralph Nader, Ralph Waldo Emerson, Ronald Reagan, self-driving car, Silicon Valley, stealth mode startup, Steve Jobs, Strategic Defense Initiative, strikebreaker, union organizing, Yogi Berra

In Muscat, they admired the Sultan Qaboos Grand Mosque, which had taken six years to build and whose masonry dome easily outflanked the best in America. They lay on towels on the beach and soaked up the sun while, not fifty feet away, one wave at a time, water ground particles into unusable construction material. At some point, back in Dubai, a housekeeper found eggshells in Zak’s trash can and informed security. Zak was told not to use the electric hot plate in his room anymore. He ignored the instruction and continued to cook his own meals until the last day of the program, when hotel staff confiscated the device. By then, Zak had eaten at least thirty burgers, and come no closer to getting SAM or CR some action.


Days of Fire: Bush and Cheney in the White House by Peter Baker

"Hurricane Katrina" Superdome, addicted to oil, Alan Greenspan, anti-communist, battle of ideas, Bear Stearns, Berlin Wall, Bernie Madoff, Bob Geldof, Boeing 747, buy low sell high, carbon tax, card file, clean water, collective bargaining, cuban missile crisis, desegregation, drone strike, energy security, facts on the ground, failed state, Fall of the Berlin Wall, friendly fire, Glass-Steagall Act, guest worker program, hiring and firing, housing crisis, illegal immigration, immigration reform, information security, Mikhail Gorbachev, MITM: man-in-the-middle, no-fly zone, operational security, Robert Bork, rolling blackouts, Ronald Reagan, Ronald Reagan: Tear down this wall, Saturday Night Live, South China Sea, stem cell, Ted Sorensen, too big to fail, uranium enrichment, War on Poverty, working poor, Yom Kippur War

The order, first signed by Bill Clinton in 1995 and later updated and reissued by Bush in 2003, required that any “entity within the executive branch that comes into the possession of classified information” report annually how much it was keeping secret—not even what it kept secret, just the quantity. Cheney’s office filed reports in 2001 and 2002 but stopped filing in 2003. By 2004, the Information Security Oversight Office at the National Archives and Records Administration responded by ordering an inspection of Cheney’s office to see how sensitive material was handled, but his staff blocked the examination. The vice president’s team later proposed amending the executive order to abolish the Information Security Oversight Office altogether. Bush found such disputes baffling. With so much else going on, he was interested in one last chance to achieve a historic domestic initiative, not to poke at a hornet’s nest.

., 1.1, 1.2, 2.1, 2.2, 6.1, 6.2, 9.1, 10.1, 12.1, 12.2, 12.3, 12.4, 12.5, 12.6, 13.1, 15.1, 16.1, 21.1, 24.1, 24.2, 28.1, 29.1, 30.1, 30.2, 31.1, 31.2, 32.1, 33.1, 34.1, 35.1, 35.2, 35.3, 36.1, epl.1 House Republican Conference housing market, 24.1, 26.1, 27.1, 33.1, 34.1, 35.1, 35.2, 36.1, 37.1, epl.1 Houston, Sam Howard, Arlene, 8.1, 8.2, 8.3 Howard, George Hoyer, Steny Hubbard, Al, 21.1, 30.1 Hubbard, Glenn, 3.1, 11.1, 13.1, 13.2 Huckabee, Mike, 31.1, 33.1 Hughes, Karen, 2.1, 3.1, 3.2, 3.3, 3.4, 3.5, 4.1, 4.2, 5.1, 5.2, 6.1, 6.2, 6.3, 6.4, 6.5, 7.1, 7.2, 8.1, 8.2, 8.3, 8.4, 9.1, 10.1, 10.2, 11.1, 11.2, 12.1, 13.1, 13.2, 13.3, 13.4, 14.1, 14.2, 17.1, 18.1, 19.1, 19.2, 20.1, 21.1, 24.1, 25.1, 26.1, 27.1, 29.1, 31.1, 34.1, 35.1, 35.2, 37.1, epl.1 Hu Jintao, 25.1, 28.1, 33.1, 35.1 Hume, Brit Hundred Degree Club, 11.1, 27.1 Hunt, Al Hunt, Terence, 28.1, 28.2 Hurricane Gustav Hurricane Katrina, 23.1, 23.2, 23.3, 24.1, 27.1, 31.1, 35.1, 35.2, epl.1, epl.2, nts.1n–29n, nts.2n–49n Hussein, Qusay, 14.1, 16.1 Hussein, Saddam, prl.1, prl.2, 2.1, 5.1, 6.1, 7.1, 7.2, 8.1, 8.2, 8.3, 8.4, 8.5, 8.6, 9.1, 10.1, 10.2, 11.1, 11.2, 11.3, 12.1, 13.1, 14.1, 15.1, 15.2, 16.1, 16.2, 16.3, 17.1, 18.1, 18.2, 18.3, 18.4, 20.1, 21.1, 21.2, 24.1, 26.1, 26.2, 28.1, 30.1, 30.2, 30.3, 33.1, 35.1, 35.2, 36.1, epl.1, epl.2, epl.3, nts.1n Hussein, Uday, 14.1, 16.1 Hutchinson, Asa Hutchison, Kay Bailey Huxley, Aldous Ibrahim, Saad Eddin Ifill, Gwen Ignatius, David immigration reform, 2.1, 3.1, 20.1, 21.1, 21.2, 24.1, 31.1, 32.1, 32.2, 33.1, 37.1, epl.1, epl.2 independent voters, 5.1, 17.1, 17.2, 19.1, 28.1 India, 3.1, 5.1, 16.1 Information Security Oversight Office inspectors, weapons, 11.1, 12.1, 12.2, 12.3, 13.1, 13.2, 13.3, 13.4, 13.5, 13.6, 15.1, 17.1, 17.2 Insurrection Act (1807), 23.1, 23.2 Intelligence Identities Protection Act (1982) International Atomic Energy Agency (IAEA), 13.1, 32.1 International Committee of the Red Cross International Criminal Court (ICC) interrogations, 10.1, 11.1, 18.1, 18.2, 20.1, 22.1, 24.1, 28.1, 28.2, 28.3, 31.1, 33.1, 33.2, 35.1, 35.2, epl.1, epl.2, epl.3, epl.4 In the Heart of the Sea (Philbrick) Iowa primary, 3.1, 17.1, 35.1 Iran, prl.1, 2.1, 2.2, 7.1, 10.1, 10.2, 11.1, 11.2, 11.3, 14.1, 16.1, 17.1, 18.1, 18.2, 21.1, 24.1, 26.1, 27.1, 29.1, 30.1, 31.1, 32.1, 32.2, 33.1, 34.1, 35.1, 35.2, 37.1, epl.1, epl.2 Iran-contra scandal, 2.1, 17.1, epl.1 Iraq Body Count Iraq Governing Council, 16.1, 16.2, 16.3, 17.1 Iraq Interim Authority, 13.1, 14.1 Iraq Stabilization Group Iraq Study Group, 28.1, 29.1, 30.1 Iraq Summit, 26.1, 29.1 Iraq Survey Group Iraq War: Arab reaction to, 8.1, 11.1, 11.2, 11.3, 12.1, 13.1, 29.1, 33.1, 35.1, 36.1, epl.1, epl.2 casualties in, 2.1, 11.1, 13.1, 13.2, 22.1, 24.1, 26.1, 26.2, 27.1, 30.1, 31.1, nts.1n constitution established in, 15.1, 16.1, 16.2, 20.1, 21.1, 21.2, 22.1, 24.1, 26.1 insurgency in, 13.1, 14.1, 15.1, 16.1, 16.2, 16.3, 17.1, 20.1, 21.1, 21.2, 21.3, 23.1, 25.1, 26.1, 26.2, 26.3, 27.1, 28.1, 29.1, 29.2, 33.1, epl.1 interim government in, 10.1, 13.1, 14.1, 16.1, 20.1, 21.1, 25.1, 26.1 invasion in, prl.1, 8.1, 8.2, 9.1, 10.1, 11.1, 12.1, 13.1, 13.2, 13.3, 13.4, 13.5, 13.6, 13.7, 13.8, 14.1, 17.1, 17.2, 19.1, 21.1, 21.2, 26.1, 26.2, 27.1, 28.1, 28.2, 30.1, 30.2, 31.1, 33.1, 33.2 Iraqi elections (2005) held during, 15.1, 16.1, 20.1, 21.1, 21.2, 24.1, 24.2, 25.1, 25.2, 26.1, 30.1 occupation after, prl.1, 2.1, 5.1, 5.2, 5.3, 6.1, 7.1, 8.1, 8.2, 9.1, 10.1, 10.2, 10.3, 11.1, 11.2, 13.1, 16.1, 16.2, 17.1, 18.1, 20.1, 27.1, 35.1 reconstruction for, 13.1, 13.2, 13.3, 16.1, 24.1, 25.1 regime change in, 5.1, 6.1, 9.1, 10.1, 11.1, 11.2, 12.1, 12.2, 12.3, 13.1, 14.1, 14.2, 14.3, 21.1, 30.1 surge strategy for, 26.1, 26.2, 26.3, 27.1, 27.2, 27.3, 28.1, 28.2, 28.3, 28.4, 28.5, 28.6, 29.1, 29.2, 29.3, 31.1, 31.2, 31.3, 31.4, 32.1, 32.2, 32.3, 32.4, 33.1, 33.2, 34.1, 35.1, epl.1, epl.2, epl.3 troop deployment in, prl.1, prl.2, prl.3, 10.1, 11.1, 12.1, 13.1, 13.2, 13.3, 14.1, 14.2, 15.1, 16.1, 16.2, 17.1, 18.1, 20.1, 20.2, 24.1, 24.2, 25.1 troop withdrawal in, 20.1, 20.2, 21.1, 21.2, 22.1, 22.2, 24.1, 26.1, 27.1, 27.2, 28.1, 29.1, 29.2, 29.3, 29.4, 30.1, 31.1, 31.2, 31.3, 31.4, 32.1, 33.1, 32.2, 32.3, 33.2, 35.1, 36.1, nts.1n–51n UN resolutions on, 11.1, 11.2, 11.3, 12.1, 12.2, 12.3, 12.4, 13.1, 13.2, 13.3, 16.1, 18.1 “Iron Triangle,” 3.1, 17.1 Islam, 8.1, 8.2, 8.3, 8.4, 16.1, 21.1, epl.1, epl.2 Islamic Center of Washington Islamic extremists, 8.1, 16.1, 21.1 Islamic Movement of Uzbekistan Israel, 5.1, 6.1, 8.1, 11.1, 11.2, 11.3, 14.1, 14.2, 20.1, 24.1, 27.1, 27.2, 31.1, 31.2, 32.1, 33.1, 33.2, 33.3, 34.1, 35.1 Ivanov, Igor, 10.1, 26.1 Jaafari, Ibrahim al-, 21.1, 25.1, 25.2, 26.1 Jackson, Andrew, 5.1, epl.1 Jackson, Barry James, Marquis Janjaweed Japan, 11.1, 16.1, epl.1 Japanese-American internment camps Jarrett, Valerie Jefferson, Thomas Jefferson, William Jeffords, James, 6.1, 12.1 Jeffrey, James Jennings, Peter Jesus Christ, 2.1, 3.1, 11.1, nts.1n Jeter, Derek Jews, 8.1, 11.1, 13.1, 13.2 John Adams (McCullough) Johnson, Clay, 25.1, 37.1 Johnson, Lyndon B., 2.1, 3.1, 3.2, 6.1, 17.1, 23.1, 26.1, 27.1, 29.1, 30.1, 35.1, epl.1 Joints Chiefs of Staff, U.S., 2.1, 6.1, 8.1, 9.1, 10.1, 11.1, 13.1, 13.2, 29.1, 29.2, 30.1, 30.2, 31.1, 32.1 Jones, Edith Jones, Frederick, 16.1, 19.1, 21.1, 24.1, 26.1 Jordan, Vernon Joseph, Robert, 5.1, 14.1, 15.1, 16.1, 23.1, 31.1 JPMorgan Chase Jumblatt, Walid Jurgens, Thomas Justice Department, U.S., 9.1, 9.2, 10.1, 10.2, 11.1, 11.2, 15.1, 16.1, 17.1, 18.1, 20.1, 23.1, 24.1, 26.1, 32.1, 34.1, 35.1, 37.1, epl.1, nts.1n Kabul, 10.1, 10.2, 10.3, 10.4, 25.1, 28.1, 31.1, 36.1 Kagan, Frederick W., 26.1, 26.2, 29.1, 29.2, 29.3 Kagan, Robert Kandahar, 9.1, 10.1, 28.1 Kaplan, Joel, 11.1, 25.1, 28.1, 34.1, 34.2, 35.1, 36.1, 36.2, 37.1, 37.2, 37.3 Kaplan, Robert Kappes, Stephen Karami, Omar Karine A incident (2002) Karzai, Hamid, 10.1, 25.1, 28.1, 31.1, 36.1 Kasich, John Kass, Leon Kaufman, Ron, 3.1, 3.2 Kavanaugh, Ashley Kavanaugh, Brett Kay, David, 15.1, 17.1, 17.2, 18.1 Kazakhstan, 27.1, 31.1 Kean, Thomas H., 17.1, 18.1, 20.1 Keane, Jack, 28.1, 29.1, 30.1, 30.2, 31.1, 31.2, 32.1 Keating, Frank, 3.1, 8.1 Keegan, John Keene, David Keil, Richard, 7.1, 8.1, 28.1, 28.2 Kellems, Kevin, 9.1, 16.1 Keller, Bill, 24.1, 24.2, nts.1n Kelley, William, 22.1, 23.1, 23.2, 23.3 Kelly, James, 12.1, 17.1, 17.2 Kemp, Jack Kennedy, Anthony M.


Israel & the Palestinian Territories Travel Guide by Lonely Planet

active transport: walking or cycling, airport security, Albert Einstein, back-to-the-land, bike sharing, biodiversity loss, carbon footprint, centre right, clean water, coronavirus, flag carrier, G4S, game design, gentrification, high-speed rail, illegal immigration, information security, Khartoum Gordon, Louis Pasteur, sensible shoes, Silicon Valley, Skype, South China Sea, special economic zone, spice trade, Suez canal 1869, trade route, urban planning, Yom Kippur War, zero-sum game

Month by Month Itineraries Crossing Borders Travel with Children Regions at a Glance On The Road Jerusalem History Sights Courses Tours Festivals & Events Sleeping Eating Drinking & Nightlife Entertainment Shopping Abu Ghosh Eating Soreq Cave Caves of Maresha & Beit-Guvrin Latrun Around Latrun Tel Aviv-Jaffa (Yafo) - History Sights Beaches Activities Festivals & Events Sleeping Eating Drinking & Nightlife Entertainment Shopping Herzliya Sights Eating Netanya Activities Eating Ramla Sights Eating Haifa & the North Coast Haifa & the North Coast Highlights Haifa Daliyat al-Karmel - Carmelite Monastery of St Elijah Atlit Ein Hod & Ayn Hawd Zichron Ya'acov Mey Kedem Jisr az-Zarka ' Caesarea Akko (Acre) Around Akko Baha'i Gardens & Shrine of Baha'ullah Kibbutz Lohamei HaGeta'ot Nahariya North of Nahariya Montfort Akhziv Lower Galilee & Sea of Galilee Lower Galilee & Sea of Galilee Highlights Nazareth Kafr Kana Tzipori Mt Tabor Area Mt Tabor Kfar Tavor Kfar Kisch Kfar Kama Jezreel & Beit She'an Valleys Beit She'an Belvoir Beit Alpha Synagogue Gangaroo Animal Park ' ' Ein Harod Tiberias Sea of Galilee North of Tiberias South of Tiberias Eastern Shore Hamat Gader Upper Galilee & Golan Upper Galilee & Golan Highlights The Upper Galilee Tsfat (Safed) Mt Meron Area Rosh Pina Around Rosh Pina Hula Valley Kiryat Shmona & Tel Hai Metula East of Kiryat Shmona The Golan Heights Katzrin South of Katzrin North of Katzrin Northern Golan West Bank West Bank Highlights Bethlehem Around Bethlehem Ramallah & Al-Bireh Around Ramallah Jericho & Around Hebron Nablus Jenin The Gaza Strip Gaza City Elsewhere in the Gaza Strip Khan Younis Rafah The Dead Sea Dead Sea Highlights Ein Gedi North of Ein Gedi Masada Ein Bokek Sodom Neot HaKikar The Negev The Negev Highlights Arad Around Arad Be'er Sheva Around Be'er Sheva Sde Boker Mitzpe Ramon The Arava Eilat Around Eilat Petra Petra Highlights The Ancient City Wadi Musa Siq al-Barid (Little Petra) ( ) Understand Understand Israel & the Palestinian Territories Israel & the Palestinian Territories Today History People of Israel & the Palestinian Territories Hummus & Olives Regional Food Daily Life Government & Politics Religion Arts Environment Survive Safe Travel Travel Advisories & Information Security Measures in Israel News in English Safe Travel in the West Bank Political Protests Minefields Directory AZ Accommodation Activities Customs Regulations Dangers & Annoyances Discount Cards Electricity Embassies & Consulates Food Gay & Lesbian Travellers Insurance Internet Access Legal Matters Maps Money Opening Hours Post Telephone Time Tourist Information Travellers with Disabilities Visas Volunteering Weights & Measures Women Travellers Work Transport Getting There & Away Getting Around Health Before You Go In Israel & the Palestinian Territories Language Glossary Behind the Scenes Our Writers Special Features Religious Sites Welcome to Israel & the Palestinian Territories At the intersection of Asia, Europe and Africa – both geographically and culturally – Israel and the Palestinian Territories have been a meeting place of cultures, empires and religions since history began.

