Government darkware, Android smartphone, oobleck, an academic hoax arms race, and Bruce on NSA at RSA top this week's list of infosec-worthy reads.
The silent-but-violent malware identified mid-February as the Mask has been hitting computers for nearly seven years undetected. More alarming was the speculation this week that the NSA may have developed its own type of darkware code for government use. The Mask malware uses a variety of simple techniques to subvert security and detection alike. If cybercriminals are capable of writing sophisticate malware, why not national security agencies?
O.K., it's not strictly #infosec news but Google's collection of gadgets will expand to include an Android-powered smartwatch. There was no official announcement from Google during Mobile World Congress last Sunday, but "news emerged" that LG among other manufacturers will be involved with development. The street chatter has the smartwatch in late-stage development and that it will most likely be unveiled at a Google developer event in Summer 2014.
Matthew Gast (@MatthewSGast) refers to the intersection of hardware and software as "oobleck," a malleable term for the way in which the two meet and work together. Where previously hardware and software were set apart, now they coexist in moment-to-moment unison. Matthew didn't come out and say Silicon Valley will be the new Mount Neeka Tave but...
Three MIT graduate students conducted an experiment to expose how certain scientific conferences browbeat researchers for papers and accept anything that they receive to boost revenue from conference registration fees or increase academic publication subscription numbers. They wrote a simple computer program that churned out nonsense in the form of an academic paper, signed their names to the papers, and submitted them to prove their hypothesis. The authors made the SCIgen automatic nonsense generator publicly available shortly after their 2005 hoax. Since then, French researcher Cyril Labbé created a detection program, and a subsequent study reveals that hoax paper submissions are common and becoming more sophisticated. Hoax researchers are predicting an arms race, but is any of this affecting the well known "publish or perish" cycle?
Bruce Schneier may lead the pack when it comes to criticizing the NSA since Edward Snowden first revealed details of their surveillance. Schneier is calling for the intelligence organization to be broken into smaller groups. He listed details of what the NSA was already capable of during his speech at RSA 2014 and joked that the NSA may be developing malware (see NSA May Have A Mask of Its Own). Unsurprisingly, Bruce called for broader us of encryption, saying, "Encryption works. Most Cryptography gives the NSA trouble, and that's important."