[SecurityRatty] tag: japan

Japanese military loses data again

Mon, 30 Jun 2008 20:00:00 +0000

Japan's Self Defense Force lost sensitive data pertaining to a joint U.S.-Japan military exercise last year, the Ministry of Defense said Tuesday.

Skyhook Expands Wi-Fi Positioning to Cell, GPS

Mon, 30 Jun 2008 06:25:33 +0000

Skyhook Wireless will combine information from Wi-Fi wardriving, GPS radios, and cell tower signals for better location: The pitch at Skyhook Wireless is that despite its accuracy, satellite-based GPS remains relatively expensive, that it's slow to get a fix when it powers up, and that it's not accurate enough in the middle of cities. Their XPS 2.0 system leverages GPS with the advantages of Skyhook's Wi-Fi signal database and algorithms along with cell-tower triangulation.

Ted Morgan, the head of Skyhook, explained in an interview that while GPS is certainly the gold standard, and while it works well in stand-alone devices designed for continuous use and navigation, it's not the right choice by itself for mobile devices. It can take 5 or 10 minutes for a GPS-only device to get an accurate fix on the satellites it needs to give you accurate information. (Various shortcuts can provide less accurate information more quickly.)

"This notion of 'tell a user or consumer to stand outside for 30 seconds before they can search for the nearest pharmacy' is pretty silly," Morgan said. He noted that with all the radios now found in newer mobile devices, using several of them produces a fast and much more accurate result. The iPhone 3G, for instance, sports quad-band 2G, tri-band 3G, Bluetooth, Wi-Fi, and GPS chips.

Morgan said that A-GPS (assisted GPS) already combines cell tower information with GPS. A cell phone can be told approximately where it is, and thus instead of cycling through 24 satellites, start with the two that are most directly overhead. This can reduce the time to gain a location to as little as 20 seconds, Morgan said, although any kind of movement usually lengthens the time to 30 to 60 seconds.

Skyhook's system takes advantage of this aspect of A-GPS. They let a GPS system grab onto two satellites quickly to correct data from their Wi-Fi Position System (WPS). Morgan said that this reduces the WPS error by 35 to 40 percent through "weak fixes."

Within cities' concrete canyons, "you can only get a true GPS fix about 70 percent of the time outdoor, but you get two satellites all the time," Morgan said. "In the entire footprint, we're able to use this hybrid technology, even though GPS is only available 70 percent of the time." Outside of metro areas, cell towers can still be used to improve GPS startup times.

Skyhook has continued to expand its European coverage for WPS; they cover about 8,000 cities in the US and Canada, which is roughly 70 percent of the population; "it looks exactly like a cellular coverage map," Morgan said, and includes "any town with five streets in it."

In Europe, their current big push, partly because of their inclusion in the iPhone, they cover 70 percent of population in the current countries--the UK, France, and Germany--but they're now at 50 percent of the population of the rest of Western Europe. They're working assiduously in Japan, Korea, Hong Kong, and Australia as well, and looking into China and India. India has very little Wi-Fi, so they may rely more on cell towers there.

The company also announced a partnership with wireless chip maker CSR today, which is a major providers of Wi-Fi and Bluetooth chips to computer and handset makers. Nearly a year and a half ago, Skyhook partnered with SiRF, the dominant worldwide chip supplier for stand-alone GPS gear, that's also making a push into mobile devices. Skyhook obviously needs a win with a cell chip maker, like Infineon, Broadcom, or Qualcomm, given the XPS technology, to score a place in tens of millions of cell phones beyond the iPhone.

Skyhook's technology most recently appeared in a soon-to-ship model of the Eye-Fi--the Explore. The $130 Secure Digital card with Wi-Fi built in allows you to take pictures with any camera, and have the Wi-Fi signal space recorded for later lookup when you upload photos. The pictures are geotagged with that information. The card can optionally be used with Wayport's 10,000 strong Wi-Fi network in the U.S for $15 extra per month. David Pogue of The New York Times recently wrote up the Eye-Fi Explore.

