Security-Related Re- port #56 Starts on Page 19

Transcription

ISSN 1061-5725
Volume 32, No. 7
July2014
www.ucs.org
UI Project—Article
3: UI Cash and Fiduciary Reporting : Pages 22 to 26
Security-Related Report #56
Back to the Future
Part 3
Starts On Page 5
Product Review
Microsoft Surface
Pro 3 Laptop/Tablet
Starts on Page 19
LET US ALL GIVE THANKS THIS DAY FOR OUR
FREEDOM - PAID FOR IN THE BLOOD OF OUR
PAST AND SERVING SERVICEMEN AND WOMEN!
Page 2
UTAH COMPUTER SOCIETY—BLUE CHIPS MAGAZINE
June 2014, I visited several sites dealing with the
growth of the USA. Especially I learned more of
the Discovery Corps, also known as the Lewis &
Clark expedition. Between May 1804 and September 1806, 31 men, one woman, and a baby
traveled more than 2,000 miles from the plains of
the Mississippi River to the shores of the Pacific
Ocean. They called themselves the Corps of Discovery. Their goal was to find a water route to the
Pacific Ocean. They drafted maps, collected samples, and documented their experiences in a major
core of the newly acquired Louisiana Purchase.
From their efforts came the famous Oregon Trail.
The maps drawn covering their 2,000+ mile journey compared to modern technology were off in
scale by about 40 miles!
John C. Frémont about 35 year later, armed with
the Discovery Corp maps, and knowledge from
the fur trapper/traders, lead 3 expeditions which
documented the South Pass (Wyoming) connection to the Oregon Trail, the north passage over
the Great Salt Lake and the trail through the Sierras to California. This information now opened
the West to the young USA for expansion, and
began the migration west. Discovery in the late
1840's of gold in California, lead to the rush of
people seeking wealth and new homes.
Those explorers made it possible for many hundreds of thousands to move to new hopes, lives,
and homes. This was where a few lead the greater
numbers to the future! So to those early peoples,
with little information and mostly primitive resources, we who live now offer thanks for the nation that arose.
This brings to mind the fact that during the 1970's
there were a few individuals who had a dream of
creating the personal computer. The PC was to be
something different from what existed then. Large
July 2014
computers with multiple input output devices were
expensive and required space and large teams of
people to design, create, program, and operate.
Unlike the unfulfilled dream of the 1700's and
1800's to find a water passage way through to the
Pacific Ocean; the PC explorers were not dreaming
of a non-existent passage, but realities to be invented or developed, then marketed and consumerized.
Some names to be remembered include: Steve Jobs
(Apple); Philippe Kahn (Borland); Bill Gates
(Microsoft); Linus Torvalds (Linux open-source);
Edward Feigenbaum (Artificial Intelligence); Edward J. McCluskey (algorithm for logic synthesis);
Robert W. Bemer (variant character sets); Vernon
L. Schatz & Barney Oldfield (EFT & banking system applications); Robert E. Kahn (TCP/IP protocols); Thomas E. Kurtz, Nicklaus E. Wirth, John
G. Kemeny, John McCarthy, & Alan Perlis
(computer languages); Bob O. Evans & Ivan Sutherland (compatible computers & graphics); David
J. Wheeler (assembly language programming); and
Arthur Burks & Jeffrey Chuan Chu (electronic
computer logic design). And so many more.
http://www.computer.org/portal/web/awards/
pioneer
Also, I wish to pay tribute to the many individuals
who served over the years to bring personal computing to others. Some of these early 1970's groups
still meet - such as some Atari groups. No matter
the focus though, it has been the explorer pioneers
who made user groups the place to go to have
someone help. Eventually, the internet has replaced many functions, such as new products,
demonstrations, and recent changes. But the personal hands-on experience remains for many people the real value of the personal computer user
group. To all those who have donated freely their
time and other resources, I thank you!
July 2014
Page 3
a 501(c)(3) Educational corporation
Magazine Staff
Editor
Promoting computer technology via
publication and presentations
— James Alexander 801-250-2269
Review Editor/
Security & Technology Reporter
Assistant Editor
— Don Nendell (801) 613-1619
Other Staff: Bob Beaudoin;
Permission to Copy
Permission is granted to other nonprofit PC user groups to reproduce any
article published in this newsletter, provided credit is given Blue Chips Magazine and the author (s) of the reproduced materials. Reprinted articles are
subject to the terms of their respective copyright holders.
BCM Business
James Alexander 801 250-2269
Submissions
Contributors are encouraged to submit text articles for publication in ASCII
text only. Photos in .TIF or .JPG format only. Line graphics, tables, in almost any vector or .TIF format. Do not
imbed graphics or tables in text files.
All articles must be received by the 25th of the month preceding
the month of publication. All articles become the property of the
Utah Computer Society, Inc. and by submitting an article, the author gives permission for the Blue Chips Magazine Staff to edit the
submission. The author also gives permission for republication in
other users groups’ communications.
Reader comments are appreciated, but the editorial staff reserve the right to
assure the publication is constructive and educational to our readers.
Pig Sig Summer Picnic When: Wed Jul 9, 2014 6:30pm – 8:30pm MST
Contact Bob Beaudoin at: http://ucs.org/rsvp.php
DEAR ABBY: At 2 p.m., July Fourth, I would love nothing better than for all Americans to stop briefly and give our
country a ring ... well, THREE rings to be exact.
