Yesterday, I came across to an updated(April 14, 2006) CRS report - High Altitude Electromagnetic Pulse (HEMP) and High Power Microwave (HPM) Devices: Threat Assessments, a topic I covered in a previous post related to asymmetric warfare.
Basically, it outlines critical issues such as, what is the U.S(or pretty much any other country thinking asymmetric warfare) doing to ensure critical civil infrastructure is protected against EMP attacks, how does the vulnerability of EMP attacks encourage other nations to develop such capabilities, and yes, of course the "threat" of terrorist EMP warfare -- in your wildest dreams only. An excerpt :
"However, other analysts maintain that some testing done by the U.S. military may have been flawed, or incomplete, leading to faulty conclusions about the level of resistance of commercial equipment to the effects of EMP. These analysts point out that EMP technology has been explored by several other nations, and as circuitry becomes more miniaturized, modern electronics become increasingly vulnerable to disruption. They argue that it could possibly take years for the United States to recover fully from widespread damage to electronics resulting from a large-scale EMP attack."
Why wouldn't a "reported sponsor of terrorist" nations wage EMP warfare, or even try to over the U.S? Because they would have the U.S in their backyard in less than a day, but the opportunity to balance the powers, or achieve temporary military advantage given the attack remains undetected is a tempting factor for future developments -- the ongoing miniaturization and the fact that intense energy effects can be can be produced without an A-Bomb makes it even worse. Surgical HPM and EMP attacks without fear of retaliation is what possible adversaries could be aiming at, and of course portability :
"Other HPM weapons being tested by the military are portable and re-usable through battery-power, and are effective when fired miles away from a target. These weapons can also be focused like a laser beam and tuned to an appropriate frequency in order to penetrate electronics that are heavily shielded against a nuclear attack. The deepest bunkers with the thickest concrete walls reportedly are not safe from such a beam if they have even a single unprotected wire reaching the surface."
Yesterday I was looking for an article I wrote in 1998 on Nuclear Weapons and seem to have found it -- it makes me smile given my age, and the fact that I had to orally defend the topic, hope you will find it an interesting retro read :) I don't necessarily agree with all the things, it just the way I was perceiving the world back than. For instance, Russia didn't accelerate their scientific efforts, as the A-bomb secret eventually leaked out to them, and with the fall of the Soviet Union and ICBMs available in every corner of the country and its republics, it wasn't hard for other nations to piggyback too.
Did you know that Stalin was aware of the U.S's A-bomb, even before Harry Truman was? -- the consequence of too much secrecy sometimes!
Nuclear Weapons
There has always been war, and will always be though we live in more peaceful world nowadays. It's a long time that nuclear weapons are not the same threat to the world's peace as they were years ago. Despite all the reducement and limitation of nuclear weapons they haven't disappeared yet completely. Today all the nuclear arsenals are able to kill everybody on EARTH, a thousand times, though nobody wants to die even once. One of the greatest scientific and human's achievements - mastering the nuclear energy, is in position both to change the traditional sources of energy, and to move toward the social progress. However, this discovery was used not in people's behalf, but against it.
During Truman's leadership nuclear scientists were working on the project"MANHATTAN" as they were to finish mastering the nuclear energy, but they didn't know that their discovery would change completely the world to worse, demanding death to million people. Americans have always been competing with Russians in each sphere. When Americans discovered the A-BOMB Russians were far from it. Then Truman decided to drive Russia into a corner. But he didn't have the chance, due to Stalin who ostensibly didn't pay attention to the threat. To show his power Truman threw the A-BOMB on Hiroshima on 6 of August at 8 :00 am. It generated a huge amoung of energy when it exploded. Most people died within a few hours. By the end 0f 1945 the estimated number of peole who died as a direct result of the bomb was 140,000. But later it has been concluded that the number of people who died was approximately 200,000, even more. Russia decided that it could't last so long and accelerated the speed of doing their project for the A-BOMB several times. Only for 4 years they worked it out which the Americans succeeded for 20. As Russia's A-BOMB appeared the United State's plans for starting a war and attack Russia made them think.
