Windows 10 can share your Wi-Fi password with your Facebook friends
By Mike Wehner
Jul 3, 2015, 12:28pm CT
If you’ve been using the internet for any considerable amount of time you already know that your password is really never absolutely secure. From hacking incidents to other security breaches, it’s impossible to know that your secret code is indeed always secret, and now Microsoft’s soon to be released Windows 10 is making one of your passwords even less secure by gifting it to your Facebook friends.
Microsoft’s Wi-Fi Sense feature—already in operation on Windows Phones and coming to Windows 10 upon its debut later this year—is aimed at making it easier to share your connection with your friends. To that end, it allows users to effortlessly use each other’s Wi-Fi connections by allowing them to use your password.
The password itself is encrypted and shared automatically once you opt-in, and the list of people who can use it includes your Outlook mail contacts, Skype contacts, and even your Facebook friends.
The idea here is that if you’re at a friends house and you both have Wi-Fi Sense, you can join their network without having to ask for their password. Ideally, such a system will save you from using your wireless data plan as much as possible, thereby saving you a few bucks.
However, there are likely plenty of people on your Facebook or email contact lists that you wouldn’t want browsing from your own internet connection, and that’s where the potential for trouble comes in. Not surprisingly, Microsoft’s own FAQ about Wi-Fi Sense is filled with warnings about connecting to unfamiliar hotspots, as well as sharing your connection with those you don’t trust.
The documentation also notes that you cannot pick and choose individual contacts with which to share your connection. Instead, you’ll only be able to toggle huge groups on or off, like everyone from your Skype list or your entire Facebook friends roster. So, if you don’t trust absolutely everyone you know on Facebook, Skype, or Outlook, it’s probably a good idea to leave this would-be handy little feature unused.
Perhaps the Thai army (see story below) felt insulted being left out of the spy game…?
Army interrupts Israeli demonstration of wiretapping devices to Special Branch Bureau
May 8, 2015 12:24 pm
BANGKOK: A group of soldiers today raided the meeting room of the Special Branch Bureau and detained nine Israeli technicians and staff while they were demonstrating electronic wire tapping devices to special branch police.
But after the interruption of the planned demonstration by soldiers from the Second Calvary Division of the First Army Region, Royal Thai Police commissioner Pol Gen Somyot Phumphanmuang came out to defend the demonstration saying it was merely a misunderstanding caused by misinformation.
The commissioner said the Royal Thai Police and the Special Branch Bureau have been allocated budget from the government to procure wiretapping devices for use.
He said an Israeli supplier has approached the Royal Thai Police and scheduled today to demonstrate its devices.
However he said as the Army has learned of the Israeli approach, it then asked the firm to explain whether these electronic devices have been granted import permission legitimately or not.
He said the soldiers then invited the Israeli technicians and staff to their office for clarification and to display import documents.
He said the Israeli firm has insisted all its devices have been imported for demonstration legally.
Pol Gen Somyot said an Army colonel had phoned him saying he suspected some devices might be illegally smuggled into the country and sought his permission to interrupt the demonstration.
The commissioner recalled he immediately rang the First Army Region commander and the commander of the Second Calvary Division and also explained to the Israeli technicians of the Army’s request and the firm agreed to cooperate.
Pol Gen Somyot added it happened because of misunderstanding and he would ask the firm to return again for demonstration.
Amid continuing Sino-US spats on cyber-espionage and related matters, China is beefing up its cyber and national security in a big way as it is reportedly just months away from launching the longest quantum communications network on earth stretching some 2,000 kilometer between its capital Beijing and financial center Shanghai to transfer data close to the speed of light with no hacking risks – initially to transmit sensitive diplomatic and classified information for the government and military with personal and financial data also on the cards for the near future.
And that’s ahead of the previously announced plan for 2016 to become the first country to launch a quantum communications satellite into the orbit.
Looks like Snowden was spot on again. In a post just a month ago, I wrote what he said about how the US (would and) is paying the price for focusing too much on the cyber offensive at the expense of cyber defense.
