Jan 05

Sean Hannity Radio Show Interview on Julian Assange, WikiLeaks, Russian Hacking, and Cyber Warfare

sean-hannity-radioBackground

The day after an amazing personal interview of Julian Assange by Sean Hannity aired on his TV show, FMS President Luke Chung was invited to discuss the related technology on his radio show.

Hannity traveled to London to interview Assange at the Ecuadorian Embassy where he’s seeking asylum. They discussed an overview of Assange’s role as founder of WikiLeaks, and their obtaining and publishing the emails from the Democratic National Committee the weeks before the US Presidential election. Some people attribute Hillary Clinton’s loss to the revelations in those emails especially from John Podesta, the former White House Chief of Staff and Chairman of the Clinton campaign. They are also accusing the Russians for hacking (stealing) and providing the data to Assange so Donald Trump could win the election.

Radio Show

On January 4, 2017, I was on the radio show with Sean Hannity and Brigadier General Eli Ben Meir, former Israeli Military Intelligence chief. The three of us discussed the WikiLeaks disclosures. I commented specifically on:

  • Cyber attacks and the security breach at OPM disclosed non-classified government employees and by omission who were covert at American Embassies globally.
  • Noting Julian Assange’s careful word choices to exclude Russia as source without excluding them as the ultimate source of his sources.
  • The need for WikiLeaks’ to keep their sources confidential and how they amplified the data from Bradley Manning and Edward Snowden.
  • Different approaches to preventing cyber attacks depending on the cause.
    “It’s one thing when someone steals your car because they broke into it. It’s another thing when someone steals your car because you left your keys in the ignition.”

Here’s the audio of the show:

My segment starts at the 6:50 mark. Sean and General Meir speak first, then I start around 9:25. Final comments at 14:15 and it wraps up by 14:50.

Additional Issues

Only a limited amount of information can be discussed in such a short interview. Some additional issues to consider are:

Data Security

Securing data over the internet and inside organizations is very challenging. Threats may come from:

  • External hacks that need to be monitored and defeated
  • Internal people who unintentionally leave the front door unlocked
  • Internal people who intentionally leak information

Different solutions are required for each type of threat. Some are at the software vendor, design, and developer level, while others involve end-user training, background checks, and monitoring.

Applications can be built so that simply disclosing a user name and password doesn’t compromise the whole system by require two-factor authentication and registering devices that can use those credentials.

Unfortunately, many systems were built well before today’s cyber threats existed. The cost of making those systems more secure without breaking their existing functionality will be daunting and expensive. In many cases, the original source code, development environment and/or vendor are long gone, so the only option is to replace them which is also very expensive and time consuming.

Julian Assange and WikiLeaks are Not Heroes

We need to keep in mind that the WikiLeaks exposed top secret US information by publishing the disclosures from Manning and Snowden. Lives were put at risk and lives may have been lost because of those publications. The Arab Spring was inflamed in part by the disclosure of diplomatic communications and one could argue the human tragedy in Syria is tied to this as well. While Republicans are celebrating and defending Assange and WikiLeaks now for the DNC emails, the tables may turn very quickly.

Data That’s Not Exposed May be More Dangerous

While many are focused on the DNC emails, it’s not unreasonable to assume the people who hacked that also got the RNC emails. Data can be power, and in the wrong hands, data can be used for nefarious purposes such as blackmail.

If the RNC data were compromised, we should be extremely worried if the hackers discovered it was more valuable to keep private than public. Whether they use it directly or sell it to another party or country, the information can make victims puppets by threatening the exposure of their personal data. It’s not uncommon during E-discovery of an email server to discover all sorts of inappropriate language, behavior and activity conducted by individuals in an organization. Disclosures of affairs, homosexual activity, underage sex, bribery, unethical business dealings, breeches of confidentiality, collusion, and actual crimes are often found in email threads and can be used for blackmail.