All their plans went wrong. When the U.S controlled the weapons of mass destruction their strategists used to think about the harmful power of the weapons. Now, the U.S have completely changed their policy line. When a conflict arise anywhere in world they would help. When a disaster damages a country, when a war starts they always stand by the side of the weaker. They mastered outer space and they don't do it just for themselves but for the whole mankind. Now all the people in world develop good relationships. But we live in a troubled world. Our daily cares are increasingly dwarfed by the thought that they may vanish in a flash. People separated by continents and oceans are uneted in their wish to prevent the global nuclear catastrophe. Young people today do not wish war they want peace and love. It's not just a wish, it's a must!
This is eight years ago, and I'm still keeping the spirit I guess :)
Tuesday, May 16, 2006
EMP Attacks - Electronic Domination in Reverse
Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com
Monday, May 15, 2006
Valuing Security and Prioritizing Your Expenditures
I often blog on various market trends related to information security and try to provide an in-depth coverage of emerging or current trends -- in between active comments. In previous posts "FBI's 2005 Computer Crime Survey - what's to consider?", "Spotting valuable investments in the information security market", "Why we cannot measure the real cost of cybercrime?", "Personal Data Security Breaches - 2000/2005" and, "To report, or not to report?" I emphasized on the following key points in respect to data security breaches and security investments :
- on the majority of occasions companies are taking an outdated approach towards security, that is still living in the perimeter based security solutions world
- companies and data brokers/aggregators are often reluctant to report security breaches even
when they have the legal obligation to due to the fact that, either the breach still hasn't been detected, or the lack of awareness on what is a breach worth reporting
- the flawed approaches towards quantifyingthe costs related to Cybercrime are resulting in overhyped statements in direct contradiction with security spending
- companies still believe in the myth that spending more on security, means better security, but that's not always the case
- given the flood of marketing and the never ending "media echo" effect, decision makers often find themselves living with current trends, not with the emerging ones, which is what they should pay attention to
It is often mistaken that the more you spend on security, the higher level of security would be achieved, whereas that's not always the case -- it's about prioritizing and finding the most suitable metrics model for your investment.
Here's an article describing exactly the same impression :
"Security breaches from computer viruses, spyware, hacker attacks and equipment theft are costing British business billions of pounds a year, according to a survey released Tuesday. The estimated loss of $18 billion (10 billion pounds) is 50 percent higher than the level calculated two years ago, according to the survey that consultancy PricewaterhouseCoopers conducted for the U.K. Department of Trade and Industry. The rise comes despite the fact that companies are increasing their spending on information security controls to an average 4 percent or 5 percent of their IT budget, compared with 3 percent in 2004."
That's pretty much the situation everywhere, companies are striving to apply metrics to security investments and this is where it all gets blur. Spending more on security might seems to be logical answer, but start from the fact that open networks, thus exposed to a great deal of uncontrollable external factors, undermine the majority of models so far. Bargaining with security, or "Getting paid for getting hacked" remains a daily practice whatsoever. Let's consider various social aspects concerning the participants.
A financial executive often wants to know more on :
- Do I get any return on my investment (ROI) ?
- What % of the risk is mitigated and what are your benchmarking methods?
- What may I lose if I don't invest, and where's the sweet spot?
- How much is enough?
- How do I use basic financial concepts such as diversification in the security world?
- How would productivity be influenced due to the lack of solutions, or even their actual use?
A security consultant on the other hand might be interested in -- How do I convince senior management in the benefits of having a honeyfarm in respect to mitigating the overall risk of having real systems breached into, without using Cyberterrorism as the basis of discussion?
These different school's of though, positions, responsibilities and budget-allocation hungry individuals are constantly having trouble communicating with each other. And while you cannot, and perhaps even should not try to educate your security workforce in to the basics of finance, an understanding of both side's point of view may change things -- what you don't see value in, is often someone else's treasure.
Another recent article on the topic of justifying security expenditure, or mostly assigning value made me an impression :
"So we came up with Value Protection," Larson says. "You spend time and capital on security so that you don't allow the erosion of existing growth or prevent new growth from taking root. The number-one challenge for us is not the ability to deploy the next, greatest technology. That's there. What we need to do now is quantify the value to the business of deploying those technologies." "It adds value; we're very supportive of it," says Steve Schmitt, American Water's vice president of operations, of Larson's Value Protection metric. For a while, people were just trying to create reasonable security, Schmitt says, "but now you need something more—something that proves the value, and that's what Bruce developed. Plus, as a secondary benefit, it's getting us better visibility from business owners and partners on risks and better ways to mitigate the risks."