Mission Statement for Federation

Thu, 26 Jun 2008 06:35:35 +0000

Bruce Sterling (11/20/2001):

You know what I want? I don't want a National ID Card. I want a Global Coalition Visa.

Like it or not, we've got a huge global diaspora now. It is a fact of life. Nations with stupid and corrupt politics have seen their clever people brain- drained away, to places where the cops don't shake you down twice a day. And jet-setters go everywhere. And properly so. If you're in a true global society, then you spend a lot of your time among aliens. Quite often you are the alien. You might notice that even Al Qaeda is a genuinely multinational group. They gravitated to wicked, lawless places like Sudan, Chechnya and Afghanistan, where the locals shoot you if you ask for a badge.

But what about all us bright, shiny, world-trading jet setters, huh? There are thirty percent fewer Yankees in Europe this Christmas, and that is bad. Let me pose the problem this way. If I am going into a Japanese restaurant in Japan, I would rather like to be able to haul out some gizmo and flash it at my fellow civilians, and have these kindly people understand with a high degree of likelihood that I am not a mass murderer. On the contrary, I am quite civilized, and I should be brought a beer immediately.

A platinum VISA card and a five-hundred-dollar suit will almost do that, but those are too easy to forge and steal, plus they are not very democratic. The UN should get together on this. We should have a high level summit about digital hardware support for the crippled tourist economy. Fear and ill treatment shut down tourism faster than anything short of open warfare. That is bad for all of us. Killing off tourism harms our civilization and impoverishes our cultures. People in civilized states shouldn't routinely treat one another as criminal suspects. I don't want to get done-over for three hours every time I get off a plane in London. When I go to London, I go with empty suitcases. I don't plan to stay, but I am better news for the London economy than a lot of the people who live there.

They should know all that that before I get off the plane. My arrival is excellent news for Britain, so I should be treated that way. If this is a new kind of war, I don't want to be the evil guy hunkered down in the bunker; I want to fly with the boys from Air Assault. I want one of those handy crypto-style Friend-or-Foe IDs.

These people who normally meet me whenever I am an alien, they don't need to know my nationality, my home address or my shoe size. They just need to know that, despite being alien, I'm sort-of okay.

I want a democratic, citizen-to-citizen device that will bridge those social barriers and language barriers. I think we could invent devices and means of verification that would strengthen the global social fabric that terrorism wants to rip. It wouldn't be easy or simple, but it's not beyond our ingenuity. Our social capital sustains all civilized societies, and it is all about trust. So let's invent new methods of trust.

I added bold to the last sentence because I think this is the mission statement for building out federation systems.

Japan and France agree to closer ties on cybercrime

Wed, 11 Jun 2008 20:00:00 +0000

Japanese and French government ministers agreed on Thursday to work more closely on cybercrime.

Thinking out the box

Thu, 22 May 2008 01:50:00 +0000

I am going to predict the future of the WWW and how Information Security will have to adapt in the next few years.

This will take some time to secure and will take some time to get accepted but this is (IMHO) coming so brace yourselves. Life is going to get very interesting, especially for the Information Security guys out there.

This is actually not a new concept - Novell and Sun were working on these ideas about 15 years ago but the world and the Internet were not yet ready. They are now or, at least, they soon will be.

WEB 1.0
This is the Internet as we know it. HTML with some scripting for the pretty factor. Some media added in. Not much interaction. Security is easy here. Make sure that no wiggly things make it from the web onto your network. Make sure that users don't visit sites that waste time and shock people.

Web 2.0
This is the big catchword but I don't think we are where we should be. Web 2.0 is a taste of things to come but we are still chained to web 1.0 thinking. Information is swopped but format and location of information are still king. XML is just starting to come into its own and information is starting to become self-aware. The same information can be represented in totally different ways on different pages but the tools are new and websites are built around specific purposes. Sites with open APIs like Facebook are starting to take hold. Security is starting to become difficult - we have to make sure that internal data doesn't become external data.

Web 3.0
This is the new buzzword but I think it is merely more extreme web 2.0. Early examples of this are Yahoo Pipes, facebook's API etc. Sites with open tools to manage information. Information flows and is not bound to a certain site, location or format. Information Centric Security becomes key here. I think that the tools have not been developed or have not been properly developed.

