Apscitu masthead
Apscitu motto

News Home tab

Fake Trump tweeting, Twitter logo, nuclear explosion

Trump Using Twitter is a National Security Risk

By Duane Thresher, Ph.D.     February 8, 2018

There has been a lot of condemnation of President Trump using Twitter, but mostly by his opposition because he has used it so successfully. No IT expert thought has been given to whether Trump using Twitter is a national security risk. CIA Director Mike Pompeo has said that Trump's use of Twitter is not a national security risk. Unfortunately, and with all due respect, IT incompetence is rampant in government and business and analysis by an IT expert gives the opposite answer: Trump using Twitter is a national security risk. It is imperative however that President Trump be able to speak directly to the people, since not being able to is a national security risk itself, so a Twitter alternative is required.

Whatever appears on Twitter from Trump's account, @realDonaldTrump, has extreme and immediate believability the world over. It is well-known that Trump uses Twitter -- he currently has 47.5 million followers, some of them probably heads of state and other higher-ups in foreign governments.

Photos of Sergey Brin and Edward Snowden

Google -- Illegal Competitor or National Security Threat

By Duane Thresher, Ph.D.     January 25, 2018

If the Meltdown and Spectre security vulnerabilities are relatively unimportant as I argued in Meltdown and Spectre Security Vulnerabilities -- Deck Chairs on the Titanic, then they are illegal attacks by Google on its competitors and Google should be investigated by the SEC and DOJ. If they are as catastrophic as they have been made out to be, then Google is a national security threat and should be investigated by the FBI (or higher DOJ) and DHS.

If Meltdown and Spectre are unimportant security vulnerabilities then they are illegal competition by Google.

When the Meltdown and Spectre security vulnerabilities were announced, before the affected companies like Apple and Intel had time to fully prepare, the value of those companies lost billions and their reputations were harmed, probably permanently. Google paid for the discovery and exploit development ("proof of concept") of these security vulnerabilities and helped publicize them. Google is a competitor with Apple and possibly Intel so has a strong motive to harm their reputations. (It will be revealing to see if Google comes out with hardware or software that doesn't have these security vulnerabilities and uses that as a selling point.) This tactic is classic stock manipulation and unfair competition and should be investigated by the SEC and DOJ (Antitrust Division).

Meltdown logo, Spectre logo, Titanic deck chair

Meltdown and Spectre Security Vulnerabilities -- Deck Chairs on the Titanic

By Duane Thresher, Ph.D.     January 18, 2018

I have a BS in Electrical Engineering and Computer Science from MIT, among much other relevant education and experience. Panicking about the Meltdown and Spectre computer security vulnerabilities is like panicking about the arrangement of the deck chairs on the Titanic.

The arrangement of the deck chairs on the Titanic was a safety issue -- theoretically passengers could be blocked by them -- but the actual giant hole in the side of the ship was the much bigger concern. (For simplicity I won't make the analogy using the design flaw in the Titanic that actually caused it to sink -- the bulkheads did not reach high enough and make watertight compartments.)

The Meltdown and Spectre security vulnerabilities are the big Information Technology (IT) news recently. These were announced together but are two separate security vulnerabilities, similar in that they result from CPU design flaws ("bugs") at the intersection of electrical engineering and computer science. I won't go into the technical details because the media and most of the public does not have the background to begin to understand them and it's not important.

GoDaddy logo guy and GoDaddy logo guy with black hat

GoDaddy Hacks Its Own Customers

By Duane Thresher, Ph.D.     January 11, 2018

A web page is created by program code -- usually HTML, JavaScript, and CSS together -- that tells a web browser how to display it and what user-interactive action to take, like user information entry. Cross-site scripting (XSS) is a hacking technique in which code is secretly added to a web page's code so that it runs in the web browser of anyone looking at the web page just like the authentic web page code but performing possibly-malicious actions. GoDaddy, a leading web hosting (web page serving) provider, was discovered using XSS on some of its customers.

Scripting in cross-site scripting refers to web page code, typically JavaScript code inside <script> tags of the HTML code of the web page. Cross-site refers to the code secretly added from elsewhere, like another website, running as if it were from the authentic website. This has serious implications because as a primary security measure, browsers will not allow code from one website, possibly malicious, to access the data, possibly sensitive user-supplied information, stored by code from another website, like a banking website. XSS defeats this browser primary security measure and is one of the most commonly used hacking techniques.

Photo of Non-IT Equifax CIO David Webb

Danger: Non-IT CIOs, Prime Example: Equifax

By Duane Thresher, Ph.D.

In this, the information age, the position of Chief Information Officer (CIO) is one of the most important positions in an organization since that person can literally destroy the organization.

While it should be obvious -- but clearly isn't -- a CIO should have extensive education and (then) experience actually in IT (Information Technology). IT is mostly computer networking, which is electrical engineering and computer science; see my Credentials page. A B.S. -- and for more advanced IT, more advanced degrees -- in these from good universities should be a requirement to do IT.

The knowledge necessary to do IT is similar to that necessary to do medicine; and for more advanced IT, like being a surgeon. No reputable hospital would make someone who had no medical background chief of surgery. Such an unqualified person would have little idea of what's involved -- particularly who to hire -- even if they had been head for years (having done it unqualified for years is not a qualification but a condemnation of the hiring organization).