Palestine Wildlife Society (www.wildlife-pal.org) - an educational and research NGO focusing on nature conservation. Palestinian Ministry of Environmental Affairs (www.mena.gov.ps) - charged with environmental regulation and education. Society for the Protection of Nature in Israel (www.natureisrael.org) Israel’s oldest and largest environmental organisation. Safe Travel Travel Advisories & Information Security Measures in Israel News in English Safe Travel in the West Bank Political Protests Minefields Safe Travel Is it safe? This is a question friends and family are likely to ask when you announce your plans to travel to Israel and/or the Palestinian Territories. The answer will always depend on current events, and can change within the space of a few days.


pages: 308 words: 99,298

Brexit, No Exit: Why in the End Britain Won't Leave Europe by Denis MacShane

"World Economic Forum" Davos, 3D printing, Alan Greenspan, Alvin Toffler, banking crisis, battle of ideas, Big bang: deregulation of the City of London, Boris Johnson, Bretton Woods, Brexit referendum, British Empire, centre right, Corn Laws, deindustrialization, Doha Development Round, Donald Trump, Etonian, European colonialism, fake news, financial engineering, first-past-the-post, fixed income, Gini coefficient, greed is good, illegal immigration, information security, James Dyson, Jeremy Corbyn, labour mobility, liberal capitalism, low cost airline, low interest rates, Martin Wolf, mass immigration, military-industrial complex, Mont Pelerin Society, negative equity, Neil Kinnock, new economy, non-tariff barriers, offshore financial centre, open borders, open economy, post-truth, price stability, purchasing power parity, quantitative easing, reshoring, road to serfdom, secular stagnation, Silicon Valley, Thales and the olive presses, trade liberalization, transaction costs, women in the workforce

The reader can skip the titles of the organisations but they are examples of what may be lost if the full, hardline Brexit desired by politicians like Nigel Farage and Iain Duncan Smith is achieved: Agency for the Cooperation of Energy Regulators; Clean Sky Joint Undertaking; Community Plant Variety Office; European Agency for Safety and Health at Work; European Asylum Support Office; European Aviation Safety Agency; European Banking Authority; European Centre for Disease Prevention and Control; European Centre for the Development of Vocational Training; European Chemicals Agency; European Defence Agency; European Environment Agency; European Fisheries Control Agency; European Food Safety Authority; European Foundation for the Improvement of Living and Working Conditions; European Global Navigation Satellite Systems Agency; European Institute for Gender Equality; European Institute for Innovation and Technology; European Joint Undertaking for ITER and the Development of Fusion Energy; European Maritime Safety Energy; European Medicines Agency; European Monitoring Centre for Drugs and Drug Addiction; European Police College; European Police Office (EUROPOL); European Railway Agency; European Securities and Markets Authority; European Training Foundation; European Union Agency for Fundamental Rights; European Union Agency for Network and Information Security; European Union Agency for the Management of Operational Cooperation at the External Borders (FRONTEX); European Union Institute for Security Studies; European Union Satellite Centre; European Union’s Judicial Cooperation Unity (EUROJUST); Fuel Cells and Hydrogen Joint Undertaking; Innovative Medicines Unit Joint Undertaking; Office for the Harmonisation in the Internal Market – Trade Marks and Design; Office of the Body of European Regulators for Electronic Communications; Translation Centre for the Bodies of the European Union.


pages: 410 words: 101,260

Originals: How Non-Conformists Move the World by Adam Grant

"World Economic Forum" Davos, Abraham Maslow, Albert Einstein, Apple's 1984 Super Bowl advert, availability heuristic, barriers to entry, behavioural economics, Bluma Zeigarnik, business process, business process outsourcing, Cass Sunstein, classic study, clean water, cognitive dissonance, creative destruction, cuban missile crisis, Daniel Kahneman / Amos Tversky, Dean Kamen, double helix, Elon Musk, emotional labour, fear of failure, Firefox, George Santayana, Ignaz Semmelweis: hand washing, information security, Jeff Bezos, Jeff Hawkins, job satisfaction, job-hopping, Joseph Schumpeter, Kevin Roose, Kickstarter, Lean Startup, Louis Pasteur, Mahatma Gandhi, Mark Zuckerberg, meta-analysis, minimum viable product, Neil Armstrong, Nelson Mandela, Network effects, off-the-grid, PalmPilot, pattern recognition, Paul Graham, Peter Thiel, Ralph Waldo Emerson, random walk, risk tolerance, Rosa Parks, Saturday Night Live, Sheryl Sandberg, Silicon Valley, Skype, Steve Jobs, Steve Wozniak, Steven Pinker, TED Talk, The Wisdom of Crowds, women in the workforce

As iconic filmmaker Francis Ford Coppola observed, “The way to come to power is not always to merely challenge the Establishment, but first make a place in it and then challenge and double-cross the Establishment.” When Medina made the risky choice to present her idea again, she stabilized her risk portfolio by applying for a job that focused on information security. Her primary role was to keep knowledge safe. “That’s not something I would have normally gone for—it was a very conservative thing,” she remembers. The other things I had to do with the security of our publications didn’t excite me. But I could eventually use this in a smaller way to do the things I wanted to get done.


pages: 326 words: 103,170

The Seventh Sense: Power, Fortune, and Survival in the Age of Networks by Joshua Cooper Ramo

air gap, Airbnb, Alan Greenspan, Albert Einstein, algorithmic trading, barriers to entry, Berlin Wall, bitcoin, Bletchley Park, British Empire, cloud computing, Computing Machinery and Intelligence, crowdsourcing, Danny Hillis, data science, deep learning, defense in depth, Deng Xiaoping, drone strike, Edward Snowden, Fairchild Semiconductor, Fall of the Berlin Wall, financial engineering, Firefox, Google Chrome, growth hacking, Herman Kahn, income inequality, information security, Isaac Newton, Jeff Bezos, job automation, Joi Ito, Laura Poitras, machine translation, market bubble, Menlo Park, Metcalfe’s law, Mitch Kapor, Morris worm, natural language processing, Neal Stephenson, Network effects, Nick Bostrom, Norbert Wiener, Oculus Rift, off-the-grid, packet switching, paperclip maximiser, Paul Graham, power law, price stability, quantitative easing, RAND corporation, reality distortion field, Recombinant DNA, recommendation engine, Republic of Letters, Richard Feynman, road to serfdom, Robert Metcalfe, Sand Hill Road, secular stagnation, self-driving car, Silicon Valley, Skype, Snapchat, Snow Crash, social web, sovereign wealth fund, Steve Jobs, Steve Wozniak, Stewart Brand, Stuxnet, superintelligent machines, systems thinking, technological singularity, The Coming Technological Singularity, The Wealth of Nations by Adam Smith, too big to fail, Vernor Vinge, zero day

(The phrase means to take control of, or to “own,” a system. The spelling is an artifact of an overenthusiastic video-game death-match gloat, when one player killed another and in his rush to celebrate typed something along the lines of “I pwned you!” The mistyping lives on today: The highest award in information security is known as the Pwnie.) Bratus calls the resulting pwned device a weird machine: a computer, a sensor, a drone that has been silently made to do something unintended. Made weird. Hacking is, after all, a kind of perverse programming. It involves slipping inside a machine and then driving it to do things it wasn’t intended to do by giving it instructions its designers never knew it might receive.


pages: 328 words: 100,381

Top Secret America: The Rise of the New American Security State by Dana Priest, William M. Arkin

airport security, business intelligence, company town, dark matter, disinformation, drone strike, friendly fire, Google Earth, hiring and firing, illegal immigration, immigration reform, index card, information security, Julian Assange, operational security, profit motive, RAND corporation, Ronald Reagan, Timothy McVeigh, WikiLeaks

None of that was true. To understand how far the government has fallen into the bottomless well of official secrets, step into William Bosanko’s stately pale-yellow office at the National Archives on Pennsylvania Avenue, not far from the White House. With only twenty-three employees, his agency, the obscure Information Security Oversight Office (ISOO), is supposed to ensure that the entire government classifies and protects its documents properly. But since 2001, the number of newly classified documents has tripled to over 23 million, while his staff has barely grown. Bosanko said that with so few resources, ISOO has not even attempted to gain access to the government’s Special Access Programs.


pages: 348 words: 97,277

The Truth Machine: The Blockchain and the Future of Everything by Paul Vigna, Michael J. Casey

3D printing, additive manufacturing, Airbnb, altcoin, Amazon Web Services, barriers to entry, basic income, Berlin Wall, Bernie Madoff, Big Tech, bitcoin, blockchain, blood diamond, Blythe Masters, business process, buy and hold, carbon credits, carbon footprint, cashless society, circular economy, cloud computing, computer age, computerized trading, conceptual framework, content marketing, Credit Default Swap, cross-border payments, crowdsourcing, cryptocurrency, cyber-physical system, decentralized internet, dematerialisation, disinformation, disintermediation, distributed ledger, Donald Trump, double entry bookkeeping, Dunbar number, Edward Snowden, Elon Musk, Ethereum, ethereum blockchain, failed state, fake news, fault tolerance, fiat currency, financial engineering, financial innovation, financial intermediation, Garrett Hardin, global supply chain, Hernando de Soto, hive mind, informal economy, information security, initial coin offering, intangible asset, Internet of things, Joi Ito, Kickstarter, linked data, litecoin, longitudinal study, Lyft, M-Pesa, Marc Andreessen, market clearing, mobile money, money: store of value / unit of account / medium of exchange, Network effects, off grid, pets.com, post-truth, prediction markets, pre–internet, price mechanism, profit maximization, profit motive, Project Xanadu, ransomware, rent-seeking, RFID, ride hailing / ride sharing, Ross Ulbricht, Satoshi Nakamoto, self-driving car, sharing economy, Silicon Valley, smart contracts, smart meter, Snapchat, social web, software is eating the world, supply-chain management, Ted Nelson, the market place, too big to fail, trade route, Tragedy of the Commons, transaction costs, Travis Kalanick, Turing complete, Uber and Lyft, uber lyft, unbanked and underbanked, underbanked, universal basic income, Vitalik Buterin, web of trust, work culture , zero-sum game

In the wake of the 2016 legal battle: For a useful analysis of this dispute, see: Arash Khamooshi, “Breaking Down Apple’s iPhone Fight with the U.S. Government,” The New York Times, March 21, 2016, https://www.nytimes.com/interactive/2016/03/03/technology/apple-iphone-fbi-fight-explained.html. Even though the world spent: “Gartner Says Worldwide Information Security Spending Will Grow Almost 4.7 Percent to Reach $75.4 Billion in 2015,” Gartner, September 23, 2015, http://www.gartner.com/newsroom/id/3135617. were running at $400 billion: Stephen Gandel, “Lloyd’s CEO: Cyber Attacks Cost Companies $400 Billion Every Year,” Fortune, January 23, 2015, http://fortune.com/2015/01/23/cyber-attack-insurance-lloyds/.


pages: 332 words: 100,601

Rebooting India: Realizing a Billion Aspirations by Nandan Nilekani

Airbnb, Atul Gawande, autonomous vehicles, barriers to entry, bitcoin, call centre, carbon credits, cashless society, clean water, cloud computing, collaborative consumption, congestion charging, DARPA: Urban Challenge, data science, dematerialisation, demographic dividend, digital rights, driverless car, Edward Snowden, en.wikipedia.org, energy security, fail fast, financial exclusion, gamification, Google Hangouts, illegal immigration, informal economy, information security, Khan Academy, Kickstarter, knowledge economy, land reform, law of one price, M-Pesa, machine readable, Mahatma Gandhi, Marc Andreessen, Mark Zuckerberg, mobile money, Mohammed Bouazizi, more computing power than Apollo, Negawatt, Network effects, new economy, off-the-grid, offshore financial centre, price mechanism, price stability, rent-seeking, RFID, Ronald Coase, school choice, school vouchers, self-driving car, sharing economy, Silicon Valley, single source of truth, Skype, smart grid, smart meter, software is eating the world, source of truth, Steve Jobs, systems thinking, The future is already here, The Nature of the Firm, transaction costs, vertical integration, WikiLeaks, work culture

The positive impact on financial inclusion, bringing in ever more people into the formal financial sector, is an illustration of one of our core ideas—expecting organizations to participate in an initiative solely because it’s a worthy social goal isn’t likely to succeed. The minute we manage to make it an attractive business model by adding appropriate financial incentives, people are immediately willing to join in, and the whole ecosystem grows and expands in ways we ourselves might not have foreseen. e-KYC also represents significant improvements in information security and handling, especially important in a country that doesn’t have a strong set of regulations around data privacy. Features like explicit consent, biometric verification and digital signatures make the e-KYC process robust and tamper-proof, and resistant to identity theft. Transactions are easy to store and trace, making audits far simpler.


pages: 368 words: 96,825

Bold: How to Go Big, Create Wealth and Impact the World by Peter H. Diamandis, Steven Kotler

3D printing, additive manufacturing, adjacent possible, Airbnb, Amazon Mechanical Turk, Amazon Web Services, Apollo 11, augmented reality, autonomous vehicles, Boston Dynamics, Charles Lindbergh, cloud computing, company town, creative destruction, crowdsourcing, Daniel Kahneman / Amos Tversky, data science, deal flow, deep learning, dematerialisation, deskilling, disruptive innovation, driverless car, Elon Musk, en.wikipedia.org, Exxon Valdez, fail fast, Fairchild Semiconductor, fear of failure, Firefox, Galaxy Zoo, Geoffrey Hinton, Google Glasses, Google Hangouts, gravity well, hype cycle, ImageNet competition, industrial robot, information security, Internet of things, Jeff Bezos, John Harrison: Longitude, John Markoff, Jono Bacon, Just-in-time delivery, Kickstarter, Kodak vs Instagram, Law of Accelerating Returns, Lean Startup, life extension, loss aversion, Louis Pasteur, low earth orbit, Mahatma Gandhi, Marc Andreessen, Mark Zuckerberg, Mars Rover, meta-analysis, microbiome, minimum viable product, move fast and break things, Narrative Science, Netflix Prize, Network effects, Oculus Rift, OpenAI, optical character recognition, packet switching, PageRank, pattern recognition, performance metric, Peter H. Diamandis: Planetary Resources, Peter Thiel, pre–internet, Ray Kurzweil, recommendation engine, Richard Feynman, ride hailing / ride sharing, risk tolerance, rolodex, Scaled Composites, self-driving car, sentiment analysis, shareholder value, Sheryl Sandberg, Silicon Valley, Silicon Valley startup, skunkworks, Skype, smart grid, SpaceShipOne, stem cell, Stephen Hawking, Steve Jobs, Steven Levy, Stewart Brand, Stuart Kauffman, superconnector, Susan Wojcicki, synthetic biology, technoutopianism, TED Talk, telepresence, telepresence robot, Turing test, urban renewal, Virgin Galactic, Wayback Machine, web application, X Prize, Y Combinator, zero-sum game

Taken together, my hope is that these how-to sections serve as a comprehensive playbook, literally a user’s guide for going big, creating wealth, and impacting the world. Let’s begin. Case Study 1: Freelancer—Quantum Mechanic for Hire by the Hour11 It started back in the late 2000s. Matt Barrie was irritated. A venture capitalist and entrepreneur with expertise in information security, Barrie was coding a website and trying to hire someone—anyone—to do some basic data entry. His rates were decent. He was willing to pay two dollars a line to the kid brother or kid sister of a friend. But there was soccer practice. There were exams. The whole process dragged on for months.


pages: 371 words: 98,534

Red Flags: Why Xi's China Is in Jeopardy by George Magnus

"World Economic Forum" Davos, 3D printing, 9 dash line, Admiral Zheng, AlphaGo, Asian financial crisis, autonomous vehicles, balance sheet recession, banking crisis, Bear Stearns, Bretton Woods, Brexit referendum, BRICs, British Empire, business process, capital controls, carbon footprint, Carmen Reinhart, cloud computing, colonial exploitation, corporate governance, crony capitalism, currency manipulation / currency intervention, currency peg, demographic dividend, demographic transition, Deng Xiaoping, Doha Development Round, Donald Trump, financial deregulation, financial innovation, financial repression, fixed income, floating exchange rates, full employment, general purpose technology, Gini coefficient, global reserve currency, Great Leap Forward, high net worth, high-speed rail, hiring and firing, Hyman Minsky, income inequality, industrial robot, information security, Internet of things, invention of movable type, Joseph Schumpeter, Kenneth Rogoff, Kickstarter, labour market flexibility, labour mobility, land reform, Malacca Straits, means of production, megacity, megaproject, middle-income trap, Minsky moment, money market fund, moral hazard, non-tariff barriers, Northern Rock, offshore financial centre, old age dependency ratio, open economy, peer-to-peer lending, pension reform, price mechanism, purchasing power parity, regulatory arbitrage, rent-seeking, reserve currency, rising living standards, risk tolerance, Shenzhen special economic zone , smart cities, South China Sea, sovereign wealth fund, special drawing rights, special economic zone, speech recognition, The Wealth of Nations by Adam Smith, total factor productivity, trade route, urban planning, vertical integration, Washington Consensus, women in the workforce, working-age population, zero-sum game

This isn’t a uniquely Chinese phenomenon because other Asian countries, such as Japan and South Korea, industrialised behind protectionist barriers too. Yet times were different then and they had the protection and encouragement of the US. China does not. Indeed, China’s practices, for example in industrial procurement, product standards, information security, tax and competition rules, and intellectual property requirements are viewed with increasing concern not just in the US but elsewhere too. SOEs are now being asked to do much more than in the past, when their main task was to search for and gain access to natural resources and trade opportunities.


pages: 349 words: 102,827

The Infinite Machine: How an Army of Crypto-Hackers Is Building the Next Internet With Ethereum by Camila Russo

4chan, Airbnb, Alan Greenspan, algorithmic trading, altcoin, always be closing, Any sufficiently advanced technology is indistinguishable from magic, Asian financial crisis, Benchmark Capital, Big Tech, bitcoin, blockchain, Burning Man, Cambridge Analytica, Cody Wilson, crowdsourcing, cryptocurrency, distributed ledger, diversification, Dogecoin, Donald Trump, East Village, Ethereum, ethereum blockchain, Flash crash, Free Software Foundation, Google Glasses, Google Hangouts, hacker house, information security, initial coin offering, Internet of things, Mark Zuckerberg, Maui Hawaii, mobile money, new economy, non-fungible token, off-the-grid, peer-to-peer, Peter Thiel, pets.com, Ponzi scheme, prediction markets, QR code, reserve currency, RFC: Request For Comment, Richard Stallman, Robert Shiller, Sand Hill Road, Satoshi Nakamoto, semantic web, sharing economy, side project, Silicon Valley, Skype, slashdot, smart contracts, South of Market, San Francisco, the Cathedral and the Bazaar, the payments system, too big to fail, tulip mania, Turing complete, Two Sigma, Uber for X, Vitalik Buterin

Technically, keeping the system attack-free had been his responsibility for all of four hours, so the words he was about to hear sounded like a bad joke. “The network is under attack.” Martin had flown over from Stockholm, his home city, the previous day. Like many in the Ethereum community, he was there for the third annual Devcon. Martin had quit his job working at Nasdaq’s information security department to join Ethereum. He had been informally participating in the online chats with the core developers for the past three months. “Very funny,” Martin said, sitting up on the bed. “Messing with the new guy.” “Um, no. Not a drill. Get over here!” “Shit.” He joined Peter Szilagyi, Jeff Wilcke’s right-hand man leading the Go Ethereum implementation, and a handful of other developers including Nick Johnson, Piper Merriam, and Vitalik in what was intended to be the press room for the biggest Ethereum conference so far.


pages: 337 words: 96,666

Practical Doomsday: A User's Guide to the End of the World by Michal Zalewski

accounting loophole / creative accounting, AI winter, anti-communist, artificial general intelligence, bank run, big-box store, bitcoin, blockchain, book value, Buy land – they’re not making it any more, capital controls, Capital in the Twenty-First Century by Thomas Piketty, Carrington event, clean water, coronavirus, corporate governance, COVID-19, cryptocurrency, David Graeber, decentralized internet, deep learning, distributed ledger, diversification, diversified portfolio, Dogecoin, dumpster diving, failed state, fiat currency, financial independence, financial innovation, fixed income, Fractional reserve banking, Francis Fukuyama: the end of history, Haber-Bosch Process, housing crisis, index fund, indoor plumbing, information security, inventory management, Iridium satellite, Joan Didion, John Bogle, large denomination, lifestyle creep, mass immigration, McDonald's hot coffee lawsuit, McMansion, medical bankruptcy, Modern Monetary Theory, money: store of value / unit of account / medium of exchange, moral panic, non-fungible token, nuclear winter, off-the-grid, Oklahoma City bombing, opioid epidemic / opioid crisis, paperclip maximiser, passive investing, peak oil, planetary scale, ransomware, restrictive zoning, ride hailing / ride sharing, risk tolerance, Ronald Reagan, Satoshi Nakamoto, Savings and loan crisis, self-driving car, shareholder value, Silicon Valley, supervolcano, systems thinking, tech worker, Ted Kaczynski, TED Talk, Tunguska event, underbanked, urban sprawl, Wall-E, zero-sum game, zoonotic diseases

For my children About the Author Michal Zalewski has been actively involved in disaster preparedness for more than a decade, including the publication of a popular 2015 guide titled Disaster Planning for Regular Folks. By day, he is an accomplished security researcher who has been working in information security since the late 1990s, helping companies map out and manage risk in the digital domain. He is the author of two classic security books, The Tangled Web and Silence on the Wire (both No Starch Press), and a recipient of the prestigious Lifetime Achievement Pwnie award. He spent 11 years at Google building its product security program before joining Snap Inc. as a VP of Security & Privacy Engineering.


pages: 363 words: 98,496

Dead in the Water: A True Story of Hijacking, Murder, and a Global Maritime Conspiracy by Matthew Campbell, Kit Chellel

big-box store, coronavirus, COVID-19, drone strike, Edward Lloyd's coffeehouse, eurozone crisis, failed state, Filipino sailors, financial innovation, information security, lockdown, megacity, offshore financial centre, Skype, South China Sea, trade route, WikiLeaks, William Langewiesche

That flow of funds represented a vulnerability that Veale was proposing to exploit. “We’re not talking about trying to seize money from guys with guns,” he said. “We’re talking about frustrating their financial ambitions.” There was an obvious place to start. Pirates tended to be sloppy when it came to information security. Often they used the phones or computers on board captured ships. In one project he worked on, Veale traced their calls and emails to addresses in Minnesota and the English Midlands, nodes in an international money-laundering network. “We can lawfully intercept those communications,” he explained.


pages: 416 words: 106,532

Cryptoassets: The Innovative Investor's Guide to Bitcoin and Beyond: The Innovative Investor's Guide to Bitcoin and Beyond by Chris Burniske, Jack Tatar

Airbnb, Alan Greenspan, altcoin, Alvin Toffler, asset allocation, asset-backed security, autonomous vehicles, Bear Stearns, bitcoin, Bitcoin Ponzi scheme, blockchain, Blythe Masters, book value, business cycle, business process, buy and hold, capital controls, carbon tax, Carmen Reinhart, Clayton Christensen, clean water, cloud computing, collateralized debt obligation, commoditize, correlation coefficient, creative destruction, Credit Default Swap, credit default swaps / collateralized debt obligations, cryptocurrency, disintermediation, distributed ledger, diversification, diversified portfolio, Dogecoin, Donald Trump, Elon Musk, en.wikipedia.org, Ethereum, ethereum blockchain, fiat currency, financial engineering, financial innovation, fixed income, Future Shock, general purpose technology, George Gilder, Google Hangouts, high net worth, hype cycle, information security, initial coin offering, it's over 9,000, Jeff Bezos, Kenneth Rogoff, Kickstarter, Leonard Kleinrock, litecoin, low interest rates, Marc Andreessen, Mark Zuckerberg, market bubble, money market fund, money: store of value / unit of account / medium of exchange, moral hazard, Network effects, packet switching, passive investing, peer-to-peer, peer-to-peer lending, Peter Thiel, pets.com, Ponzi scheme, prediction markets, quantitative easing, quantum cryptography, RAND corporation, random walk, Renaissance Technologies, risk free rate, risk tolerance, risk-adjusted returns, Robert Shiller, Ross Ulbricht, Salesforce, Satoshi Nakamoto, seminal paper, Sharpe ratio, Silicon Valley, Simon Singh, Skype, smart contracts, social web, South Sea Bubble, Steve Jobs, transaction costs, tulip mania, Turing complete, two and twenty, Uber for X, Vanguard fund, Vitalik Buterin, WikiLeaks, Y2K