Web 4.0
Cloud computing. This has been around for a while but it will soon come into its own. Combine GMail, Google Reader and technology like AJAX (of course), Google Gears and Mozilla Prism. I'm sure that Microsoft and Yahoo etc all have their own versions of the above and there will probably be some small niche players too.

Keep all the above free (with advertising) and you get a very useful and smart Office Suite that allows for collaboration and features such as backup and works wherever you are. This is exciting stuff but the assumption is that your data will be safe.

This is a bad assumption. This is Information Security's next headache. The problem with this is that like wireless and portable devices and USBs and the Internet etc etc.. cloud computing will happen. Businesses will need to do it and they will do it. We need to make it secure. Applications such as Microsoft Office etc are already terminally ill, it is just a matter of time...

The next race between Microsoft and Google and Apple will be in this space. I believe that the winner will be the one who can ensure the security of the information stored on their network.

Of course, cloud computing is a walk in the park compared to what will be next:

Web 5.0
This is where it all gets mad. Think Web 4.0 mixed with P2P such as Skype and Bit-torrent. Add in a bit of virtualisation. Your data is hosted on 100 different people's personal machines. In exchange you host 1000 people's data on your machine. A piece of your company's still-to-published annual results are split up between a mac in Japan, an iphone in brazil, 3 pcs in the US and a linux server in the UK. It is xored with Bill Gates's personal phone list and another 6 people have spare copies. If the UK box falls off the Internet then another box picks up where it left off. Processing is done by a further 3 machines, one in Namibia and 2 in China. Each time you access your data the communication takes a different route bouncing off 10 machines between you and all the places that your data is. At any one time you have no idea where your information is. Information Security becomes part of the network - all files have to be encrypted and there are numerous copies of it.

Why Is ISO2700x Hot in UK, but Not in US?

Fri, 16 May 2008 07:36:00 +0000

First, something hilarious: I was teaching this brief course on logs overseas and touched upon a subject of ISO17799. So, having recently read how many companies in the US were ISO17799 certified, I asked my audience whether they could guess what the number was. One guy volunteered an answer, after some hesitation: "Less then 50%?"

That's "percent", folks :-)

I said to him: "You are right!" and laughed - "It is indeed less then 50!" 50 as in "count" (I read somewhere at the time that 49 companies were certified US-wide)

So, ISO17799 is hot in some countries: UK, Japan, Russia (where it is a basis for a set national standards), many others. But not in the US.

I have long been puzzled about this. What's the story?

The most likely explanation is that every security manager worth his salt read ISO17799 documents and then used the ideas and material in his own policies, procedures, etc. On the other hand, he sees no motivation whatsoever to invest in certification - since nobody is making him do it (no equivalent of a PCI auditor is standing nearby with a big axe...)

Another explanation that due to longer history of security management in the US (compared to other countries), home-grown approaches took root and no external standard will dislodge them?

Yet another hypothesis goes like this: in the US, it is more important to do a good job [managing security] than to be "standards-compliant." Is the opposite true in Europe and Asia? I dunno...

Or maybe ISO stuff is seen as "that Euro thing?" Exotic like a Hungarian chick, but just as relevant :-)

Any ideas? UK scene, any ideas? Do you care for ISO17799 at all? As a useful document to read or a something to be certified in?

How America may be funding the Mafia in Japan.

Sun, 11 May 2008 21:15:00 +0000

Those of us who may have thought of Japan as a country of respectful, law-abiding peaceful citizens, would do well to think again.

In a Washington Post article titled: "The Mob is Big in Japan", the writer, Jake Adelstein paints a far different picture. Mr. Adelstein has spent the past 15 years covering the Mafia (Yakuza) as a crime reporter for Japan's largest newspaper, the Yomiuri Shimbun. He has been so relentless in his reporting, that his life and that of his family are now in danger.

