Link

Link

Link

iPad Grants To Improve Learning

“Danny’s Wish” is a non-profit that has a goal to raise $50,000 to supply approximately 100 iPads to children with special needs that needs an iPad the most. To get more information and fill out an application go to Danny’s Wish.

A child’s insurance may also help pay for or pay for a iPad for your child if you can show they need it. Find out how to get your insurance to pay for your autistic child’s iPad here.

For a list of groups that help Autistic Children go to here.

Involve Me Print by jillgo4th
Browse Autism Posters

While the amount of educational and effective apps for preschoolers increase so will the amount of Preschools that start to intertwine their curriculum with the use of iPads.
Most grants preschool teachers receive that can help pay for grant funding typically fall under the special education and technology section of grant funders. However they can also be funded through some private sector grants.

IPads are quickly moving into school from Pre-K to High School. The iPad in the Classroom can Enhance Learning in many ways.
Schools and teachers are having some success in seeking grant funding for iPads through foundations and programs that support improved technology and creative classroom learning.

Sign up grantsalert.com to get free email grant alerts for education and classroom grants.

This provides proven methods for writing and getting grants awarded. This book is geared to guide teachers, librarians, administrators and PTO leaders step by step to applying and getting a grant for classroom projects.

Granted: A Teacher’s Guide to Writing & Winning Classroom Grants

by Chris Taylor
Provides proven methods for writing and getting grants awarded an excellent resource for teachers, school leaders, preschools, private and public schools and other educators.

$14.90 Buy Now
Most Common Types Of Grants That May Fund iPads:

Technology Grants
Classroom Grants
Grants For Autistic Children
Preschool Grants

DonorsChoose.org is a great way for teachers to find funding for equipment and programs that need to work with there students on a whole new level. This program is great for many reasons, but mostly because most projects are funded by multiple doners in almost any program. It can take teachers or anyone a lot of effort to contact each individually, this website allows teachers to reach doners in a faster method. It also gives you a way to set up a grant proposal for all to see so you do not have to explain the project a hundred times.
iPad Adventures at Lower School: iPad Grant Proposal – for the record
Sample of iPad Grant Proposal for a school.
Teacher iPad Grant Proposal for Classroom
Sample of a grant a teacher wrote to get iPads in her classroom.

The first thing I hear from individuals and groups when searching for a grant for iPads is why not go directly to apply for a Apple iPad Grant. Apple grants tend to refer more towards foundations that fund grants for apple computers not actually grants from Apple itself because Apple does not regularly give grants directly, they tend to give to large foundations so they can direct the money where it’s needed.
Learn more about Apple Grants For Computers here.

Costs for one ipad can be between $500 and to $900 without apps included depending on the capacity and connectivity needed.
Apple iPad 2 MC769LL/A Tablet (16GB, WiFi, Black) 2nd Generation

$399.99 Buy Now Below are real life examples of groups, individuals and schools that sought and won grant money to pay for iPads.
Read Qualifications Carefully Before Applying For A Grant. Before writing a grant proposal make sure you are not wasting your time by applying for grants that you will not qualify for.
Define need before looking for a specific grant to apply for. You may waste a lot of time looking from grants that advertise they pay for iPads. Your best bet is to look for grants that help with the specific need you are trying to fill. For example: If your trying to obtain iPads to improve reading skills of first graders, look for foundations with a passion for improving literacy.
Do not be shy about applying for technology grants. There are many grants to innovate new technology into the classroom. Just be prepared to define how you are going to use the devices in a new way.
Don’t forget to search local and ask businesses to donate. If your a nonprofit or community groups such as a pre-school, nursing home, community outreach program or other community group don’t be afraid to ask local business or organizations to help. Get inventive, while you may or may not get one company or group to pay for the whole project, you may get several that will pay it together.
Research statistics for your project. Don’t just tell donors that iPads will help solve the problem you project is trying to improve give them supporting evidence.
Don’t give up at your first few no’s. Getting a lot of nos can sometime be daunting but it is just part of the process. Most successful grant applicants have filled out application upon application until they are finally successful.

Link

Google wants developers to explore white space broadband

Google wants developers to explore white space broadband
cir.ca | Nov 16th 2013 1:41 PM
Google wants to use unused spectrum known as white space to bring Internet connectivity to rural areas.

Copyright 2013 Reuters
1
Google has created a way for developers to explore nearby unused radio spectrum, known as white space, that can be used to wirelessly deliver Internet access. Using an API, developers are able to consult Google databases to determine what, if any, white space is available in their area.

2
“Spectrum is an essential resource to fuel the Internet’s future—it can power improved broadband access and spark innovation in wireless technology. And, as with any important resource, effective management can help make sure we’re making the most of what’s available.” Alan Norman, Access Principal at Google

Google, which first made the API available for developers Nov. 14, said that several commercial providers, including a division of General Electric, had already used its database to find and test white space. One company, Adaptrum, used the database to deploy white space-based Wi-Fi on the campus of West Virginia University.

3
White space refers to swaths of radio spectrum that has been licensed by a local authority for broadcast use but that is currently unused. In the U.S., portions of white space arose as television broadcasters switched from analog to digital broadcasts.

4
The FCC gave Google permission to create and use its white space database in June 2013.

Link

Computer Fraud and Abuse Act

Computer Fraud and Abuse Act
by Charles Doyle, en.wikipedia.org
July 12th 2007
The Computer Fraud and Abuse Act is a law passed by the United States Congress in 1986, intended to reduce cracking of computer systems and to address federal computer-related offenses. The Act (codified as 18 U.S.C. § 1030) governs cases with a compelling federal interest, where computers of the federal government or certain financial institutions are involved, where the crime itself is interstate in nature, or where computers are used in interstate and foreign commerce.

It was amended in 1988, 1994, 1996, in 2001 by the USA PATRIOT Act, 2002, and in 2008 by the Identity Theft Enforcement and Restitution Act. Subsection (b) of the Act punishes anyone who not only commits or attempts to commit an offense under the Act, but also those who conspire to do so.

Protected computers

The CFAA defines a “protected computer” under 18 U.S.C. § 1030(e)(2) to mean a computer:

exclusively for the use of a financial institution or the United States Government, or, in the case of a computer not exclusively for such use, used by or for a financial institution or the United States Government and the conduct constituting the offense affects that use by or for the financial institution or the Government; or
which is used in or affecting interstate or foreign commerce or communication, including a computer located outside the United States that is used in a manner that affects interstate or foreign commerce or communication of the United States;
Criminal offenses under the Act

Knowingly accessing a computer without authorization in order to obtain national security data
Intentionally accessing a computer without authorization to obtain:
Information contained in a financial record of a financial institution, or contained in a file of a consumer reporting agency on a consumer;
Information from any department or agency of the United States; or
Information from any protected computer.
Intentionally accessing without authorization a government computer and affecting the use of the government’s operation of the computer.
Knowingly accessing a protected computer with the intent to defraud and there by obtaining anything of value.
Knowingly causing the transmission of a program, information, code, or command that causes damage or intentionally accessing a computer without authorization, and as a result of such conduct, causes damage that results in:
Loss to one or more persons during any one-year period aggregating at least $5,000 in value.
The modification or impairment, or potential modification or impairment, of the medical examination, diagnosis, treatment, or care of one or more individuals.
Physical injury to any person.
A threat to public health or safety.
Damage affecting a government computer system
Knowingly and with the intent to defraud, trafficking in a password or similar information through which a computer may be accessed without authorization.????
Specific sections