Meanwhile, following the recent cyber-attack on Sony Pictures, President Barack Obama’s homeland security and counter-terrorism adviser Lisa Monaco announced earlier this week a new intelligence unit – the Cyber Threat Intelligence Integration Center – to take the lead in tracking cyber-threats by pooling and disseminating data on cyber-breaches to other US agencies.
“Currently, no single government entity is responsible for producing coordinated cyber threat assessments,” according to Monaco.
China nears launch of hack-proof ‘quantum communications’ link
Published: Feb 9, 2015 11:13 p.m. ET
Technology to be employed for military and other official uses
BEIJING (Caixin Online) — This may be a quantum-leap year for an initiative that accelerates data transfers close to the speed of light with no hacking threats through so-called “quantum communications” technology.
Within months, China plans to open the world’s longest quantum-communications network, a 2,000-kilometer (1,240-mile) electronic highway linking government offices in the cities of Beijing and Shanghai.
Meanwhile, the country’s aerospace scientists are preparing a communications satellite for a 2016 launch that would be a first step toward building a quantum communications network in the sky. It’s hoped this and other satellites can be used to overcome technical hurdles, such as distance restrictions, facing land-based systems.
Physicists around the world have spent years working on quantum-communications technology. But if all goes as planned, China would be the first country to put a quantum-communications satellite in orbit, said Wang Jianyu, deputy director of the China Academy of Science’s (CAS) Shanghai branch.
At a recent conference on quantum science in Shanghai, Wang said scientists from CAS and other institutions have completed major research and development tasks for launching the satellite equipped with quantum-communications gear.
The satellite program’s likelihood for success was confirmed by China’s leading quantum-communications scientist, Pan Jianwei, a CAS academic who is also a professor of quantum physics at the University of Science and Technology of China (USTC) in Hefei, in the eastern province of Anhui. Pan said researchers reported significant progress on systems development after conducting experiments at a test center in Qinghai province, in the northwest
The satellite would be used to transmit encoded data through a method called quantum key distribution (QKD), which relies on cryptographic keys transmitted via light-pulse signals. QKD is said to be nearly impossible to hack, since any attempted eavesdropping would change the quantum states and thus could be quickly detected by data-flow monitors.
A satellite-based quantum-communications system could be used to build a secure information bridge between the nation’s capital and Urumqi, a city that’s the capital of the restive Xinjiang Uyghur Autonomous Region in the west, Pan said.
It’s likely the technology initially will be used to transmit sensitive diplomatic, government-policy and military information. Future applications could include secure transmissions of personal and financial data.
Plans call for China to put additional satellites into orbit after next year’s ground-breaking launch, Pan said, without divulging how many satellites might be deployed or when. He did say that China hopes to complete a QKD system linking Asia and Europe by 2020, and have a worldwide quantum-communications network in place by 2030.
In 2009, China became the first country in the world to put quantum-communications technology to work outside of a laboratory.
In October of that year, a team of scientists led by Pan built a secure network for exchanging information among government officials during a military parade in Beijing celebrating the 60th anniversary of the People’s Republic. The demonstration underscored the research project’s key military application.
“China is completely capable of making full use of quantum communications in a regional war,” Pan said. “The direction of development in the future calls for using relay satellites to realize quantum communications and control that covers the entire army.”
The country is also working to configure the new technology for civilian use.
A pilot quantum-communications network that took 18 months to build was completed in February 2012 in Hefei. The network, which cost the city’s government 60 million yuan ($9.6 million), was designed by Pan’s team to link 40 telephones and 16 video cameras installed at city government agencies, military units, financial institutions and health-care offices.
A similar, civilian-focused network built by Pan’s team in Jinan, the provincial capital of the eastern province of Shandong, started operating in March 2014. It connects some 90 users, most of whom tap the network for general business and information.
In late 2012, Pan’s team installed a quantum-communications network that was used to securely connect the Beijing venue hosting a week-long meeting of the 18th National Congress of the Communist Party, with hotel rooms where delegates stayed, as well as the Zhongnanhai compound in Beijing where the nation’s top leaders live and work.