It involves taking information and scrambling it in such a way that only the intended recipient can understand and use that information for its intended purpose. The process of scrambling the message is encryption, and unscrambling it is decryption, performed through complex mathematical techniques. Cryptography is the battlefield on which those trying to transmit information securely combat those attempting to decrypt or manipulate the information. More recently, cryptography has evolved to include applications like proving the ownership of information to a broader set of actors—such as public key cryptography—which is a large part of how cryptography is used within Bitcoin.


pages: 364 words: 99,897

The Industries of the Future by Alec Ross

"World Economic Forum" Davos, 23andMe, 3D printing, Airbnb, Alan Greenspan, algorithmic bias, algorithmic trading, AltaVista, Anne Wojcicki, autonomous vehicles, banking crisis, barriers to entry, Bernie Madoff, bioinformatics, bitcoin, Black Lives Matter, blockchain, Boston Dynamics, Brian Krebs, British Empire, business intelligence, call centre, carbon footprint, clean tech, cloud computing, collaborative consumption, connected car, corporate governance, Credit Default Swap, cryptocurrency, data science, David Brooks, DeepMind, Demis Hassabis, disintermediation, Dissolution of the Soviet Union, distributed ledger, driverless car, Edward Glaeser, Edward Snowden, en.wikipedia.org, Erik Brynjolfsson, Evgeny Morozov, fiat currency, future of work, General Motors Futurama, global supply chain, Google X / Alphabet X, Gregor Mendel, industrial robot, information security, Internet of things, invention of the printing press, Jaron Lanier, Jeff Bezos, job automation, John Markoff, Joi Ito, Kevin Roose, Kickstarter, knowledge economy, knowledge worker, lifelogging, litecoin, low interest rates, M-Pesa, machine translation, Marc Andreessen, Mark Zuckerberg, Max Levchin, Mikhail Gorbachev, military-industrial complex, mobile money, money: store of value / unit of account / medium of exchange, Nelson Mandela, new economy, off-the-grid, offshore financial centre, open economy, Parag Khanna, paypal mafia, peer-to-peer, peer-to-peer lending, personalized medicine, Peter Thiel, precision agriculture, pre–internet, RAND corporation, Ray Kurzweil, recommendation engine, ride hailing / ride sharing, Rubik’s Cube, Satoshi Nakamoto, selective serotonin reuptake inhibitor (SSRI), self-driving car, sharing economy, Silicon Valley, Silicon Valley startup, Skype, smart cities, social graph, software as a service, special economic zone, supply-chain management, supply-chain management software, technoutopianism, TED Talk, The Future of Employment, Travis Kalanick, underbanked, unit 8200, Vernor Vinge, Watson beat the top human players on Jeopardy!, women in the workforce, work culture , Y Combinator, young professional

The growth is steep, the need will be sustained, and this ever-growing need currently comes up against a major talent shortage. The qualified job candidates are too few. The Bureau of Labor Statistics, hardly prone to hyperbole, reports that there will be “a huge jump” in demand for people with information security skills. Echoing a point made by Jim Gosler, the head of a very successful multibillion-dollar hedge fund based in New York that invests in cyber told me, “There’s a small group of highly talented people who really understand this stuff to the point where they can actually design hardware, software solutions to actually address them.”


pages: 382 words: 105,819

Zucked: Waking Up to the Facebook Catastrophe by Roger McNamee

"Susan Fowler" uber, "World Economic Forum" Davos, 4chan, Albert Einstein, algorithmic trading, AltaVista, Amazon Web Services, Andy Rubin, barriers to entry, Bernie Sanders, Big Tech, Bill Atkinson, Black Lives Matter, Boycotts of Israel, Brexit referendum, Cambridge Analytica, carbon credits, Cass Sunstein, cloud computing, computer age, cross-subsidies, dark pattern, data is the new oil, data science, disinformation, Donald Trump, Douglas Engelbart, Douglas Engelbart, driverless car, Electric Kool-Aid Acid Test, Elon Musk, fake news, false flag, Filter Bubble, game design, growth hacking, Ian Bogost, income inequality, information security, Internet of things, It's morning again in America, Jaron Lanier, Jeff Bezos, John Markoff, laissez-faire capitalism, Lean Startup, light touch regulation, Lyft, machine readable, Marc Andreessen, Marc Benioff, Mark Zuckerberg, market bubble, Max Levchin, Menlo Park, messenger bag, Metcalfe’s law, minimum viable product, Mother of all demos, move fast and break things, Network effects, One Laptop per Child (OLPC), PalmPilot, paypal mafia, Peter Thiel, pets.com, post-work, profit maximization, profit motive, race to the bottom, recommendation engine, Robert Mercer, Ronald Reagan, Russian election interference, Sand Hill Road, self-driving car, Sheryl Sandberg, Silicon Valley, Silicon Valley startup, Skype, Snapchat, social graph, software is eating the world, Stephen Hawking, Steve Bannon, Steve Jobs, Steven Levy, Stewart Brand, subscription business, TED Talk, The Chicago School, The future is already here, Tim Cook: Apple, two-sided market, Uber and Lyft, Uber for X, uber lyft, Upton Sinclair, vertical integration, WikiLeaks, Yom Kippur War

The combination of free-market capitalism plus platform monopolies plus trust in tech by users and policy makers has left us at the mercy of technological authoritarians. The unelected leaders of the largest technology platforms—but especially Facebook and Google—are eroding the foundations of liberal democracy around the world, and yet we have entrusted them with the information security of our 2018 election. They are undermining public health, redefining the limits of personal privacy, and restructuring the global economy, all without giving those affected a voice. Everyone, but especially technology optimists, should investigate the degree to which the interests of the internet giants may conflict with those of the public.


pages: 398 words: 105,917

Bean Counters: The Triumph of the Accountants and How They Broke Capitalism by Richard Brooks

"World Economic Forum" Davos, accounting loophole / creative accounting, Alan Greenspan, asset-backed security, banking crisis, Bear Stearns, Big bang: deregulation of the City of London, blockchain, BRICs, British Empire, business process, Charles Babbage, cloud computing, collapse of Lehman Brothers, collateralized debt obligation, corporate governance, corporate raider, credit crunch, Credit Default Swap, credit default swaps / collateralized debt obligations, David Strachan, Deng Xiaoping, Donald Trump, double entry bookkeeping, Double Irish / Dutch Sandwich, energy security, Etonian, eurozone crisis, financial deregulation, financial engineering, Ford Model T, forensic accounting, Frederick Winslow Taylor, G4S, Glass-Steagall Act, high-speed rail, information security, intangible asset, Internet of things, James Watt: steam engine, Jeremy Corbyn, joint-stock company, joint-stock limited liability company, Joseph Schumpeter, junk bonds, light touch regulation, Long Term Capital Management, low cost airline, new economy, Northern Rock, offshore financial centre, oil shale / tar sands, On the Economy of Machinery and Manufactures, Ponzi scheme, post-oil, principal–agent problem, profit motive, race to the bottom, railway mania, regulatory arbitrage, risk/return, Ronald Reagan, Savings and loan crisis, savings glut, scientific management, short selling, Silicon Valley, South Sea Bubble, statistical model, supply-chain management, The Chicago School, too big to fail, transaction costs, transfer pricing, Upton Sinclair, WikiLeaks

The Radio 4 programme was File on 4, ‘The Accountant Kings’, 4 March 2014. 21. PwC and Google for Work: Reinventing Business, from PwC website, http://www.pwc.com/us/en/increasing-it-effectiveness/google-for-work.html; accessed 24 January 2017. 22. Deloitte had 15.7%, EY 11.4%, PwC 10%, KPMG 9.2%: Market Share Analysis: Information Security Consulting, Worldwide, 2015, Gartner, 5 July 2016, ID: G00291998; analysts: Jacqueline Heng, Elizabeth Kim. 23. Caroline Binham, ‘The Hacker Hunters’, Financial Times, 21 November 2013. 24. ‘“Serious” Hack Attacks from China Targeting UK Firms’, BBC News website, 3 April 2017. 25. Mervyn King, The End of Alchemy: Money, Banking and the Future of the Global Economy, Little, Brown, 2016. 26.


pages: 368 words: 32,950

How the City Really Works: The Definitive Guide to Money and Investing in London's Square Mile by Alexander Davidson

accounting loophole / creative accounting, algorithmic trading, asset allocation, asset-backed security, bank run, banking crisis, barriers to entry, Bear Stearns, Big bang: deregulation of the City of London, buy and hold, capital asset pricing model, central bank independence, corporate governance, Credit Default Swap, currency risk, dematerialisation, discounted cash flows, diversified portfolio, double entry bookkeeping, Edward Lloyd's coffeehouse, Elliott wave, equity risk premium, Exxon Valdez, foreign exchange controls, forensic accounting, Glass-Steagall Act, global reserve currency, high net worth, index fund, inflation targeting, information security, intangible asset, interest rate derivative, interest rate swap, inverted yield curve, John Meriwether, junk bonds, London Interbank Offered Rate, Long Term Capital Management, low interest rates, margin call, market fundamentalism, Nick Leeson, North Sea oil, Northern Rock, pension reform, Piper Alpha, price stability, proprietary trading, purchasing power parity, Real Time Gross Settlement, reserve currency, Right to Buy, risk free rate, shareholder value, short selling, The Wealth of Nations by Adam Smith, transaction costs, value at risk, yield curve, zero-coupon bond

At the FSA’s Annual Crime Conference in January 2007, John Tiner, then chief executive, said that in the previous two years, the regulator had delivered a new training programme to equip its supervisors to identify financial crime risks in firms, and had extended its links with industry and law enforcement to exchange information. In early 2007, the FSA created a new Financial Crime and Intelligence Division, which should enable it to tackle financial crime more rapidly and in more depth. The FSA aimed to address the rising information security and hi-tech crime risks, which would involve close collaboration with other regulators. The FSA has pointed to a close relationship between threats and opportunity in today’s regulatory regime, citing increasing evidence of cross-border attempts by firms and individuals of dubious backgrounds to enter the UK market via authorisation, change of control or passporting under the Single Market Directives.


pages: 356 words: 105,533

Dark Pools: The Rise of the Machine Traders and the Rigging of the U.S. Stock Market by Scott Patterson

Alan Greenspan, algorithmic trading, automated trading system, banking crisis, bash_history, Bear Stearns, Bernie Madoff, Black Monday: stock market crash in 1987, butterfly effect, buttonwood tree, buy and hold, Chuck Templeton: OpenTable:, cloud computing, collapse of Lehman Brothers, computerized trading, creative destruction, Donald Trump, financial engineering, fixed income, Flash crash, Ford Model T, Francisco Pizarro, Gordon Gekko, Hibernia Atlantic: Project Express, High speed trading, information security, Jim Simons, Joseph Schumpeter, junk bonds, latency arbitrage, Long Term Capital Management, machine readable, Mark Zuckerberg, market design, market microstructure, Michael Milken, military-industrial complex, pattern recognition, payment for order flow, pets.com, Ponzi scheme, popular electronics, prediction markets, quantitative hedge fund, Ray Kurzweil, Renaissance Technologies, seminal paper, Sergey Aleynikov, Small Order Execution System, South China Sea, Spread Networks laid a new fibre optics cable between New York and Chicago, stealth mode startup, stochastic process, three-martini lunch, Tragedy of the Commons, transaction costs, uptick rule, Watson beat the top human players on Jeopardy!, zero-sum game

His talents were in high demand from outfits that required protection from people just like him. At first, he worked on computer system security analysis for the military and intelligence agencies. Then he started researching the technology behind the stock market, and eventually, in 1996, he landed a job as director of global information security at Instinet. In 1998, he came into contact with the legendary founder of D. E. Shaw, a giant New York hedge fund that used math and computers to mine hundreds of millions of dollars from the market year after year. David Shaw, who’d taught computer science at Columbia University before jumping into finance, helped convince Ladopoulos that the big money on Wall Street wasn’t in security systems—it was in designing computer models to trade stocks.


pages: 398 words: 107,788

Coding Freedom: The Ethics and Aesthetics of Hacking by E. Gabriella Coleman

activist lawyer, Benjamin Mako Hill, commoditize, Computer Lib, crowdsourcing, Debian, disinformation, Donald Knuth, dumpster diving, Eben Moglen, en.wikipedia.org, financial independence, Free Software Foundation, Gabriella Coleman, ghettoisation, GnuPG, Hacker Conference 1984, Hacker Ethic, Hacker News, Herbert Marcuse, informal economy, information security, Jacob Appelbaum, Jaron Lanier, Jason Scott: textfiles.com, Jean Tirole, knowledge economy, laissez-faire capitalism, Larry Wall, Louis Pasteur, machine readable, means of production, Multics, Neal Stephenson, Paul Graham, peer-to-peer, pirate software, popular electronics, RFC: Request For Comment, Richard Stallman, rolodex, Ronald Reagan, Silicon Valley, Silicon Valley startup, slashdot, software patent, software studies, Steve Ballmer, Steven Levy, tacit knowledge, technological determinism, Ted Nelson, the Cathedral and the Bazaar, The Hackers Conference, the scientific method, The Soul of a New Machine, The Structural Transformation of the Public Sphere, web application, web of trust, Yochai Benkler

Indeed, these hackers have made secrecy and spectacle into something of a high art form (Coleman 2012b). Some hackers run vibrant technological collectives whose names—Riseup and Mayfirst—unabashedly broadcast that their technical crusade is to make this world a better one (Milberry 2009). Other hackers—for example, many “infosec” (information security) hackers—are first and foremost committed to security, and tend to steer clear of defining their actions in such overtly political terms—even if hacking usually tends to creep into political territory. Among those in the infosec community there are differences of opinion as to whether one should release a security vulnerability (often called full disclosure) or just announce its existence without revealing details (referred to as antidisclosure).


Reset by Ronald J. Deibert

23andMe, active measures, air gap, Airbnb, Amazon Web Services, Anthropocene, augmented reality, availability heuristic, behavioural economics, Bellingcat, Big Tech, bitcoin, blockchain, blood diamond, Brexit referendum, Buckminster Fuller, business intelligence, Cal Newport, call centre, Cambridge Analytica, carbon footprint, cashless society, Citizen Lab, clean water, cloud computing, computer vision, confounding variable, contact tracing, contact tracing app, content marketing, coronavirus, corporate social responsibility, COVID-19, crowdsourcing, data acquisition, data is the new oil, decarbonisation, deep learning, deepfake, Deng Xiaoping, disinformation, Donald Trump, Doomsday Clock, dual-use technology, Edward Snowden, Elon Musk, en.wikipedia.org, end-to-end encryption, Evgeny Morozov, failed state, fake news, Future Shock, game design, gig economy, global pandemic, global supply chain, global village, Google Hangouts, Great Leap Forward, high-speed rail, income inequality, information retrieval, information security, Internet of things, Jaron Lanier, Jeff Bezos, John Markoff, Lewis Mumford, liberal capitalism, license plate recognition, lockdown, longitudinal study, Mark Zuckerberg, Marshall McLuhan, mass immigration, megastructure, meta-analysis, military-industrial complex, move fast and break things, Naomi Klein, natural language processing, New Journalism, NSO Group, off-the-grid, Peter Thiel, planetary scale, planned obsolescence, post-truth, proprietary trading, QAnon, ransomware, Robert Mercer, Sheryl Sandberg, Shoshana Zuboff, Silicon Valley, single source of truth, Skype, Snapchat, social distancing, sorting algorithm, source of truth, sovereign wealth fund, sparse data, speech recognition, Steve Bannon, Steve Jobs, Stuxnet, surveillance capitalism, techlash, technological solutionism, the long tail, the medium is the message, The Structural Transformation of the Public Sphere, TikTok, TSMC, undersea cable, unit 8200, Vannevar Bush, WikiLeaks, zero day, zero-sum game

Much of it is rendered invisible through familiarity and habituation: Edwards, P. M. (2017). The mechanics of invisibility: On habit and routine as elements of infrastructure. In I. Ruby & A. Ruby (Eds.), Infrastructure space (327–336). Ruby Press. Sometimes gaping vulnerabilities: Anderson, R. (2001, December). Why information security is hard — An economic perspective. Seventeenth Annual Computer Security Applications Conference (358–365). IEEE; Anderson, R. (2000). Security Engineering: A Guide to Building Dependable Distributed Systems, 3rd Edition. Hoboken, NJ: Wiley. Retrieved from https://www.cl.cam.ac.uk/~rja14/book.html An “accidental megastructure”: Bratton, B.


pages: 363 words: 109,077

The Raging 2020s: Companies, Countries, People - and the Fight for Our Future by Alec Ross

"Friedman doctrine" OR "shareholder theory", "World Economic Forum" Davos, Affordable Care Act / Obamacare, air gap, air traffic controllers' union, Airbnb, Albert Einstein, An Inconvenient Truth, autonomous vehicles, barriers to entry, benefit corporation, Bernie Sanders, Big Tech, big-box store, British Empire, call centre, capital controls, clean water, collective bargaining, computer vision, coronavirus, corporate governance, corporate raider, COVID-19, deep learning, Deng Xiaoping, Didi Chuxing, disinformation, Dissolution of the Soviet Union, Donald Trump, Double Irish / Dutch Sandwich, drone strike, dumpster diving, employer provided health coverage, Francis Fukuyama: the end of history, future of work, general purpose technology, gig economy, Gini coefficient, global supply chain, Goldman Sachs: Vampire Squid, Gordon Gekko, greed is good, high-speed rail, hiring and firing, income inequality, independent contractor, information security, intangible asset, invisible hand, Jeff Bezos, knowledge worker, late capitalism, low skilled workers, Lyft, Marc Andreessen, Marc Benioff, mass immigration, megacity, military-industrial complex, minimum wage unemployment, mittelstand, mortgage tax deduction, natural language processing, Oculus Rift, off-the-grid, offshore financial centre, open economy, OpenAI, Parag Khanna, Paris climate accords, profit motive, race to the bottom, RAND corporation, ride hailing / ride sharing, Robert Bork, rolodex, Ronald Reagan, Salesforce, self-driving car, shareholder value, side hustle, side project, Silicon Valley, smart cities, Social Responsibility of Business Is to Increase Its Profits, sovereign wealth fund, sparse data, special economic zone, Steven Levy, stock buybacks, strikebreaker, TaskRabbit, tech bro, tech worker, transcontinental railway, transfer pricing, Travis Kalanick, trickle-down economics, Uber and Lyft, uber lyft, union organizing, Upton Sinclair, vertical integration, working poor

In 2015, the OECD released an action plan for reducing profit shifting, which included a framework for country-by-country reporting standards. The problem is that the rules apply only to the companies that earn more than €750 million per year. These companies are also required to file reports only with their home government, and those governments can share the information only with countries that meet minimum standards for information security. Most developing countries do not. In other words, the measure lets wealthy countries observe the behavior of wealthy companies, but neither developing countries nor the public gets to see anything. “Even if [countries] are able to get ahold of this, they’re only getting information on the largest companies—there may or may not be any of those operating in your country,” said Clark Gascoigne of the FACT Coalition.


pages: 396 words: 116,332

Political Ponerology (A Science on the Nature of Evil Adjusted for Political Purposes) by Andrew M. Lobaczewski

anti-communist, corporate raider, disinformation, en.wikipedia.org, false flag, information security, John Nash: game theory, means of production, phenotype, Project for a New American Century

We can assume that the American phase lags 80 years behind the European. When the world becomes an inter-related structure from the viewpoint of communicating both information and news, different social contents and opinions caused by unlike phases of said cycles, inter alia, will overflow all boundaries and information security systems. This will give rise to pressures which can change the causative dependencies herein. A more plastic psychological situation thus emerges, which increases the possibilities for pinpointed action based on an understanding of the phenomena. At the same time, in spite of many difficulties of a scientific, social and political nature, we see the development of a new community of factors which may eventually contribute to the liberation of mankind from the effects of uncomprehended historical causation.


pages: 437 words: 113,173

Age of Discovery: Navigating the Risks and Rewards of Our New Renaissance by Ian Goldin, Chris Kutarna