18 U.S.C. § 1030(a)(1): Computer Espionage
18 U.S.C. § 1030(a)(2): Computer tresspassing, and taking government, financial, or commerce info
18 U.S.C. § 1030(a)(3): Computer tresspassing in a government computer
18 U.S.C. § 1030(a)(4): Committing fraud with a protected computer
18 U.S.C. § 1030(a)(5): Damaging a protected computer (including viruses, worms)
18 U.S.C. § 1030(a)(6): Trafficking in passwords of a government or commerce computer
18 U.S.C. § 1030(a)(7): Threatening to damage a protected computer
18 U.S.C. § 1030(b): Conspiracy to violate (a)
18 U.S.C. § 1030(c): Penalties
18 U.S.C. § 1030(d) thru h: Miscellaney
Notable cases and decisions referring to the Act

United States v. Riggs, the famous case against people associated with Phrack magazine for taking the E911 document, as described in Bruce Sterling’s “Hacker Crackdown of 1990”. The government dropped the case after it was revealed that the document was for sale from AT&T for $13. The E911 document was related to the founding of the Electronic Frontier Foundation.[1]
United States v. Morris, 928 F.2d 504, decided March 7, 1991. After the release of the Morris worm, an early computer worm, its creator was convicted under the Act for causing damage and gaining unauthorized access to federal interest computers. This case in part led to the 1996 amendment of the act, which clarified the language that was argued during the case.[2]
Theofel v. Farey Jones, 2003 U.S. App. Lexis 17963, decided August 28, 2003 (U.S. Court of Appeals for the Ninth Circuit). Using a civil subpoena which is “patently unlawful”, “bad faith” and “at least gross negligence” to gain access to stored email is a breach of this act and the Stored Communications Act.[3]
International Airport Centers, L.L.C. v. Citrin, 2006, 18 U.S.C. § 1030(a)(5)(A)(i). Jacob Citrin deleted files off his company computer before he quit, in order to hide his alleged bad behavior while an employee. [4]
LVRC Holdings v. Brekka, 2009 1030(a)(2), 1030(a)(4). LVRC sued Brekka for allegedly taking information about clients and using it to start his own competing business. [5][6]
Robbins v. Lower Merion School District (U.S. Eastern District of Pennsylvania), where plaintiffs charged two suburban Philadelphia high schools secretly spied on students by surreptitiously and remotely activating webcams embedded in school-issued laptops the students were using at home, violating the Act. The schools admitted to secretly snapping over 66,000 webshots and screenshots, including webcam shots of students in their bedrooms.[7][8]
United States v. Lori Drew, 2008. The ‘cyberbullying’ case involving the suicide of a girl harassed on myspace. Charges were under 18 USC 1030(a)(2)(c) and (b)(2)(c). Judge Wu decided that using 18 U.S.C. § 1030(a)(2)(C) against someone violating a ‘terms of service’ agreement would make the law overly broad. 259 F.R.D. 449 [9][10]
People v. SCEA, 2010. Class action lawsuit against SCEA for removing OtherOS, the ability to install and run Linux (or other operating systems) on the PlayStation 3. Consumers were given the option to either keep OtherOS support or not. SCEA was allegedly in violation of this Act because if the consumers updated or not, they would still lose system functionality.[11]
Sony Computer Entertainment America v. George Hotz and Hotz v. SCEA, 2011. SCEA sued ‘Geohot’ and others for jailbreaking the PlayStation 3 system. The lawsuit alleged, among other things, that Hotz violated 18 U.S.C. § 1030(a)(2)(c) ([by] taking info from any protected computer). Hotz denied liability and contested the Court’s exercise of personal jurisdiction over him. [12] The parties settled out of court. The settlement caused Geohot to be unable to legally hack the Playstation 3 system furthermore.
United States v. Nosal, 2011. Nosal and others allegedly accessed a protected computer to take a database of contacts from his previous employer for use in his own business, violating 1030(a)(4)[13][14]
United States v. Drake, 2010. Drake was part of a whistle-blowing effort inside the NSA to expose waste, fraud, and abuse with the Trailblazer Project. He talked to a reporter about the project. He was originally charged with five Espionage Act counts for doing this. These charges were dropped just before his trial was to begin, and instead he pleaded guilty to one misdemeanor count of violating the CFAA, (a)(2), unauthorized access. One of his advisors, Jesselyn Radack of the Government Accountability Project, called his work an “act of civil disobedience”.[15]
United States v. Bradley Manning, 2010-. Bradley Manning was a soldier who allegedly disclosed tens of thousands of documents to those ‘not entitled to receive’ them. Among the 34 counts against him, there are several under (a)(1) and (a)(2) of the CFAA, some specifically linked to files like the Reykjavic 13 State Department cable and a video of the July 12, 2007 Baghdad airstrike. [16]
Grand Jury investigation in Cambridge, 2011. Unknown persons in Cambridge, Massachusetts, were ordered to attend Grand Jury hearings regarding charges under the CFAA, as well as the Espionage Act. Journalist Glenn Greenwald has written these were likely related to Wikileaks. [17]
United States v. Aaron Swartz, 2011. Aaron Swartz allegedly entered an MIT wiring closet and set up a laptop to mass-download articles from JSTOR, which he later used in an academic study. He allegedly avoided various attempts by JSTOR and MIT to stop this, such as MAC address spoofing. The CFAA statutes against him were (a)(2), (a)(4), (c)(2)(B)(iii), (a)(5)(B), and (c)(4)(A)(i)(I),(VI). [18]
United States v. Peter Alfred-Adekeye 2011. Adekeye allegedly violated (a)(2), when he allegedly downloaded CISCO iOS, allegedly something that the CISCO employee who gave him an access password did not permit. Adekeye was CEO of Multiven and had accused CISCO of anti-competitive practices.[19]
Pulte Homes v. Laborer’s International Union of North America et al. 2011. Pelte company fired a LIUNA employee, resulting in a labor dispute with LIUNA. LIUNA told its members to email and phone the company and tell it how they felt. This resulted in a CFAA charge because the company’s email system got overloaded. [20]
United States v Sergey Aleynikov, 2011. Aleynikov was a programmer at Goldman Sachs accused of copying code, like high-frequency trading code, allegedly in violation of 1030(a)(2)(c) and 1030(c)(2)(B)i-iii and 2. This charge was later dropped, and he was instead charged with theft of trade secrets and transporting stolen property.[21][22]
United States v Nada Nadim Prouty, circa 2010. [23] Prouty was an FBI and CIA agent who was prosecuted for having a fraudulent marriage to get US residency. She claims she was persecuted by a US attorney who was trying to gain media coverage by calling her a terrorist agent and get himself promoted to a federal judgeship. [24]
United States v. Neil Scott Kramer, 2011. Kramer was a court case where a cellphone was used to coerce a minor into engaging sex with an adult. Central to the case was whether a cellphone constituted a computer device. Ultimately, the United States Court of Appeals for the Eighth Circuit found that a cell phone can be considered a computer if “the phone perform[s] arithmetic, logical, and storage functions,” paving the way for harsher consequences for criminals engaging with minors over cellphones. [25]
See also

