Countries should be held responsible for cyber attacks

Attribution is one of the biggest problems on the internet when it comes to cyberwarfare. How do you hold a nation responsible for malicious attacks if you can’t determine whether or not the activity was state-sponsored?

Retired General Michael Hayden, former director of the US National Security Agency, said on Thursday that one solution being discussed in government is to simply forget about trying to determine if the source of an attack is state-sponsored or not and hold nations responsible for malicious activity coming from their cyberspace. His words were greeted with applause from the audience of computer security professionals.

“Since the price of entry is so low, and . . . it’s difficult to prove state sponsorship, one of the thoughts . . . is to just be uninterested in that distinction and to actually hold states responsible for that activity emanating from their cyber space,” said Hayden during his keynote address at the Black Hat security conference. “Whether you did [the attack yourself] or not, the consequences for that action [coming from your country] are the same.”

Asked later for examples of what the consequences to a nation might be, he suggested the idea of some kind of cyber exile or a response that would thwart the flow of the internet from the suspect country in a way that would slow their cyber commerce and ability to communicate.

Hayden, who is currently a principal at the Chertoff Group, a security consultant company founded by former Homeland Security Secretary Michael Chertoff, focused his talk on cyber warfare and acknowledged that the term is thrown “pretty much at anything unpleasant.”

He said the US military doesn’t consider intelligence attacks acts of war but the kind of “normal espionage thing that routinely happens between states.”

“Without going into great detail, we’re actually pretty good at this, and the Chinese aren’t the only ones doing this,” he said.

Outside of this, the US and international community haven’t made much progress in determining what would actually constitute an act of war in this domain, but he said there have been some initial discussions about the idea of having global agreements to restrict certain kinds of activity. He cited denial-of-service attacks as an example of one that could be restricted under some kind of Geneva Convention agreement on the rules of cyberwar.

“That is such an easily available weapon that we [might decide we] ought to stigmatise its use that adult nations don’t do it and they don’t allow it to happen from their sovereign space -- that’s one thought,” he said.

He also said ideas have been raised about forming the cyber equivalent of demilitarized zones for sensitive networks, such as the power grid and financial networks, that would be off-limits to attack from nation states. He acknowledged that this contradicts the view in kinetic warfare where attacks on power grids and other infrastructures are considered legitimate targets.

In a press conference following his talk, Hayden was asked about cyber espionage and whether the US considers collateral damage that could occur as a result of such activity by the US, such as an incident that reportedly occurred in the early 80s in Russia.

In 1982, the US reportedly sabotaged the Siberian pipeline through a logic bomb planted in software, causing an explosion. After the US learned from a Russian scientist that the Soviets were stealing data on US technology, the CIA hatched a plot to insert the logic bomb into software headed to Russia to operate pumps, valves and turbines on the Siberian natural gas pipeline. At a pre-programmed time, the malware caused excessive gas pressure to build on the valves, resulting in an explosion that was captured by orbiting satellites. Although there were no human casualties, there might have been under different circumstances if the explosion had occurred in a populated area.

Hayden acknowledged during his keynote that there are problems with anticipating consequences of cyberwarfare attacks.

“You can never do anything in this domain without something going pop in [the physical world],” he said. “At the end of the day, it really isn’t a video game and something’s going to happen in somebody’s physical space.”

He added that in considering the possibilities for collateral damage from a cyber attack, generally the military considers whether the good that is perceived to come out of an action greatly outweighs the possible unintended consequences. But with cyber attacks, the consequences can be much less predictable.

“When you do this, are lights still going to be on on the eastern seaboard?” he said. “When you do something in the cyber domain you’re asking a policy maker to accept a risk that’s probably a little less measurable than a parallel operation outside of cyber space. . . . The thinking on cyberstuff is so immature that if we’re not careful they’ll become the special weapon of the 21st century like nuclear weapons were [in the last century] that you really had to have the president in the room before you could use them.”

Hayden was asked about Wikileaks and the possible repercussions that will come from the secret-spilling site publishing 77,000 intelligence documents on the Afghanistan war.

“This is an interesting aspect of a cyberwar [that] would not exist in physical space. So how now do we deal with this? Can we sustain espionage? Will it be possible for America to spy if this cultural trend is not modified or muted . . . ?” he said. “We have less control of our secrets than some other states.”

Hayden said the intelligence community will likely push back against open intelligence sharing initiatives that evidently made this and other documents published by Wikileaks vulnerable to leaking. After the 9/11 terrorist attacks, the government made the sharing of intelligence easier to combat criticism that people responsible for defending the country didn’t have the information they needed. As a result, intelligence reports and documents were made available to a much wider group of people in the government and military.

Hayden said “it’s going to take very strong leadership” to ensure that there isn’t a knee-jerk reaction that simply closes access to intelligence going forward.”