"World Economic Forum" Davos, 2013 Report for America's Infrastructure - American Society of Civil Engineers - 19 March 2013, 3D printing, Airbnb, Albert Einstein, AltaVista, Asian financial crisis, asset-backed security, autonomous vehicles, banking crisis, barriers to entry, battle of ideas, Bear Stearns, Berlin Wall, bioinformatics, bitcoin, Boeing 747, Bonfire of the Vanities, bread and circuses, carbon tax, clean water, collective bargaining, Colonization of Mars, Credit Default Swap, CRISPR, crowdsourcing, cryptocurrency, Dava Sobel, demographic dividend, Deng Xiaoping, digital divide, Doha Development Round, double helix, driverless car, Edward Snowden, Elon Musk, en.wikipedia.org, epigenetics, experimental economics, Eyjafjallajökull, failed state, Fall of the Berlin Wall, financial innovation, full employment, Galaxy Zoo, general purpose technology, Glass-Steagall Act, global pandemic, global supply chain, Higgs boson, Hyperloop, immigration reform, income inequality, indoor plumbing, industrial cluster, industrial robot, information retrieval, information security, Intergovernmental Panel on Climate Change (IPCC), intermodal, Internet of things, invention of the printing press, Isaac Newton, Islamic Golden Age, Johannes Kepler, Khan Academy, Kickstarter, Large Hadron Collider, low cost airline, low skilled workers, Lyft, Mahbub ul Haq, Malacca Straits, mass immigration, Max Levchin, megacity, Mikhail Gorbachev, moral hazard, Nelson Mandela, Network effects, New Urbanism, non-tariff barriers, Occupy movement, On the Revolutions of the Heavenly Spheres, open economy, Panamax, Paris climate accords, Pearl River Delta, personalized medicine, Peter Thiel, post-Panamax, profit motive, public intellectual, quantum cryptography, rent-seeking, reshoring, Robert Gordon, Robert Metcalfe, Search for Extraterrestrial Intelligence, Second Machine Age, self-driving car, Shenzhen was a fishing village, Silicon Valley, Silicon Valley startup, Skype, smart grid, Snapchat, special economic zone, spice trade, statistical model, Stephen Hawking, Steve Jobs, Stuxnet, synthetic biology, TED Talk, The Future of Employment, too big to fail, trade liberalization, trade route, transaction costs, transatlantic slave trade, uber lyft, undersea cable, uranium enrichment, We are the 99%, We wanted flying cars, instead we got 140 characters, working poor, working-age population, zero day

Menn, Joseph (2015, May 29). “US Tried Stuxnet-Style Campaign against North Korea but Failed—Sources.” Reuters. Retrieved from www.reuters.com. 91. Bundesamt fur Sicherheit in der Informationstechnik (2014). Die Lage Der IT-Sicherheit in Deutschland 2014. Berlin: German Federal Office for Information Security. Retrieved from www.bsi.bund.de. 92. Industrial Control Systems Cyber Emergency Response Team (2015). ICS-CERT Year in Review. Washington, D.C.: Department of Homeland Security. Retrieved from ics-cert.us-cert.gov. 93. Maddison, Angus (2003). The World Economy: Historical Statistics, Vol. 2: Statistical Appendix.


pages: 518 words: 49,555

Designing Social Interfaces by Christian Crumlish, Erin Malone

A Pattern Language, Amazon Mechanical Turk, anti-pattern, barriers to entry, c2.com, carbon footprint, cloud computing, collaborative editing, commons-based peer production, creative destruction, crowdsourcing, en.wikipedia.org, Firefox, folksonomy, Free Software Foundation, game design, ghettoisation, Howard Rheingold, hypertext link, if you build it, they will come, information security, lolcat, Merlin Mann, Nate Silver, Network effects, Potemkin village, power law, recommendation engine, RFC: Request For Comment, semantic web, SETI@home, Skype, slashdot, social bookmarking, social graph, social software, social web, source of truth, stealth mode startup, Stewart Brand, systems thinking, tacit knowledge, telepresence, the long tail, the strength of weak ties, The Wisdom of Crowds, web application, Yochai Benkler

Respect the Ethical Dimension When you are designing experiences for people, or designing frameworks within which people will create their own experiences, there is always an ethical dimension. What commitments are you making explicitly or implying when you open your doors for business? Are you promising to keep people safe, to keep their information secure, to respect their privacy? Are you willing to bend ethical rules to cheat your way through the cold-start problem and rapidly build your social graph? Balzac once wrote, “The secret of great wealth with no obvious source is some forgotten crime, forgotten because it was done neatly.” Many successful social sites today founded themselves on an original sin, perhaps a spammy viral invitation model or unapproved abuse of new users’ address books.


System Error by Rob Reich

"Friedman doctrine" OR "shareholder theory", "World Economic Forum" Davos, 2021 United States Capitol attack, A Declaration of the Independence of Cyberspace, Aaron Swartz, AI winter, Airbnb, airport security, Alan Greenspan, Albert Einstein, algorithmic bias, AlphaGo, AltaVista, artificial general intelligence, Automated Insights, autonomous vehicles, basic income, Ben Horowitz, Berlin Wall, Bernie Madoff, Big Tech, bitcoin, Blitzscaling, Cambridge Analytica, Cass Sunstein, clean water, cloud computing, computer vision, contact tracing, contact tracing app, coronavirus, corporate governance, COVID-19, creative destruction, CRISPR, crowdsourcing, data is the new oil, data science, decentralized internet, deep learning, deepfake, DeepMind, deplatforming, digital rights, disinformation, disruptive innovation, Donald Knuth, Donald Trump, driverless car, dual-use technology, Edward Snowden, Elon Musk, en.wikipedia.org, end-to-end encryption, Fairchild Semiconductor, fake news, Fall of the Berlin Wall, Filter Bubble, financial engineering, financial innovation, fulfillment center, future of work, gentrification, Geoffrey Hinton, George Floyd, gig economy, Goodhart's law, GPT-3, Hacker News, hockey-stick growth, income inequality, independent contractor, informal economy, information security, Jaron Lanier, Jeff Bezos, Jim Simons, jimmy wales, job automation, John Maynard Keynes: Economic Possibilities for our Grandchildren, John Maynard Keynes: technological unemployment, John Perry Barlow, Lean Startup, linear programming, Lyft, Marc Andreessen, Mark Zuckerberg, meta-analysis, minimum wage unemployment, Monkeys Reject Unequal Pay, move fast and break things, Myron Scholes, Network effects, Nick Bostrom, Northpointe / Correctional Offender Management Profiling for Alternative Sanctions, NP-complete, Oculus Rift, OpenAI, Panopticon Jeremy Bentham, Parler "social media", pattern recognition, personalized medicine, Peter Thiel, Philippa Foot, premature optimization, profit motive, quantitative hedge fund, race to the bottom, randomized controlled trial, recommendation engine, Renaissance Technologies, Richard Thaler, ride hailing / ride sharing, Ronald Reagan, Sam Altman, Sand Hill Road, scientific management, self-driving car, shareholder value, Sheryl Sandberg, Shoshana Zuboff, side project, Silicon Valley, Snapchat, social distancing, Social Responsibility of Business Is to Increase Its Profits, software is eating the world, spectrum auction, speech recognition, stem cell, Steve Jobs, Steven Levy, strong AI, superintelligent machines, surveillance capitalism, Susan Wojcicki, tech billionaire, tech worker, techlash, technoutopianism, Telecommunications Act of 1996, telemarketer, The Future of Employment, TikTok, Tim Cook: Apple, traveling salesman, Triangle Shirtwaist Factory, trolley problem, Turing test, two-sided market, Uber and Lyft, uber lyft, ultimatum game, union organizing, universal basic income, washing machines reduced drudgery, Watson beat the top human players on Jeopardy!, When a measure becomes a target, winner-take-all economy, Y Combinator, you are the product

At its core, encryption is the process of making a message unreadable by anyone other than the intended recipient. Its use dates back to the time of the Roman emperor Julius Caesar, who used a simple form of encryption in his private communications. Since that time, cryptographers—those who study encryption and other means of keeping information secure—have made impressive mathematical and technological advances in maintaining the privacy of communications. In fact, for a time in the 1990s, the US government classified particularly strong forms of encryption as munitions—essentially, certain forms of mathematics were considered to be weapons—and prohibited them from being exported to foreign countries.


pages: 521 words: 118,183

The Wires of War: Technology and the Global Struggle for Power by Jacob Helberg

"World Economic Forum" Davos, 2021 United States Capitol attack, A Declaration of the Independence of Cyberspace, active measures, Affordable Care Act / Obamacare, air gap, Airbnb, algorithmic management, augmented reality, autonomous vehicles, Berlin Wall, Bernie Sanders, Big Tech, bike sharing, Black Lives Matter, blockchain, Boris Johnson, Brexit referendum, cable laying ship, call centre, Cambridge Analytica, Cass Sunstein, cloud computing, coronavirus, COVID-19, creative destruction, crisis actor, data is the new oil, data science, decentralized internet, deep learning, deepfake, deglobalization, deindustrialization, Deng Xiaoping, deplatforming, digital nomad, disinformation, don't be evil, Donald Trump, dual-use technology, Edward Snowden, Elon Musk, en.wikipedia.org, end-to-end encryption, fail fast, fake news, Filter Bubble, Francis Fukuyama: the end of history, geopolitical risk, glass ceiling, global pandemic, global supply chain, Google bus, Google Chrome, GPT-3, green new deal, information security, Internet of things, Jeff Bezos, Jeffrey Epstein, John Markoff, John Perry Barlow, knowledge economy, Larry Ellison, lockdown, Loma Prieta earthquake, low earth orbit, low skilled workers, Lyft, manufacturing employment, Marc Andreessen, Mark Zuckerberg, Mary Meeker, Mikhail Gorbachev, military-industrial complex, Mohammed Bouazizi, move fast and break things, Nate Silver, natural language processing, Network effects, new economy, one-China policy, open economy, OpenAI, Parler "social media", Peter Thiel, QAnon, QR code, race to the bottom, Ralph Nader, RAND corporation, reshoring, ride hailing / ride sharing, Ronald Reagan, Russian election interference, Salesforce, Sam Altman, satellite internet, self-driving car, Sheryl Sandberg, side project, Silicon Valley, Silicon Valley ideology, Silicon Valley startup, Skype, smart grid, SoftBank, Solyndra, South China Sea, SpaceX Starlink, Steve Jobs, Steven Levy, Stuxnet, supply-chain attack, Susan Wojcicki, tech worker, techlash, technoutopianism, TikTok, Tim Cook: Apple, trade route, TSMC, Twitter Arab Spring, uber lyft, undersea cable, Unsafe at Any Speed, Valery Gerasimov, vertical integration, Wargames Reagan, Westphalian system, white picket fence, WikiLeaks, Y Combinator, zero-sum game

As far as the government was concerned, allowing unbreakable communications threatened the security of the American people. The tech industry, by contrast, emphasized the risk of introducing a single vulnerability into a product’s security. “You can’t really build backdoors in crypto,” observed Alex Stamos, then Yahoo’s chief information security officer. “It’s like drilling a hole in the windshield.”30 Weakening the integrity of the system in even a small way would eventually affect the entire thing. Once they built one backdoor, what was to stop hackers from exploiting it? What if Beijing forced Apple to build a backdoor for Chinese intelligence agencies?


pages: 1,164 words: 309,327

Trading and Exchanges: Market Microstructure for Practitioners by Larry Harris

active measures, Andrei Shleifer, AOL-Time Warner, asset allocation, automated trading system, barriers to entry, Bernie Madoff, Bob Litterman, book value, business cycle, buttonwood tree, buy and hold, compound rate of return, computerized trading, corporate governance, correlation coefficient, data acquisition, diversified portfolio, equity risk premium, fault tolerance, financial engineering, financial innovation, financial intermediation, fixed income, floating exchange rates, High speed trading, index arbitrage, index fund, information asymmetry, information retrieval, information security, interest rate swap, invention of the telegraph, job automation, junk bonds, law of one price, London Interbank Offered Rate, Long Term Capital Management, margin call, market bubble, market clearing, market design, market fragmentation, market friction, market microstructure, money market fund, Myron Scholes, National best bid and offer, Nick Leeson, open economy, passive investing, pattern recognition, payment for order flow, Ponzi scheme, post-materialism, price discovery process, price discrimination, principal–agent problem, profit motive, proprietary trading, race to the bottom, random walk, Reminiscences of a Stock Operator, rent-seeking, risk free rate, risk tolerance, risk-adjusted returns, search costs, selection bias, shareholder value, short selling, short squeeze, Small Order Execution System, speech recognition, statistical arbitrage, statistical model, survivorship bias, the market place, transaction costs, two-sided market, vertical integration, winner-take-all economy, yield curve, zero-coupon bond, zero-sum game

They learned the official outcome of the battle only after the Cabinet received Wellington’s dispatch at 11 P.M. on June 21. Communications before the invention of the telegraph were much slower than now. The Rothschild family of investment bankers ran a private system of couriers to move information, securities, currency, and bullion throughout Europe. Their system was very fast, given the available technology. The Rothschild brothers often were the first to learn news in their respective cities. London-based Nathan Rothschild learned of Wellington’s victory late on the night of June 19. He conveyed it to the government the next day.

Securities and Exchange Commission provides a one-paragraph summary definition of insider trading on its Web page: “Insider trading” refers generally to buying or selling a security, in breach of a fiduciary duty or other relationship of trust and confidence, while in possession of material, nonpublic information about the security. Insider trading violations may also include “tipping” such information, securities trading by the person “tipped” and securities trading by those who misappropriate such information. Examples of insider trading cases that have been brought by the Commission are cases against: corporate officers, directors, and employees who traded the corporation’s securities after learning of significant, confidential corporate developments; friends, business associates, family members, and other “tippees” of such officers, directors, and employees, who traded the securities after receiving such information; employees of law, banking, brokerage and printing firms who were given such information in order to provide services to the corporation whose securities they traded; government employees who learned of such information because of their employment by the government; and other persons who misappropriated, and took advantage of, confidential information from their employers.


pages: 416 words: 129,308

The One Device: The Secret History of the iPhone by Brian Merchant

Airbnb, animal electricity, Apollo Guidance Computer, Apple II, Apple's 1984 Super Bowl advert, Black Lives Matter, Charles Babbage, citizen journalism, Citizen Lab, Claude Shannon: information theory, computer vision, Computing Machinery and Intelligence, conceptual framework, cotton gin, deep learning, DeepMind, Douglas Engelbart, Dynabook, Edward Snowden, Elon Musk, Ford paid five dollars a day, Frank Gehry, gigafactory, global supply chain, Google Earth, Google Hangouts, Higgs boson, Huaqiangbei: the electronics market of Shenzhen, China, information security, Internet of things, Jacquard loom, John Gruber, John Markoff, Jony Ive, Large Hadron Collider, Lyft, M-Pesa, MITM: man-in-the-middle, more computing power than Apollo, Mother of all demos, natural language processing, new economy, New Journalism, Norbert Wiener, offshore financial centre, oil shock, pattern recognition, peak oil, pirate software, profit motive, QWERTY keyboard, reality distortion field, ride hailing / ride sharing, rolodex, Shenzhen special economic zone , Silicon Valley, Silicon Valley startup, skeuomorphism, skunkworks, Skype, Snapchat, special economic zone, speech recognition, stealth mode startup, Stephen Hawking, Steve Ballmer, Steve Jobs, Steve Wozniak, Steven Levy, TED Talk, Tim Cook: Apple, Tony Fadell, TSMC, Turing test, uber lyft, Upton Sinclair, Vannevar Bush, zero day

Soon, my phone had joined a public Wi-Fi network, without my permission. I had trouble with Safari when I tried to use Google; instead of search results, the page froze in the process of, it seemed, loading another page altogether. The good thing about getting hacked at Def Con, though, is that you are surrounded by thousands of information-security pros, most of whom will happily and eloquently tell you exactly how you got “pwned.” “You probably got Pineapple’d,” Ronnie Tokazowski, a security engineer for the West Virginia cybersecurity company PhishMe, tells me at the kind of absurd, faux-outdoors, French-themed buffet you can find only in a Las Vegas casino.


pages: 515 words: 126,820

Blockchain Revolution: How the Technology Behind Bitcoin Is Changing Money, Business, and the World by Don Tapscott, Alex Tapscott

"World Economic Forum" Davos, Airbnb, altcoin, Alvin Toffler, asset-backed security, autonomous vehicles, barriers to entry, behavioural economics, bitcoin, Bitcoin Ponzi scheme, blockchain, Blythe Masters, Bretton Woods, business logic, business process, buy and hold, Capital in the Twenty-First Century by Thomas Piketty, carbon credits, carbon footprint, clean water, cloud computing, cognitive dissonance, commoditize, commons-based peer production, corporate governance, corporate social responsibility, creative destruction, Credit Default Swap, crowdsourcing, cryptocurrency, currency risk, decentralized internet, digital capitalism, disintermediation, disruptive innovation, distributed ledger, do well by doing good, Donald Trump, double entry bookkeeping, driverless car, Edward Snowden, Elon Musk, Erik Brynjolfsson, Ethereum, ethereum blockchain, failed state, fiat currency, financial innovation, Firefox, first square of the chessboard, first square of the chessboard / second half of the chessboard, future of work, Future Shock, Galaxy Zoo, general purpose technology, George Gilder, glass ceiling, Google bus, GPS: selective availability, Hacker News, Hernando de Soto, Higgs boson, holacracy, income inequality, independent contractor, informal economy, information asymmetry, information security, intangible asset, interest rate swap, Internet of things, Jeff Bezos, jimmy wales, Kickstarter, knowledge worker, Kodak vs Instagram, Lean Startup, litecoin, Lyft, M-Pesa, Marc Andreessen, Mark Zuckerberg, Marshall McLuhan, means of production, microcredit, mobile money, money market fund, Neal Stephenson, Network effects, new economy, Oculus Rift, off grid, pattern recognition, peer-to-peer, peer-to-peer lending, peer-to-peer model, performance metric, Peter Thiel, planetary scale, Ponzi scheme, prediction markets, price mechanism, Productivity paradox, QR code, quantitative easing, radical decentralization, ransomware, Ray Kurzweil, renewable energy credits, rent-seeking, ride hailing / ride sharing, Ronald Coase, Ronald Reagan, Salesforce, Satoshi Nakamoto, search costs, Second Machine Age, seigniorage, self-driving car, sharing economy, Silicon Valley, Skype, smart contracts, smart grid, Snow Crash, social graph, social intelligence, social software, standardized shipping container, Stephen Hawking, Steve Jobs, Steve Wozniak, Stewart Brand, supply-chain management, systems thinking, TaskRabbit, TED Talk, The Fortune at the Bottom of the Pyramid, The Nature of the Firm, The Soul of a New Machine, The Wisdom of Crowds, transaction costs, Turing complete, Turing test, Tyler Cowen, Uber and Lyft, uber lyft, unbanked and underbanked, underbanked, unorthodox policies, vertical integration, Vitalik Buterin, wealth creators, X Prize, Y2K, Yochai Benkler, Zipcar

Had Greek citizens known about bitcoin during their country’s economic crash in 2015, they still would’ve been hard-pressed to locate a bitcoin exchange or a bitcoin ATM anywhere in Athens. They wouldn’t have been able to transfer their drachmas into bitcoins to hedge against the plummeting fiat currency. Computer scientist Nick Szabo and information security expert Andreas Antonopoulos both argued that robust infrastructure matters and can’t be bootstrapped during catastrophes. Antonopoulos said that Greece’s blockchain infrastructure was lacking at the time of the crisis, and there was insufficient bitcoin liquidity for an entire population to move its troubled fiat currency into it.


pages: 503 words: 131,064

Liars and Outliers: How Security Holds Society Together by Bruce Schneier

Abraham Maslow, airport security, Alvin Toffler, barriers to entry, behavioural economics, benefit corporation, Berlin Wall, Bernie Madoff, Bernie Sanders, Brian Krebs, Broken windows theory, carried interest, Cass Sunstein, Chelsea Manning, commoditize, corporate governance, crack epidemic, credit crunch, CRISPR, crowdsourcing, cuban missile crisis, Daniel Kahneman / Amos Tversky, David Graeber, desegregation, don't be evil, Double Irish / Dutch Sandwich, Douglas Hofstadter, Dunbar number, experimental economics, Fall of the Berlin Wall, financial deregulation, Future Shock, Garrett Hardin, George Akerlof, hydraulic fracturing, impulse control, income inequality, information security, invention of agriculture, invention of gunpowder, iterative process, Jean Tirole, John Bogle, John Nash: game theory, joint-stock company, Julian Assange, language acquisition, longitudinal study, mass incarceration, meta-analysis, microcredit, mirror neurons, moral hazard, Multics, mutually assured destruction, Nate Silver, Network effects, Nick Leeson, off-the-grid, offshore financial centre, Oklahoma City bombing, patent troll, phenotype, pre–internet, principal–agent problem, prisoner's dilemma, profit maximization, profit motive, race to the bottom, Ralph Waldo Emerson, RAND corporation, Recombinant DNA, rent-seeking, RFID, Richard Thaler, risk tolerance, Ronald Coase, security theater, shareholder value, slashdot, statistical model, Steven Pinker, Stuxnet, technological singularity, The Market for Lemons, The Nature of the Firm, The Spirit Level, The Wealth of Nations by Adam Smith, The Wisdom of Crowds, theory of mind, Timothy McVeigh, too big to fail, traffic fines, Tragedy of the Commons, transaction costs, ultimatum game, UNCLOS, union organizing, Vernor Vinge, WikiLeaks, World Values Survey, Y2K, Yochai Benkler, zero-sum game