Defense Secrets Act of 1911 / Espionage Act of 1917 / McCarran Internal Security Act 1950
California Comprehensive Computer Data Access and Fraud Act
Electronic Communications Privacy Act
LVRC Holdings v. Brekka
In re DoubleClick
MBTA v. Anderson
Information technology audit
Computer security audit
Computer fraud case studies
The Hacker Crackdown (mentions the law, & the eponymous Chicago task force)
Protected Computer
Wikileaks
References

^ See article United States v. Riggs
^ , 928 F.2d 504, 505 (2d Cir. 1991).
^ “Ninth Circuit Court of Appeals: Stored Communications Act and Computer Fraud and Abuse Act Provide Cause of Action for Plaintiff | Stanford Center for Internet and Society”. Cyberlaw.stanford.edu. http://cyberlaw.stanford.edu/packets001500.shtml. Retrieved September 10, 2010.
^ US v Jacob Citrin, openjurist.org
^ US v Brekka 2009
^ Court: Disloyal Computing Is Not Illegal By David Kravets September 18, 2009, Wired.com
^ Doug Stanglin (February 18, 2010). “School district accused of spying on kids via laptop webcams”. USA Today. http://content.usatoday.com/communities/ondeadline/post/2010/02/school-district-accused-of-issuing-webcam-laptops-to-spy-on-students/1. Retrieved February 19, 2010.
^ “Initial LANrev System Findings”, LMSD Redacted Forensic Analysis, L-3 Services – prepared for Ballard Spahr (LMSD’s counsel), May 2010. Retrieved August 15, 2010.
^ US V Lori Drew, scribd
^ US v Lori Drew, psu.edu KYLE JOSEPH SASSMAN,
^ “. Retrieved February 21, 2011.
^ See the links to the original lawsuit documents which are indexed here: [1]
^ US v Nosal, uscourts.gov, 2011
^ Appeals Court: No Hacking Required to Be Prosecuted as a Hacker, By David Kravets, Wired, April 29, 2011
^ Too Classified to Try Myth in Failed Drake Prosecution, Jesselyn Radack, DailyKos, 6/11/11
^ See the linked articles about Bradley Manning, and his charge sheets here: Hague Justice Portal
^ FBI serves Grand Jury subpoena likely relating to WikiLeaks BY GLENN GREENWALD, Salon.com WEDNESDAY, APR 27, 2011 13:28 ET
^ See Internet Activist Charged in M.I.T. Data Theft, By NICK BILTON New York Times, July 19, 2011, 12:54 PM, as well as the Indictment
^ US v Adekeye Indictment. see also Federal Grand Jury indicts former Cisco Engineer By Howard Mintz, 08/05/2011, Mercury News
^ techdirt.com 2011 8 9, Mike Masnick, “Sending Too Many Emails to Someone Is Computer Hacking”
^ US v Sergey Aleynikov, Case 1:10-cr-00096-DLC Document 69 Filed 10/25/10
^ Ex-Goldman Programmer Described Code Downloads to FBI (Update1), David Glovin and David Scheer – July 10, 2009, Bloomberg
^ http://www.debbieschlussel.com/archives/hezbospyplea.pdf Plea Agreement], US District Court, Eastern District of Michigan, Southern Division. via debbieschlussel.com
^ Sibel Edmond’s Boiling Frogs podcast 61 Thursday, 13. October 2011. Interview with Prouty by Peter B. Collins and Sibel Edmonds
^ “United States of America v. Neil Scott Kramer”. http://www.ca8.uscourts.gov/opndir/11/02/101983P.pdf.

Link

Aaron’s Law, much-needed reforms to computer crimes law, introduced in Congress

Aaron’s Law, much-needed reforms to computer crimes law, introduced in Congress
by Cyrus Farivar, arstechnica.com
June 20th 2013 2:45 PM
Since late January 2013, a California congresswoman has pushed for legal reforms that would revise the Computer Fraud and Abuse Act (CFAA). She dubbed these proposed changes “Aaron’s Law” because the new law’s revisions (PDF) are in honor of the late Aaron Swartz. Swartz tragically committed suicide in January 2013 after facing substantial federal charges in the wake of downloading a huge trove of academic articles.

On Thursday, Zoe Lofgren (D-CA) and Ron Wyden (D-OR) formally introduced Aaron’s Law into the House of Representatives after requesting revisions from reddit in February 2013. For the revisions to take effect, the law must pass the House, Senate, and be signed by the president.

The new four-page revisions make two major changes to the existing CFAA. Lofgren outlined the first in her legislative summary (PDF):

the definition of “exceeds authorized access,” removes the phrase “exceeds authorized access” from the statute, and creates a definition for “access without authorization,” which already appears in the statute alongside “exceeds authorized access.” The proposed definition for “access without authorization” is to obtain information on a computer that the accesser lacks authorization to obtain by knowingly circumventing technological or physical measures designed to prevent unauthorized individuals from obtaining that information.

The proposed changes make clear that the CFAA does not outlaw mere violations of terms of service, website notices, contracts, or employment agreements. The proposed definition of “access without authorization” includes bypassing technological or physical measures via deception (as in the case with phishing or social engineering), and scenarios in which an authorized individual provides a means to circumvent to an unauthorized individual (i.e. sharing login credentials). Examples of technological or physical measures include password requirements, cryptography, or locked office doors. The proposed definition of “access without authorization” is based on recent appellate rulings in the Ninth and Fourth Circuits, which are also followed by some district courts.

The second major change would limit the possible prison terms for such an offense and change the language “conviction for another offense” with “subsequent offense.’ The new language is “to ensure that the penalty enhancement is directed at repeat offenders rather than individuals facing multiple charges.”

In an op-ed published Thursday in Wired, the two lawmakers wrote:

Aaron’s Law is not just about Aaron Swartz, but rather about refocusing the law away from common computer and Internet activity and toward damaging hacks. It establishes a clear line that’s needed for the law to distinguish the difference between common online activities and harmful attacks.

Link

The Ultimate Cheat Sheet To Reinvent Yourself

Here are the rules:

I’ve been at zero a few times, come back a few times, and done it over and over. I’ve started entire new careers. People who knew me then, don’t me now. And so on.

I’ve had to change careers several times. Sometimes because my interests changed. Sometimes because all bridges have been burnt beyond recognition, sometimes because I desperately needed money.

And sometimes just because I hated everyone in my old career or they hated me.

There’s other ways to reinvent yourself. Take what I say with a grain of salt. This is what worked for me.

I’ve seen it work for maybe a few hundred other people. Through interviews, through people writing me letters, through the course of the past 20 years. You can try it or not.

A) Reinvention never stops.

Every day you reinvent yourself. You’re always in motion. But you decide every day: forward or backward.