ONLINE EDITOR:Olivia Solon









            From WIRED.COM

Froyo yo Hero

I waited ages for the Android 2.1 Eclair update to come to the HTC Hero. I was sick of Legend and Desire owners lording it over my ancient Android, and wired.co.uk News Editor and Nexus One owner Duncan was a proud 2.2 user before I even had a whiff of an upgrade.

When the update finally arrived I was… disappointed. I had access to fancy new functions like turn-by-turn navigation and new apps such as Gesture Search, but all in all the operating system was a bit of a dog. My Hero was significantly slower, and typing messages had become a chore on the newly laggy keypad.

After some hairy experiences in the past, I'd avoided the rooting route. No longer. I came across a site that would let me put Android 2.2 -- Froyo -- on my trusty Hero. It was time to gain superuser control.

The ROM in question is FroydVillain, from the VillainROM team. It's a stock Froyo build, so no HTC Sense. There's a clear installation process on theVillainROM wiki, but I've broken the process down below. It takes about an hour on an Orange or unbranded Hero, but is more complicated for other carriers -- if you're on T-Mobile or Three you'll need to follow the 'Goldcard' method on the wiki. A word of warning -- rooting can brick your phone, but this is rare.

1. Back up your phone and SD card, as both will be wiped. Downgrade your phone's software to the appropriate exploitable version, as shown on the wiki. You'll need HTC Sync. HTC wouldn’t let me download an earlier firmware version for my phone, so I grabbed it from here.

2. Enable installation of apps from outside the Android Market by going into Settings -- Applications and ticking Unknown Source. Now download and install the free Astro File Manager from the Android Market.

3. It's now time to install a custom Recovery Image, which lets you install custom ROMs. Download FlashRec.apk and AmonRA's Hero Recovery Image from the links on the wiki. Copy both files to your phone's SD card over USB. Unplug the phone from your computer, open Astro File Manager and run FlashRec.apk. Follow the instructions in the app to install the recovery image.

4. Download FroydVillain. Copy the file to your SD card. Unplug your phone and turn it off. Turn on your Hero by holding down both the power and home buttons -- this will trigger the recovery menu. Select Wipe, and wipe the first item in the list. You'll need to repeat for every item in the Wipe list to clear your phone completely.

5. Now select Flash zip from SDcard and select the FroydVillain ROM you downloaded. It will install -- be patient, and don’t touch your phone until it's done. Now reboot into your new Android 2.2 operating system -- the first boot takes a while and will have a blank screen for around 30 seconds, so don’t panic.

I found the new OS far faster than the official 2.1 ROM. The stock Android keyboard is more responsive than HTC's Sense version, but you can't hold down the keys for punctuation marks. Apart from that, it's pretty much perfect. I love my Hero once more. 

PHOTO CREDIT:Flickr CC: michperu

|

ONLINE EDITOR:Olivia Solon

From WIRED.CO.UK

Virgin Galatic manned space flight

SpaceShipTwo staged a dress rehearsal for its glide flight and flew with a crew for the first time.

Anticipation mounted as word spread that SpaceShipTwo, attached to its mother ship Eve, departed the Mojave Air and Space Port. Many were anxious to hear whether the first glide flight of the spacecraft also known as VSS Enterprise would happen, especially since we knew a chase plane (used to observe experimental aircraft) followed SpaceShipTwo into the sky

The flight test team at Scaled Composites has been busy preparing for the first glide flight. There have been four flights of WhiteKnightTwo in the past month where the crew has made practice approaches similar to what will be flown in the VSS Enterprise.

Virgin Galactic, the company behind the development of SpaceShipTwo and private space tourism, says yesterday’s flight marked the first time SpaceShipTwo flew with a crew on board.

Peter Siebold, test pilot and director of flight tests at Scaled, joined fellow test pilot Michael Alsbury aboard the VSS Enterprise as it remained mated with WhiteKnightTwo throughout the flight. It was the third captive flight for the craft and the 33rd flight for the mother ship. The craft spent six hours and 12 minutes aloft testing SpaceShipTwo’s systems. Virgin says all went well.

There has been no announcement on a date for the first solo flight of SpaceShipTwo.

From wired

Inside Apple’s antenna design lab

Advanced facilities.

Apple never releases a product without thoroughly testing it first. To do this, we built our multimillion-dollar antenna design and test labs. These labs feature 17 different antenna characterization chambers (or anechoic chambers) designed to accurately measure antenna and wireless performance.

Testing performance in the lab.

Our anechoic chambers are connected to sophisticated equipment that simulates cellular base stations, Wi-Fi networks, Bluetooth devices — even GPS satellites. These chambers measure performance in free space, in the presence of materials simulating human tissue (“phantom” heads and hands, for example), and in use by human subjects. Over a one- to two-year development cycle, Apple engineers spend thousands of hours performing antenna and wireless testing in the lab.