Good point on first estimating the usefulness of current technologies, before applying the "latest", or "newest" ones. The rest comes to the good old flaws in the ROSI model, how would you be sure that it would be the $75,000 virus outbreak that will hit your organization, and not the $5000 one? "Return On Security Investment (ROSI) – A Practical Quantitative Model" emphasized on the challenges to blindly assigning the wrong value to a variable :
"The virus scanner appears to be worth the investment, but only because we’re assuming that the cost of a disaster is $25,000, that the scanner will catch 75% of the viruses and that the cost of the scanner is truly $25,000. In reality, none of these numbers are likely to be very accurate. What if three of the four viruses cost $5,000 in damages but one costs $85,000? The average cost is still $25,000. Which one of those four viruses is going to get past the scanner? If it’s a $5,000 one, the ROSI increases to nearly 300% – but if it’s the expensive one, the ROSI becomes negative!"
Among the first things to keep in mind while developing a risk management plan, is to identify the assets, identify the potential attackers, and find ways to measure the threat exposure and current threatscape as well. In a publication I wrote three years ago, "Building and Implementing a Successful Information Security Policy", that as a matter of fact I still find a quality and in-depth reading on the topic, I outlined some ideas on achieving the full effect of the abovementioned practices -- it's also nice to came across it given in assignments and discussed in lectures too. An excerpt on Risk Analysis :
"
As in any other sensitive procedure, Risk Analysis and Risk Management play an essential role in the proper functionality of the process. Risk Analysis is the process of identifying the critical information assets of the company and their use and functionality -- an important (key) process that needs to be taken very seriously. Essentially, it is the very process of defining exactly WHAT you are trying to protect, from WHOM you are trying to protect it and most importantly, HOW you are going to protect it."
Identifying the threats and some current threats worth keeping in mind
- windows of opportunities/0day attacks
- lousy assets/vulnerability/patch management
- insecure end users' habits
- sneaky and sophisticated malicious software
- wireless/bluetooth information leakage
- removable media information leakage
How would you go for measuring the risk exposure and risk mitigated factor?
Risk exposure and risk mitigated are both interesting and hard to quantify, should we consider the whole population given we somehow manage to obtain fresh information on the current threats ( through the use of Early Warning System such as Symantec's DeepSight Analyzer, The Internet Storm Center, or iDefense's Intelligence services for instance). Today, it is often based on :
- the number of workstations and network assets divided by the historical occurrence of a particular security event on the network -- the use of mobile agents for the specifics of a company's infrastructure effects is hard sometimes
- on the historical TCO data related to typical breaches/security events
Risk mitigated is often tackled by the use of Best practices -- whether outdated or relevant is something else, Cyber Insurance and the current, sort of, scientifically justified ROSI model are everyday's practice, but knowing the inner workings of your organization and today's constantly changing threatscape and how it(if) affects you is a key practice while prioritizing expenditure. You cannot, and should not deal with all the insecurities facing your organization, instead consider prioritizing your security expenditure, not just following the daily headlines and vendor-released, short-term centered research.
It's hard to quantify intellectual property's value, the way it's hard to quantify TCO loses due to security breaches and it's perhaps the perfect moment to mention the initiative that I undertook in the beginning of this year - a 50/50 security/financial cross-functional team on coming up with a disruptive idea -- more on the current status soon, still, thanks for the time and efforts folks! To sum up, a nice quote by the authors of the research I mentioned : "Most of the problems stem from the fact that security doesn’t directly create anything tangible – rather it prevents loss. A loss that’s prevented is a loss that you probably won’t know about."
At the bottom line, are you making money out of having security, that is thinking business continuity, not contingency planning, and should we keep on trying to adapt financial concepts, and not rethinking them all?