You start from scratch.

Every label you claim you have from before is just vanity. You were a doctor? You were ivy league? You had millions? You had a family? Nobody cares.

You lost everything. You’re a zero. Don’t try to say you’re anything else.

C) You need a mentor.

Else, you’ll sink to the bottom. Someone has to show you how to move and breathe. But don’t worry about finding a mentor (see below).

D) Three types of mentors

– Direct. Someone who is in front of you who will show you how they did it. What is “it”? Wait.

By the way, mentors aren’t like that old Chinese guy in “The Karate Kid”. Ultimately most mentors will hate you.

– Indirect. Books. Movies. You can outsource 90% of mentorship to books and other materials. 200-500 books equals one good mentor. People ask me, “what is a good book to read” and I never know the answer. There’s 200-500 good books to read.

I would throw in inspirational books. Whatever are your beliefs, underline them through reading every day.

– Everything is a mentor. If you are a zero, and have passion for reinvention, then everything you look at will be a metaphor for what you want to do. The tree you see, with roots you don’t, with underground water that feeds it, is a metaphor for computer programming if you connect the dots.

And everything you look at, you will connect the dots.

E) Don’t worry if you don’t have passion for anything. You have passion for your health. Start there. Take baby steps. You don’t need a passion to succeed. Do what you do with love and success is a natural symptom.

F) Time it takes to reinvent yourself: five years. Here’s a description of the five years:

Year One: you’re flailing and reading everything and just starting to DO.

Year Two: you know who you need to talk to and network with. You’re DOing every day. You finally know what the monopoly board looks like in your new endeavors.

Year Three: you’re good enough to start making money. It might not be a living yet.

Year Four: you’re making a good living

Year Five: you’re making wealth

Sometimes I get frustrated in years 1-4. I say, “why isn’t it happening yet?” and I punch the floor and hurt my hand and throw a coconut on the floor in a weird ritual. That’s ok. Just keep going. Or stop and pick a new field.

It doesn’t matter. Eventually you’re dead and then it’s hard to reinvent yourself.

G) If you do this faster or slower then you are doing something wrong. Google is a good example.

H) It’s not about the money. But money is a decent measuring stick.

When people say “it’s not about the money” they should make sure they have a different measuring stick.

“What about just doing what you love?” There will be many days where you don’t love what you are doing. If you are doing it just for love then it will take much much longer than five years.

Happiness is just a positive perception from our brain. Some days you will be unhappy. Our brain is a tool we use. It’s not who we are.

I) When can you say, “I do X!” where X is your new career?

Today.

J) When can I start doing X?

Today. If you want to paint, then today buy a canvas and paints, start buying 500 books one at a time, and start painting. If you want to write do these three things:

-Read

-Write

– Take your favorite author and type your favorite story of his word for word. Wonder to yourself why he wrote each word. He’s your mentor today.

If you want to start a business, start spec-ing out the idea for your business. Reinvention starts today. Every day.

K) How do I make money?

By year three you’ve put in 5000-7000 hours. That’s good enough to be in the top 200-300 in the world in anything. The top 200 in almost any field makes a living.

By year 3 you will know how to make money. By year 4 you will scale that up and make a living. Some people stop at year 4.

L) By year 5 you’re top 30-50 so can make wealth.

M) What is “it”? How do I know what I should do?

Whatever area you feel like reading 500 books about. Go to the bookstore and find it. If you get bored three months later go back to the bookstore.

It’s ok to get disillusioned. That’s what failure is about. Success is better than failure but the biggest lessons are found in failure.

Very important: There’s no rush. You will reinvent yourself many times in an interesting life. You will fail to reinvent many times. That’s fun also.

Many reinventions makes your life a book of stories instead of a textbook.

Some people want the story of their life to be a textbook. For better worse, mine is a book of stories.

That’s why reinvention happens every day.

N) The choices you make today will be in your biography tomorrow. Make interesting choices and you will have an interesting biography.

N1) The choices you make today will be in your biology tomorrow. (hat-tip: Claudia)

O) What if I like something obscure? Like biblical archaeology or 11th century warfare?

Repeat all of the steps above and then in year 5 you will make wealth. We have no idea how. Don’t look to find the end of the road when you are still at the very first step.

P) What if my family wants me to be an accountant?

How many years of your life did you promise your family? Ten years? Your whole life? Then wait until next life. The good thing is: you get to choose.

Choose freedom over family. Freedom over preconceptions. Freedom over government. Freedom over people-pleasing. Then you will be pleased.

Q) My mentor wants me to do it HIS way.

That’s fine. Learn HIS way. Then do it YOUR way. With respect.

Hopefully nobody has a gun to your head. Then you have to do it their way until the gun is put down.

R) My spouse is worried about who will support/take care of kids?

Then after you work 16 hours a day, 7 days a week being a janitor, use your spare time to reinvent.

Someone who is reinventing ALWAYS has spare time. Part of reinvention is collecting little bits and pieces of time and re-carving them the way you want them to be.

S) What if my friends think I’m crazy?

What friends?

T) What if I want to be an astronaut?

That’s not a reinvention. That’s a specific job. If you like “outer space” there are many careers. Richard Branson wanted to be an astronaut and started Virgin Galactic.

U) What if I like to go out drinking and partying?

Read this post again in a year.

V) What if I’m busy cheating on my husband or wife or betraying a partner?

Read this post again in two or three years when you are broke and jobless and nobody likes you.

W) What if I have no skills at all?

Read “B” again.

X) What if I have no degree or I have a useless degree? Read “B” again.

Y) What if I have to focus on paying down my debt and mortgage? Read “R” again.

Z) How come I always feel like I’m on the outside looking in?

Albert Einstein was on the outside looking in. Nobody in the establishment would even hire him.

Everyone feels like a fraud at some point. The highest form of creativity is born out of skepticism.

AA) I can’t read 500 books. What one book should I read for inspiration?

Give up.

BB) What if I’m too sick to reinvent?

Reinvention will boost every healthy chemical in your body: serotonin, dopamine, oxytocin. Keep moving forward and you might not get healthy but you will get healthier. Don’t use health as an excuse.

Finally, reinvent your health first. Sleep more hours. Eat better. Exercise. These are key steps in reinvention.

CC) What if my last partner screwed me and I’m still suing him?

Stop litigating and never think about him again. Half the problem was you, not him.

DD) What if I’m going to jail?

Perfect. Reread “B”. Read a lot of books in jail.

EE) What if I’m shy?

Make your weaknesses your strengths. Introverts listen better, focus better, and have ways of being more endearing.

FF) What if I can’t wait five years?

If you plan on being alive in five years then you might as well start today.

GG) How should I network?

Make concentric circles. You’re at the middle.

The next circle is friends and family.

The next circle is online communities.

The circle after that is meetups and coffees.

The circle after that is conferences and thought leaders.

The circle after that is mentors.

The circle after that is customers and wealth-creators.

Start making your way through the circles.

HH) What happens when I have ego about what I do?

In six — 12 months you’ll be back at “B”

II) What if I’m passionate about two things? What if I can’t decide?

