The idea of rural living is based on segmentation; physical distance or complicated terrain meant a lack of access to services such as electricity and telephones. The definition will have to change. Wireless technologies , as explained by the Washington Post, can be too easily deployed

Cellphones are the first telecommunications technology in history to have more users in the developing world — almost 60 percent — than in the West. Cellphone usage in Africa has been growing close to 50 percent annually — faster than any other region. More than 30 African nations have more cellphones than land lines. In only 11 years, Grameenphone — an offshoot of the Nobel Prize-winning micro-lending outfit — now covers 98 percent of Bangladesh and serves the majority of the country’s 30 million telephone users, only about a million of whom have land lines.

The economics of service are behind the sharp rise in use. Delivery of low cost devices to high numbers of customers, even with low margins, means the infrastructure investment is recouped in just a few months:

As demand rages among rural folk, Vodacom, which erected the Kgautswane mast, now has to kit out rural base stations with the same level of equipment as base stations in the city. Still, it made back the $164,800 outlay for the Kgautswane mast in less than six months.

People living in the area around the base station — which covers a roughly 19-mile radius —make between 20,000 and 30,000 calls a day, just over a year after coverage went live, according to Vodacom.

This is great news for the initial phase of service delivery, but sustaining revenue is even more important for infrastructure companies thinking about investing in rural areas. Customers pay the basic level of service to begin and then soon find the technology brings them more revenue. More revenue enables providers to offer long term plans and higher service levels.

Mhlapo says she spends as much as $25 on airtime some months. Margaret Chinhete, a Zimbabwean woman who lives down the gravel road says she spends about $13 a month on her new phone, but easily covers that with the extra cash she makes from selling crafts now she can contact customers by phone.

“When I bought this I had never made a phone call. Now I use it to call business contacts. It saves me from walking kilometers every day and I have doubled my monthly earnings,” Chinhete told Reuters, as she hauled home her wares.

Service does not have to be a one-to-one ratio. This is very unlike developed countries where cell-phone service is not only intended to be single-user it is preferred (this was the source of endless debates when I worked on mobile security at Yahoo! — what should happen to contacts and calendar, for example, when more than one user logged in/out of a phone). A business model can exist where one person gets the cell phone and then charges a small percentage for others in the area to use it. Perhaps at some point the cell phone providers will incorporate this as their own service but leaving it to local entrepreneurs has some interesting security implications.

They already have the ability to log who is using the phone, even with informal measures, whereas the provider would have no visibility. A system that tried to push unique identities to the users would face easy circumvention. There is no incentive for a shared user to assert their unique identity unless it benefits them directly, such as being correctly billed. The providers, on the other hand, will not want to put anything in the way of adoption. They obviously want to ease adoption and hope word-of-mouth marketing (no pun intended) will be linked into revenue, status, pride, etc. so more and more Africans will invest in having their own phone. Fraud will force regulators to step in and create barriers to anonymous or shared entry; until that time adoption will continue to be made as easy as possible.

The low-cost wireless option for telecommunications has now overcome just about every obstacle in rural areas. The cell phone user base grew twice as fast in Africa than in Asia from 1999 to 2004 and drove right through issues of security and stability that stalled other investments.

Five years ago [in 2000], for example, sub-Saharan Africa (excluding South Africa) accounted for one of every five mobile subscribers on the continent. That ratio has now doubled.

Executives of the MTN Group, another major African mobile operator, say the company’s Nigerian network cost 2½ times as much as its South African network because of lack of infrastructure. But demand is so intense that MTN is adding hundreds of base stations.

Congo was in the midst of a civil war when Alieu Conteh, a telecommunications entrepreneur, began building a cellular network there in the 1990s. No foreign manufacturer would ship a cell phone tower to the airport with rebels nearby, so Conteh hired local men to collect scrap and weld together a tower.

Now Vodacom, which formed a joint venture with him in 2001, is grappling with other problems. Its trucks get stuck in the mud. A crane is out of the question so it takes 15 to 20 men to haul each satellite dish into place with ropes. Base stations must be powered by generators. The exchange rate is maddening: Each morning, executives send instant messages to employees containing the latest rate for the plunging local currency.

Despite all that, Vodacom Congo has 1.1 million subscribers and is adding more than 1,000 daily.