Recommended reading/resources on the topic of justifying security expenditure :
Return on Information Security Investment
Risk - A Financial Overview
Calculated Risk - Guide to determining security ROI
The Return on Investment for Network Security
Analysis of Return on Investment for Information Security
Methodologies for Evaluating Information Security Investments
Risk Assessment for Security Economcis - very informative slides
Economics and Security Resource page
Information Security in the Extended Enterprise: Some Initial Results From a Field Study of an Industrial Firm
PKI and Financial Return on Investment
Privacy Breach Impact Calculator
Guide to Selecting Information Technology Security Products
- on the majority of occasions companies are taking an outdated approach towards security, that is still living in the perimeter based security solutions world
- companies and data brokers/aggregators are often reluctant to report security breaches even
when they have the legal obligation to due to the fact that, either the breach still hasn't been detected, or the lack of awareness on what is a breach worth reporting
- the flawed approaches towards quantifyingthe costs related to Cybercrime are resulting in overhyped statements in direct contradiction with security spending
- companies still believe in the myth that spending more on security, means better security, but that's not always the case
- given the flood of marketing and the never ending "media echo" effect, decision makers often find themselves living with current trends, not with the emerging ones, which is what they should pay attention to
It is often mistaken that the more you spend on security, the higher level of security would be achieved, whereas that's not always the case -- it's about prioritizing and finding the most suitable metrics model for your investment.
Here's an article describing exactly the same impression :
"Security breaches from computer viruses, spyware, hacker attacks and equipment theft are costing British business billions of pounds a year, according to a survey released Tuesday. The estimated loss of $18 billion (10 billion pounds) is 50 percent higher than the level calculated two years ago, according to the survey that consultancy PricewaterhouseCoopers conducted for the U.K. Department of Trade and Industry. The rise comes despite the fact that companies are increasing their spending on information security controls to an average 4 percent or 5 percent of their IT budget, compared with 3 percent in 2004."
That's pretty much the situation everywhere, companies are striving to apply metrics to security investments and this is where it all gets blur. Spending more on security might seems to be logical answer, but start from the fact that open networks, thus exposed to a great deal of uncontrollable external factors, undermine the majority of models so far. Bargaining with security, or "Getting paid for getting hacked" remains a daily practice whatsoever. Let's consider various social aspects concerning the participants.
A financial executive often wants to know more on :
- Do I get any return on my investment (ROI) ?
- What % of the risk is mitigated and what are your benchmarking methods?
- What may I lose if I don't invest, and where's the sweet spot?
- How much is enough?
- How do I use basic financial concepts such as diversification in the security world?
- How would productivity be influenced due to the lack of solutions, or even their actual use?
A security consultant on the other hand might be interested in -- How do I convince senior management in the benefits of having a honeyfarm in respect to mitigating the overall risk of having real systems breached into, without using Cyberterrorism as the basis of discussion?
These different school's of though, positions, responsibilities and budget-allocation hungry individuals are constantly having trouble communicating with each other. And while you cannot, and perhaps even should not try to educate your security workforce in to the basics of finance, an understanding of both side's point of view may change things -- what you don't see value in, is often someone else's treasure.
Another recent article on the topic of justifying security expenditure, or mostly assigning value made me an impression :
"So we came up with Value Protection," Larson says. "You spend time and capital on security so that you don't allow the erosion of existing growth or prevent new growth from taking root. The number-one challenge for us is not the ability to deploy the next, greatest technology. That's there. What we need to do now is quantify the value to the business of deploying those technologies." "It adds value; we're very supportive of it," says Steve Schmitt, American Water's vice president of operations, of Larson's Value Protection metric. For a while, people were just trying to create reasonable security, Schmitt says, "but now you need something more—something that proves the value, and that's what Bruce developed. Plus, as a secondary benefit, it's getting us better visibility from business owners and partners on risks and better ways to mitigate the risks."