Jul 01

Microsoft Office365 Exchange Online Service Performance Degradation and SMTP Problems

office365A few years ago, we migrated our email service to Microsoft’s Office365 cloud service. Overall, it’s been very reliable and eliminated the challenges we had hosting Exchange ourselves. It let us get to our emails using Outlook installed on Windows, any internet browser, and smartphones. Office365 also offered other Office product online (Access Web Apps, Excel, Word, etc.), SharePoint and OneDrive Business.

Unfortunately, on the morning of June 30th, we discovered:

  • Delays sending and receiving emails
  • Some emails were bouncing back from recipients who couldn’t validate our Office365 Exchange Server’s SMTP (protection.outlook.com) with our domain name. That meant the Exchange SMTP server was no longer considered a trusted sender of emails from the @fmsinc.com domain.
  • Our use of the Office365 SMTP server to send emails with our Total Access Emailer product was also failing to authenticate against the server

The problems began the evening before. Needless to say, we aren’t happy about this experience which impacted us and our clients using Office365. Reports are that it affects Office365 customers across North America.

exchangeContacting Microsoft, they confirmed problems with the health of their Office365 Exchange Server. Throughout the day, problems lessened but persisted. We hope the problems are resolved soon and that we’ll understand what went wrong once we overcome the immediate crises.

These are the reports we’ve received from Microsoft. We’ll keep you updated as we learn more:


Exchange Online Service Degraded

This is what the Office365 Admin portal shows for Service Health:

Office365Issues

Office365Health


EX71628 – E-Mail and calendar access – Restoring Service

Jun 29, 2016 12:11 PM

CURRENT STATUS

Our investigation determined that an existing transport feature which is designed to expedite the delivery of email messages became degraded, which caused impact to email delivery for a subset of users. We’re bypassing the affected feature to restore service

User Impact

Users may be unable to send email messages through the Exchange Online service. Email messages may appear to be stuck in the Drafts or Outbox folders.

Scope of Impact

A few customers have reported this issue, and our analysis indicates that for most customers, it’s unlikely that many users would report impact related to this event.

  • Start Time: Thursday, June 23, 2016, at 3:00 PM UTC

Preliminary Root Cause

An existing transport feature that is designed to expedite the delivery of email messages became degraded, which caused impact to email delivery for a subset of users

EX71628 – E-Mail and calendar access – Extended recovery

Jun 30, 2016 2:18 PM

Current Status

We’ve developed an additional fix to address the underlying cause of the issue. We’re preparing to deploy the fix to the affected environment to ensure that the issue does not reoccur.

User Impact

Users may be unable to send email messages through the Exchange Online service. Email messages may appear to be stuck in the Drafts or Outbox folders.

Scope of Impact

A few customers have reported this issue, and our analysis indicates that for most customers, it’s unlikely that many users would report impact related to this event.

  • Start Time: Thursday, June 23, 2016, at 3:00 PM UTC

Preliminary Root Cause

An existing transport feature that is designed to expedite the delivery of email messages became degraded, which caused impact to email delivery for a subset of users.

Next Update by: Saturday, July 2, 2016, at 7:00 PM UTC


EX71674 – E-Mail timely delivery – Service restored

Jun 30, 2016 7:35 PM

Final Status

We’ve confirmed that the remaining message queues have now drained after implementing a configuration change to optimize message filtering.

User Impact

Users were experiencing delays when sending and receiving email messages. Affected users may have received Non-Delivery Reports (NDR) when sending email messages.

Scope of Impact

Customer reports indicated that many users likely experienced impact related to this event. Our analysis indicates that this issue may potentially have affected any of your users attempting to send or receive mail.

  • Start Time: Thursday, June 30, 2016, at 2:30 PM UTC
  • End Time: Thursday, June 30, 2016, at 11:30 PM UTC

Preliminary Root Cause

The infrastructure responsible for processing Exchange Online Protection (EOP) message filtering became degraded.

Next Steps

  • We’re analyzing performance data and trends on the affected systems to help prevent this problem from happening again.
  • We’re reviewing our code for optimizations and automated recovery options.
  • We’ll publish a post-incident report within five business days.