To encourage people to act in the competing group interest, the society implements a variety of societal pressures. Moral: IRA teaches people to value freedom over peace and not to let fellow IRA members down. Reputational: Those who testify against their fellow criminals are shunned, or worse. Institutional: The criminal organization punishes police informants. Security: The criminal organization limits the amount of damage a defecting criminal can inflict. Competing societal dilemmas represent the normal state of affairs. Rarely is the real world so tidy as to isolate a single societal dilemma from everything else. Group interests are often in conflict, and cooperating in one necessitates defecting in another.


pages: 448 words: 71,301

Programming Scala by Unknown

billion-dollar mistake, business logic, domain-specific language, duck typing, en.wikipedia.org, fault tolerance, functional programming, general-purpose programming language, higher-order functions, information security, loose coupling, type inference, web application

He has a Ph.D. in physics from the University of Washington. Alex Payne is Platform Lead at Twitter, Inc., where he develops services that enable programmers to build atop the popular social messaging service. Alex has previously built web applications for political campaigns, non-profits, and early-stage startups, and supported information security efforts for military and intelligence customers. In his free time, Alex studies, speaks, and writes about the history, present use, and evolution of programming languages, as well as minimalist art and design. Colophon The animal on the cover of Programming Scala is a Malayan tapir (Tapirus indicus), also called an Asian tapir.


pages: 369 words: 128,349

Beyond the Random Walk: A Guide to Stock Market Anomalies and Low Risk Investing by Vijay Singal

3Com Palm IPO, Andrei Shleifer, AOL-Time Warner, asset allocation, book value, buy and hold, capital asset pricing model, correlation coefficient, cross-subsidies, currency risk, Daniel Kahneman / Amos Tversky, diversified portfolio, endowment effect, fixed income, index arbitrage, index fund, information asymmetry, information security, junk bonds, liberal capitalism, locking in a profit, Long Term Capital Management, loss aversion, low interest rates, margin call, market friction, market microstructure, mental accounting, merger arbitrage, Myron Scholes, new economy, prediction markets, price stability, profit motive, random walk, Richard Thaler, risk free rate, risk-adjusted returns, risk/return, selection bias, Sharpe ratio, short selling, short squeeze, survivorship bias, Tax Reform Act of 1986, transaction costs, uptick rule, Vanguard fund

Officers of a company cannot legally trade on material nonpublic information (see Chapter 7, on insider trading). Instead, the company is encouraged to make public any material information as soon as possible. That is why companies routinely preannounce their earnings estimates if they are significantly different from publicly available information. Security analysts can also generate new information based on their own reading of the industry or that particular firm. But their analysis is derived from information disclosed in corporate news releases. Analysts can, of course, choose not to publicly release their recommendations, as they are not subject to insider trading laws, provided that their analysis is based on publicly avail- Short-Term Price Drift able information.


pages: 469 words: 146,487

Empire: How Britain Made the Modern World by Niall Ferguson

British Empire, Cape to Cairo, colonial rule, Corn Laws, death from overwork, European colonialism, imperial preference, income per capita, information security, John Harrison: Longitude, joint-stock company, Khartoum Gordon, Khyber Pass, land reform, land tenure, liberal capitalism, Livingstone, I presume, low interest rates, Mahatma Gandhi, mass immigration, military-industrial complex, night-watchman state, Panopticon Jeremy Bentham, profit motive, Scramble for Africa, spice trade, Suez canal 1869, Suez crisis 1956, The inhabitant of London could order by telephone, sipping his morning tea in bed, the various products of the whole earth, the new new thing, The Wealth of Nations by Adam Smith, Thomas Malthus, three-masted sailing ship, trade route, transatlantic slave trade, undersea cable, union organizing, zero-sum game

In 1767 the first shots were fired in what would prove a protracted struggle with the state of Mysore. The following year, the Northern Sarkars – the states of the east coast – were won from the Nizam of Hyderabad. And seven years after that, Benares and Ghazipur were seized from the Nawab of Oudh. What had started as an informal security force to protect the company’s trade had now become the company’s raison d’être: fighting new battles, conquering new territory, to pay for the previous battles. The British presence in India also depended on the Navy’s ability to defeat the French when they returned to the fray, as they did in the 1770s.


The Radium Girls by Moore, Kate

Charles Lindbergh, information security, life extension, Skype, women in the workforce

Chapter 14 1“nervous case” Wiley notes, RBP, reel 3. 2“I could not” KS, “Radium,” 138. 3“The pain” KS, quoted in “Poisoned—As They Chatted.” 4“advised work” Wiley notes, RBP, reel 3. 5“I had stopped” KS, “Radium,” 139. 6“Why should I” KS, quoted in “Woman Doomed Rests All Hopes in Her Prayers,” Graphic. 7“It seemed to” QM affidavit, August 29, 1927, RBP, reel 1. 8“could not move” Humphries, court testimony, April 25, 1928. 9“white shadow” Ibid. 10“a white mottling” Humphries, court testimony, November 27, 1934. 11“The whole situation” Roach, quoted in “Occupational Diseases—Radium Necrosis,” information secured by Miss E. P. Ward, CHR. 12“Such trouble as” Szamatolski to Roach, April 6, 1923, RBP, reel 3. 13“radium jaw” Blum, address to the American Dental Association, September 1924. 14“all necessary” KS to Berry, memorandum, RBP, reel 1. 15“They told me” QM affidavit, August 29, 1927, RBP, reel 1. 16“I could still” Ibid. 17“That cast eased” QM, quoted in “Radium Death is Specter,” Star-Eagle. 18“one leg was” Ibid. 19“suffered so frightfully” Wiley notes, RBP, reel 3 20“She suffered” Karl Quimby to Martland, June 23, 1925, HMP. 21“vigorously” Hamilton to Wiley, January 30, 1925, RBP, reel 3. 22“From what I” Ibid. 23“special investigator” Ibid. 24“a lamentable case” Hoffman to Roeder, December 13, 1924, RBP, reel 2. 25“If the disease” Hoffman to Roeder, December 29, 1924, RBP, reel 2. 26“That it will” Ibid.


pages: 491 words: 141,690

The Controlled Demolition of the American Empire by Jeff Berwick, Charlie Robinson

2013 Report for America's Infrastructure - American Society of Civil Engineers - 19 March 2013, airport security, Alan Greenspan, American Legislative Exchange Council, American Society of Civil Engineers: Report Card, bank run, barriers to entry, Berlin Wall, Bernie Sanders, Big Tech, big-box store, bitcoin, Black Lives Matter, bread and circuses, Bretton Woods, British Empire, call centre, carbon credits, carbon footprint, carbon tax, Cass Sunstein, Chelsea Manning, clean water, cloud computing, cognitive dissonance, Comet Ping Pong, coronavirus, Corrections Corporation of America, COVID-19, crack epidemic, crisis actor, crony capitalism, cryptocurrency, dark matter, deplatforming, disinformation, Donald Trump, drone strike, Edward Snowden, Elon Musk, energy transition, epigenetics, failed state, fake news, false flag, Ferguson, Missouri, fiat currency, financial independence, George Floyd, global pandemic, global supply chain, Goldman Sachs: Vampire Squid, illegal immigration, Indoor air pollution, information security, interest rate swap, Intergovernmental Panel on Climate Change (IPCC), invisible hand, Jeff Bezos, Jeffrey Epstein, Julian Assange, Kickstarter, lockdown, Mahatma Gandhi, mandatory minimum, margin call, Mark Zuckerberg, mass immigration, megacity, microapartment, Mikhail Gorbachev, military-industrial complex, new economy, no-fly zone, offshore financial centre, Oklahoma City bombing, open borders, opioid epidemic / opioid crisis, pill mill, planetary scale, plutocrats, Ponzi scheme, power law, pre–internet, private military company, Project for a New American Century, quantitative easing, RAND corporation, reserve currency, RFID, ride hailing / ride sharing, Saturday Night Live, security theater, self-driving car, Seymour Hersh, Silicon Valley, smart cities, smart grid, smart meter, Snapchat, social distancing, Social Justice Warrior, South China Sea, stock buybacks, surveillance capitalism, too big to fail, unpaid internship, urban decay, WikiLeaks, working poor

Sales still happen because there is usually so much money at stake, but it certainly works to complicate the process and at the very least slow things down. The United States uses the SWIFT (Society for Worldwide Interbank Financial Telecommunication) system that enables banking institutions to send and receive financial transaction information securely for everything dollar-related. They have been known to switch off permission for countries that annoy America, making it virtually impossible for them to conduct international banking using the dollar.203 Second, this destabilizes the country, financially at first, then politically if the situation does not get fixed.


AI 2041 by Kai-Fu Lee, Chen Qiufan

3D printing, Abraham Maslow, active measures, airport security, Albert Einstein, AlphaGo, Any sufficiently advanced technology is indistinguishable from magic, artificial general intelligence, augmented reality, autonomous vehicles, basic income, bitcoin, blockchain, blue-collar work, Cambridge Analytica, carbon footprint, Charles Babbage, computer vision, contact tracing, coronavirus, corporate governance, corporate social responsibility, COVID-19, CRISPR, cryptocurrency, DALL-E, data science, deep learning, deepfake, DeepMind, delayed gratification, dematerialisation, digital map, digital rights, digital twin, Elon Musk, fake news, fault tolerance, future of work, Future Shock, game design, general purpose technology, global pandemic, Google Glasses, Google X / Alphabet X, GPT-3, happiness index / gross national happiness, hedonic treadmill, hiring and firing, Hyperloop, information security, Internet of things, iterative process, job automation, language acquisition, low earth orbit, Lyft, Maslow's hierarchy, mass immigration, mirror neurons, money: store of value / unit of account / medium of exchange, mutually assured destruction, natural language processing, Neil Armstrong, Nelson Mandela, OpenAI, optical character recognition, pattern recognition, plutocrats, post scarcity, profit motive, QR code, quantitative easing, Richard Feynman, ride hailing / ride sharing, robotic process automation, Satoshi Nakamoto, self-driving car, seminal paper, Silicon Valley, smart cities, smart contracts, smart transportation, Snapchat, social distancing, speech recognition, Stephen Hawking, synthetic biology, telemarketer, Tesla Model S, The future is already here, trolley problem, Turing test, uber lyft, universal basic income, warehouse automation, warehouse robotics, zero-sum game

We rescued two hundred and seventy-four of them, but the next step was triggered anyway. Unless…” A terrible possibility dawned on him. He met Robin’s gaze. “Unless it was a padded list. Unless there were distraction targets alongside real ones!” Robin quickly retrieved data on the last drone victim: Hikari Oshima, a leading information security scientist, one of twenty-three people in the world with a restart key for the DNS system. Launched in 2010, DNS was a multinational cooperative project to ensure Internet security and domain name system integrity. Robin continued to study the names of the dead, finding yet more experts and scholars in fields related to network technology.


pages: 470 words: 144,455

Secrets and Lies: Digital Security in a Networked World by Bruce Schneier

Ayatollah Khomeini, barriers to entry, Bletchley Park, business process, butterfly effect, cashless society, Columbine, defense in depth, double entry bookkeeping, drop ship, fault tolerance, game design, IFF: identification friend or foe, information security, John Gilmore, John von Neumann, knapsack problem, macro virus, Mary Meeker, MITM: man-in-the-middle, moral panic, Morris worm, Multics, multilevel marketing, mutually assured destruction, PalmPilot, pez dispenser, pirate software, profit motive, Richard Feynman, risk tolerance, Russell Brand, Silicon Valley, Simon Singh, slashdot, statistical model, Steve Ballmer, Steven Levy, systems thinking, the payments system, Timothy McVeigh, Y2K, Yogi Berra

They are also prohibited from the collection, use, and dissemination of personal information without the consent of the person. Organizations also have the duty to tell individuals about the reason for the information collection, to provide access and correct inaccurate information, and to keep that information secure from access by unauthorized parties. Individuals have a right to see their own personal data that has been collected and have inaccuracies corrected. Individuals also have the right to know what their data is being collected for, and to be sure that their data isn’t being sold for other purposes.


pages: 205 words: 18,208

The Transparent Society: Will Technology Force Us to Choose Between Privacy and Freedom? by David Brin

affirmative action, airport security, Ayatollah Khomeini, clean water, cognitive dissonance, corporate governance, data acquisition, death of newspapers, Extropian, Garrett Hardin, Howard Rheingold, illegal immigration, informal economy, information asymmetry, information security, Iridium satellite, Jaron Lanier, John Gilmore, John Markoff, John Perry Barlow, John von Neumann, Kevin Kelly, Marshall McLuhan, means of production, mutually assured destruction, Neal Stephenson, offshore financial centre, Oklahoma City bombing, open economy, packet switching, pattern recognition, pirate software, placebo effect, plutocrats, prediction markets, Ralph Nader, RAND corporation, Robert Bork, Saturday Night Live, Search for Extraterrestrial Intelligence, Steve Jobs, Steven Levy, Stewart Brand, telepresence, The Turner Diaries, Timothy McVeigh, trade route, Tragedy of the Commons, UUNET, Vannevar Bush, Vernor Vinge, Whole Earth Catalog, Whole Earth Review, workplace surveillance , Yogi Berra, zero-sum game, Zimmermann PGP

Bruce Schneier, Applied Cryptography: Protocols, Algorithms, and Source Code in C, 2nd ed. (New York: John Wiley & Sons, 1996). Schneier is a pragmatist who has no illusions about the practical problems of implementing crypto-systems. “Why Cryptography Is Harder than It Looks,” B. Schneier, Information Security Bulletin, vol. 2, no. 2, March 1997, pp. 31—36. 280 ... DNA Computer has drawn special attention ... “DNA Solution of Hard Computational Problems,” Richard J. Lipton, Science, vol. 268, 28 April 1995, p. 542. Also “Molecular Computation of Solutions to Combinatorial Problems,” Leonard Adelman, Science, vol. 266, 11 November 1994, p. 1021. 286 ... gnat cameras ... seem plausible at this point ...


pages: 863 words: 159,091

A Manual for Writers of Research Papers, Theses, and Dissertations, Eighth Edition: Chicago Style for Students and Researchers by Kate L. Turabian

Bretton Woods, conceptual framework, correlation does not imply causation, illegal immigration, information security, Menlo Park, meta-analysis, Steven Pinker, Telecommunications Act of 1996, two and twenty, W. E. B. Du Bois, yellow journalism, Zeno's paradox

Schoenfeld, Robert. The Chemist's English, with “Say It in English, Please!” 3rd rev. ed. New York: Wiley-VCH, 2001. 6. Dodd, Janet S., ed. The ACS Style Guide: A Manual for Authors and Editors. 2nd ed. Washington, DC: American Chemical Society, 1997. Computer Sciences 1. Gattiker, Urs E. The Information Security Dictionary: Defining the Terms That Define Security for E-Business, Internet, Information, and Wireless Technology. Boston: Kluwer Academic, 2004. 1. LaPlante, Phillip A. Dictionary of Computer Science, Engineering, and Technology. Boca Raton, FL: CRC Press, 2001. 1. Pfaffenberger, Bryan.


pages: 590 words: 152,595

Army of None: Autonomous Weapons and the Future of War by Paul Scharre

"World Economic Forum" Davos, active measures, Air France Flight 447, air gap, algorithmic trading, AlphaGo, Apollo 13, artificial general intelligence, augmented reality, automated trading system, autonomous vehicles, basic income, Black Monday: stock market crash in 1987, brain emulation, Brian Krebs, cognitive bias, computer vision, cuban missile crisis, dark matter, DARPA: Urban Challenge, data science, deep learning, DeepMind, DevOps, Dr. Strangelove, drone strike, Elon Musk, en.wikipedia.org, Erik Brynjolfsson, facts on the ground, fail fast, fault tolerance, Flash crash, Freestyle chess, friendly fire, Herman Kahn, IFF: identification friend or foe, ImageNet competition, information security, Internet of things, Jeff Hawkins, Johann Wolfgang von Goethe, John Markoff, Kevin Kelly, Korean Air Lines Flight 007, Loebner Prize, loose coupling, Mark Zuckerberg, military-industrial complex, moral hazard, move 37, mutually assured destruction, Nate Silver, Nick Bostrom, PalmPilot, paperclip maximiser, pattern recognition, Rodney Brooks, Rubik’s Cube, self-driving car, sensor fusion, South China Sea, speech recognition, Stanislav Petrov, Stephen Hawking, Steve Ballmer, Steve Wozniak, Strategic Defense Initiative, Stuxnet, superintelligent machines, Tesla Model S, The Signal and the Noise by Nate Silver, theory of mind, Turing test, Tyler Cowen, universal basic income, Valery Gerasimov, Wall-E, warehouse robotics, William Langewiesche, Y2K, zero day

Official: Iran Does Have Our Drone,” CBS News, December 8, 2011, http://www.cbsnews.com/news/us-official-iran-does-have-our-drone/. 210 “networks of systems”: Heather Roff, interview, October 26, 2016. 210 “If my autonomous agent”: Ibid. 210 “What are the unexpected side effects”: Bradford Tousley, interview, April 27, 2016. 210 “I don’t know that large-scale military impacts”: Ibid. 210 “machine speed . . . milliseconds”: Ibid. 14 The Invisible War: Autonomy in Cyberspace 212 Internet Worm of 1988: Ted Eisenberg et al., “The Cornell Commission: On Morris and the Worm,” Communications of the ACM 32, 6 (June 1989), 706–709, http://www.cs.cornell.edu/courses/cs1110/2009sp/assignments/a1/p706-eisenberg.pdf; 212 over 70,000 reported cybersecurity incidents: Government Accountability Office, “Information Security: Agencies Need to Improve Controls over Selected High-Impact Systems,” GAO-16-501, Washington, DC, May 2016, http://www.gao.gov/assets/680/677293.pdf. 212 most frequent and most serious attacks: Ibid, 11. 212 exposed security clearance investigation data: James Eng, “OPM Hack: Government Finally Starts Notifying 21.5 Million Victims,” NBC News, October 1, 2015, http://www.nbcnews.com/tech/security/opm-hack-government-finally-starts-notifying-21-5-million-victims-n437126.


pages: 499 words: 144,278

Coders: The Making of a New Tribe and the Remaking of the World by Clive Thompson

"Margaret Hamilton" Apollo, "Susan Fowler" uber, 2013 Report for America's Infrastructure - American Society of Civil Engineers - 19 March 2013, 4chan, 8-hour work day, Aaron Swartz, Ada Lovelace, AI winter, air gap, Airbnb, algorithmic bias, AlphaGo, Amazon Web Services, Andy Rubin, Asperger Syndrome, augmented reality, Ayatollah Khomeini, backpropagation, barriers to entry, basic income, behavioural economics, Bernie Sanders, Big Tech, bitcoin, Bletchley Park, blockchain, blue-collar work, Brewster Kahle, Brian Krebs, Broken windows theory, call centre, Cambridge Analytica, cellular automata, Charles Babbage, Chelsea Manning, Citizen Lab, clean water, cloud computing, cognitive dissonance, computer vision, Conway's Game of Life, crisis actor, crowdsourcing, cryptocurrency, Danny Hillis, data science, David Heinemeier Hansson, deep learning, DeepMind, Demis Hassabis, disinformation, don't be evil, don't repeat yourself, Donald Trump, driverless car, dumpster diving, Edward Snowden, Elon Musk, Erik Brynjolfsson, Ernest Rutherford, Ethereum, ethereum blockchain, fake news, false flag, Firefox, Frederick Winslow Taylor, Free Software Foundation, Gabriella Coleman, game design, Geoffrey Hinton, glass ceiling, Golden Gate Park, Google Hangouts, Google X / Alphabet X, Grace Hopper, growth hacking, Guido van Rossum, Hacker Ethic, hockey-stick growth, HyperCard, Ian Bogost, illegal immigration, ImageNet competition, information security, Internet Archive, Internet of things, Jane Jacobs, John Markoff, Jony Ive, Julian Assange, Ken Thompson, Kickstarter, Larry Wall, lone genius, Lyft, Marc Andreessen, Mark Shuttleworth, Mark Zuckerberg, Max Levchin, Menlo Park, meritocracy, microdosing, microservices, Minecraft, move 37, move fast and break things, Nate Silver, Network effects, neurotypical, Nicholas Carr, Nick Bostrom, no silver bullet, Northpointe / Correctional Offender Management Profiling for Alternative Sanctions, Oculus Rift, off-the-grid, OpenAI, operational security, opioid epidemic / opioid crisis, PageRank, PalmPilot, paperclip maximiser, pattern recognition, Paul Graham, paypal mafia, Peter Thiel, pink-collar, planetary scale, profit motive, ransomware, recommendation engine, Richard Stallman, ride hailing / ride sharing, Rubik’s Cube, Ruby on Rails, Sam Altman, Satoshi Nakamoto, Saturday Night Live, scientific management, self-driving car, side project, Silicon Valley, Silicon Valley ideology, Silicon Valley startup, single-payer health, Skype, smart contracts, Snapchat, social software, software is eating the world, sorting algorithm, South of Market, San Francisco, speech recognition, Steve Wozniak, Steven Levy, systems thinking, TaskRabbit, tech worker, techlash, TED Talk, the High Line, Travis Kalanick, Uber and Lyft, Uber for X, uber lyft, universal basic income, urban planning, Wall-E, Watson beat the top human players on Jeopardy!, WeWork, WikiLeaks, women in the workforce, Y Combinator, Zimmermann PGP, éminence grise