There are no plans to extend land-line service to the surrounding steep mountains where Skhakhane lives, government officials in South Africa say. But that may not matter: Six months ago, Vodacom erected a cellular tower whose signal can be picked up in the hills. Now it logs 10,000 calls a day.

It all sounds absolutely amazing but if the developed market is any indicator of things to come there are at least two security challenges lurking. The first is energy. I suspect biodiesel, solar and even wind can easily resolve the need for power distribution. They also add to the growth of an economy centered around telecommunications. All of these can be developed locally, like wireless, and remove rural barriers to infrastructure development. The second is how new subscribers will behave in terms of privacy controls.

A continent laced with power and political instability, along with a history of ruthless authority, begs the question of privacy on handsets, towers and systems. Free markets also beg the question. A local service will have to compete with much larger providers and the market will be under pressure to keep their contracts, proposals and IP unique and confidential. Then there is always the question of simple fraud. Who will be able to listen to whom and how will identities be traced? It appears that the Africans may next face adoption of regulatory models and/or pay for enhanced privacy controls. Ghana, Nigeria, Tanzania, South Africa and Mauritius have started to require phones be linked to a formal identity.

All new mobile Sim cards – on contract or pre-pay – will have to be registered in the name and address of the user before they can be activated. Customers will have to verify their details with a form of identity or their bank details. [Regulators] argue they are needed because more people have been using prepaid mobile telephones to commit fraud and send malicious texts.

Studies have started to suggest that regulation not only puts a dent in African mobile phone adoption rates but also may start a reduction.

Whatever the reality, there’s no doubt that the law is harming Vodacom and MTN subscriber figures and hampering growth in new subscribers. Often, immigrants to South Africa lack the required official identity documents, and the outlets which record their details seem unprepared. This has lead to Masiza saying that MTN will lobby communications minister Siphiwe Nyanda for a relaxation of the rules governing the recording of private subscriber information. If no wiggle-room is granted to MTN and Vodacom, then the two operators face months of disconnecting subscribers who are unwilling or unable to confirm their details using the correct documentation.

There has been much speculation about the hidden meaning and possible historical references in the Stuxnet code. I find this interesting not only on its own but also in relationship to other malware in the news.

Zeus, unlike Stuxnet, actually has done a fair amount of real harm. However, no one seems to be going around pointing out that, at least as far as mythology goes, you may never be able to get rid of it

Cretans believed that Zeus died and was resurrected annually

That was obviously before computers. In modern terms Zeus would be killed and then resurrect almost instantly, depending on CPU and memory.

I guess, to be accurate, the references in Stuxnet are in the code itself whereas Zeus is just one of many names (Zbot, PRG, Wsnpoem, Gorhax, Kneber) given to a Trojan horse. Trojan horse malware named after a Greek god seems most appropriate, but I have not yet seen who or how the name Zeus was chosen. In any case, Microsoft has announced that they will now search for some versions of Zeus in their Malicious Software Removal Tool (MSRT).

The Zeus bot is dynamic and could be adjusted easily to bypass the MSRT, so what this really means is older and less expensive copies will fail. The cost of a Zeus attack has just gone up. Not a perfect solution, of course, but definitely a helpful step. This lowers the barrier and cost of defense for attacks that were already far too easy.

Microsoft, speaking of historical references, in 2007 was not very optimistic about the demise of Storm after they added it to MSRT. Storm was actually named after flooding in Europe that was used to convince victims to download the Trojan horse installer.

In a blog post with the catchy operation title “Storm drain” Microsoft predicted the Storm botnet would not go away.

Unfortunately, that data does not show a continued decrease since the first day. We know that immediately following the release of MSRT, the criminals behind the deployment of the “Storm” botnet immediately released a newer version to update their software. […] Despite so many machines having been cleaned recently by MSRT, the “Storm” botnet will slowly regain its strength.

It did decline significantly, and Microsoft then took credit, but just a few months ago experts warned of a new variant and rebirth of the threat.

…the Storm botnet was one of the biggest botnets, sending out vast amounts of spam. As the market leader in spam-distributing botnets, it got a lot of attention from the security industry and the general public, ultimately leading to its demise. Since early 2009 the botnet was believed to be silent, even possibly defunct.

