Apscitu masthead
Apscitu motto

News Home tab

Photos of Allan Thompson and a British clown

Secret Service Outsources IT to IT Incompetent Foreign-Influenced Company

By Duane Thresher, Ph.D.     April 23, 2018

The Secret Service is tasked with protecting President Trump's life. Like it or not, President Trump is hated even by our closest allies, who make no secret about wanting him dead. These days protecting the President involves a lot of Internet work. You would reasonably expect that this work would be done by the highest-grade IT people, people not from foreign countries. But incredibly, the Secret Service outsources this work to an IT incompetent foreign-influenced company, LookingGlass Cyber Solutions.

Recently, I was looking at the web logs for Apscitu's website. This is basic critical IT security practice since websites are the leading attack vector for hackers.

Photos of Mark Zuckerberg and Mary Surratt

Fake Federal Facebook Fury Finally Finished

By Duane Thresher, Ph.D.     April 16, 2018

Last week the much-hyped testimony by Mark Zuckerberg, Facebook's supposed creator, in front of the United States Senate Committee on Commerce, Science, and Transportation and the Senate Judiciary Committee finally finished. It was supposed to be a grilling by a furious Senate on Facebook's selling of its user data to outside unscrupulous companies, as well as other Facebook violations, like political censorship, but was more of a softball questioning publicity stunt. That it was a publicity stunt was further confirmed by the redundant anticlimactic "me too" questioning by the House a day later, which I thus don't cover here.

I tweeted last week -- see them at bottom -- making some important points, which is what Twitter is good for, but after the testimony and some careful thought is the time to write an article like this one.

Photos of President Trump and Suzie Kent with You're Fired!

You're Fired! Trump's Worst Hire Ever: IT Incompetent Fed CIO Suzie Kent

By Duane Thresher, Ph.D.     April 10, 2018

There has been endless ignorant talk about President Trump's hirings (and firings). Whatever else his appointments have been, most have at least been somewhat qualified. Not so with his appointment of IT incompetent Suzette Kent as Federal Chief Information Officer (CIO), the CIO of CIOs. Suzie Kent is Trump's worst hire ever and should be fired.

A CIO is not just any management position. It requires a specific education, exactly like judges being educated in the law or doctors being educated in medicine. If a CIO does not have to have an IT education then neither should a judge have to have a law education or a doctor a medical education.

Photo of Equifax's tombstone

Equifax Dead: Hacked So Credit Reports Worthless

By Duane Thresher, Ph.D.     April 5, 2018

Last year Equifax allowed the worst data breach in history and the legal fallout continues. Everyone assumes that the worst result of the Equifax hacking was that hundreds of millions of people, including those at sensitive government agencies, had their most personal financial information given to hackers. That is indeed horrendous but that may not be the worst of it. No one has considered that with Equifax hacked its credit reports are worthless, even illegal, since the Equifax hacking may have been to change credit reports to cause harm to individuals, not just steal data.

Everyone knows how important credit reports are. They are essentially used to determine where you can work and live. Even before the hacking, Equifax had major problems making sure the data it gathered was correct, and had been successfully sued numerous times for getting it wrong and harming people. Trying to discover what data for hundreds of millions of people has been changed by hackers is well beyond the capabilities of Equifax IT.

Photos of James Comey and Michael Horowitz

FBI Hacking Investigation Negligence Lawsuit, Part 1

By Duane Thresher, Ph.D.     February 22, 2018

My family and I, particularly our young daughter, were the victims of not one but two(!) health insurance company data breaches: Montana Department of Public Health and Human Services and Premera Blue Cross. At the time (2013 - 2015) these were two of the worst data breaches ever.

It was officially pretended that identity theft was the only concern from these so only cheap credit monitoring (probably using the now-hacked Equifax) for a couple of years needed to be offered as a remedy. However, child abductors, including pedophiles, find this information invaluable since it includes names, addresses and medical records, which is personal information that greatly aids a child abductor.

Mike Hamburg LinkedIn photo, Trump photo, Mike Hamburg ShiftLeft blog photo, Spectre logo, Google logo

Secret Service, Spectre Hacker Threatens Trump With God's Justice

By Duane Thresher, Ph.D.     February 15, 2018

I've written about the infamous Spectre computer security vulnerability in Meltdown and Spectre Security Vulnerabilities -- Deck Chairs on the Titanic and about the hackers who developed and distributed exploits for it in Google -- Illegal Competitor or National Security Threat.

The Spectre exploit could be a devastating weapon -- it has the power of anything it can hack into -- but currently there are only a few people who know how to use it. Mike Hamburg, one of the Spectre hackers, is one of these.

