Obama enhances computer security

Politico reports that Barack Obama will issue an executive order on Friday that outlines a whole slew of enhancements to cyber security within departments like the FBI, CIA, and the Pentagon.

Some of them are very basic, seemingly obvious measures, like preventing employees from downloading private data onto removable hard drives.


Other implementations include better tracking of what government employees are doing when they access sensitive information. The Department of Defense's chief information officer Teri Takai was quoted as saying, "It’s an additional tool to provide indicators that flag anomalous behavior, much as credit card companies monitor credit card use and a user’s profile."

There's also a set of back-end improvements on how information is encrypted and secured.
In addition, Obama will receive a report within 90 days on how the new measures are affecting data leaks.

This all comes as the result of a seven-month review of internal policies and procedures following the massive and unprecedented data fiasco from the website Wikileaks.

While the Wikileaks stories have lost a lot of their grandeur, the security holes they exposed were of the utmost importance and Obama hopes these new enhancements will prevent future leaks.

OS X and Windows, working together

Being able to switch to a different operating system without having to sacrifice functionality and performance is a welcome rarity in the IT world.

Over the years I have attempted to run other operating systems besides Windows on my primary workstation. I have run OS/2 in the past. I’ve tried running various flavors of Linux. I’ve also tried running OS X on my MacBook Air. Every time I tried, I found that there was always something lacking in the OS, or the applications, that resulted in my returning to Windows.

I suppose one question that comes up is, “If everything you need is under Windows, then why are you trying to switch away from it?” The truth is that while I like the capabilities of the applications, I actually prefer a Unix-like environment under the hood. Ubuntu can give me that, but there’s a great deal of functionality missing that I get from Windows applications. The same situation exists under OS X.

This past month, however, fellow ZDNet columnist James Kendrick wrote an article covering the release of the latest version of Parallels Desktop for OS X. This latest version was written to support the new release of OS X, Lion, and has improved speed. Native Windows applications running in seamless mode are nearly as fast as native OS X applications.

There’s no need for me to rehash reviews of Parallels Desktop 7. If you’re familiar with the product, or with VMware Fusion 4, then you know what I’m referring to. Even VirtualBox has a seamless mode, although performance-wise it isn’t as powerful as the other two. It is free, however.

I’m sure I will be told, “These programs existed before, why didn’t you use them?” To be honest, I hadn’t been impressed with the performance or seamless capabilities of the VM applications until now. I wanted the Windows applications to run in seamless mode as if they were native OS X applications. Having access to the Windows start menu from the OS X menu bar, along with Windows system tray icons, adds to the perfect convergence of the two operating systems.
Sometimes it’s the little, inconsequential features that really impress me. For instance, you can have Windows use the native OS X user directories for documents and downloads instead of creating its own within the virtual machine. Copy and paste just works between environments, without any tricks required to get it to work. I can access the Windows control panel and other functions as if they were a native part of OS X.

My main argument against switching from Windows was always, “Why should I have to give up my applications? Why do I have to settle for reduced functionality?” Well, now the answer is that I don’t have to settle. I have all of my apps, and they work. I have replaced a few of the programs I use with their OS X counterparts because they are fully functional native applications. The ones I didn’t replace I simply installed under Windows in the Parallels VM, and added their icons to the OS X dock bar.

Convergence is a great thing when it works well. I’m not the kind of person to settle for passable, or reduced functionality. I felt the same way some years ago when I got my first smartphone that could be a phone, MP3 player and PDA, without making any sacrifices. Now I can do the same on my primary computer. I have Windows, OS X and Unix capability, all in one, without having to jump through hoops to do it.

Beyond the Password

One day five months ago, Karim Hijazi saw an unusual sight while reading his work email. A message that had been marked as "read" was suddenly marked "unread."

What the founder of Unveillance, a computer-network security firm, soon learned was that hackers had broken into his account.

The hackers gained access to his email by stealing log-in information from an insecure website, which they then matched up with a password they found on the Internet. After downloading all of his emails, the hackers sent Mr. Hijazi a message demanding he share sensitive security information with them. When he refused, the hackers released his emails on the Web.

Mr. Hijazi is one of the latest victims of computer hackers focused on getting into websites, corporate networks and email accounts by using legitimate passwords. Many break into poorly secured websites, steal databases filled with personal information and then comb through that data for log-in information for companies, government agencies and banks.