The new malware has been distributed widely over the last several days and the new botnet is already sending out spam. In an analysis done by Mark Schloesser, Tillmann Werner, and Felix Leder, German researchers who did a lot of work in analyzing the original Storm, they found that around two-thirds of the “new” functions are a copy and paste from the last Storm code base. What is missing is the original peer-to-peer (P2P) functionality, possibly in response to a tool these researchers developed that could bring down Storm. Cutting away the P2P functionality focuses the new Storm variants to HTTP communication with their command server.

Still 2/3 the same code base? Another key difference should be that it can now avoid MSRT despite using a vast majority of the old code, unless of course MSRT was not really the reason it went away. Funny how that is not mentioned; instead McAfee talks about a “tool” developed by researchers outside of Microsoft and based on network protocol analysis instead of detection and removal by the OS that brought Storm down. Controls outside the OS thus might have made the real difference. Important to keep in mind, given the new Zeus-aware MSRT update.

My best guess is that Stuxnet is not as sophisticated as some might argue but instead is rehashed from prior attacks. The failure of anti-malware is turning into the real issue, just like we hear about with the Zeus and Storm evolutions, rather than true zero-day risks. The solution, in other words, takes far more than just evil code detection. System behavior and network behavior — the sort of thing usually relegated to “expensive” trusted platforms with limited flexibility — is going to come more into vogue for fighting bots. The good news for IT management is that virtualization technology and the cloud model significantly brings down the cost of running trusted platforms.

A resident of Santa Clara, California discovered by accident that the FBI planted a tracking device on his car

Afifi said the strange series of events began Sunday, when he took his car in for an oil change to a garage not far from his Santa Clara home. As the car was raised, Afifi said he noticed “a wire hanging out.” Then he noticed “a black, glimmering device.”

Mazher Khan, owner of Ali’s Auto Care, had no idea what it was but he agreed to yank it out. Afifi left with the device and drove home.

On Tuesday, Afifi said he had just gotten home from work when one of his roommates came in and said, “There are two suspicious people standing right by your car in the complex.”

It is a strange story to begin with, but then it gets even more strange when the FBI show up and request that the big black devices of wires-and-magnets be returned to them.

“All right, where’s the device you found under your hood,” the agent said, according to Afifi. “He goes, ‘Yeah, we put it there.’ “

[…]

“I gave it back to them and said, ‘Is this what you needed?’ ” Afifi said. “He goes, ‘Yeah, this is it.’ “

Ali’s Auto Care now can update their ads to include “Tracking Device Removal”, or maybe even offer an Internet coupon. Note that Divorcenet.com suggests GPS tracking devices could be a wider problem than just with law enforcement.

The use of GPS systems is increasingly being used to monitor cheating spouses. The falling price and shrinking size of GPS systems have spouses from all walks of life keeping track of their “better” halves. Spouses can now use a GPS device to follow a vehicle, and presumably the cheater, behind the wheel. The GPS system’s software works seamlessly with online map services such as Google Maps. Thereafter, the suspecting spouse can sit back and wait for that “gotcha” moment.

Spouses are said to legally be entitled to track their “own” vehicles. The question becomes one of ownership, and then privacy.

The legality of secretly planting a GPS system is a very fact-sensitive analysis. Like checking a spouse’s email, the legality of secretly planting a GPS tracker depends on who owns the vehicle. In a purely technical sense, if you own the vehicle or have joint ownership of it, then it is perfectly legal to use a GPS system to monitor it. Spouses can legally access their spouse’s email in scenarios where there is a jointly-owned computer or a computer that is used by the entire family. The key issue in the planting of a GPS system is whether the spouse who was tracked had a reasonable expectation of privacy. The question apparently has yet to be raised in a divorce case in New Jersey. The law is normally five years behind technological developments.

I am not a lawyer but the “reasonable expectation of privacy” test seems a bit weak. The courts have already ruled in the US that there should be no expectation of privacy in your driveway from the government, for example.

Government agents can sneak onto your property in the middle of the night, put a GPS device on the bottom of your car and keep track of everywhere you go. This doesn’t violate your Fourth Amendment rights, because you do not have any reasonable expectation of privacy in your own driveway — and no reasonable expectation that the government isn’t tracking your movements.

Another opportunity for the security market. Someone should start selling Fourth Amendment tents for the  driveway — now even you can set up a reasonable expectation of privacy on your own property.

John Stewart is a funny guy. He not only give a clear and sober review of the foreclosure crisis, but he dissects regulations and tells the banks (4:10) “You can’t lock someone out of their house while they are in it.”