Good point on first estimating the usefulness of current technologies, before applying the "latest", or "newest" ones. The rest comes to the good old flaws in the ROSI model, how would you be sure that it would be the $75,000 virus outbreak that will hit your organization, and not the $5000 one? "Return On Security Investment (ROSI) – A Practical Quantitative Model" emphasized on the challenges to blindly assigning the wrong value to a variable :
"The virus scanner appears to be worth the investment, but only because we’re assuming that the cost of a disaster is $25,000, that the scanner will catch 75% of the viruses and that the cost of the scanner is truly $25,000. In reality, none of these numbers are likely to be very accurate. What if three of the four viruses cost $5,000 in damages but one costs $85,000? The average cost is still $25,000. Which one of those four viruses is going to get past the scanner? If it’s a $5,000 one, the ROSI increases to nearly 300% – but if it’s the expensive one, the ROSI becomes negative!"
Among the first things to keep in mind while developing a risk management plan, is to identify the assets, identify the potential attackers, and find ways to measure the threat exposure and current threatscape as well. In a publication I wrote three years ago, "Building and Implementing a Successful Information Security Policy", that as a matter of fact I still find a quality and in-depth reading on the topic, I outlined some ideas on achieving the full effect of the abovementioned practices -- it's also nice to came across it given in assignments and discussed in lectures too. An excerpt on Risk Analysis :
"
As in any other sensitive procedure, Risk Analysis and Risk Management play an essential role in the proper functionality of the process. Risk Analysis is the process of identifying the critical information assets of the company and their use and functionality -- an important (key) process that needs to be taken very seriously. Essentially, it is the very process of defining exactly WHAT you are trying to protect, from WHOM you are trying to protect it and most importantly, HOW you are going to protect it."
Identifying the threats and some current threats worth keeping in mind
- windows of opportunities/0day attacks
- lousy assets/vulnerability/patch management
- insecure end users' habits
- sneaky and sophisticated malicious software
- wireless/bluetooth information leakage
- removable media information leakage
How would you go for measuring the risk exposure and risk mitigated factor?
Risk exposure and risk mitigated are both interesting and hard to quantify, should we consider the whole population given we somehow manage to obtain fresh information on the current threats ( through the use of Early Warning System such as Symantec's DeepSight Analyzer, The Internet Storm Center, or iDefense's Intelligence services for instance). Today, it is often based on :
- the number of workstations and network assets divided by the historical occurrence of a particular security event on the network -- the use of mobile agents for the specifics of a company's infrastructure effects is hard sometimes
- on the historical TCO data related to typical breaches/security events
Risk mitigated is often tackled by the use of Best practices -- whether outdated or relevant is something else, Cyber Insurance and the current, sort of, scientifically justified ROSI model are everyday's practice, but knowing the inner workings of your organization and today's constantly changing threatscape and how it(if) affects you is a key practice while prioritizing expenditure. You cannot, and should not deal with all the insecurities facing your organization, instead consider prioritizing your security expenditure, not just following the daily headlines and vendor-released, short-term centered research.
It's hard to quantify intellectual property's value, the way it's hard to quantify TCO loses due to security breaches and it's perhaps the perfect moment to mention the initiative that I undertook in the beginning of this year - a 50/50 security/financial cross-functional team on coming up with a disruptive idea -- more on the current status soon, still, thanks for the time and efforts folks! To sum up, a nice quote by the authors of the research I mentioned : "Most of the problems stem from the fact that security doesn’t directly create anything tangible – rather it prevents loss. A loss that’s prevented is a loss that you probably won’t know about."
At the bottom line, are you making money out of having security, that is thinking business continuity, not contingency planning, and should we keep on trying to adapt financial concepts, and not rethinking them all?