EX71674 – E-Mail timely delivery – Service restored

Jul 1, 2016 12:08 AM

Final Status

We’ve rolled out the fix and confirmed that service is restored. Any meeting requests created during the outage will need to have the conference room calendar removed and readded to book the room.

User Impact

Users that attempted to create a meeting request with a conference room calendar were unable to successfully book a conference room. This lead to conference rooms being booked by multiple resources.

Scope of Impact

A few customers reported this issue, and our analysis indicated that this may have affected any users attempting to use this feature.
  • Start Time: Monday, June 27, 2016, at 6:00 PM UTC
  • End Time: Friday, July 1, 2016, at 2:54 AM UTC

Preliminary Root Cause

A recent update affected the ability for calendar invite requests to successfully book conference rooms.

Next Steps

  • We’re reviewing our deployment and provisioning procedures to help prevent this kind of problem in the future.
  • We’ll publish a post-incident report within five business days.

Aug 03

Appearance on FOX Business News for Tom Brady’s Destroyed Text Messages

cavutoOn Wednesday, I was invited for a live interview with Neil Cavuto on his FOX Business News show Coast-to-Coast.

The primary issue was NFL quarterback Tom Brady’s destruction of his cellphone surrounding the Inflate-gate controversy and his recent suspension.

Prior to his hearing before the NFL, Brady physically destroyed his cellphone and was able to avoid disclosing his text messages which were suspected to contain incriminating information. The question was whether that really destroyed his text messages.

luke-fms-crop

It’s a rather interesting question because people don’t often think about how different types of communications are stored whether it’s email, text or instant messages. With our concerns over security, hacking, and privacy, it’s important to better understand how these platforms work to address the risks we face.

How Emails are Stored

Emails are always stored on a server which retains the emails even if the device that received or read the emails is destroyed. This is how emails can be retrieved from multiple devices simultaneously. Depending on the mail server’s rules, old emails generally remain available until they are permanently deleted. They also exist on the sender’s email box and any of the Cc and Bcc recipients.

3-computer-it-expert2

How Text Messages are Stored

Text Messages do not have the same permanence as emails. They exist on the sending and receiving devices until they are deleted. The phone company that transmits the text message also retains the message. At a minimum, they need to retain it until they successfully transmit it since the receiving device may be unavailable. It can take multiple attempts and multiple days before the message is transmitted.

After that, the phone company has no requirement to retain the message. The text message only exists on the sending and receiving devices.

However, some phone companies, like Verizon, offer text messages that can be read online. The messages are available online even after the message is received by the phone. That means the phone company is playing the role of a text message server. They may exist there for months, which means it remains a repository if the device is destroyed.

So if you think your text messages only exist on yours and the other party’s device, you may want to check your mobile phone provider (and that of the other party) to understand their policies.


Unfortunately, Fox did not release an online copy of the interview, so we can’t share it.

Apr 14

Microsoft Access Videos from the SharePoint Conference

Microsoft Access ProductsMicrosoft SharePointThe Microsoft Access team has released videos of their presentations at the SharePoint Conference from Las Vegas, NV.

With Access 2013, Access web solutions are hosted in SharePoint and rather than using SharePoint lists as they did in Access 2010, they use a real SQL Server database hosted in SQL Azure. The database can also be linked from desktop copies of Access to create hybrid solutions that serve both the web and Windows.

The Microsoft Access program managers presented these four sessions:

Enjoy!

Other Videos from FMS

Jun 17

Watch the Microsoft TechEd Conference Videos for Free


TechEd is Microsoft's premier conference for IT professionals and developers. The sold-out conference took place in Orlando, Florida last week.

If you didn't attend, you can still watch many of the videos from the conference, including the keynotes and other highlights from each day. Visit the TechEd web site and click the "On Demand" tab to learn about the latest in Microsoft technology.

The announcements this year are stunning with huge advances in Azure, Visual Studio .NET, SkyDrive, LightSwitch, Virtual Machines, and more.