As I wrote about Mike Hamburg in Google -- Illegal Competitor or National Security Threat:

Fake Trump tweeting, Twitter logo, nuclear explosion

Trump Using Twitter is a National Security Risk

By Duane Thresher, Ph.D.     February 8, 2018

There has been a lot of condemnation of President Trump using Twitter, but mostly by his opposition because he has used it so successfully. No IT expert thought has been given to whether Trump using Twitter is a national security risk. CIA Director Mike Pompeo has said that Trump's use of Twitter is not a national security risk. Unfortunately, and with all due respect, IT incompetence is rampant in government and business and analysis by an IT expert gives the opposite answer: Trump using Twitter is a national security risk. It is imperative however that President Trump be able to speak directly to the people, since not being able to is a national security risk itself, so a Twitter alternative is required.

Whatever appears on Twitter from Trump's account, @realDonaldTrump, has extreme and immediate believability the world over. It is well-known that Trump uses Twitter -- he currently has 47.5 million followers, some of them probably heads of state and other higher-ups in foreign governments.

Photos of Sergey Brin and Edward Snowden

Google -- Illegal Competitor or National Security Threat

By Duane Thresher, Ph.D.     January 25, 2018

If the Meltdown and Spectre security vulnerabilities are relatively unimportant as I argued in Meltdown and Spectre Security Vulnerabilities -- Deck Chairs on the Titanic, then they are illegal attacks by Google on its competitors and Google should be investigated by the SEC and DOJ. If they are as catastrophic as they have been made out to be, then Google is a national security threat and should be investigated by the FBI (or higher DOJ) and DHS.

If Meltdown and Spectre are unimportant security vulnerabilities then they are illegal competition by Google.

When the Meltdown and Spectre security vulnerabilities were announced, before the affected companies like Apple and Intel had time to fully prepare, the value of those companies lost billions and their reputations were harmed, probably permanently. Google paid for the discovery and exploit development ("proof of concept") of these security vulnerabilities and helped publicize them. Google is a competitor with Apple and possibly Intel so has a strong motive to harm their reputations. (It will be revealing to see if Google comes out with hardware or software that doesn't have these security vulnerabilities and uses that as a selling point.) This tactic is classic stock manipulation and unfair competition and should be investigated by the SEC and DOJ (Antitrust Division).

Meltdown logo, Spectre logo, Titanic deck chair

Meltdown and Spectre Security Vulnerabilities -- Deck Chairs on the Titanic

By Duane Thresher, Ph.D.     January 18, 2018

I have a BS in Electrical Engineering and Computer Science from MIT, among much other relevant education and experience. Panicking about the Meltdown and Spectre computer security vulnerabilities is like panicking about the arrangement of the deck chairs on the Titanic.

The arrangement of the deck chairs on the Titanic was a safety issue -- theoretically passengers could be blocked by them -- but the actual giant hole in the side of the ship was the much bigger concern. (For simplicity I won't make the analogy using the design flaw in the Titanic that actually caused it to sink -- the bulkheads did not reach high enough and make watertight compartments.)

The Meltdown and Spectre security vulnerabilities are the big Information Technology (IT) news recently. These were announced together but are two separate security vulnerabilities, similar in that they result from CPU design flaws ("bugs") at the intersection of electrical engineering and computer science. I won't go into the technical details because the media and most of the public does not have the background to begin to understand them and it's not important.

GoDaddy logo guy and GoDaddy logo guy with black hat

GoDaddy Hacks Its Own Customers

By Duane Thresher, Ph.D.     January 11, 2018

A web page is created by program code -- usually HTML, JavaScript, and CSS together -- that tells a web browser how to display it and what user-interactive action to take, like user information entry. Cross-site scripting (XSS) is a hacking technique in which code is secretly added to a web page's code so that it runs in the web browser of anyone looking at the web page just like the authentic web page code but performing possibly-malicious actions. GoDaddy, a leading web hosting (web page serving) provider, was discovered using XSS on some of its customers.

Scripting in cross-site scripting refers to web page code, typically JavaScript code inside <script> tags of the HTML code of the web page. Cross-site refers to the code secretly added from elsewhere, like another website, running as if it were from the authentic website. This has serious implications because as a primary security measure, browsers will not allow code from one website, possibly malicious, to access the data, possibly sensitive user-supplied information, stored by code from another website, like a banking website. XSS defeats this browser primary security measure and is one of the most commonly used hacking techniques.

Photo of Non-IT Equifax CIO David Webb

Danger: Non-IT CIOs, Prime Example: Equifax

By Duane Thresher, Ph.D.

In this, the information age, the position of Chief Information Officer (CIO) is one of the most important positions in an organization since that person can literally destroy the organization.

While it should be obvious -- but clearly isn't -- a CIO should have extensive education and (then) experience actually in IT (Information Technology). IT is mostly computer networking, which is electrical engineering and computer science; see my Credentials page. A B.S. -- and for more advanced IT, more advanced degrees -- in these from good universities should be a requirement to do IT.

The knowledge necessary to do IT is similar to that necessary to do medicine; and for more advanced IT, like being a surgeon. No reputable hospital would make someone who had no medical background chief of surgery. Such an unqualified person would have little idea of what's involved -- particularly who to hire -- even if they had been head for years (having done it unqualified for years is not a qualification but a condemnation of the hiring organization).