“There is a very real and critical danger that unrestrained public discussion of cryptologic matters will seriously damage the ability of this government to conduct signals intelligence,” worried Vice Admiral Bobby Inman, then head of the NSA. They certainly didn’t want everyday people using powerful crypto. “If you simply took this technology and released it widely, you were also potentially creating an opportunity for very small terrorist groups, criminals and the like to use this technology to get a kind of perfect information security,” as the onetime NSA general counsel, Stewart Baker, recalled. The US government did have one law that they could use to limit the spread of crypto. Federal regulations classified strong encryption—stuff the NSA couldn’t break—as a “munition,” and munitions can’t be shipped outside the country without the federal government’s approval.


pages: 492 words: 149,259

Big Bang by Simon Singh

Albert Einstein, Albert Michelson, All science is either physics or stamp collecting, Andrew Wiles, anthropic principle, Arthur Eddington, Astronomia nova, Bletchley Park, Boeing 747, Brownian motion, carbon-based life, Cepheid variable, Chance favours the prepared mind, Charles Babbage, Commentariolus, Copley Medal, cosmic abundance, cosmic microwave background, cosmological constant, cosmological principle, dark matter, Dava Sobel, Defenestration of Prague, discovery of penicillin, Dmitri Mendeleev, Eddington experiment, Edmond Halley, Edward Charles Pickering, Eratosthenes, Ernest Rutherford, Erwin Freundlich, Fellow of the Royal Society, Ford Model T, fudge factor, Hans Lippershey, Harlow Shapley and Heber Curtis, Harvard Computers: women astronomers, heat death of the universe, Henri Poincaré, horn antenna, if you see hoof prints, think horses—not zebras, Index librorum prohibitorum, information security, invention of the telescope, Isaac Newton, Johannes Kepler, John von Neumann, Karl Jansky, Kickstarter, Louis Daguerre, Louis Pasteur, luminiferous ether, Magellanic Cloud, Murray Gell-Mann, music of the spheres, Olbers’ paradox, On the Revolutions of the Heavenly Spheres, Paul Erdős, retrograde motion, Richard Feynman, scientific mainstream, Simon Singh, Stephen Hawking, Strategic Defense Initiative, the scientific method, Thomas Kuhn: the structure of scientific revolutions, time dilation, unbiased observer, Wilhelm Olbers, William of Occam

Singh also traces the monumental improvements in code-making and -breaking brought on by the First and Second World Wars, including the development of the German Enigma cipher machine, which was cracked by the brilliant Allied code-breakers at Bletchley Park. Now, in the Information Age, the possibility of a truly unbreakable code looms large, and information security has become one of the major debates of our times. Simon Singh investigates how technology and the ways we communicate will affect our personal privacy and our everyday lives. Dramatic, compelling and remarkably far-reaching, this book will forever alter your view of history, what drives it, and how private that e-mail you just sent really is.


pages: 559 words: 155,372

Chaos Monkeys: Obscene Fortune and Random Failure in Silicon Valley by Antonio Garcia Martinez

Airbnb, airport security, always be closing, Amazon Web Services, Big Tech, Burning Man, business logic, Celtic Tiger, centralized clearinghouse, cognitive dissonance, collective bargaining, content marketing, corporate governance, Credit Default Swap, crowdsourcing, data science, deal flow, death of newspapers, disruptive innovation, Dr. Strangelove, drone strike, drop ship, El Camino Real, Elon Musk, Emanuel Derman, Fairchild Semiconductor, fake it until you make it, financial engineering, financial independence, Gary Kildall, global supply chain, Goldman Sachs: Vampire Squid, Hacker News, hive mind, How many piano tuners are there in Chicago?, income inequality, industrial research laboratory, information asymmetry, information security, interest rate swap, intermodal, Jeff Bezos, Kickstarter, Malcom McLean invented shipping containers, Marc Andreessen, Mark Zuckerberg, Maui Hawaii, means of production, Menlo Park, messenger bag, minimum viable product, MITM: man-in-the-middle, move fast and break things, Neal Stephenson, Network effects, orbital mechanics / astrodynamics, Paul Graham, performance metric, Peter Thiel, Ponzi scheme, pre–internet, public intellectual, Ralph Waldo Emerson, random walk, Reminiscences of a Stock Operator, Ruby on Rails, Salesforce, Sam Altman, Sand Hill Road, Scientific racism, second-price auction, self-driving car, Sheryl Sandberg, Silicon Valley, Silicon Valley startup, Skype, Snapchat, social graph, Social Justice Warrior, social web, Socratic dialogue, source of truth, Steve Jobs, tech worker, telemarketer, the long tail, undersea cable, urban renewal, Y Combinator, zero-sum game, éminence grise

Search results would vary based on your connections via Google Plus, and anything you shared—photos, posts, even chats with Friends—would be used as part of Google’s ever-powerful and mysterious search algorithm. This was shocking news, even more so to Googlers. Search was the company’s tabernacular product, the holy of holies, the one-line oracle of human knowledge that had replaced libraries and encyclopedias. By all accounts (and Google information security was clearly not as good as Facebook’s) this caused a considerable stir internally. In January 2012, at a company-wide Q&A, Google’s founder Larry Page addressed this new direction forcefully, quelling the internal dissent and issuing a Googler ultimatum. “This is the path we’re headed down—a single, unified, ‘beautiful’ product across everything.


pages: 553 words: 151,139

The Teeth of the Tiger by Tom Clancy

airport security, centralized clearinghouse, complexity theory, false flag, flag carrier, forensic accounting, gentleman farmer, illegal immigration, information security, Occam's razor, operational security, sensible shoes

Not a friend, certainly, but an ally of convenience. "How the hell did you manage this?" Jack asked. "Ever hear of a company called INFOSEC?" Rick Bell asked in return. "Encryption stuff, right?" "Correct. Information Systems Security Company. The company's domiciled outside of Seattle. They have the best information-security program there is. Headed by a former deputy head of the Z-Division over at Fort Meade. He and three colleagues set the company up about nine years ago. I'm not sure NSA can crack it, short of brute-forcing it with their new Sun Workstations. Just about every bank in the world uses it, especially the ones in Liechtenstein and the rest of Europe.


pages: 492 words: 153,565

Countdown to Zero Day: Stuxnet and the Launch of the World's First Digital Weapon by Kim Zetter

air gap, Ayatollah Khomeini, Brian Krebs, crowdsourcing, data acquisition, Doomsday Clock, drone strike, Edward Snowden, facts on the ground, false flag, Firefox, friendly fire, Google Earth, information retrieval, information security, John Markoff, Julian Assange, Kickstarter, Loma Prieta earthquake, machine readable, Maui Hawaii, military-industrial complex, MITM: man-in-the-middle, Morris worm, pre–internet, RAND corporation, rolling blackouts, Silicon Valley, skunkworks, smart grid, smart meter, South China Sea, Stuxnet, Timothy McVeigh, two and twenty, undersea cable, unit 8200, uranium enrichment, Vladimir Vetrov: Farewell Dossier, WikiLeaks, Y2K, zero day

He later appealed, at which point his conviction on two of the charges was set aside, but his conviction on other charges remained, as well as his sentence. 16 A survey of utilities conducted by the Electronic Power Research Institute in 1996 found that only 25 percent of respondents reported using any intrusion detection methods. The survey, the EPRI Summer 1996 Electronic Information Security Survey, and the statistic are referenced at solarstorms.org/ElectricAssessment.html. 17 Maroochy Water Services had little choice but to involve law enforcement in the case, because the spillages were so public and threatened public safety. The incidents also brought heavy scrutiny from Australia’s environmental protection agency and from regional government officials who demanded an explanation for why they occurred. 18 Kingsley was speaking at the AusCERT2002 conference in Australia.


pages: 2,054 words: 359,149

The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities by Justin Schuh

address space layout randomization, Albert Einstein, Any sufficiently advanced technology is indistinguishable from magic, bash_history, business logic, business process, database schema, Debian, defense in depth, en.wikipedia.org, Firefox, information retrieval, information security, iterative process, Ken Thompson, loose coupling, MITM: man-in-the-middle, Multics, MVC pattern, off-by-one error, operational security, OSI model, RFC: Request For Comment, slashdot, SQL injection, web application

This explanation sounds simple, but a lot of effort goes into the work step. The following sections cover a handful of considerations you need to remember during this step. Working Papers Regulated industries have established practices for dealing with working papers, which are simply notes and documentation gathered during an audit. The information security industry isn’t as formalized, but you should still get in the habit of taking detailed assessment notes. This practice might seem like a nuisance at first, but you’ll soon find it invaluable. The following are a few reasons for maintaining good working papers: Notes help you to organize your work and ensure proper code coverage.

The forged Referer header satisfies the check and successfully displays the secret page. So, using a Referer header might buy you a modicum of obscurity, but it doesn’t do much to provide any real security. * * * Note The Referer field does have some security value for preventing cross-site reference forgery (XSRF) attacks. Jesse Burns of Information security partners published an excellent paper on this attack type, available at www.isecpartners.com/documents/XSRF_Paper.pdf. * * * Embedding State in HTML and URLs The essential trick to maintaining state in HTTP is feeding information to the client that you expect the client to include in every request.


HBase: The Definitive Guide by Lars George

Alignment Problem, Amazon Web Services, bioinformatics, create, read, update, delete, Debian, distributed revision control, domain-specific language, en.wikipedia.org, fail fast, fault tolerance, Firefox, FOSDEM, functional programming, Google Earth, information security, Kickstarter, place-making, revision control, smart grid, sparse data, web application

HBase 0.94.0 Current plans for this version, which is preliminarily being called the Security Release, call for an early 2012 release date. This version is scheduled to include the following new features. See https://issues.apache.org/jira/browse/HBASE/fixforversion/12316419 for more information. Security This release will add Kerberos integration to HBase. Secondary indexes This coprocessor-backed extension allows you to create and maintain secondary indexes based on columns of tables. Search integration This feature lets you create and maintain a search index, for example, based on Apache Lucene, per region, so that you can perform searches on rows and columns.


pages: 733 words: 179,391

Adaptive Markets: Financial Evolution at the Speed of Thought by Andrew W. Lo

Alan Greenspan, Albert Einstein, Alfred Russel Wallace, algorithmic trading, Andrei Shleifer, Arthur Eddington, Asian financial crisis, asset allocation, asset-backed security, backtesting, bank run, barriers to entry, Bear Stearns, behavioural economics, Berlin Wall, Bernie Madoff, bitcoin, Bob Litterman, Bonfire of the Vanities, bonus culture, break the buck, Brexit referendum, Brownian motion, business cycle, business process, butterfly effect, buy and hold, capital asset pricing model, Captain Sullenberger Hudson, carbon tax, Carmen Reinhart, collapse of Lehman Brothers, collateralized debt obligation, commoditize, computerized trading, confounding variable, corporate governance, creative destruction, Credit Default Swap, credit default swaps / collateralized debt obligations, cryptocurrency, Daniel Kahneman / Amos Tversky, delayed gratification, democratizing finance, Diane Coyle, diversification, diversified portfolio, do well by doing good, double helix, easy for humans, difficult for computers, equity risk premium, Ernest Rutherford, Eugene Fama: efficient market hypothesis, experimental economics, experimental subject, Fall of the Berlin Wall, financial deregulation, financial engineering, financial innovation, financial intermediation, fixed income, Flash crash, Fractional reserve banking, framing effect, Glass-Steagall Act, global macro, Gordon Gekko, greed is good, Hans Rosling, Henri Poincaré, high net worth, housing crisis, incomplete markets, index fund, information security, interest rate derivative, invention of the telegraph, Isaac Newton, it's over 9,000, James Watt: steam engine, Jeff Hawkins, Jim Simons, job satisfaction, John Bogle, John Maynard Keynes: Economic Possibilities for our Grandchildren, John Meriwether, Joseph Schumpeter, Kenneth Rogoff, language acquisition, London Interbank Offered Rate, Long Term Capital Management, longitudinal study, loss aversion, Louis Pasteur, mandelbrot fractal, margin call, Mark Zuckerberg, market fundamentalism, martingale, megaproject, merger arbitrage, meta-analysis, Milgram experiment, mirror neurons, money market fund, moral hazard, Myron Scholes, Neil Armstrong, Nick Leeson, old-boy network, One Laptop per Child (OLPC), out of africa, p-value, PalmPilot, paper trading, passive investing, Paul Lévy, Paul Samuelson, Paul Volcker talking about ATMs, Phillips curve, Ponzi scheme, predatory finance, prediction markets, price discovery process, profit maximization, profit motive, proprietary trading, public intellectual, quantitative hedge fund, quantitative trading / quantitative finance, RAND corporation, random walk, randomized controlled trial, Renaissance Technologies, Richard Feynman, Richard Feynman: Challenger O-ring, risk tolerance, Robert Shiller, Robert Solow, Sam Peltzman, Savings and loan crisis, seminal paper, Shai Danziger, short selling, sovereign wealth fund, Stanford marshmallow experiment, Stanford prison experiment, statistical arbitrage, Steven Pinker, stochastic process, stocks for the long run, subprime mortgage crisis, survivorship bias, systematic bias, Thales and the olive presses, The Great Moderation, the scientific method, The Wealth of Nations by Adam Smith, The Wisdom of Crowds, theory of mind, Thomas Malthus, Thorstein Veblen, Tobin tax, too big to fail, transaction costs, Triangle Shirtwaist Factory, ultimatum game, uptick rule, Upton Sinclair, US Airways Flight 1549, Walter Mischel, Watson beat the top human players on Jeopardy!, WikiLeaks, Yogi Berra, zero-sum game

Traditionally, cryptography has been the study of secret codes—spy thriller stuff like how to make them and how to break them—but under Moore’s Law, it’s blossomed into a broader and deeper field of study populated by computer scientists and pure mathematicians. Cryptography now includes the study of mathematical methods of information security—and this is where it becomes useful for financial regulation. There’s a well-known technique from the computer science literature called “secure multiparty computation,” an elegant way to share certain types of information while preserving the confidentiality of each party’s data. Here’s a simple example.


pages: 615 words: 187,426

Chinese Spies: From Chairman Mao to Xi Jinping by Roger Faligot

active measures, Albert Einstein, anti-communist, autonomous vehicles, Ayatollah Khomeini, Berlin Wall, British Empire, business intelligence, Deng Xiaoping, disinformation, Donald Trump, Edward Snowden, fake news, Fall of the Berlin Wall, Great Leap Forward, housing crisis, illegal immigration, index card, information security, megacity, Mikhail Gorbachev, military-industrial complex, new economy, offshore financial centre, Pearl River Delta, Port of Oakland, RAND corporation, Ronald Reagan, Shenzhen special economic zone , Silicon Valley, South China Sea, special economic zone, stem cell, union organizing, young professional, éminence grise

One case highlighted in the report particularly stood out: the Black Eagle Base, members of which had been arrested in Henan by the Gonganbu for hooliganism. Six months later, they had been released and went on to form the Black Eagle Honker Base, a group of hackers who began working for the presumably more pragmatic Guoanbu. This group, and several others, had links with the School of Information Security Engineering at Shanghai’s Jiao Tong University, whose dean, He Dequan, was the former head of the Guoanbu’s science and technology department. This made it clear that the Guoanbu was still active on all “underground fronts”, Yinbi zhanxian (荫庇 战线). 12 BEIJING 2008 CHINA WINS THE ESPIONAGE GOLD During the flight to Athens on Sunday, 24 March 2006, Geng Huichang might well have reflected on the astonishing epic of the Olympic Games.


pages: 579 words: 183,063

Tribe of Mentors: Short Life Advice From the Best in the World by Timothy Ferriss

"World Economic Forum" Davos, 23andMe, A Pattern Language, agricultural Revolution, Airbnb, Albert Einstein, Alvin Toffler, Bayesian statistics, bitcoin, Black Lives Matter, Black Swan, blockchain, Brownian motion, Buckminster Fuller, Clayton Christensen, cloud computing, cognitive dissonance, Colonization of Mars, corporate social responsibility, cryptocurrency, David Heinemeier Hansson, decentralized internet, dematerialisation, do well by doing good, do what you love, don't be evil, double helix, driverless car, effective altruism, Elon Musk, Ethereum, ethereum blockchain, family office, fear of failure, Gary Taubes, Geoffrey West, Santa Fe Institute, global macro, Google Hangouts, Gödel, Escher, Bach, haute couture, helicopter parent, high net worth, In Cold Blood by Truman Capote, income inequality, index fund, information security, Jeff Bezos, job satisfaction, Johann Wolfgang von Goethe, Kevin Kelly, Lao Tzu, Larry Ellison, Law of Accelerating Returns, Lyft, Mahatma Gandhi, Marc Andreessen, Marc Benioff, Marshall McLuhan, Max Levchin, Mikhail Gorbachev, minimum viable product, move fast and break things, Mr. Money Mustache, Naomi Klein, Neal Stephenson, Nick Bostrom, non-fiction novel, Peter Thiel, power law, profit motive, public intellectual, Ralph Waldo Emerson, Ray Kurzweil, Salesforce, Saturday Night Live, Sheryl Sandberg, side project, Silicon Valley, Skype, smart cities, smart contracts, Snapchat, Snow Crash, Steve Jobs, Steve Jurvetson, Steven Pinker, Stewart Brand, sunk-cost fallacy, TaskRabbit, tech billionaire, TED Talk, Tesla Model S, too big to fail, Turing machine, uber lyft, Vitalik Buterin, W. E. B. Du Bois, web application, Whole Earth Catalog, Y Combinator

“Several years ago, following the example of my then wife, Amber O’Hearn, I eliminated all plants from my diet. . . .” Zooko Wilcox TW: @zooko z.cash ketotic.org ZOOKO WILCOX is the founder and CEO of Zcash, a cryptocurrency that offers privacy and selective transparency of transactions. Zooko has more than 20 years of experience in open, decentralized systems, cryptography and information security, and startups. He is recognized for his work on DigiCash, Mojo Nation, ZRTP, “Zooko’s Triangle,” Tahoe-LAFS, BLAKE2, and SPHINCS. He is also the founder of Least Authority, which offers an affordable, ethical, usable, and lasting data storage solution. What is the book (or books) you’ve given most as a gift, and why?


pages: 685 words: 203,949

The Organized Mind: Thinking Straight in the Age of Information Overload by Daniel J. Levitin

Abraham Maslow, airport security, Albert Einstein, Amazon Mechanical Turk, Anton Chekhov, autism spectrum disorder, Bayesian statistics, behavioural economics, big-box store, business process, call centre, Claude Shannon: information theory, cloud computing, cognitive bias, cognitive load, complexity theory, computer vision, conceptual framework, correlation does not imply causation, crowdsourcing, cuban missile crisis, Daniel Kahneman / Amos Tversky, data science, deep learning, delayed gratification, Donald Trump, en.wikipedia.org, epigenetics, Eratosthenes, Exxon Valdez, framing effect, friendly fire, fundamental attribution error, Golden Gate Park, Google Glasses, GPS: selective availability, haute cuisine, How many piano tuners are there in Chicago?, human-factors engineering, if you see hoof prints, think horses—not zebras, impulse control, index card, indoor plumbing, information retrieval, information security, invention of writing, iterative process, jimmy wales, job satisfaction, Kickstarter, language acquisition, Lewis Mumford, life extension, longitudinal study, meta-analysis, more computing power than Apollo, Network effects, new economy, Nicholas Carr, optical character recognition, Pareto efficiency, pattern recognition, phenotype, placebo effect, pre–internet, profit motive, randomized controlled trial, Rubik’s Cube, Salesforce, shared worldview, Sheryl Sandberg, Skype, Snapchat, social intelligence, statistical model, Steve Jobs, supply-chain management, the scientific method, The Wealth of Nations by Adam Smith, The Wisdom of Crowds, theory of mind, Thomas Bayes, traumatic brain injury, Turing test, Twitter Arab Spring, ultimatum game, Wayback Machine, zero-sum game