Combine them and you’ll be the best in the world at the combination.

JJ) What if I’m so excited I want to teach what I’m learning?

Start teaching on YouTube. Start with an audience of one and see if it builds up.

KK) What if I want to make money while I sleep?

In Year 4, start outsourcing what you do.

LL) How do I meet mentors and thought leaders?

Once you have enough knowledge (after 100-200 books), write down ten ideas for 20 different potential mentors.

None of them will respond. Write down ten more ideas for 20 new mentors. Repeat every week.

Put together a newsletter for everyone who doesn’t respond. Keep repeating until someone responds. Blog about your learning efforts. Build community around you being an expert.

MM) What if I can’t come up with ideas?

Then keep practicing coming up with ideas. The idea muscle atrophies. You have to build it up.

It’s hard for me to touch my toes if I haven’t been doing it every day. I have to do it every day for awhile before I can easily touch my toes. Don’t expect to come up with good ideas on day one.

NN) What else should I read?

AFTER books, read websites, forums, magazines. But most of that is garbage.

OO) What if I do everything you say but it still doesn’t seem like it’s working?

It will work. Just wait. Keep reinventing every day.

Don’t try and find the end of the road. You can’t see it in the fog. But you can see the next step and you DO know that if you take that next step eventually you get to the end of the road.

PP) What if I get depressed?

Sit in silence for one hour a day. You need to get back to your core.

If you think this sounds stupid then don’t do it. Stay depressed.

QQ) What if I don’t have time to sit in silence?

Then sit in silence for two hours a day. This is not meditation. This is just sitting.

RR) What if I get scared?

Sleep 8-9 hours a day and never gossip. Sleep is the #1 key to successful health. It’s not the only key. It’s just #1. Some people write to me and say, “I only need four hours of sleep” or “in my country sleeping means laziness.” Well, those people will fail and die young.

What about gossip? The brain biologically wants to have 150 friends. Then when you are with one of your friends you can gossip about any of the other 150. If you don’t have 150 friends then the brain wants to read gossip magazines until it thinks it has 150 friends.

Don’t be as stupid as your brain.

SS) What if I keep feeling like nothing ever works out for me?

Spend ten minutes a day practicing gratitude. Don’t suppress the fear. Notice the anger.

But also allow yourself to be grateful for the things you do have. Anger is never inspirational but gratitude is. Gratitude is the bridge between your world and the parallel universe where all creative ideas live.

TT) What if I have to deal with personal bullshit all the time?

Find new people to be around.

Someone who is reinventing herself will constantly find people to try and bring her down. The brain is scared of reinvention because it might not be safe.

Biologically, the brain wants you to be safe and reinvention is a risk. So it will throw people in your path who will try to stop you.

Learn how to say “no”.

UU) What if I’m happy at my cubicle job?

Good luck

VV) Why should I trust you — you’ve failed so many times?

Don’t trust me.

WW) Will you be my mentor?

You’ve just read this post.

Link

To Avoid Further Leaks, NSA Bans Intelligence

To Avoid Further Leaks, NSA Bans Intelligence
by Juice Box, duffelblog.com
July 22nd 2013
FORT MEADE, MD – Amid growing public controversy and a slew of high-profile leaks, the National Security Agency announced Monday plans to bring an end to all of its intelligence functions and operations.

“You guys win,” a haggard NSA spokesperson told a room of reporters. “Thanks to you hyenas, I haven’t seen my kids since 2012. I’m tired and, frankly, I don’t give a shit anymore what we know or how we know it. Before any of you learns anything else about us from anybody, we’re going to make this easy. We quit intelligence. No more collection. No more analysis. Nothing. Starting today, I can assure you without caveat or hesitation that nothing intelligent is happening at the NSA.”

Indeed, sources confirm that all classified documents and computers have been removed from the agency’s Fort Meade headquarters and the clearances of more than 30,000 employees revoked.

“The equation is simple,” NSA Director Gen. Keith Alexander said to an audience at Washington’s Georgetown University. “Intelligence leads to leaks. Leaks lead to embarrassing exposés and public outrage, and public outrage leads to Congressional ass-rapings, which are the worst.”

“Better to get out while the getting’s good and while I’m still comfortable sitting down.”

“The only spying I’ll be doing is for two thimbles and four birds of red,” said Gen. Alexander.
Under an agency-wide rebranding initiative, Alexander explained that NSA employees will be expressly forbidden from engaging in defense-related work of any kind and encouraged, instead, to focus on other institutional core competencies, to include avoiding eye contact, mastering Dungeons & Dragons, and eating lunch alone.

“Let’s move on from this specter of an Orwellian security apparatus,” Alexander urged. “We’re not the enemy, we’re the nerds! And from now on, when people hear NSA, I want them to think only of the hopeless but affable social ineptitude that has characterized this organization since its inception.”

In laying out his vision for a post-intelligence NSA, Alexander was also careful to note that this cessation of intelligence activities was not just about avoiding leaks and Congress but about accountability to the American people.

“We want all Americans who were upset by these scandals to know that we hear them loud and clear,” he said. “Just not on their cell phones.”

While many will surely welcome the new direction, hawks in the Defense Department have warned of the increased possibility of terrorist attacks with NSA out of the picture. Addressing these concerns, Alexander remarked that the jocks over at the Defense Intelligence Agency or any of the nation’s fourteen other intelligence organizations probably had it covered.

Link

7 sneak attacks used by today’s most devious hackers

7 sneak attacks used by today’s most devious hackers
by Roger A. Grimes, m.computerworld.com
September 30th 2013 6:05 AM
Infoworld – Millions of pieces of malware and thousands of malicious hacker gangs roam today’s online world preying on easy dupes. Reusing the same tactics that have worked for years, if not decades, they do nothing new or interesting in exploiting our laziness, lapses in judgment, or plain idiocy.

But each year antimalware researchers come across a few techniques that raise eyebrows. Used by malware or hackers, these inspired techniques stretch the boundaries of malicious hacking. Think of them as innovations in deviance. Like anything innovative, many are a measure of simplicity.

[ Verse yourself in 14 dirty IT security consultant tricks, 9 popular IT security practices that just don’t work, and 10 crazy security tricks that do. | Learn how to secure your systems with the Web Browser Deep Dive PDF special report and Security Central newsletter, both from InfoWorld. ]

Take the 1990s Microsoft Excel macro virus that silently, randomly replaced zeros with capital O’s in spreadsheets, immediately transforming numbers into text labels with a value of zero — changes that went, for the most part, undetected until well after backup systems contained nothing but bad data.

Today’s most ingenious malware and hackers are just as stealthy and conniving. Here are some of the latest techniques of note that have piqued my interest as a security researcher and the lessons learned. Some stand on the shoulders of past malicious innovators, but all are very much in vogue today as ways to rip off even the savviest users.

Stealth attack No. 1: Fake wireless access pointsNo hack is easier to accomplish than a fake WAP (wireless access point). Anyone using a bit of software and a wireless network card can advertise their computer as an available WAP that is then connected to the real, legitimate WAP in a public location.