Testing performance in the field.

Apple engineers tested iPhone 4 in a variety of scenarios, environments, and conditions in order to gauge performance. They spent thousands of hours in cities in the U.S. and throughout the world testing iPhone 4 call quality, dropped-call performance, call origination and termination, and in-service time. They tested iPhone 4 while stationary, at high and low speeds, and in urban, dense urban, and highway environments. In low-coverage areas and good-coverage areas, during peak and off-peak hours — iPhone 4 was field-tested in nearly every possible coverage scenario across different vendor and carrier equipment all over the world.

After a press conference Friday addressing the iPhone 4’s antenna, Apple gave journalists a private tour of its radio-frequency test facility to provide a glimpse into the process of designing wireless products such as iPhones and iPads.

Led by Ruben Caballero, a senior engineer and antenna expert at Apple, the tour gave about 10 reporters and bloggers a peek at Apple’s custom-built wireless testing lab, which consists of several anechoic chambers to measure frequency of each device in various settings.

The tour was held after a press conference, in which Steve Jobs attempted to mitigate a media thunderstorm surrounding the iPhone 4’s purportedly flawed antenna by offering free cases to customers. During the conference, Jobs reinforced his original position that every phone has reception issues when held in certain ways, and he said a flawed software algorithm was making the iPhone 4’s attenuation look worse than it actually was.

Apple called the lab a “black” lab because it was a secret facility that even some employees were unaware of. The company made the lab’s existence public to show that Apple takes antenna design and wireless testing seriously.“This is the most advanced lab for doing RF studies that anyone in the world has,” said Phil Schiller, vice president of marketing at Apple. “The designs we do wouldn’t be possible without it.”

Each test chamber is lined with blue pyramid-shaped styrofoam designed to absorb radio-frequency radiation. A robotic arm holding gadgets such as iPads and iPhones spins 360 degrees while a piece of analytics software (ironically running on Windows XP) visualises the wireless activity of each device. Caballero said each gadget is run through a chamber for at least 24 hours.

In another test process Apple also has people sitting inside test chambers, holding a device for about 30 minutes while software analyses its wireless performance to evaluate its interactions with the human body. Synthetic heads, hands and even feet (think Nike +) are used for some of these tests as well.

Apple’s testing lab looks similar to Cetecom’s mobile radiation testing lab that Wired.com visited last year. Manufacturers who create wireless products must gain certification from an independent lab, which verifies that each device meets acceptable radiation standards set by the US Federal Communications Commission.

The difference with Apple is it built its own lab for the sake of having full, granular oversight on the design (and redesign) of its products. Prototypes go through several iterations and tests before they’re finalised into Apple products. (Of course, having its own lab also helps Apple better guard its secrets.)

Before the iPhone 4 became an official product, prototypes of the device were tested in chambers for about two years until Apple settled on a design, Caballero said.

“It’s not trivial to design antennas,” said Caballero, reminiscing on the days older antennas had a single frequency.

After “passive” testing of devices inside isolated chambers, eventually Apple engineers drive around a large van containing synthetic hands gripping gadgets, with a laptop in the back running wireless analytics software to determine how the devices perform in real-world settings. Sometimes humans sit in the car seats holding the devices, too. During the tour, Apple showed a van containing a table full of synthetic hands gripping iPhone 4 devices.

“To do the most challenging design in the world, this is what we have to do,” said Bob Mansfield, Apple’s senior vice president of Macintosh hardware. “This is hardcore stuff.”

Info and images from apples website check out their test videos for more info.

http://www.apple.com/antenna/

http://www.apple.com/antenna/testing-lab.html

Jobs denies iOS4 battery problems on iPhone 3GS

Steve Jobs has told a Norwegian journalist, Jarle Aasland, that there shouldn't be any deterioration of battery life on an iPhone 3GS when it's updated from OS3 to iOS4, Aasland has informed Wired.

In characteristic fashion, the Apple CEO allegedly replied with the word "Nope", when asked the question: "Any reason battery performance on a 3GS running iOS4 should be worse than it was running OS3?" Many iPhone users disagree, with 26-page thread on the official Apple messageboards titled "iOS4 Burning Through Battery Life?" taking the company to task on the issue. So far, few solutions have been offered, except to make sure that not too many applications are running in the background, particularly tabs in Safari, and turning off internet tethering.

The problem doesn't seem to be affecting all handsets. One user, Pigeon75, claims to have tested an iPhone 3GS with no applications on it and GPS, Wi-Fi and Bluetooth all turned off next to another that was loaded with his regular apps. He reported that the handset with nothing on but iOS4 served up significantly worse battery life, lasting less than a day in standby mode.