H. (2012). Organizing for resistance: How group structure impacts the character of violence. Terrorism and Political Violence, 24(5), 743–768. and, Matusitz, J. (2011). Social network theory: A comparative analysis of the Jewish revolt in antiquity and the cyber terrorism incident over Kosovo. Information Security Journal: A Global Perspective, 20(1), 34–44. coherence across different components of a project Simon, H. A. (1957). Administrative behavior: A study of decision-making processes in administrative organization. New York, NY: Macmillan, p. 9. accountable for their decisions and their work product Simon, H.


pages: 706 words: 202,591

Facebook: The Inside Story by Steven Levy

active measures, Airbnb, Airbus A320, Amazon Mechanical Turk, AOL-Time Warner, Apple's 1984 Super Bowl advert, augmented reality, Ben Horowitz, Benchmark Capital, Big Tech, Black Lives Matter, Blitzscaling, blockchain, Burning Man, business intelligence, Cambridge Analytica, cloud computing, company town, computer vision, crowdsourcing, cryptocurrency, data science, deep learning, disinformation, don't be evil, Donald Trump, Dunbar number, East Village, Edward Snowden, El Camino Real, Elon Musk, end-to-end encryption, fake news, Firefox, Frank Gehry, Geoffrey Hinton, glass ceiling, GPS: selective availability, growth hacking, imposter syndrome, indoor plumbing, information security, Jeff Bezos, John Markoff, Jony Ive, Kevin Kelly, Kickstarter, lock screen, Lyft, machine translation, Mahatma Gandhi, Marc Andreessen, Marc Benioff, Mark Zuckerberg, Max Levchin, Menlo Park, Metcalfe’s law, MITM: man-in-the-middle, move fast and break things, natural language processing, Network effects, Oculus Rift, operational security, PageRank, Paul Buchheit, paypal mafia, Peter Thiel, pets.com, post-work, Ray Kurzweil, recommendation engine, Robert Mercer, Robert Metcalfe, rolodex, Russian election interference, Salesforce, Sam Altman, Sand Hill Road, self-driving car, sexual politics, Sheryl Sandberg, Shoshana Zuboff, side project, Silicon Valley, Silicon Valley startup, skeuomorphism, slashdot, Snapchat, social contagion, social graph, social software, South of Market, San Francisco, Startup school, Steve Ballmer, Steve Bannon, Steve Jobs, Steven Levy, Steven Pinker, surveillance capitalism, tech billionaire, techlash, Tim Cook: Apple, Tragedy of the Commons, web application, WeWork, WikiLeaks, women in the workforce, Y Combinator, Y2K, you are the product

Normally, a departure of this significance would have generated a blizzard of questions at the weekly all-hands. But that was also the week that Joel Kaplan thumbed his nose at his liberal colleagues and showed public allegiance to Brett Kavanaugh. Also that week was the discovery of the security breach that exposed the personal information of 50 million Facebook users, the biggest information-security disaster in the company’s history. The exit of Instagram’s founders was downranked to outrage number three that week. Systrom said nothing publicly until he appeared at a Wired conference in November. He revealed that he’d just gotten his flying license and was excited about that. He was spending time with his infant daughter.


pages: 1,409 words: 205,237

Architecting Modern Data Platforms: A Guide to Enterprise Hadoop at Scale by Jan Kunigk, Ian Buss, Paul Wilkinson, Lars George

Amazon Web Services, barriers to entry, bitcoin, business intelligence, business logic, business process, cloud computing, commoditize, computer vision, continuous integration, create, read, update, delete, data science, database schema, Debian, deep learning, DevOps, domain-specific language, fault tolerance, Firefox, FOSDEM, functional programming, Google Chrome, Induced demand, information security, Infrastructure as a Service, Internet of things, job automation, Kickstarter, Kubernetes, level 1 cache, loose coupling, microservices, natural language processing, Network effects, platform as a service, single source of truth, source of truth, statistical model, vertical integration, web application

Ensure that racks are located no more than 100 meters apart when deploying optical cabling. Don’t connect clusters to the internet Use cases that require a cluster to be directly addressable on the public internet are rare. Since they often contain valuable, sensitive information, most clusters should be deployed on secured internal networks, away from prying eyes. Good information security policy says to minimize the attack surface of any system, and clusters such as Hadoop are no exception. When absolutely required, internet-facing clusters should be deployed using firewalls and secured using Kerberos, Transport Layer Security (TLS), and encryption. Layer 2 Recommendations The following recommendations concern aspects of Layer 2, known as the data link layer, which is responsible for sending and receiving frames between devices on a local network.


pages: 562 words: 201,502

Elon Musk by Walter Isaacson

4chan, activist fund / activist shareholder / activist investor, Airbnb, Albert Einstein, AltaVista, Apollo 11, Apple II, Apple's 1984 Super Bowl advert, artificial general intelligence, autism spectrum disorder, autonomous vehicles, basic income, Big Tech, blockchain, Boston Dynamics, Burning Man, carbon footprint, ChatGPT, Chuck Templeton: OpenTable:, Clayton Christensen, clean tech, Colonization of Mars, computer vision, Computing Machinery and Intelligence, coronavirus, COVID-19, crowdsourcing, cryptocurrency, deep learning, DeepMind, Demis Hassabis, disinformation, Dogecoin, Donald Trump, Douglas Engelbart, drone strike, effective altruism, Elon Musk, estate planning, fail fast, fake news, game design, gigafactory, GPT-4, high-speed rail, hiring and firing, hive mind, Hyperloop, impulse control, industrial robot, information security, Jeff Bezos, Jeffrey Epstein, John Markoff, John von Neumann, Jony Ive, Kwajalein Atoll, lab leak, large language model, Larry Ellison, lockdown, low earth orbit, Marc Andreessen, Marc Benioff, Mars Society, Max Levchin, Michael Shellenberger, multiplanetary species, Neil Armstrong, Network effects, OpenAI, packet switching, Parler "social media", paypal mafia, peer-to-peer, Peter Thiel, QAnon, Ray Kurzweil, reality distortion field, remote working, rent control, risk tolerance, Rubik’s Cube, Salesforce, Sam Altman, Sam Bankman-Fried, San Francisco homelessness, Sand Hill Road, Saturday Night Live, self-driving car, seminal paper, short selling, Silicon Valley, Skype, SpaceX Starlink, Stephen Hawking, Steve Jobs, Steve Jurvetson, Steve Wozniak, Steven Levy, Streisand effect, supply-chain management, tech bro, TED Talk, Tesla Model S, the payments system, Tim Cook: Apple, universal basic income, Vernor Vinge, vertical integration, Virgin Galactic, wikimedia commons, William MacAskill, work culture , Y Combinator

Roth did not know who Yoni was, but he headed through the forlorn Halloween party that was underway and arrived at the big open space of the conference areas where Musk, his bankers, and the musketeers were bustling about. There he was greeted by Yoni Ramon, a short, energetic, long-haired Tesla information security engineer, originally from Israel. “I’m Israeli myself, so I could tell he was Israeli,” Roth says. “But otherwise I had no idea who he was.” Musk had given Ramon the task of preventing any disgruntled Twitter employees from sabotaging the service. “Elon is absolutely paranoid, and with reason, that some angry employee is going to disrupt things,” he told me just before Roth arrived.


pages: 1,744 words: 458,385

The Defence of the Realm by Christopher Andrew

Able Archer 83, active measures, anti-communist, Ayatollah Khomeini, Berlin Wall, Bletchley Park, Boeing 747, British Empire, classic study, Clive Stafford Smith, collective bargaining, credit crunch, cuban missile crisis, Desert Island Discs, disinformation, Etonian, Fall of the Berlin Wall, false flag, G4S, glass ceiling, illegal immigration, information security, job satisfaction, large denomination, liquidationism / Banker’s doctrine / the Treasury view, Mahatma Gandhi, Mikhail Gorbachev, Neil Kinnock, North Sea oil, operational security, post-work, Red Clydeside, Robert Hanssen: Double agent, Ronald Reagan, sexual politics, strikebreaker, Suez crisis 1956, Torches of Freedom, traveling salesman, union organizing, uranium enrichment, Vladimir Vetrov: Farewell Dossier, Winter of Discontent, work culture

Lambton renounced the earldom of Durham, which he inherited from his father in 1970, in the interests of his political career, but caused controversy by attempting to keep the courtesy title ‘Lord Lambton’ in the Commons. 42 Security Service Archives. 43 Security Service Archives. 44 Sheldon, however, added that, though the Service had been briefed orally by the Met, it had not yet seen the latest written reports on the case and ‘could not therefore be absolutely sure that we had taken full account’ of the latest information. Security Service Archives. 45 John Stradling Thomas MP to Francis Pym (Chief Whip), 14 May 1973 (marked ‘Immediate copy to PM 2–15 pm 14 May 1973’), TNA PREM 15/190. 46 Record of meeting chaired by Prime Minister, 18 May 1973, TNA PREM 15/1904. 47 TNA PREM 15/1904. ‘Obituary: Lord Lambton’, The Times, 2 Jan. 2007.

Security Service Archives. 32 Campbell, Heath, pp. 413–14. 33 Ibid. 34 Hennessy and Jeffery, States of Emergency, p. 235. 35 See above, pp. 139–40. 36 Security Service Archives. 37 Security Service Archives. 38 Security Service Archives. 39 Security Service Archives. 40 Security Service Archives. 41 See above, pp. 548, 587. 42 Security Service Archives. 43 Security Service Archives. 44 See above, p. 547. 45 Security Service Archives. 46 Security Service Archives. 47 Security Service Archives. 48 Security Service Archives. 49 Security Service Archives. 50 Security Service Archives. 51 Security Service Archives. 52 Security Service Archives. 53 Security Service Archives. 54 Heath, Course of my Life, p. 505. 55 Security Service Archives. 56 Security Service Archives. 57 See above, p. 530. 58 Security Service Archives. 59 Recollections of a recently retired Security Service officer. 60 Morgan, People’s Peace, p. 351. Chapter 3: Counter-Terrorism and Protective Security in the Early 1970s 1 Security Service Archives. 2 See below, pp. 606–7, 654–5. Until the 1970s peacetime ‘protective security’ had been mainly concerned with ‘the protection of classified information’. Security Service Archives. Thereafter its scope was extended to cover protection against terrorist attack. 3 See below, p. 619. 4 See above, pp. 353–61. 5 Follain, Jackal, pp. 20–1. 6 Security Service Archives. 7 Security Service Archives. 8 Security Service Archives. 9 Security Service Archives. 10 Boyce, Irish Question and British Politics, p. 106. 11 Taylor, Provos, p. 32. 12 Security Service Archives. 13 Security Service Archives. 14 Security Service Archives. 15 Security Service Archives. 16 Security Service Archives. 17 Security Service Archives. 18 Rimington, Open Secret, p. 105. 19 The 1967 JIC working group on intelligence priorities made no mention of Irish affairs.


pages: 801 words: 209,348

Americana: A 400-Year History of American Capitalism by Bhu Srinivasan

activist fund / activist shareholder / activist investor, American ideology, AOL-Time Warner, Apple II, Apple's 1984 Super Bowl advert, bank run, barriers to entry, Bear Stearns, Benchmark Capital, Berlin Wall, blue-collar work, Bob Noyce, Bonfire of the Vanities, British Empire, business cycle, buy and hold, California gold rush, Carl Icahn, Charles Lindbergh, collective bargaining, commoditize, Cornelius Vanderbilt, corporate raider, cotton gin, cuban missile crisis, Deng Xiaoping, diversification, diversified portfolio, Douglas Engelbart, Fairchild Semiconductor, financial innovation, fixed income, Ford Model T, Ford paid five dollars a day, global supply chain, Gordon Gekko, guns versus butter model, Haight Ashbury, hypertext link, Ida Tarbell, income inequality, information security, invisible hand, James Watt: steam engine, Jane Jacobs, Jeff Bezos, John Markoff, joint-stock company, joint-stock limited liability company, junk bonds, Kickstarter, laissez-faire capitalism, Louis Pasteur, Marc Andreessen, Menlo Park, Michael Milken, military-industrial complex, mortgage debt, mutually assured destruction, Norman Mailer, oil rush, peer-to-peer, pets.com, popular electronics, profit motive, punch-card reader, race to the bottom, refrigerator car, risk/return, Ronald Reagan, Sand Hill Road, self-driving car, shareholder value, side project, Silicon Valley, Silicon Valley startup, Steve Ballmer, Steve Jobs, Steve Wozniak, strikebreaker, Ted Nelson, The Death and Life of Great American Cities, the new new thing, The Predators' Ball, The Theory of the Leisure Class by Thorstein Veblen, The Wealth of Nations by Adam Smith, trade route, transcontinental railway, traveling salesman, Upton Sinclair, Vannevar Bush, Works Progress Administration, zero-sum game

The Internet was designed to be an open network where any connected computer could access another computer speaking a standard language, a protocol. In this decentralized system, academics in one university could publish a set of papers or experimental data and researchers in any other university could access the information. Secure communications and e-mails could be exchanged as well. By the late 1980s, the utility of the Internet was fairly established, with academia and the military its primary users. What launched the consumer Internet, however, was a visual method of organizing and accessing all of the information on the network.


pages: 678 words: 216,204

The Wealth of Networks: How Social Production Transforms Markets and Freedom by Yochai Benkler

affirmative action, AOL-Time Warner, barriers to entry, bioinformatics, Brownian motion, business logic, call centre, Cass Sunstein, centre right, clean water, commoditize, commons-based peer production, dark matter, desegregation, digital divide, East Village, Eben Moglen, fear of failure, Firefox, Free Software Foundation, game design, George Gilder, hiring and firing, Howard Rheingold, informal economy, information asymmetry, information security, invention of radio, Isaac Newton, iterative process, Jean Tirole, jimmy wales, John Markoff, John Perry Barlow, Kenneth Arrow, Lewis Mumford, longitudinal study, machine readable, Mahbub ul Haq, market bubble, market clearing, Marshall McLuhan, Mitch Kapor, New Journalism, optical character recognition, pattern recognition, peer-to-peer, power law, precautionary principle, pre–internet, price discrimination, profit maximization, profit motive, public intellectual, radical decentralization, random walk, Recombinant DNA, recommendation engine, regulatory arbitrage, rent-seeking, RFID, Richard Stallman, Ronald Coase, scientific management, search costs, Search for Extraterrestrial Intelligence, SETI@home, shareholder value, Silicon Valley, Skype, slashdot, social software, software patent, spectrum auction, subscription business, tacit knowledge, technological determinism, technoutopianism, The Fortune at the Bottom of the Pyramid, the long tail, The Nature of the Firm, the strength of weak ties, Timothy McVeigh, transaction costs, vertical integration, Vilfredo Pareto, work culture , Yochai Benkler

It resulted in the decertification of some of Diebold's systems in California, and contributed to a shift in the requirements of a number of states, which now require voting machines to produce a paper trail for recount purposes. The first analysis of the Diebold system based on the files Harris originally found was performed by a group of computer scientists at the Information Security Institute at Johns Hopkins University and released [pg 229] as a working paper in late July 2003. The Hopkins Report, or Rubin Report as it was also named after one of its authors, Aviel Rubin, presented deep criticism of the Diebold system and its vulnerabilities on many dimensions. The academic credibility of its authors required a focused response from Diebold.


Americana by Bhu Srinivasan

activist fund / activist shareholder / activist investor, American ideology, AOL-Time Warner, Apple II, Apple's 1984 Super Bowl advert, bank run, barriers to entry, Bear Stearns, Benchmark Capital, Berlin Wall, blue-collar work, Bob Noyce, Bonfire of the Vanities, British Empire, business cycle, buy and hold, California gold rush, Carl Icahn, Charles Lindbergh, collective bargaining, commoditize, Cornelius Vanderbilt, corporate raider, cotton gin, cuban missile crisis, Deng Xiaoping, diversification, diversified portfolio, Douglas Engelbart, Fairchild Semiconductor, financial innovation, fixed income, Ford Model T, Ford paid five dollars a day, global supply chain, Gordon Gekko, guns versus butter model, Haight Ashbury, hypertext link, Ida Tarbell, income inequality, information security, invisible hand, James Watt: steam engine, Jane Jacobs, Jeff Bezos, John Markoff, joint-stock company, joint-stock limited liability company, junk bonds, Kickstarter, laissez-faire capitalism, Louis Pasteur, Marc Andreessen, Menlo Park, Michael Milken, military-industrial complex, mortgage debt, mutually assured destruction, Norman Mailer, oil rush, peer-to-peer, pets.com, popular electronics, profit motive, punch-card reader, race to the bottom, refrigerator car, risk/return, Ronald Reagan, Sand Hill Road, self-driving car, shareholder value, side project, Silicon Valley, Silicon Valley startup, Steve Ballmer, Steve Jobs, Steve Wozniak, strikebreaker, Ted Nelson, The Death and Life of Great American Cities, the new new thing, The Predators' Ball, The Theory of the Leisure Class by Thorstein Veblen, The Wealth of Nations by Adam Smith, trade route, transcontinental railway, traveling salesman, Upton Sinclair, Vannevar Bush, Works Progress Administration, zero-sum game

The Internet was designed to be an open network where any connected computer could access another computer speaking a standard language, a protocol. In this decentralized system, academics in one university could publish a set of papers or experimental data and researchers in any other university could access the information. Secure communications and e-mails could be exchanged as well. By the late 1980s, the utility of the Internet was fairly established, with academia and the military its primary users. What launched the consumer Internet, however, was a visual method of organizing and accessing all of the information on the network.