Think of all the times you — or your users — have gone to the local coffee shop, airport, or public gathering place and connected to the “free wireless” network. Hackers at Starbucks who call their fake WAP “Starbucks Wireless Network” or at the Atlanta airport call it “Atlanta Airport Free Wireless” have all sorts of people connecting to their computer in minutes. The hackers can then sniff unprotected data from the data streams sent between the unwitting victims and their intended remote hosts. You’d be surprised how much data, even passwords, are still sent in clear text.

The more nefarious hackers will ask their victims to create a new access account to use their WAP. These users will more than likely use a common log-on name or one of their email addresses, along with a password they use elsewhere. The WAP hacker can then try using the same log-on credentials on popular websites — Facebook, Twitter, Amazon, iTunes, and so on — and the victims will never know how it happened.

Lesson: You can’t trust public wireless access points. Always protect confidential information sent over a wireless network. Consider using a VPN connection, which protects all your communications, and don’t recycle passwords between public and private sites.

Stealth attack No. 2: Cookie theftBrowser cookies are a wonderful invention that preserves “state” when a user navigates a website. These little text files, sent to our machines by a website, help the website or service track us across our visit, or over multiple visits, enabling us to more easily purchase jeans, for example. What’s not to like?

Answer: When a hacker steals our cookies, and by virtue of doing so, becomes us — an increasingly frequent occurrence these days. Rather, they become authenticated to our websites as if they were us and had supplied a valid log-on name and password.

Sure, cookie theft has been around since the invention of the Web, but these days tools make the process as easy as click, click, click. Firesheep, for example, is a Firefox browser add-on that allows people to steal unprotected cookies from others. When used with a fake WAP or on a shared public network, cookie hijacking can be quite successful. Firesheep will show all the names and locations of the cookies it is finding, and with a simple click of the mouse, the hacker can take over the session (see the Codebutler blog for an example of how easy it is to use Firesheep).

Worse, hackers can now steal even SSL/TLS-protected cookies and sniff them out of thin air. In September 2011, an attack labeled “BEAST” by its creators proved that even SSL/TLS-protected cookies can be obtained. Further improvements and refinements this year, including the well-named CRIME, have made stealing and reusing encrypted cookies even easier.

With each released cookie attack, websites and application developers are told how to protect their users. Sometimes the answer is to use the latest crypto cipher; other times it is to disable some obscure feature that most people don’t use. The key is that all Web developers must use secure development techniques to reduce cookie theft. If your website hasn’t updated its encryption protection in a few years, you’re probably at risk.

Lessons: Even encrypted cookies can be stolen. Connect to websites that utilize secure development techniques and the latest crypto. Your HTTPS websites should be using the latest crypto, including TLS Version 1.2.

Stealth attack No. 3: File name tricksHackers have been using file name tricks to get us to execute malicious code since the beginning of malware. Early examples included naming the file something that would encourage unsuspecting victims to click on it (like AnnaKournikovaNudePics) and using multiple file extensions (such as AnnaKournikovaNudePics.Zip.exe). Until this day, Microsoft Windows and other operating systems readily hide “well known” file extensions, which will make AnnaKournikovaNudePics.Gif.Exe look like AnnaKournikovaNudePics.Gif.

Years ago, malware virus programs known as “twins,” “spawners,” or “companion viruses” relied on a little-known feature of Microsoft Windows/DOS, where even if you typed in the file name Start.exe, Windows would look for and, if found, execute Start.com instead. Companion viruses would look for all the .exe files on your hard drive, and create a virus with the same name as the EXE, but with the file extension .com. This has long since been fixed by Microsoft, but its discovery and exploitation by early hackers laid the groundwork for inventive ways to hide viruses that continue to evolve today.

Among the more sophisticated file-renaming tricks currently employed is the use of Unicode characters that affect the output of the file name users are presented. For example, the Unicode character (U+202E), called the Right to Left Override, can fool many systems into displaying a file actually named AnnaKournikovaNudeavi.exe as AnnaKournikovaNudexe.avi.

Lesson: Whenever possible, make sure you know the real, complete name of any file before executing it.

Stealth attack No. 4: Location, location, locationAnother interesting stealth trick that uses an operating system against itself is a file location trick known as “relative versus absolute.” In legacy versions of Windows (Windows XP, 2003, and earlier) and other early operating systems, if you typed in a file name and hit Enter, or if the operating system went looking for a file on your behalf, it would always start with your current folder or directory location first, before looking elsewhere. This behavior might seem efficient and harmless enough, but hackers and malware used it to their advantage.

For example, suppose you wanted to run the built-in, harmless Windows calculator (calc.exe). It’s easy enough (and often faster than using several mouse clicks) to open up a command prompt, type in calc.exe and hit Enter. But malware could create a malicious file called calc.exe and hide it in the current directory or your home folder; when you tried to execute calc.exe, it would run the bogus copy instead.

I loved this fault as a penetration tester. Often times, after I had broken into a computer and needed to elevate my privileges to Administrator, I would take an unpatched version of a known, previously vulnerable piece of software and place it in a temporary folder. Most of the time all I had to do was place a single vulnerable executable or DLL, while leaving the entire, previously installed patched program alone. I would type in the program executable’s filename in my temporary folder, and Windows would load my vulnerable, Trojan executable from my temporary folder instead of the more recently patched version. I loved it — I could exploit a fully patched system with a single bad file.

Linux, Unix, and BSD systems have had this problem fixed for more than a decade. Microsoft fixed the problem in 2006 with the releases of Windows Vista/2008, although the problem remains in legacy versions because of backward-compatibility issues. Microsoft has also been warning and teaching developers to use absolute (rather than relative) file/path names within their own programs for many years. Still, tens of thousands of legacy programs are vulnerable to location tricks. Hackers know this better than anyone.

Lesson: Use operating systems that enforce absolute directory and folder paths, and look for files in default system areas first.

Stealth attack No. 5: Hosts file redirectUnbeknownst to most of today’s computer users is the existence of a DNS-related file named Hosts. Located under C:\Windows\System32\Drivers\Etc in Windows, the Hosts file can contain entries that link typed-in domain names to their corresponding IP addresses. The Hosts file was originally used by DNS as a way for hosts to locally resolve name-to-IP address lookups without having to contact DNS servers and perform recursive name resolution. For the most part, DNS functions just fine, and most people never interact with their Hosts file, though it’s there.

Hackers and malware love to write their own malicious entries to Hosts, so that when someone types in a popular domain name — say, bing.com — they are redirected to somewhere else more malicious. The malicious redirection often contains a near-perfect copy of the original desired website, so that the affected user is unaware of the switch.

This exploit is still in wide use today.

Lesson: If you can’t figure out why you’re being maliciously redirected, check out your Hosts file.

Stealth attack No. 6: Waterhole attacksWaterhole attacks received their name from their ingenious methodology. In these attacks, hackers take advantage of the fact that their targeted victims often meet or work at a particular physical or virtual location. Then they “poison” that location to achieve malicious objectives.

For instance, most large companies have a local coffee shop, bar, or restaurant that is popular with company employees. Attackers will create fake WAPs in an attempt to get as many company credentials as possible. Or the attackers will maliciously modify a frequently visited website to do the same. Victims are often more relaxed and unsuspecting because the targeted location is a public or social portal.