Is Steve in denial about the issue, in the same way that he claimed that the iPhone 4's reception problems simply didn't exist? Is there a dodgy application of some sort that's causing trouble? Or is just it that Apple hasn't explained to its users how applications running in the background can affect battery life?

If you're a 3GS owner, we'd love to hear your thoughts. How's your battery holding up since the iOS4 update? Have you noticed any significant difference? Tell us in the comments below.

From http://www.wired.co.uk My own News and Reviews Coming Soon!

Apple’s clean hands may have dirtied iPhone 4 signal

Apple says there is nothing to see here: The problem with the iPhone 4’s antenna isn’t a problem, but just more of the same poorly-displayed signal strength that, the company recently discovered, also beset every previous generation of iPhone. But a bigger mystery remains: Even if there is no antenna problem per se, how did the iPhone 4’s problem of falsely-positive signal strength pass Apple’s vaunted quality assurance process -- where the buck stops with none other than CEO Steve Jobs himself?

A scientist presented Wired with an intriguing theory that can be summed up as “cleanliness is next to FAIL.”A post-doctoral biochemistry fellow at a leading American university claims that dampness and naturally-occurring salts on the hands of the general populace help them form a better connection with the iPhone 4’s exposed antenna than the clean hands of testers in Apple’s sterile lab environment would have done.

The biochemist, who asked not to be identified, forwarded us a copy of an email apparently sent to several people at Apple, including Steve Jobs, claiming that simple electrochemistry explains the problem, which drops calls and curtails data bandwidth when users hold the phone near the bottom so that the hand bridges the two sides of the antenna that runs along the side of the device.

Apple blamed the problem on a software glitch, but it appears to be hardware-related. Tests have shown that the iPhone 4’s signal grows significantly weaker when held in certain ways.

“Apple’s explanation for iPhone 4 signal reception problem is inaccurate at best, and disingenuous at worst,” reads the email. “iPhone users are in some of the hottest and most humid parts of the country this summer, and have salty, damp hands -- especially at events such as baseball games, barbecues, or other outdoor activities. Having bare metal antennae purposely handled will absolutely short [circuit] the signal.

“This problem will be difficult to reproduce in Apple’s labs, because the engineers are required to wash their hands before touching devices, which also strips off the natural hand electrolytes that are ever-present in the field on a hot day.”

This would also explain why certain users experience the problem, while others -- who may have washed their hands more recently -- can’t seem to replicate it.

A rubber case sold by Apple for £25 solves the problem by interrupting contact between the hand and the antenna, though Apple customer support has apparently been told not to offer them for free to complaining users. So, how should Apple address the issue, if this biochemist is right?

The company need not redesign the antenna, he says, but should add “an electrically insulating organic hydrophobic layer atop the bare metal,” such as the thin layer of plastic that encases fizzy drinks cans.

If the problem can be solved by spraying a thin, dampness-blocking coating on the metal antenna, perhaps Apple could offer to apply it for free at its retail locations, which would sure beat a product recall. A group of iPhone 4 owners sued Apple and US mobile phone network AT&T over the iPhone 4’s signal issue, seeking class-action status for the lawsuit, which would apply any remedies to all US purchasers.

We’ve asked Apple whether it is examining this as a potential cause of the issue, and hope to have an update soon. In the meantime, here’s the email the biochemist apparently sent to Steve Jobs and two Apple staffers:

"Subject: HowToFix for minimal cost -- hydrophobic organic thin film layer

Hi,

In truth, Apple’s explanation for iPhone 4 signal reception problem is inaccurate at best and disingenuous at worst. iPhone users are in some of the hottest and most humid parts of the country this summer and have salty, damp hands especially at events such as baseball games, barbecues, or other outdoor activities. having bare metal antennae purposely handled will absolutely short the signal. This problem will be difficult to reproduce in Apple’s labs because the engineers are required to wash their hands before touching devices, which also strips off the natural hand electrolytes that are ever-present in the field on a hot day.

Anyway, the solution is not a redesign of the phone, but rather an electrically insulating organic hydrophobic layer atop the bare metal. a variety of plastics will work, such as polyethers, polystyrenes, or nylons. you could even use the plastic labels ever-present on aluminum soda cans, which likewise have an electrically insulating effect when holding said cans. these plastic coatings can be very very thin films which do not ruin the aesthetics of the device, and would require a minimal change of your production line. More importantly, this coating in no way affects the ability to recycle the aluminum -- the organic thin film layer will burn away cleanly during the aluminum remelt process. Phones that have already shipped could easily be coated with this new layer at any Apple retail store or with a simple kit you could send to your customers.

In summary, this is a problem of electrochemistry, and certainly NOT a problem of software design, nor one that can possibly be solved by a software update.

Apple needs to hire some chemists."

From http://www.wired.co.uk