The Age of Turbulence: Adventures in a New World (Hardback) - Common by Alan Greenspan

addicted to oil, air freight, airline deregulation, Alan Greenspan, Albert Einstein, asset-backed security, bank run, Berlin Wall, Black Monday: stock market crash in 1987, Bretton Woods, business cycle, business process, buy and hold, call centre, capital controls, carbon tax, central bank independence, collateralized debt obligation, collective bargaining, compensation consultant, conceptual framework, Corn Laws, corporate governance, corporate raider, correlation coefficient, cotton gin, creative destruction, credit crunch, Credit Default Swap, credit default swaps / collateralized debt obligations, crony capitalism, cuban missile crisis, currency peg, currency risk, Deng Xiaoping, Dissolution of the Soviet Union, Doha Development Round, double entry bookkeeping, equity premium, everywhere but in the productivity statistics, Fall of the Berlin Wall, fiat currency, financial innovation, financial intermediation, full employment, Gini coefficient, Glass-Steagall Act, Hernando de Soto, income inequality, income per capita, information security, invisible hand, Joseph Schumpeter, junk bonds, labor-force participation, laissez-faire capitalism, land reform, Long Term Capital Management, low interest rates, Mahatma Gandhi, manufacturing employment, market bubble, means of production, Mikhail Gorbachev, moral hazard, mortgage debt, Myron Scholes, Nelson Mandela, new economy, North Sea oil, oil shock, open economy, open immigration, Pearl River Delta, pets.com, Potemkin village, price mechanism, price stability, Productivity paradox, profit maximization, purchasing power parity, random walk, Reminiscences of a Stock Operator, reserve currency, Right to Buy, risk tolerance, Robert Solow, Ronald Reagan, Savings and loan crisis, shareholder value, short selling, Silicon Valley, special economic zone, stock buybacks, stocks for the long run, Suez crisis 1956, the payments system, The Theory of the Leisure Class by Thorstein Veblen, The Wealth of Nations by Adam Smith, Thorstein Veblen, Tipper Gore, too big to fail, total factor productivity, trade liberalization, trade route, transaction costs, transcontinental railway, urban renewal, We are all Keynesians now, working-age population, Y2K, zero-sum game

These institutions specialize in teaching practical skills that are immediately applicable in the workplace, and have been especially helpful in retraining people who have lost their jobs for new opportunities. Some typical curricula: electronics maintenance, collision repair technology, nursing, massage therapy, and computer information security. These middle-income occupations require substantially more skills than were required of middle-income workers when I entered the labor force in the late 1940s. A rising proportion of the population is also taking advantage of workrelated instruction. The "corporate university" is rapidly becoming a permanent fixture in adult job-specific learning.


pages: 761 words: 231,902

The Singularity Is Near: When Humans Transcend Biology by Ray Kurzweil

additive manufacturing, AI winter, Alan Turing: On Computable Numbers, with an Application to the Entscheidungsproblem, Albert Einstein, anthropic principle, Any sufficiently advanced technology is indistinguishable from magic, artificial general intelligence, Asilomar, augmented reality, autonomous vehicles, backpropagation, Benoit Mandelbrot, Bill Joy: nanobots, bioinformatics, brain emulation, Brewster Kahle, Brownian motion, business cycle, business intelligence, c2.com, call centre, carbon-based life, cellular automata, Charles Babbage, Claude Shannon: information theory, complexity theory, conceptual framework, Conway's Game of Life, coronavirus, cosmological constant, cosmological principle, cuban missile crisis, data acquisition, Dava Sobel, David Brooks, Dean Kamen, digital divide, disintermediation, double helix, Douglas Hofstadter, en.wikipedia.org, epigenetics, factory automation, friendly AI, functional programming, George Gilder, Gödel, Escher, Bach, Hans Moravec, hype cycle, informal economy, information retrieval, information security, invention of the telephone, invention of the telescope, invention of writing, iterative process, Jaron Lanier, Jeff Bezos, job automation, job satisfaction, John von Neumann, Kevin Kelly, Law of Accelerating Returns, life extension, lifelogging, linked data, Loebner Prize, Louis Pasteur, mandelbrot fractal, Marshall McLuhan, Mikhail Gorbachev, Mitch Kapor, mouse model, Murray Gell-Mann, mutually assured destruction, natural language processing, Network effects, new economy, Nick Bostrom, Norbert Wiener, oil shale / tar sands, optical character recognition, PalmPilot, pattern recognition, phenotype, power law, precautionary principle, premature optimization, punch-card reader, quantum cryptography, quantum entanglement, radical life extension, randomized controlled trial, Ray Kurzweil, remote working, reversible computing, Richard Feynman, Robert Metcalfe, Rodney Brooks, scientific worldview, Search for Extraterrestrial Intelligence, selection bias, semantic web, seminal paper, Silicon Valley, Singularitarianism, speech recognition, statistical model, stem cell, Stephen Hawking, Stewart Brand, strong AI, Stuart Kauffman, superintelligent machines, technological singularity, Ted Kaczynski, telepresence, The Coming Technological Singularity, Thomas Bayes, transaction costs, Turing machine, Turing test, two and twenty, Vernor Vinge, Y2K, Yogi Berra

There will be no centralized communications hubs that could be vulnerable to hostile attack. Information will rapidly route itself around damaged portions of the network. An obvious top priority is to develop technology capable of maintaining integrity of communication and preventing either eavesdropping or manipulation of information by hostile forces. The same information-security technology will be applied to infiltrate, disrupt, confuse, or destroy enemy communications through both electronic means and cyberwarfare using software pathogens. The FCS is not a one-shot program; it represents a pervasive focus of military systems toward remotely guided, autonomous, miniaturized, and robotic systems, combined with robust, self-organizing, distributed, and secure communications.


pages: 496 words: 174,084

Masterminds of Programming: Conversations With the Creators of Major Programming Languages by Federico Biancuzzi, Shane Warden

Benevolent Dictator For Life (BDFL), business intelligence, business logic, business process, cellular automata, cloud computing, cognitive load, commoditize, complexity theory, conceptual framework, continuous integration, data acquisition, Dennis Ritchie, domain-specific language, Douglas Hofstadter, Fellow of the Royal Society, finite state, Firefox, follow your passion, Frank Gehry, functional programming, general-purpose programming language, Guido van Rossum, higher-order functions, history of Unix, HyperCard, industrial research laboratory, information retrieval, information security, iterative process, Ivan Sutherland, John von Neumann, Ken Thompson, Larry Ellison, Larry Wall, linear programming, loose coupling, machine readable, machine translation, Mars Rover, millennium bug, Multics, NP-complete, Paul Graham, performance metric, Perl 6, QWERTY keyboard, RAND corporation, randomized controlled trial, Renaissance Technologies, Ruby on Rails, Sapir-Whorf hypothesis, seminal paper, Silicon Valley, slashdot, software as a service, software patent, sorting algorithm, SQL injection, Steve Jobs, traveling salesman, Turing complete, type inference, Valgrind, Von Neumann architecture, web application

Peter Weinberger has been at Google New York since the middle of 2003, working on various projects that handle or store large amounts of data. Before that (from the time that AT&T and Lucent split apart), Peter was at Renaissance Technologies, a fabulously successful hedge fund (for which he takes no credit at all), where he started as Head of Technology, responsible for computing, software, and information security. The last year or so, he escaped all that and worked on a trading system (for mortgage-backed securities). Until AT&T and Lucent split, he was in Computer Science Research at Bell Labs in Murray Hill. Before ending up in management, Peter worked on databases, AWK, network filesystems, compiling, performance and profiling, and no doubt some other Unix stuff.


pages: 797 words: 227,399

Wired for War: The Robotics Revolution and Conflict in the 21st Century by P. W. Singer

agricultural Revolution, Albert Einstein, Alvin Toffler, Any sufficiently advanced technology is indistinguishable from magic, Atahualpa, barriers to entry, Berlin Wall, Bill Joy: nanobots, Bletchley Park, blue-collar work, borderless world, Boston Dynamics, Charles Babbage, Charles Lindbergh, clean water, Craig Reynolds: boids flock, cuban missile crisis, digital divide, digital map, Dr. Strangelove, en.wikipedia.org, Ernest Rutherford, failed state, Fall of the Berlin Wall, Firefox, Ford Model T, Francisco Pizarro, Frank Gehry, friendly fire, Future Shock, game design, George Gilder, Google Earth, Grace Hopper, Hans Moravec, I think there is a world market for maybe five computers, if you build it, they will come, illegal immigration, industrial robot, information security, interchangeable parts, Intergovernmental Panel on Climate Change (IPCC), invention of gunpowder, invention of movable type, invention of the steam engine, Isaac Newton, Jacques de Vaucanson, job automation, Johann Wolfgang von Goethe, junk bonds, Law of Accelerating Returns, Mars Rover, Menlo Park, mirror neurons, Neal Stephenson, New Urbanism, Nick Bostrom, no-fly zone, PalmPilot, paperclip maximiser, pattern recognition, precautionary principle, private military company, RAND corporation, Ray Kurzweil, RFID, robot derives from the Czech word robota Czech, meaning slave, Rodney Brooks, Ronald Reagan, Schrödinger's Cat, Silicon Valley, social intelligence, speech recognition, Stephen Hawking, Strategic Defense Initiative, strong AI, technological singularity, The Coming Technological Singularity, The Wisdom of Crowds, Timothy McVeigh, Turing test, Vernor Vinge, Virgin Galactic, Wall-E, warehouse robotics, world market for maybe five computers, Yogi Berra

Of course, military systems have firewalls to keep unwanted guests out (though the telecom companies likely thought they did too), and the military’s internal computer network, “SIPRNet” (the Secret Internet Protocol Router Network), its internal Internet used for classified communications, is supposed to be completely cut off from intruders. And yet, asks information security expert Richard Clarke, “Why is it that every time a virus pops up on the regular Internet, it also shows up in SIPRNet? It is supposed to be separate and distinct, so how’s that happen?... It’s a real Achilles’ heel.” No matter how great the capabilities a new RMA delivers, modern enemies aren’t just going to sit back and accept defeat.


Global Catastrophic Risks by Nick Bostrom, Milan M. Cirkovic

affirmative action, agricultural Revolution, Albert Einstein, American Society of Civil Engineers: Report Card, anthropic principle, artificial general intelligence, Asilomar, availability heuristic, backpropagation, behavioural economics, Bill Joy: nanobots, Black Swan, carbon tax, carbon-based life, Charles Babbage, classic study, cognitive bias, complexity theory, computer age, coronavirus, corporate governance, cosmic microwave background, cosmological constant, cosmological principle, cuban missile crisis, dark matter, death of newspapers, demographic transition, Deng Xiaoping, distributed generation, Doomsday Clock, Drosophila, endogenous growth, Ernest Rutherford, failed state, false flag, feminist movement, framing effect, friendly AI, Georg Cantor, global pandemic, global village, Great Leap Forward, Gödel, Escher, Bach, Hans Moravec, heat death of the universe, hindsight bias, information security, Intergovernmental Panel on Climate Change (IPCC), invention of agriculture, Kevin Kelly, Kuiper Belt, Large Hadron Collider, launch on warning, Law of Accelerating Returns, life extension, means of production, meta-analysis, Mikhail Gorbachev, millennium bug, mutually assured destruction, Nick Bostrom, nuclear winter, ocean acidification, off-the-grid, Oklahoma City bombing, P = NP, peak oil, phenotype, planetary scale, Ponzi scheme, power law, precautionary principle, prediction markets, RAND corporation, Ray Kurzweil, Recombinant DNA, reversible computing, Richard Feynman, Ronald Reagan, scientific worldview, Singularitarianism, social intelligence, South China Sea, strong AI, superintelligent machines, supervolcano, synthetic biology, technological singularity, technoutopianism, The Coming Technological Singularity, the long tail, The Turner Diaries, Tunguska event, twin studies, Tyler Cowen, uranium enrichment, Vernor Vinge, War on Poverty, Westphalian system, Y2K

This, however, hinges on the obviously limited capacity to pack sufficiently sophisticated self-replicating algorithm in the bit-string of size small enough to be received non-deformed often enough - which raises some interesting issues from the point of view of algorithmic information theory (e.g., Chaitin, 1977). It seems almost certain that the rapidly occurring improvements in information security will be able to clear this possible threat in check. Global catastrophic risks 138 A 'new vacuum' bubble produced anywhere in the visible universe - say by powerful alien particle accelerators - would expand at the speed of light, possibly encompassing the Earth and humanity at some point.


Data Mining: Concepts and Techniques: Concepts and Techniques by Jiawei Han, Micheline Kamber, Jian Pei

backpropagation, bioinformatics, business intelligence, business process, Claude Shannon: information theory, cloud computing, computer vision, correlation coefficient, cyber-physical system, database schema, discrete time, disinformation, distributed generation, finite state, industrial research laboratory, information retrieval, information security, iterative process, knowledge worker, linked data, machine readable, natural language processing, Netflix Prize, Occam's razor, pattern recognition, performance metric, phenotype, power law, random walk, recommendation engine, RFID, search costs, semantic web, seminal paper, sentiment analysis, sparse data, speech recognition, statistical model, stochastic process, supply-chain management, text mining, thinkpad, Thomas Bayes, web application

Moreover, many applications involving stream data (e.g., e-commerce, Web mining, stock analysis, intrusion detection, mobile data mining, and data mining for counterterrorism) require dynamic data mining models to be built in real time. Additional research is needed in this direction. ■ Privacy protection and information security in data mining: An abundance of personal or confidential information available in electronic forms, coupled with increasingly powerful data mining tools, poses a threat to data privacy and security. Growing interest in data mining for counterterrorism also adds to the concern. Further development of privacy-preserving data mining methods is foreseen.


pages: 918 words: 257,605

The Age of Surveillance Capitalism by Shoshana Zuboff

"World Economic Forum" Davos, algorithmic bias, Amazon Web Services, Andrew Keen, augmented reality, autonomous vehicles, barriers to entry, Bartolomé de las Casas, behavioural economics, Berlin Wall, Big Tech, bitcoin, blockchain, blue-collar work, book scanning, Broken windows theory, California gold rush, call centre, Cambridge Analytica, Capital in the Twenty-First Century by Thomas Piketty, Cass Sunstein, choice architecture, citizen journalism, Citizen Lab, classic study, cloud computing, collective bargaining, Computer Numeric Control, computer vision, connected car, context collapse, corporate governance, corporate personhood, creative destruction, cryptocurrency, data science, deep learning, digital capitalism, disinformation, dogs of the Dow, don't be evil, Donald Trump, Dr. Strangelove, driverless car, Easter island, Edward Snowden, en.wikipedia.org, Erik Brynjolfsson, Evgeny Morozov, facts on the ground, fake news, Ford Model T, Ford paid five dollars a day, future of work, game design, gamification, Google Earth, Google Glasses, Google X / Alphabet X, Herman Kahn, hive mind, Ian Bogost, impulse control, income inequality, information security, Internet of things, invention of the printing press, invisible hand, Jean Tirole, job automation, Johann Wolfgang von Goethe, John Markoff, John Maynard Keynes: Economic Possibilities for our Grandchildren, John Maynard Keynes: technological unemployment, Joseph Schumpeter, Kevin Kelly, Kevin Roose, knowledge economy, Lewis Mumford, linked data, longitudinal study, low skilled workers, Mark Zuckerberg, market bubble, means of production, multi-sided market, Naomi Klein, natural language processing, Network effects, new economy, Occupy movement, off grid, off-the-grid, PageRank, Panopticon Jeremy Bentham, pattern recognition, Paul Buchheit, performance metric, Philip Mirowski, precision agriculture, price mechanism, profit maximization, profit motive, public intellectual, recommendation engine, refrigerator car, RFID, Richard Thaler, ride hailing / ride sharing, Robert Bork, Robert Mercer, Salesforce, Second Machine Age, self-driving car, sentiment analysis, shareholder value, Sheryl Sandberg, Shoshana Zuboff, Sidewalk Labs, Silicon Valley, Silicon Valley ideology, Silicon Valley startup, slashdot, smart cities, Snapchat, social contagion, social distancing, social graph, social web, software as a service, speech recognition, statistical model, Steve Bannon, Steve Jobs, Steven Levy, structural adjustment programs, surveillance capitalism, technological determinism, TED Talk, The Future of Employment, The Wealth of Nations by Adam Smith, Tim Cook: Apple, two-sided market, union organizing, vertical integration, Watson beat the top human players on Jeopardy!, winner-take-all economy, Wolfgang Streeck, work culture , Yochai Benkler, you are the product

“Mobile Health App Developers: FTC Best Practices,” Federal Trade Commission, April 2016, https://www.ftc.gov/tips-advice/business-center/guidance/mobile-health-app-developers-ftc-best-practices; “Mobile Privacy Disclosures: Building Trust Through Transparency,” Federal Trade Commission, February 2013, https://www.ftc.gov/sites/default/files/documents/reports/mobile-privacy-disclosures-building-trust-through-transparency-federal-trade-commission-staff-report/130201mobileprivacyreport.pdf; Harrison Kaminsky, “FDA States It Will Not Regulate Fitness Trackers and Wellness Apps,” Digital Trends, July 31, 2016, http://www.digitaltrends.com/health-fitness/fda-will-not-regulate-fitness-wellness-apps. 50. Tobias Dehling et al., “Exploring the Far Side of Mobile Health: Information Security and Privacy of Mobile Health Apps on iOS and Android,” JMIR MHealth and UHealth 3, no. 1 (2015): 1–26, https://doi.org/10.2196/mhealth.3672. In 2013 an analysis by the Privacy Rights Clearinghouse evaluated a range of health and fitness apps according to their level of privacy risk, including the expropriation of personal information, the sensitivity of that information, and its degree of dissemination.


Fateful Triangle: The United States, Israel, and the Palestinians (Updated Edition) (South End Press Classics Series) by Noam Chomsky

active measures, American ideology, anti-communist, Ayatollah Khomeini, Berlin Wall, centre right, colonial rule, David Brooks, disinformation, European colonialism, facts on the ground, Fall of the Berlin Wall, information security, Monroe Doctrine, New Journalism, public intellectual, random walk, Ronald Reagan, Silicon Valley, strikebreaker, Suez crisis 1956, the market place, Thomas L Friedman

By early September, however, only a few days after his election as President, “disappointment was increasing in Jerusalem” concerning Gemayel, the Israeli press reported, for several reasons: he had refused to sign an imposed peace treaty and had threatened to bring Major Saad Haddad, Israel’s puppet in the south, to trial on charges of desertion from the Lebanese army. 35 Citing “informed security sources,” Ze’ev Schiff reported that “the threat of the new Lebanese government to bring Major Haddad to trial is a hint to Israel that the new regime under Bashir Gemayel strongly opposes Israel’s plans to establish a military presence in southern Lebanon in the future or to extend the Haddad enclaves, over which Israel rules indirectly.”


pages: 1,117 words: 305,620

Dirty Wars: The World Is a Battlefield by Jeremy Scahill

active measures, air freight, Andy Carvin, anti-communist, blood diamond, business climate, citizen journalism, colonial rule, crowdsourcing, disinformation, Donald Trump, drone strike, failed state, false flag, friendly fire, Google Hangouts, independent contractor, indoor plumbing, information security, Islamic Golden Age, Kickstarter, land reform, Mohammed Bouazizi, Naomi Klein, operational security, private military company, Project for a New American Century, rolodex, Ronald Reagan, Saturday Night Live, Seymour Hersh, Strategic Defense Initiative, WikiLeaks

Airstrike Kills Somali Accused of Links to Al-Qaeda.” 226 bio of their slain leader: Daveed Gartenstein-Ross, “The Strategic Challenge of Somalia’s Al-Shabaab,” Middle East Quarterly (fall 2009), www.meforum.org/2486/somalia-al-shabaab-strategic-challenge#_ftn22. 226 “short-term disruption”: US diplomatic cable 08NAIROBI1363, from Ambassador Michael Ranneberger, US Embassy Nairobi, “Somalia—Ayrow’s Demise,” June 3, 2008, released by WikiLeaks, http://wikileaks.org/cable/2008/06/08NAIROBI1363.html. 226 agreement signed in Djibouti: United Nations Security Council Department of Public Information, “Security Council, in Presidential Statement, Welcomes Signing of Djibouti Agreement on Reconciliation by Parties to Somalia Conflict,” UN Security Council press release, September 4, 2008. 227 refused to discuss: Author interview, President Sheikh Sharif Sheikh Ahmed, June 2011. 227 “favorite puppet”: Abdirahman “Aynte” Ali, “The Anatomy of al Shabaab,” unpublished paper, June 2010, www.radiodaljir.com/audio/docs/TheAnatomyOfAlShabaab.pdf. 227 indigenous diversity: Ibid., p. 28. 227 sense of empowerment: Ibid., p. 20. 228 diplomatic “visits”: International Crisis Group, “Somalia: To Move Beyond the Failed State,” Africa Report No. 147, December 23, 2008, p. 12. 228 lengthy negotiations: Ibid., pp. 12–13. 228 dismantling of roadblocks: Mark Bradbury, “State-Building, Counterterrorism, and Licensing Humanitarianism in Somalia,” briefing paper, Feinstein International Center, October 2010. 228 “a caricature”: International Crisis Group, “Somalia: To Move Beyond the Failed State,” p. 14. 228 reminiscent of the Taliban: Ibid. 228 “the only organization”: Committee on Foreign Relations, Al Qaeda in Yemen and Somalia: A Ticking Time Bomb, S.


pages: 1,087 words: 325,295

Anathem by Neal Stephenson

anthropic principle, cellular automata, Danny Hillis, double helix, information security, interchangeable parts, Neal Stephenson, nuclear winter, orbital mechanics / astrodynamics, pattern recognition, phenotype, selection bias, Snow Crash, Stewart Brand, trade route

“Fraa Spelikon told me to go to the Telescope of Saunts Mithra and Mylax and retrieve a photomnemonic tablet that Fraa Orolo had placed there hours before the starhenge was closed by the Warden Regulant,” Sammann announced in correct but strangely accented Orth. “I obeyed. He did not issue any command as to information security relating to this tablet. So, before I gave it to him, I made a copy.” And with that Sammann withdrew a photomnemonic tablet from a bag slung over his shoulder. “It contains a single image that Fraa Orolo created, but never got to see. I summon the image now,” he said, manipulating its controls.


pages: 889 words: 433,897

The Best of 2600: A Hacker Odyssey by Emmanuel Goldstein

affirmative action, Apple II, benefit corporation, call centre, disinformation, don't be evil, Firefox, game design, Hacker Ethic, hiring and firing, information retrieval, information security, John Markoff, John Perry Barlow, late fees, license plate recognition, Mitch Kapor, MITM: man-in-the-middle, Oklahoma City bombing, optical character recognition, OSI model, packet switching, pirate software, place-making, profit motive, QWERTY keyboard, RFID, Robert Hanssen: Double agent, rolodex, Ronald Reagan, satellite internet, Silicon Valley, Skype, spectrum auction, statistical model, Steve Jobs, Steve Wozniak, Steven Levy, Telecommunications Act of 1996, telemarketer, undersea cable, UUNET, Y2K

Just about seven weeks ago, I was dressed in prison-issued khakis, a prisoner at the U.S. federal correctional institution in Lompoc, California. Last Thursday, March 2, I presented my written and verbal testimony to the United States Senate Governmental Affairs Committee that described how to increase information security within government agencies. Wow. On The Inside “Doing time” is a strange thing. When you’re on the inside, you can’t look out—you have to pretend as though the outside doesn’t even exist. Letters are a welcome break to the routine, but as soon as I read them, I’d have to focus and get back into my rhythm of pretending there were no cars outside my window, that there were no people living their lives.