The growing frequency of these attacks has pushed companies to seek other forms of data protection than simple passwords.

Demand for additional barriers and detection programs is already large. Sales of these types of products topped $900 million world-wide last year, according to International Data Corp., and the Framingham, Mass.-based research firm expects the market to double by 2015.

Token Power

One of the fastest-growing technologies is also one of the most visible: code tokens. The technology, also known as two-factor authentication, provides users with an algorithmically generated number that is only briefly valid. Users typically enter the code into a computer after their username and password.

Historically, code tokens have been confined to little devices, like ones that hang off many corporate employees' key chains. With the proliferation of smartphones, however, International Data Corp. analyst Sally Hudson says the technology that generates these single-use codes can easily be translated into an app, making them easier to carry around and cheaper for companies to manage.

Google Inc. is one of the more recent companies to begin offering this technology to its users. The Internet behemoth offered the additional security free to its business-services customers last year. A few months later, Google opened it up to all account holders to use with apps such as mail and calendars. The program is already popular, Google says, and thousands of users sign up for it each day.

Not all companies want to force their customers and employees to use an additional code to log in, however. Many businesses are instead turning to technologies designed to detect bad guys after they've entered a legitimate log-in and password.

These programs, which are known as machine fingerprinting, can be configured to take a snapshot of a computer's settings when the customer first logs in. These types of data often include location, screen size and what type of browser is being used. The next time a user logs in, the system checks against the historical data to determine how likely it is that the person is a hacker or user.

If there's too much doubt, the system might ask for another piece of information, such as a personal detail pulled from public-records databases, before letting the user finish logging in.

The technology was initially popular with banks, but has since expanded to be used by all manner of businesses, including popular social-networking websites such as Facebook. Detection programs are also among the fastest-growing products at companies like EMC Corp.'s market-leading RSA security unit, where the technology is being used to protect roughly 250 million log-in identities.

Good Alternatives

These additional security layers aren't perfect, however. Hackers could find a way past them by answering the public-records questions, for example, or by seeing the one-time codes as they're generated. But analysts say the leading products on the market are better than relying solely on passwords.

"We're putting speed bumps in front of the road of the bad guys," says Paul Henry, an analyst for Scottsdale, Ariz.-based Lumension Security Inc.

Good Hackers Can Protect Caribbean Networks

“Make no mistake about it; the threat of computer attacks in the Caribbean is real. Caribbean networks are already under constant attack from hackers from across the world.”

This statement from Gregory Richardson, CEO of US-based computer security firm Leet Networks, came from a special regional forum for computer professionals organized by the Caribbean Network Operators Group, CaribNOG in Castries, St Lucia.

According to Richardson, organisations in the region and around the world are storing an increasing amount of information on computer networks.

"There is a dangerous flipside to this explosion in electronic data. As computer networks connect to the Internet, they are susceptible to attack by modern-day digital pirates, known as computer hackers."

Wooding, a Trinidad-born technology expert, led the CaribNOG team of ethical hackers from the US and the Caribbean that shared practical measures to help protect corporate networks and data from online hackers.
Wooding explained that the objective of the CaribNOG St Lucia meeting was to bring attention to the threats governments and business face from computer attacks and to provide a forum for the free exchange of ideas and experiences between those responsible for managing our networks.’

According to Wooding, “An ethical hacker is a basically a computer expert who attacks a security system on behalf of its owners, seeking vulnerabilities that a malicious hacker could exploit. They are the good guys.”
He explained that in order to test a security system, ethical hackers use some of the same techniques as their less principled counterparts, but report problems and help resolve vulnerabilities instead of taking advantage of them.

Wooding cautioned, "Hacking presents a very real and serious risk to consumers, businesses and governments in the Caribbean and around the world. Some people mistakenly believe that smaller companies are less likely to be a target of attacks. But as large companies strengthen their network security, hackers are increasingly focusing on small and medium-sized businesses. This makes the Caribbean a very attractive location for hackers.”

The CaribNOG team stressed that it is vitally important that organisations and individuals take the necessary steps to protect their identities and to secure private and corporate data. The key, Wooding said, was to think of computer security not as a technical concern but as a business continuity issue.

"At first glance, network security might seem too complex, and tackling it might seem like too much work, particularly for small businesses. Modern organisations should view security planning as essential as accounting, sales and advertising. This is not a stretch since, for many firms, computer networks have become a basic part of doing business today, " Wooding said.