Next on the development agenda is opening the network linking Beijing and Shanghai. Pan is leading that project as well.
If all goes as planned, Pan said, existing networks in Hefei and Jinan would eventually be tied to the Beijing-Shanghai channel to provide secure communications connecting government and financial agencies in each of the four regions. The new network could be operating as early as 2016.
No room for hype
A quantum code expert said that so far, quantum-communications technology development efforts in China have basically focused on protecting national security. “How important it will be for the public and in everyday life are questions that remain unanswered,” said the expert.
To date, Pan said, technical barriers and the high cost of systems development have kept private capital out of what’s now almost exclusively a government initiative. Moreover, it’s still too early to tell whether the technology has any potential commercial value.
Pan has warned the public not to listen to investment come-ons that hype the money-making potential of quantum-communications businesses. At this stage of the game, he said, the focus is still on technological development, not commercial applications.
Nevertheless, since 2009, USTC has been building a commercial enterprise called Anhui Quantum Communication Technology Co. to produce equipment based on technology developed by Pan and his team. The company is China’s largest quantum-communications equipment supplier. Last September, it said it had started mass-producing quantum-cryptography equipment.
Anhui Quantum general manager Zhao Yong said the company’s clients include financial institutions and government agencies seeking to supplement, not replace, conventional communications systems. Their shared goal, he said, is to improve data security.
Once the technology has matured, said Wang Xiangbin, a physicist at Beijing’s Tsinghua University, its range of applications should be targeted to specific industries and regions because of its high barrier in technology and cost. Quantum communications is not a technology suitable for mass use via the Internet, for example, Wang told a group of scientists at a 2012 seminar.
Some experts say it’s wrong to assume that quantum communications is a flawlessly secure means of transmitting information. Another Tsinghua physics professor, Long Guilu, said quantum communication is only theoretically safe, since malfunctioning equipment or operational errors can open doors to risk.
Experimental systems built in 2007 by Chinese and U.S. physicists reportedly achieved secure QKD transmissions between two points more than 100 kilometers apart. But the experiment also taught scientists that data can be intercepted by a third party during a transmission.
In addressing the naysayers, Pan admitted that quantum communications is not perfect. But he defended it as safer than conventional means of communication. In fact, he said, no means of protecting data is more secure than quantum communications.
To test the capacity and safety of the network linking Beijing and Shanghai, Pan said his team plans to ask other communications experts to carefully study the system and look for potential security holes. The network could then be modified in ways that close any detected gaps and reduce hacking risks.
“Assessments and testing will be conducted after the network is completed,” said Pan, who remains convinced that any network using quantum cryptographic technology is more secure than any other communications channel.
Pan has been working on quantum-communications technology since the late 1990s, when he was a researcher at the University of Vienna and working in a partnership with Austrian physicist Anton Zeilinger. That team is credited with developing the first protocol for quantum communications.
Pan worked with Zeilinger about a decade after U.S. physicist Charles Bennett and colleagues at IBM Research built the world’s first functioning quantum cryptographic system. Based on their research, the first network was installed in the U.S. city of Boston.
Like their counterparts in China, researchers in the United States, Japan and European countries continue work to advance the technology. A key effort is aimed at extending that potential reach of quantum-communications systems, which for years were used only to span short distances.
Some experts have even wondered whether the new technology has been misidentified, since its key feature is high-level cryptography, not electronic communications.
“What we can do now is merely encrypt data, which is far from real quantum communications,” said one expert who declined to be named. “Theoretically it can’t be hacked, but in practice it has many limitations.”
Guo Guangcan, director of USTC’s quantum-communications lab, said networks now operating and those being built in China “achieve encryption only,” whereas true communications networks “involve content.”
“It’s not accurate to call it quantum communications,” said Guo.
Whatever it’s called, China appears determined to push ahead with the research and development that paves the way for a new era of secure communications. And according to Pan, that era is still at least a decade away.
“It will take 10 to 20 years to really put (the technology) into practice,” said Pan.