Waterhole attacks became big news this year when several high-profile tech companies, including Apple, Facebook, and Microsoft, among others, were compromised because of popular application development websites their developers visited. The websites had been poisoned with malicious JavaScript redirects that installed malware (sometimes zero days) on the developers’ computers. The compromised developer workstations were then used to access the internal networks of the victim companies.

Lesson: Make sure your employees realize that popular “watering holes” are common hacker targets.

Stealth attack No. 7: Bait and switchOne of the most interesting ongoing hacker techniques is called bait and switch. Victims are told they are downloading or running one thing, and temporarily they are, but it is then switched out with a malicious item. Examples abound.

It is common for malware spreaders to buy advertising space on popular websites. The websites, when confirming the order, are shown a nonmalicious link or content. The website approves the advertisement and takes the money. The bad guy then switches the link or content with something more malicious. Often they will code the new malicious website to redirect viewers back to the original link or content if viewed by someone from an IP address belonging to the original approver. This complicates quick detection and take-down.

The most interesting bait-and-switch attacks I’ve seen as of late involve bad guys who create “free” content that can be downloaded and used by anyone. (Think administrative console or a visitor counter for the bottom of a Web page.) Often these free applets and elements contain a licensing clause that says to the effect, “May be freely reused as long as original link remains.” Unsuspecting users employ the content in good faith, leaving the original link untouched. Usually the original link will contain nothing but a graphics file emblem or something else trivial and small. Later, after the bogus element has been included in thousands of websites, the original malicious developer changes the harmless content for something more malicious (like a harmful JavaScript redirect).

Lesson: Beware of any link to any content not under your direct control because it can be switched out on a moment’s notice without your consent.

Stealth fallout: Total loss of controlHackers have been using stealth methods to hide their maliciousness since the beginning days of malware. Heck, the first IBM-compatible PC virus, Pakistani Brain, from 1986, redirected inquiring eyes to a copy of the unmodified boot sector when viewed by disk editors.

When a hacker modifies your system in a stealthy way, it isn’t your system anymore — it belongs to the hackers. The only defenses against stealth attacks are the same defenses recommended for everything (good patching, don’t run untrusted executables, and so on), but it helps to know that if you suspect you’ve been compromised, your initial forensic investigations may be circumvented and fought against by the more innovative malware out there. What you think is a clean system and what really is a clean system may all be controlled by the wily hacker.

Related articles

This story, “7 sneak attacks used by today’s most devious hackers,” was originally published at InfoWorld.com. Follow the latest developments in security at InfoWorld.com. For the latest developments in business technology news, follow InfoWorld.com on Twitter.

Read more about security in InfoWorld’s Security Channel.

Link

The NSA and cryptography

To be safe, the internet needs reliable encryption. But the standards, software and hardware it uses are vulnerable

INTELLIGENCE agencies exist to steal secrets, and necessarily break other countries’ laws to do so. Much of the brouhaha around the disclosures by Edward Snowden, a fugitive systems administrator from America’s National Security Agency now living in Russia, misses that fact. But his latest leaks, published on September 5th in Britain’s Guardian and other outlets, highlight another aspect of the NSA’s work.

Purportedly, the NSA, with its British counterpart GCHQ, is trying not just to break the codes that allow private communication over the internet, but is sabotaging them. The tactics allegedly include undermining official standards bodies, and suborning big IT companies—if necessary, by infiltrating them. The aim is to insert “backdoors”: hidden flaws that help outsiders to eavesdrop. And the New York Times quotes a GCHQ document which says the NSA has “led an aggressive, multipronged effort to break widely used internetencryption technologies”. “Vast amounts” of encrypted data which used to be discarded are now “exploitable”.

This is big news, if true. For most of history, cryptography was an arcane discipline, of interest only to mathematicians and to some parts of government, just as the internet was once an academic research network that paid little attention to security. Now encryption of electronic data is an essential part of modern life. It secures the financial networks that link the world’s banks, protects credit cards, stops mobile-phone calls from being listened to, guards medical records and lawyers’ letters to their clients. Though cybercrime is a growing menace, reliable encryption remains the foundation on which the trillion-dollar edifice of e-commerce is built: without it, nobody would be able safely to make a payment online. For critics, sabotaging such codes is akin to a government secretly commanding lockmakers to make their products easier to pick—and to do so amid an epidemic of burglary.

Researchers, civil libertarians and conspiracy theorists have long suspected that policemen and spies would take steps to hamper individuals’ access to the uncrackably strong codes that modern computers can create. These bring privacy—but give great scope to villains. In the 1990s America classed cryptography as a weapon, and let only weakened versions of it be sold abroad. Western spies were rumoured to have installed “backdoors” into equipment sold by Crypto, a Swiss firm which exported to the Libyan and Iranian governments (the firm denied it). Some export versions of Lotus Notes, a rival to Microsoft’s Office suite of software, came with weakened secrecy. In 1999 researchers unearthed signing software suspiciously entitled “_NSAKEY” in some versions of Microsoft Windows (the company denied that it was a backdoor).

But outsiders have mostly relied on guesswork. After the latest revelations experts are scrambling to work out what the spies might have done, which encryption is affected and what will happen next. Intriguingly, Mr Snowden himself has said that “properly implemented strong crypto systems are one of the few things that you can rely on”. The question is what he means by “properly implemented”.

“Before this happened, wondering about government backdoors had the whiff of conspiracy theory,” says Matthew Green, of Johns Hopkins University, in Maryland. “But now it’s the exact opposite…Everything is suspect.” People are wondering where backdoors do not exist, rather than where they do. Mr Green sees three kinds of possible attack: on cryptographic standards, on software and on hardware.

Your keys, please

In theory, standards should be the hardest to subvert. They define the maths and techniques that encryption schemes use. They are poked and prodded by both academic cryptographers and government agencies (including the NSA itself, in its advisory role) to ensure that they are strong.

But the agency has made some strange-looking recommendations over the years. Cryptography depends on random numbers. These are hard for computers, which are decidedly non-random machines, to generate. Making random-number generators less random would be a fine, and subtle, way to undermine secrecy. In 2006 the NSA supported a random-number generator that was 1,000 times slower than its closest competitor. Researchers later found a problem which could badly weaken any encryption that relied on it.

Cryptography also depends on so-called “trapdoor functions”, bits of mathematics that are easy to do in one direction but virtually impossible to reverse. One common method is based on the assumed difficulty of finding the prime factors of enormous numbers. But the NSA (and many security researchers) have also been touting new codes based on a different sort of mathematics involving elliptic curves. This encryption should be stronger and less computationally taxing. But its equations require some constants. Bruce Schneier, a cryptographer and security commentator, frets that the NSA may have picked those constants so as to make the resulting codes vulnerable to decryption. He has no proof, he stresses, but “I think it’s a good guess that the NSA knows something about elliptic curves that we don’t. So I don’t trust them.” (Mr Schneier has seen many of Mr Snowden’s source documents but says his suspicions do not arise from studying them. He did not discuss them with The Economist.)

