Showing posts from July, 2012

Israeli Agents Steal Korean Tech for Chinese Customer

Thanks to the show Asia Biz Today I learned of an industrial espionage case involving South Korea, Israel, and China. In brief, agents of the South Korean branch of an Israeli company stole technology from two South Korean companies, and passed the loot to Chinese and Taiwanese companies. On June 27th the Yonhap news agency in South Korea reported the following: Key technologies to manufacture advanced flat-panel displays at Samsung Mobile Display and LG Display have been leaked by an local unit of an Israeli company, local prosecutors said Wednesday, raising concerns the leakage could pose a major threat to the national interest. The Seoul Central District Prosecutors' Office indicted under physical detention three employees at the local unit of an Israeli inspection equipment supplier, including a 36-year-old man surnamed Kim, on charges of leaking key local technologies used to produce active-matrix organic light-emitting diode (AMOLED) displays and white organic lig

Impressions: Three "Internals" Books for Security

As of last month I'm no longer reviewing technical books. However, I wanted to mention a few that I received during the last few months. All three have an "internals" focus with security implications, and all three are written by authors I've reviewed before. The first is The Rootkit Arsenal: Escape and Evasion in the Dark Corners of the System, Second Edition by Bill Blunden. I reviewed the first edition two years ago. I am not in a position to comment on the merit of Bill's technical approach (Greg? Jamie?) but I can say the following about the book. First, it appears current, with references to developments over the last few years. Second, it is well-sourced, with lots of footnotes. For me, that is a sign that the author cares about attribution and scholarship. Third, I must admit I am very happy to see several references to posts on this blog and also tools and techniques authored by Mandiant (such as Redline and Memoryze . With respect to citin

Not Just Clowns, But Criminals

It turns out my April post Clowns Base Key Financial Rate on Feelings, Not Data was too generous. I cited an Economist story which outlined how LIBOR rates — and the returns on $360 trillion of financial contracts related to them, five times global GDP — are based on best guesses rather than hard data. I continue to cover this story because the financial industry routinely scoffs at the "risk management" practices of non-financials, as I wrote in 2007 . It turns out that these clowns are actually malicious, as reported in Lies, damn lies, and LIBOR: Barclays, Diamond, and a devalued benchmark : A pattern of deception extending over a period of years. A flouting of the law to profit at the expense of others on three different continents. And a belief that the rules did not apply to them. No, not the latest mafia family to be taken down by a special prosecutor. But Barclays PLC, the sprawling British banking group that recently paid a $450 million fine for seeking to ri

How to Kill Teams Through "Stack Ranking"

The newest Vanity Fair offers an article titled Microsoft’s Downfall: Inside the Executive E-mails and Cannibalistic Culture That Felled a Tech Giant . It starts with the following: Analyzing one of American corporate history’s greatest mysteries — the lost decade of Microsoft — two-time George Polk Award winner (and V.F.’s newest contributing editor) Kurt Eichenwald traces the “astonishingly foolish management decisions” at the company that “could serve as a business-school case study on the pitfalls of success.” Relying on dozens of interviews and internal corporate records — including e-mails between executives at the company’s highest ranks — Eichenwald offers an unprecedented view of life inside Microsoft during the reign of its current chief executive, Steve Ballmer, in the August issue... Eichenwald’s conversations reveal that a management system known as “stack ranking” — a program that forces every unit to declare a certain percentage of employees as top performers, go

Thoughts on Lessons from Our Cyber Past: The First Cyber Cops

In May I was pleased to attend Lessons from Our Cyber Past: The First Cyber Cops hosted by Jay Healey at the Atlantic Council and featuring Steven R. Chabinsky, Shawn Henry, and Christopher M. Painter. The transcript as well as audio for the event are now online. All of the attendees made great points, and I wanted to highlight a few. Mr. Chabinsky: I think that we’re getting to this point where we really have to reflect upon what risk mitigation looks like in this area, whether our policies that focus predominantly on vulnerability mitigation, are actually a successful long-term security model. If you think of most security models, I think predominantly you’d find that they rely on threat deterrence , that the notion that the actor won’t act because there will be some penalty-based deterrent at the end of it – they’ll be captured, they’ll have some penalty. Here [in digital security] we have a model where people are predominantly focused on hardening the target , patching

Thoughts on Air-Sea Battle Briefing at Brookings

Last month I attended an event at the Brookings Institute about the Air-Sea Battle concept, which I mentioned in China's High-Tech Military Threat and Air Sea Battle yesterday. A good companion to the briefing is the article Air-Sea Battle: Promoting Stability in an Era of Uncertainty published in February in the journal The American Interest. In that article, General Norton A. Schwartz, USAF (at right in the picture) & Admiral Jonathan W. Greenert, USN write: When Secretary of Defense Leon Panetta introduced the new strategic guidance for the Department of Defense, he stated that the “smaller and leaner” Joint Force of the future must be prepared, in conjunction with allies and partners, to confront and defeat aggressors anywhere in the world, “including those seeking to deny our power projection.” The new strategic guidance directs U.S. forces to maintain the “ability to project power in areas in which our access and freedom to operate is challenged” and to be “cap