Apparently, Mobs are legal entities there and they have "fan magazines" and comic books. The Japanese National Police Agency (NPA)estimates that the yakuza has nearly 80,000 members. Police say that in Tokyo alone, there are more than 800 yakuza "front companies" in industries such as: investment and auditing firms, construction companies and pastry shops. Disturbingly, it is reported that the mobsters have even opened their own bank in California.

In more recent times, the yakuza have moved into finance. Japan's Securities and Exchange Surveillance Commission know of more than 50 listed companies with ties to the underworld. U.S. investors have invested billions of dollars in the Japanese stock market. How much of that is going towards funding the Japanese Mob? To add further insult to injury, the yakuza makes much of their ill-gotten profits from child pornography. Want to hear something revolting? Owning child porn in Japan is LEGAL.

Investigation firms such as ours constantly advise clients to do their due diligence. How would you like to enter into a business agreement with a Japanese company and later find out that they were a front company for drug runners and child porn peddlers? Remember, you can't always rely on a government to tell you who the bad guys are and they don't always wear black hats.

Know what you are getting into and if it is a deal worth pursuing, hire somebody to conduct a thorough investigation or send over a member of your staff to check them out fully and avoid having your reputation damaged down the road.

Hitachi acquires M-Tech Information Technology

Thu, 24 Apr 2008 11:24:10 +0000

The number of pure-play vendors in user account provisioning decreased on April 7, 2008 when Hitachi announced that it acquired M-Tech Information Technology, and changed the name to Hitachi ID. Although Hitachi has been lacking an identity and access management (IAM) pedigree, this move can prove important due to the following reasons:
1) Using IAM for provisioning of physical resources and hardware resources.
2) Extending enterprise role definitions to previously uncharted verticals and cultures.
3) Evangelizing user account provisioning and IAM in Japan and other APAC regions.
4) Hitachi becoming a major player in Japanese SOX (JSOX) implementation.

Needless to say, the above will hinge on Hitachi's ability to retain and grow the existing customer base of M-Tech IT in North America and Europe, and also on Hitachi's ability to compete against EMC's selling of Courion and RSA products. How Hitachi will create an access and adaptive access management (Web and desktop) portfolio to complement its identity management and provisioning portfolio also remains to be seen.

Fidel Castro exports his criminals, but we give guns to ours.

Wed, 23 Apr 2008 11:03:00 +0000

I was shocked to hear the news on CBS yesterday that the Army and Marine Corps are allowing convicted Felons to join their ranks. Are recruiters that desperate or just plain lazy?

The newscaster said that the Army and Marine Corps are going to open their doors to Felons who have been convicted of Robbery, Burglary, sex offenses and making terroristc threats. What can they be thinking? Have the lunatics started running the assylum?

These are some of the worst offenses on the books. I could somewhat understand if they said: "we are going to make allowances for those who have been convicted of multiple DUI/DWIs and as a result, have been declared felons". This new policy sounds like a plot taken straight out of Hollywood...."The Dirty Dozen" springs to mind.

One would think that the military upper echelon have enough on their plate everytime a story breaks about a young girl being raped in Iraq or Japan by U.S. military personnel. One can only imagine the future problems that will arise when they willingly open their doors to convicted child molesters, rapists, robbers, burglars and terrorist sympathisers/radicals.

The Navy and Airforce should be conrgratulated on failing to stoop so low. I hope they resit the temptation to put the same uniforms that have been worn so proudly in the past by decent human beings on those who should be wearing prison jump suits.

Maybe if the Government paid soldiers a decent salary, which is to say, much more than the $3,000 per month that they now get to put their lives in harm's way instead of giving it to Government contracting companies who charge the Government as much as $250,000 per year per contractor AND many times overcharge and over-bill the very same Government who are willing to pay a king's ransom in the first place.

Japan's 10 funniest tech-related ads

Wed, 09 Apr 2008 20:00:00 +0000

From breast-enhancing Intel processors to breast-enhanced Cannon laser copiers, we dissect Japan’s most bizarre tech-related ads.

Succeeding with Seagate® is an Easy Decision.	Advertisement
REGISTER FOR THE SEAGATE® PARTNER PROGRAM and Win a Barracuda® 1-TB drive!