Software should be slightly easier to sabotage. One of the most commonly used cryptographic suites on the internet is written by Microsoft. Other leaks indicate that the firm has been subject to considerable legal pressure from American intelligence. Its code is “closed-source”, meaning that it is hard for outsiders to see how the programs work. “Open-source” software—where code is open for anyone to inspect—abounds, and should offer a bit more security. But flaws crop up there too. A random-number generator in Debian, a version of the open-source Linux operating system, had been misfiring for nearly two years before it was spotted in 2008. How many such bugs are accidental?

Dodgy hardware is even harder to find. The routers and switches that marshal traffic around the internet are largely designed by American firms; bugs infest them as well (a big one was found in 2011). Chips themselves have millions of transistors and complex embedded software. Inspecting one thoroughly is immensely difficult and costly. Intel, the world’s biggest chipmaker, builds a random-number generator into its products. Steve Blank, a Silicon Valley veteran, has publicly wondered whether America’s spies might have modified those chips (with or without Intel’s knowledge) to make the numbers less random. Intel says: “We do not include backdoors or any other unauthorised access to our products.”

But what once seemed paranoia is now a growing worry. Mr Schneier’s guess is that “the odds are almost zero that the NSA hasn’t tried to influence Intel’s chips.” In 2012 a paper from two British researchers described an apparent backdoor burned into a chip designed by an American firm called Actel and manufactured in China. The chip is widely used in military and industrial applications. Actel says the feature is innocent: a tool to help its engineers fix hardware bugs.

Who cares?

The NSA and its allies see things differently. For intelligence professionals, the efforts to compromise commercial products are a tempest in a teapot. Time was when the nation’s adversaries used military and diplomatic codes. Now they use private ones, too. So, they say, the NSA naturally must change the focus of its work, just as it now must target individual terrorists as well as foreign leaders. Are the critics really saying that the NSA must give up its work (or publicise its methods, rendering them useless)? Polls suggest a narrow majority of Americans, at least, prefer safety.

Moreover, aver the NSA’s defenders, the idea that commercial cryptography is now useless is false. The software and hardware is still robust enough to protect the integrity of communications for most uses. Only someone with oodles of skill and computing power can break it. That is well beyond the abilities of cyber-criminals. Even if they stumble across one or two security flaws, they will not have the ability to exploit them. If the NSA or allied agencies need a subtle way to access the material they need at a moment’s notice, that is useful, not scandalous.

Civil libertarians are unconvinced. They want to live in a world in which secure communication is at least theoretically possible. Less high-minded types worry, too. Security researchers dislike backdoors because they could be useful not just to their architects, but to malefactors. If the main protection against this is obscurity, then given the numbers of enthusiasts, crooks and spies who poke around other people’s computer systems, it may prove flimsy. (For other countermeasures, see article.) If the cryptography that secures e-commerce or banking has a built-in vulnerability, and a rogue outsider discovers it, the consequences could be catastrophic. Mr Snowden’s leaks will have brought more hunters to that quest.

Some companies will gain from the latest disclosures. “The unintended consequence of all this is that we are about to enter the next great wave of cryptographic research,” says Matthew Prince of CloudFlare, which makes products to speed up and protect websites. Wickr, an American outfit that makes a highly secure messaging app, is one of those already profiting from the panic. “Our downloads have grown tremendously since the NSA revelations,” says Nico Sell, a co-founder.

But overall, the damage seems likely to far outweigh the benefits. America’s public image has taken a pounding: its courts, laws and politicians seem unable to supervise the spooks properly. Whistleblowers—supposedly cherished by the Obama administration—are persecuted, not vindicated. The NSA, a recent leak suggests, is spying not just on foreign adversaries, but also American companies’ commercial rivals, something that foreign firms and governments have worried about for years. James Clapper, the director of national intelligence, faces an uphill struggle in his argument that America spies on business communications, but only to give early warning of financial crises and the like, not to give American firms a boost. Even those who mistrust Mr Snowden and his allies, who contest the inferences drawn from the leaks, and defend the role of the NSA, acknowledge the harm done by the supposedly super-secret agency’s inability to keep its own systems secure.

The most immediate damage is to America’s leading technology firms. They were already battling to contain the damage caused by previous allegations of how the NSA hoovered up their customers’ data. Protectionists can now pose as champions of privacy and national dignity. German politicians have urged people to shun American web firms if they want to keep their data secure. The Indian government is reportedly considering a ban on the use of Google’s Gmail service for sending official communications. And tech firms in places like Switzerland have seen a spike in inquiries from companies looking for a haven for their data.

Some experts play this down. It would be naive to think that the NSA did not have such capabilities. Lawrence Pingree of Gartner, a research firm, says some American “cloud computing” firms, which store and help manage other firms’ data, could see a dip in business, but he reckons the overall impact will be “minimal”.

But a report by the Information Technology and Innovation Foundation, a think-tank, estimates the leaks could cost that industry $22 billion-35 billion in lost revenues between now and 2016. Some customers may shun technology with any American connection. Some may have to because their governments pass laws mandating the use of local cloud operators for certain kinds of data.

American telecoms-equipment makers such as Cisco could also lose business abroad to foreign rivals—not least to Huawei, a controversial Chinese rival. Concerns about possible ties to Chinese espionage (which it denies) have hampered its expansion in America. William Plummer, its spokesman, says the industry should work together to secure networks and data, while putting “political games and distracting country-of-origin shenanigans behind us”.

But America’s big consumer internet firms, with their global horizons, have the most to lose. On September 9th several of them, including Google and Yahoo, filed new or revised lawsuits with America’s Foreign Intelligence Surveillance Court requesting permission to reveal more detailed information about the kinds of requests they receive from American government agencies. Both firms made clear in their suits that their inability to respond to misleading surveillance-related stories with specific data about such requests had harmed their reputation and their business, though they did not put a figure on the damage done.

Now America’s tech giants stand accused not just of mishandling their customers’ data, but, in effect, of knowingly selling them flawed software. Microsoft has always denied installing backdoors. It says it has “significant concerns” about the latest leaks and will be “pressing the government for an explanation”.

The damage goes well beyond individual companies’ brands. American technology executives often use their economic clout to shape global standards in ways that suit their companies. Now that will be harder. American input to international cryptographic standards, for example, will have to overcome sceptical scrutiny: are these suggestions honest, or do they have a hidden agenda? More broadly still, America has spent years battling countries such as Russia, China and Iran which want to wrest control of the internet from the mainly American engineers and companies who run it now, and give a greater role to governments. America has fought them off, claiming that its influence keeps the internet open and free.

Now a balkanisation of the web seems more likely. Jason Healey of the Atlantic Council, a think-tank, says that the denizens of Washington, DC, have lost sight of the fact that the true source of American cyber-power is neither the NSA and its code-breaking prowess nor the offensive capabilities that produced the Stuxnet virus, which hit centrifuges at an Iranian nuclear plant; it is the hugely successful firms which dominate cyberspace and help disseminate American culture and values worldwide. By tarnishing the reputations of these firms, America’s national-security apparatus has scored an own goal.