Recommended reading/resources on the topic of justifying security expenditure :
Return on Information Security Investment
Risk - A Financial Overview
Calculated Risk - Guide to determining security ROI
The Return on Investment for Network Security
Analysis of Return on Investment for Information Security
Methodologies for Evaluating Information Security Investments
Risk Assessment for Security Economcis - very informative slides
Economics and Security Resource page
Information Security in the Extended Enterprise: Some Initial Results From a Field Study of an Industrial Firm
PKI and Financial Return on Investment
Privacy Breach Impact Calculator
Guide to Selecting Information Technology Security Products
Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com
Friday, May 12, 2006
Terrorist Social Network Analysis
In previous posts "Visualization, Intelligence and the Starlight project" and "Visualization in the Security and New Media world" I covered various security and intelligence related projects and mostly emphasized on the future potential of visualizing data. Data mining is still everyday's reality -- social networking as well. Just came across this at DefenseTech :
"It'd be one thing if the NSA's massive sweep of our phone records was actually helping catch terrorists. But what if it's not working at all? A leading practitioner of the kind of analysis the NSA is supposedly performing in this surveillance program says that "it's a waste of time, a waste of resources. And it lets the real terrorists run free." Re-reading the USA Today piece, one paragraph jumped out: This kind of data collection from phone companies is not uncommon; it's been done before, though never on this large a scale, the official said. The data are used for 'social network analysis,' the official said, meaning to study how terrorist networks contact each other and how they are tied together. So I called Valdis Krebs, who's considered by many to be the leading authority on social network analysis -- the art and science of finding the important connections in a seemingly-impenetrable mass of data. His analysis of the social network surrounding the 9/11 hijackers is a classic in the field."
It gets even more interesting with a comparison of a Fortune 500 company's network and Al Qaeda's one. Social networks are among the driving forces of Web 2.0, and I find the concept of communication and planning online a very realistic one. And if you really want to know more about social networks in the business world, corporate anthropologist Karen Stephenson - The Organization woman is really up to it, very good article. And of course, Valdis Kreb's blog on smart economic networks.
"It'd be one thing if the NSA's massive sweep of our phone records was actually helping catch terrorists. But what if it's not working at all? A leading practitioner of the kind of analysis the NSA is supposedly performing in this surveillance program says that "it's a waste of time, a waste of resources. And it lets the real terrorists run free." Re-reading the USA Today piece, one paragraph jumped out: This kind of data collection from phone companies is not uncommon; it's been done before, though never on this large a scale, the official said. The data are used for 'social network analysis,' the official said, meaning to study how terrorist networks contact each other and how they are tied together. So I called Valdis Krebs, who's considered by many to be the leading authority on social network analysis -- the art and science of finding the important connections in a seemingly-impenetrable mass of data. His analysis of the social network surrounding the 9/11 hijackers is a classic in the field."
It gets even more interesting with a comparison of a Fortune 500 company's network and Al Qaeda's one. Social networks are among the driving forces of Web 2.0, and I find the concept of communication and planning online a very realistic one. And if you really want to know more about social networks in the business world, corporate anthropologist Karen Stephenson - The Organization woman is really up to it, very good article. And of course, Valdis Kreb's blog on smart economic networks.
Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com
Thursday, May 11, 2006
Travel Without Moving - Scratching the Floor
You don't really need a reconnaissance satellite to spot this, it's precisely the type of "sight" you can see for yourself on daily basis -- but he's still moving isn't he? :)
Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com
Pocket Anonymity
While the threats posed by improper use of removable media will continue to make headlines, here's a company that's offering the complete all-in-one pocket anonymity solution -- at least that's how they position it. From the article :
"Last month, a company called Stealth Ideas Inc. of Woodland Hills, Calif., came out with its StealthSurfer II ID Protect. The miniature flash drive lets you surf anonymously from any computer using an integrated browser that runs in an encrypted mode. It comes loaded with several tools, including Anonymizer Anonymous Surfing 1.540 (which has IP masking), RoboForm Pass2Go 6.5.9 (a user ID/password management application) and Thunderbird 1.0.7 (for e-mail access). But before you buy, check to see if the company has upgraded its browser, which, according to company officials at the product’s launch, is Firefox 1.5.0.1. US-CERT and others have warned about significant vulnerabilities in certain versions of Firefox (and Thunderbird, for that matter). The version available as of press time, Version 1.5.0.2, addresses those flaws."
Is the Anonymizer behind the idea, or is it a middleman trying to add value to the Anonymizer's existing offer, and harness the brand powers of Firefox and Hushmail all in one? Wise, but the entire idea of anonymity is based on the Anonymizer's service, when anonymity still can be freely achieved to a certain extend. Very portable idea, the thing is there are already free alternatives when it comes to pocket anonymity and that's TorPark: Anonymous browsing on a USB drive, and I think I can live without the enhancements.
