I will be giving presentation on cloud log management at BayThreat this weekend. Anton has posted a nice summary page on his blog where he also modestly claims his presentation will be “hilarious”.

What:

There’s a new information security conference in the South Bay at The Hacker Dojo, December 10th & 11th. Perfect for those of us with exhausted travel budgets. We’re an active community with tons of the smartest folks in the biz. It just makes sense that we would get a regional con of our own!

The theme for BayThreat is as simple as black & white: “Building & Breaking Security.” Two tracks, each tackling opposite sides of the security fence. As Security Professionals, it is up to us to take that dichotomy and mold it into the shades of gray we use to protect our environment.

Shades of the Gray Area

We’ve invited speakers from all over the Bay Area and beyond to a two day conference at the Hacker Dojo in Mountain View, CA. The Dojo is a familiar place for the security community, as it hosts the #DC650 meetings every month.

We’re excited to host speakers with security expertise from both sides of the fence. Early-acceptance speakers include Anton Chuvakin, Neel Mehta, Ryan Smith, Gal Shpantzer, Jim McLeod, Allen Gittelson, and Dan Kaminsky. The Call For Abstracts is now closed.

When: December 10-11, 2010

Where: Hacker Dojo, 140A South Whisman Rd, Mountain View, CA 94041 (map)

How much: nominal fee of (!) $45

Schedule: TBA here

Google is the first, it seems, to embed a chip for NFC in a cell phone for the American market. The Official Google Blog says NFC comes with the Nexus S.

It also features…NFC (near field communication) hardware that lets you read information from NFC tags. NFC is a fast, versatile short-range wireless technology that can be embedded in all kinds of everyday objects like movie posters, stickers and t-shirts.

Actually, it will also come in handy as a payment system to replace or improve on payment cards, as I have mentioned before.

Barbie is now a surveillance tool. “Video Girl” has a video camera embedded.

I am a real working video camera

The FBI Memo About Newest Barbie Doll, which you might have seen coming, appears to be directed only at the risk of abuse of children by adults.

An internal cyber crime alert from the Sacramento office obtained by CBS13 warns:

“Law enforcement is encouraged to be aware of unconventional avenues for the possible production and possession of child pornography, such as Barbie Video Girl.”

The memo goes to warn that the toy’s technology can capture 30 minutes of video that can be played back on the tiny LCD screen, or downloaded and shared.

The Barbie also could be used by a child to expose adult behavior or secrets. The FBI is unlikely to warn about this “unconventional avenue” of exposure by a $50 spy camera in a doll, but I am sure it also crossed their minds.

The camera has a USB interface and runs on two AAA batteries. Enterprising children may find it easy to modify and use with other decoys or toys. That is why I also suspect this doll could give many children an early sense that they are being watched and recorded; anything anywhere now might be a spy camera. It could lead to adaptive behavior (anti-Barbie Doll measures?) and end up making a new generation far more aware than their parents of surveillance risks.

Although the leaked 2009 State Department wire message will bring scrutiny to Chinese hackers, three things stood out.

First, language in the wire looks familiar:

CNITSEC enterprises was said to has recruited Chinese hackers in support of nationally-funded “network attack scientific research projects.”

China is not the only country to recruit hackers. Remember when the press release announced “Hacker ‘Mudge’ gets DARPA job”? He was quoted as saying “I want to be at the sharp pointy end of the stick.” Imagine if a Chinese hacker had said that to the press…actually, imagine if anyone going into a military role said that in any country.

The point here, no pun intended, is that countries frequently recruit experts from industry, and have done so for quite a while (as LinkedIn members often boast).

Even more to the point, the US military has only just announced cybersecurity as part of basic training, as explained in “US Air Force Recruits Train to Become Cyber Warriors”. With the Air Force only just starting to train from within, it likely will be years before they can avoid hiring from outside.

The Chinese hiring outside hackers is probably taken by many to be a sign of intent or motive, but to me it signals more that they lack talent within.

Second, the timing is interesting:

From June 2002 to March 2003, TOPSEC employed a known Chinese hacker, Lin Yong (a.k.a. Lion and owner of the Honker Union of China), as senior security service engineer to manage security service and training. Venus Tech, another CNITSEC enterprise privy to the GSP, is also known to affiliate with XFocus, one of the few Chinese hacker groups known to develop exploits to new vulnerabilities in a short period of time, as evidenced in the 2003 release of Blaster Worm (See CTAD Daily Read File (DRF) April 4, 2008)

March 2003 was only a month after Bill Gates signed major trade agreements with China. It also was about half a year before Microsoft gave the Chinese access to its source code for “security” purposes.

Chinese hacker and company “affiliations” with Microsoft could sound ominous in some ways, but in 2003 the company openly traded and gave access to Chinese security experts. That gives a different spin to the wire and again emphasizes that China lacked talent within. They relied on experts in the field with unusually close ties to Microsoft.

Third, although this is a wire leak and not a press-release, I am reminded of when the Japanese media were said to be using reports of Honker (hacking group said to be nationally affiliated with China) activity and threats to “make China look bad”.