With the widespread use of social media during the week-long protests in Hong Kong, including attempts to find phone apps capable of defying potential shutdown of the power grid, this story from The Associated Press below (Credits to The Associated Press) is a timely stern reminder:
The Associated Press
Published: October 2, 2014
HONG KONG — The Chinese government might be using smartphone apps to spy on pro-democracy protesters in Hong Kong, a U.S. security firm said.
The applications are disguised as tools created by activists, said the firm, Lacoon Mobile Security. It said that once downloaded, they give an outsider access to the phone’s address book, call logs and other information.
The identities of victims and details of the servers used “lead us to believe that the Chinese government are behind the attack,” said a Lacoon statement.
China is, along with the United States and Russia, regarded as a leader in cyber warfare research. Security experts say China is a leading source of hacking attacks aimed at foreign governments and companies to computers in China.
The Chinese government has denied engaging in cyberspying and says China is among the biggest victims of hacking attacks.
Lacoon said it found two similar “malicious, fake” apps that appeared to be related. One targets phones that run Apple Inc.’s iOS operating system; the other is meant for phones using Google Inc.’s Android system.
The “very advanced software,” known as an mRAT, or multidimensional requirements analysis tool, “is undoubtedly being backed by a nation state,” the company said. Lacoon said it was calling the software Xsser.
“The Xsser mRAT represents a fundamental shift by nation-state cybercriminals from compromising traditional PC systems to targeting mobile devices,” the company said.
Such “cross-platform attacks” that target both Apple and Android phones are rare, which adds to signs a government is involved, Lacoon said. It said the app might be the first spyware for iOS created by a Chinese government entity.
In May, U.S. prosecutors charged five Chinese military officers with cyberspying and stealing trade secrets from major American companies. A security firm, Mandiant, said last year it traced attacks on American and other companies to a military unit in Shanghai.
This year August 9 marked the day Richard Milhous Nixon resigned as the 37th US President back in 1974 and the Discovery channel aptly aired its documentary “All the President’s Men Revisited” that day to mark the 40th anniversary of the Watergate.
I watched the 1976 classic “All the President’s Men” countless times during my newsroom days as a commercial crimes investigative reporter – and eventually won the 2005 SOPA award for one of my exposé thanks to this inspiring and fascinating “violent” movie, as Robert Redford the narrator in the documentary put it.
And I can’t help wondering: does the movie have any relevance today?
Obviously President Barack Obama is not President Nixon. The former has not been impeached like the latter. But the recent CIA spying on the Senate is exactly the present day equivalent, with some cyber elements of course, of the Watergate break-in.
Professor Bruce Ackerman of Yale University is right when he wrote that Obama “is wrong to support the limited response of his CIA director, John Brennan, who is trying to defer serious action by simply creating an “accountability panel” to consider “potential disciplinary measures” or “systemic issues.””
CIA Director John Brennan apologized to the Senate Intelligence Committee earlier this month when he admitted his agency not only spied on computers used by its staffers but also read the emails of the Senate investigators involved in investigating the controversial post 9/11 CIA interrogation and detention program.
Senate committee members were certainly not impressed even though Obama continued to support Brennan as a “man of great integrity”.
With continued failure to live up to his promise of a more transparent government, Obama is increasingly tainting his leadership to put himself in the history books for all the wrong reasons – probably not as bad as Nixon but only time will tell.
The latest Snowden revelations include a leaked document that lists the cyber-spy tools and techniques used by the American NSA’s UK counterpart GCHQ, according to a BBC News report.
More disturbing point: the GCHQ apparently used its toolbox to find ways to “alter the outcome of online polls, find private Facebook photos, and send spoof emails that appeared to be from Blackberry users, among other things”.
It’s the one year anniversary of what is now known as the Snowden revelations, which appeared on June 5 and June 9 when The Guardian broke news of classified National Security Agency documents and Edward Snowden revealed himself in Hong Kong as the source of those leaks.
There is still much to decipher from the chronology of events in the aftermath and the sudden global awakening to the end of privacy. Among the impacts on the personal, business and political fronts, one interesting salient feature is the hypocritical rhetorical spats between the US and China in recent weeks, which could set the undertone for US-Sino relations for years to come.