"Last month, a company called Stealth Ideas Inc. of Woodland Hills, Calif., came out with its StealthSurfer II ID Protect. The miniature flash drive lets you surf anonymously from any computer using an integrated browser that runs in an encrypted mode. It comes loaded with several tools, including Anonymizer Anonymous Surfing 1.540 (which has IP masking), RoboForm Pass2Go 6.5.9 (a user ID/password management application) and Thunderbird 1.0.7 (for e-mail access). But before you buy, check to see if the company has upgraded its browser, which, according to company officials at the product’s launch, is Firefox 1.5.0.1. US-CERT and others have warned about significant vulnerabilities in certain versions of Firefox (and Thunderbird, for that matter). The version available as of press time, Version 1.5.0.2, addresses those flaws."
Is the Anonymizer behind the idea, or is it a middleman trying to add value to the Anonymizer's existing offer, and harness the brand powers of Firefox and Hushmail all in one? Wise, but the entire idea of anonymity is based on the Anonymizer's service, when anonymity still can be freely achieved to a certain extend. Very portable idea, the thing is there are already free alternatives when it comes to pocket anonymity and that's TorPark: Anonymous browsing on a USB drive, and I think I can live without the enhancements.
Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com
Is Bin Laden Lacking a Point?
If I were to name the masters of PSYOPS, that would be terrorists, who without a super power's financial capabilities still manage to achieve the "media echo" effect they seem to be so good at. As you will eventually read in case you haven't though about it before, to me Al Jazeera always seems to be the launching platform given its strategic position in the region, and the rest of the world's media are the disseminators -- anything fresh and terrorism related increases raitings.
Yesterday, I came across to a translated version of Bin Laden's most recent "State of Jihad" speech April 23, 2006, and I feel blaming the "infidels" for whatever goes around the world, or taking anything against Islam personally, is a very weak point. From the article :
"One more time Al Jazeera pomotes an Usama Bin Laden speech. After airing portions of the Bin Laden audiotape al Jazeera posted large fragments of the “speech” on its web site. This was the longest version possible we were able to have access to. After careful reading, my assessment of the “piece” got reinforced: This is not just another audiotape or videotape of a renegade in some cave.
Regardless of who is the speaker and his whereabouts, the 30 minutes long read statement is a declaration, probably as important as the February 1998 declaration of war against America, the Crusaders and their allies. Imagine yourself as an Arab viewer: The speech was repeated endlessly throughout the day. Bin Laden didn't have his 20 minutes of shine, but 24 hours at least. The Bin Laden audiotape wasn't played one or two times but until every word was sinking deep in the minds of the attentive viewers. However the most powerful part of the speech wasn't restricted to its content: Al Jazeera lined up the best of its "experts on Islamist groups" to react instantly to the audiotape and throughout the day, and add "more details and substance."
At the bottom line, religion still remains the opium of the masses and an excuse for not taking care of your own destiny but expecting "someone else" to.
Yesterday, I came across to a translated version of Bin Laden's most recent "State of Jihad" speech April 23, 2006, and I feel blaming the "infidels" for whatever goes around the world, or taking anything against Islam personally, is a very weak point. From the article :
"One more time Al Jazeera pomotes an Usama Bin Laden speech. After airing portions of the Bin Laden audiotape al Jazeera posted large fragments of the “speech” on its web site. This was the longest version possible we were able to have access to. After careful reading, my assessment of the “piece” got reinforced: This is not just another audiotape or videotape of a renegade in some cave.
Regardless of who is the speaker and his whereabouts, the 30 minutes long read statement is a declaration, probably as important as the February 1998 declaration of war against America, the Crusaders and their allies. Imagine yourself as an Arab viewer: The speech was repeated endlessly throughout the day. Bin Laden didn't have his 20 minutes of shine, but 24 hours at least. The Bin Laden audiotape wasn't played one or two times but until every word was sinking deep in the minds of the attentive viewers. However the most powerful part of the speech wasn't restricted to its content: Al Jazeera lined up the best of its "experts on Islamist groups" to react instantly to the audiotape and throughout the day, and add "more details and substance."
At the bottom line, religion still remains the opium of the masses and an excuse for not taking care of your own destiny but expecting "someone else" to.
Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com
Subscribe to:
Comments (Atom)