Snowden said his biggest fear is that nothing would change following his bold decision a year ago.
There is an unspoken underlying tension in the workplace on privacy matters relating to office telephones, computers, emails, documents, CCTV cameras, etc. Employers like to think they reserve the right to probe what they consider their property while employees believe their turf is clear from invasion.
This tension is nowhere better exemplified than by reports last Thursday that operatives with US tech giant Microsoft Inc. hacked into a blogger’s Hotmail account in the course of an investigation to try to identify an employee accused of stealing Microsoft trade secrets.
And it is not uncommon in my business to encounter client complaints about potential espionage and other alleged misconduct by their employees, leading to their consideration to search the (company-owned) computers, emails, phone records, etc.
Find out more from my latest column here and there.
The latest hack on Bitcoin exchange Mt.Gox, leading to its sudden bankruptcy late February, and the spate of recent cyber-attacks have prompted warnings of a wave of serious cybercrimes ahead as hackers continue to breach the antiquated payment systems of companies like many top retailers.
Stock exchange regulators like the American SEC have rules for disclosures when company database were hacked but the general public is often at the mercy of private companies less inclined or compelled to raise red flags.
The private sector, policymakers and regulators have been slow to respond and address the increasing threats and sophistication of cybercriminals – only 11 percent of companies adopt industry-standard security measures, leaving our personal data highly vulnerable.
Time for a standardized data breach law?
Find out more from my latest column posted here and there.
The latest NSA revelations about their ability to penetrate into computers that are not even connected to the Internet may have caused deep concerns but there are at least 2 defensive measures one can undertake.
Creating Giants to Battle Snoops by NSA and the Likes
Size matters in the covert wars of cyber espionage – even more so when two Herculean cyber warriors merge on Wall Street. US cyber-security firm FireEye Inc. announced the acquisition of Mandiant Corp. late last week in a deal worth more than US$1 billion, generating not just an immediate surge in FireEye’s share price but a Mexican wave across the world.
This merger and creation of a next-generation cyber-security firm – FireEye is a provider of security software for detecting cyber-attacks and Mandiant a specialist firm best known for emergency responses to computer network breaches – comes at a time when old-style anti-virus software took a dive, with governments, companies and private citizens across the globe hunting desperately for more effective defensive measures to fend off sophisticated hackers and state-sponsored cyber-attacks.
But the interesting and ironic twist to this FireEye and Mandiant deal is that many of Mandiant’s employees came from the US intelligence world and the Defense Department.
NSA Snooping Compromises the Cloud Computing Industry
Facebook CEO Mark Zuckerberg complained last week that trust in social networks and Internet companies has dived ever since cyber snooping and spying activities by the US National Security Agency began to make global headlines earlier this year.
It is no surprise. In fact, as fugitive former NSA operative Edward Snowden pointed out, the encryption system adopted by the International Organization for Standardization and its 163 member countries were actually written by the NSA, convincing proof that online platforms being used by Internet companies and the commercial world, including banks, could in fact be easily compromised by the NSA.
In other words, the NSA designed their own secret back door into the global encryption system for their convenience. So until the encryption system has been overhauled and taken away from NSA’s control, no server and no cloud service provider is secure enough to be entrusted with any confidential data.
So why then are blindly trusting companies still moving ever more data into the cloud and onto servers, where online access to highly confidential information related to clients, customers, employees, deals, business plans and performances, etc., is available to the US snoops?
If you have ever got the feeling someone was watching you while you were using your computer, tablet or smartphone, it could be because someone is. You may well be sitting there while someone, somewhere out there, is commanding your electronic device to transmit pictures of you and what you are doing.
You might assume that if you haven’t given electronic orders to the camera, it’s shut off. But this might send a chill down your back. The friendly folks at the US’s National Security Agency – the omnipresent spy agency dominating the news, and not in a good way – recently released a little two-page primer on tips to “harden” your computer against attacks.
If even the NSA doesn’t trust those Webcams, why should you?
Plus, there are reportedly now special spy apps designed for smartphones. You don’t have to be interested in them. You don’t have to buy and install these apps. More importantly, you don’t even need to know about them. Their very existence simply makes everyone highly vulnerable.
Or was Dick Cheney looking for a cheap excuse to play politics?
Edward Snowden with his sudden departure from Hong Kong for Moscow and eventually elsewhere, possibly a country hostile to the US, would reignite the question if he’s a spy or double agent.
But the allegations made last week by former US vice president Dick Cheney that the National Security Agency whistle-blower Edward Snowden could be a spy for China is off track, and he knows it, and are a deliberate public distraction as the Obama administration searches for scapegoats in the midst of defending the NSA surveillance programs with their one and only trump card.
Snowden left with his passport annulled, a warrant on his head plus criminal charges of espionage, theft and communicating classified intelligence to unauthorized persons.
But here is the dichotomy: While the corporate world is still coping with US regulations on better corporate governance practices, where does the notion of whistleblowing stand right now?
The world knows by now Edward Snowden, the former private contractor for the National Security Agency who leaked revelations of massive US clandestine electronic surveillance and eavesdropping programs, is still at large in Hong Kong.
You might wonder how Snowden managed to remain obscure, both in the physical and cyber spheres.
Hong Kong, a former British colony now a major global financial center and Special Administrative Region of China, is one of the most densely populated areas in the world with a population of over seven million spread over just 1,104 square kilometers.
But it is precisely for these reasons that Hong Kong may be the ideal place. One could be easily spotted or located or one could capitalize on the dense crowd and modern infrastructure to negotiate his way unnoticed in the physical, digital and cyber dimensions.
And Snowden sure knows how to do that.
So what would you do if you were Snowden or if you simply needed to hide and remain undetectable for a period of time?
Take your pick: Edward Snowden, Internet and phone service providers, or just everybody?
The furor over the past week about how US intelligence agencies like the National Security Agency and the Federal Bureau of Investigation have for years scooped up massive loads of private communications data raises one critical and distressing question.
Who, worldwide and in the US, are the general public supposed to trust now that it seems all forms of digital and cyber communications risk being read by the American authorities? The Americans, it seems, don’t believe it’s that big a deal. By 62-34, according to the latest poll by Pew Research and the Washington Post, they say it’s more important to investigate the threats than protect their privacy. But what about the rest of the world?
The immediate acknowledgement, rather than point blank denial, of the massive clandestine eavesdropping programs is no doubt alarming even for those long suspicious of such covert undertakings. But the more disturbing part is that the official response amounts to plain outright lies.
The two-day private talks between the US and Chinese Presidents Barack Obama and Xi Jinping this weekend in Rancho Mirage, CA are expected to include, among other thorny issues, the dwindling trust between the two countries following the recent spate of cyber intrusions the US have repeatedly alleges to have originated from China.
In the first diplomatic efforts to defuse chronic tensions, the two have also agreed to launch regular, high-level talks next month on how to set standards of behavior for cyber security and commercial espionage. But don’t expect anything concrete from these meetings. The state of cyberspace diplomacy is heading only south.
You could be out of pocket as well as out of office if you reveal too much
It may be so much the norm and standard practice one often never think twice but go along with it, totally oblivious to the risks and implications…
I am referring to those seemingly harmless out-of-office notifications: Consider how sensitive personal and company information as well as chain of command details were often automatically and unnecessarily revealed to the world.
US decision to ban Chinese computer parts could mean no computers
The American Congress signed a US appropriations bill into law late March that restricts government purchase of Chinese computer equipments and technologies on fear of cyber-espionage risks.
The move inevitably prompted strong retaliation from China but my immediate curious question is: Where on earth is the US planning to buy its hardware, when even the major US brands like Dell, Apple and Hewlett-Packard – and also many Japanese, Korean and Taiwanese brands – are made in China?
Big data mining is the future of cyber espionage. It is not illegal as long as the data is open source and in the public domain. And all that data on “open” social networking Web sites are most vulnerable.
Two recent commercially developed software packages could soon be giving your government and employer and possibly anyone else who is interested – ways to spy on you like never before, including monitoring your words, your movements and even your plans now and into the future.