On July 4, 1963, President John F. Kennedy proclaimed the ringing of bells nationwide with the words, "Let's ring
freedom bells!" I was a White House aide then, and I vividly recall how exciting it was when bells rang across the
nation coast to coast. Since then, many Americans have forgotten to keep the tradition going. From one American
to another, I ask all citizens to help me revive the ringing of bells at 2 p.m. this July Fourth in celebration of the
adoption of the Declaration of Independence. It's easy. Ring a bell, shake your keys, tap a glass or find a bellringing app on your smartphone. It will give our country a much-needed sense of unity and connection to our past
as one nation, one people.
Please, Abby, make your millions of readers aware of this effort. As inscribed on the Liberty Bell, "Let us proclaim
liberty throughout the land unto all the inhabitants thereof." -- CARMELLA LASPADA, FOUNDER, NO GREATER
LOVE
DEAR CARMELLA: I'm glad to help. I agree that shared traditions are the glue that binds us together as a nation.
So readers, on July Fourth, take a moment to quietly reflect on what this holiday is all about. Then make a joyful
noise and thank God for his blessings on our country and the freedoms we enjoy today. That's the American spirit!
- http://www.uexpress.com/dearabby/2014/6/30/let-freedom-ring-from-coast-to
Page 44
Page
UTAH
COMPUTER
SOCIETY—BLUE
CHIPS
MAGAZINE
July2013
2014
December
UTAH
COMPUTER
SOCIETY—BLUE
CHIPS
MAGAZINE
Back to the Future! Part 3
It’s Time to Talk Again About Individual Security, But First, These Words...
Security-Related Report #56
Oh Say Can You See? I Can, and So Will You!
By Don Nendell
Three score and 3 years ago our Blue Chip forefathers
brought forth this award winning Blue Chip Magazine. Today as I write this (06-25-14) we embark on yet another
epic journey into unchartered, turbulent waters, mostly
unknown to our beloved Country - the Land of the Free,
Home of the Brave. An historic moment for a relatively inauspicious publication, but then, we do this for love - love of
country, love of community, and love of computer literacy,
but not necessarily in that order. Donald Nendell, Assistant
Editor
Dear Reader,
“If you are reading this in a non-PDF format, you are missing a
large part of the whole Report/Review 1 & 2. You should, therefore, stop reading and immediately follow the steps outlined in
the Footnotes 1 & 2 below. Which BTW are:
1. If you are reading this Report/Review from directly off of an
Internet search, you could very well be seeing it in HTML (or
Text) format. Yuk! There are No Graphics in those two (2)
formats! To see all the beautiful Graphics in this Report/
Review - the ones that we’ve worked so very hard to entertain
you with - you will need to follow the procedures outlined in 2
below. Enjoy! Again, our web page is: (www.ucs.org).
2. See the actual Reports/Reviews in the Blue Chips Magazine (BCM) Archives (i.e., begin your search on the lefthand side of the web page) at: www.ucs.org.
Note. Always choose the top option, i.e., PDF format for its
beauty.
First things first: As per usual, this Report is lovingly
dedicated to my beloved wife of over 27 ½ years,
Donna, my one and only, my Super-hero, Superstar, Confidante and Everything, who passed away over 18
months ago on 10/16/12! So sad… RIP My Beautiful
Lover and - As she was Then, and so she is Now, “A Sequestered Heavenly Angel...”
3. It’s really been working and I am going to continue presenting the News and Views to you in an entirely different format
than I’ve used in these past 16-17 years I’ve been doing these
Reviews/Security-Related Reports for you. Once again I will
list the URL’s and Titles of all of the articles/topics/videos I’ve
researched for this S-R, and then some, whether I’ve actually
used them in this Report, or not, that I had intended to present
to you herein this month. Caveat. As in the past few months it’s
just a “Wee” bit different again this month, however. Most
URL’s are now embedded inside the article they support. Otherwise, the remainder of the URL’s, just like we’ve previously
been doing will appear as Footnotes 5 (i.e., URL) or 6 (i.e.,
Video) and each will be designated #X), where X is the order in
which it appears in the actual Footnote 5 or 6, respectively. In
this way you can (cherry) pick them to your heart’s content.
Here’s how: Place your curser on the actual colored URL in the
article and while holding the CTRL button, left mouse click,
and viola (or, as is necessary in some cases, alternatively highlighting it, i.e., between the parentheses, copying it and pasting
it in your Browser Search Window). In this way, you can also
choose which one(s) appeal(s) to your sense of urgency, personal and/or security-related interest, and thenceforth follow
the same procedure(s) I would go through (i.e., if you so desire?) so as to bring it/them to life, and thus sh[r]ed (pun intended) greater illumination on the subject for you as it appears
here in this BCM. So, sit back, relax and enjoy! BUT ALSO
PLEASE BE ADVISED THIS PARTICULAR DIATRIBE STARTED
28 ISSUES BACK AND IT BEGAN WITH A HUGE , HUGE BANG!
Cliff Millward—1933-2013
We also dedicate this Report to our beloved, longtime
friend, associate, former military comrade, and coincidently enough, the former Editor of BCM, Clifford “Cliff”
Millward (1933-2013). Cliff, we’ve all picked up the
gauntlet and carried on your masterful work in your
name, especially James Alexander, our new editor, myself, and Bob Beaudoin, our SYSOP. RIP Cliff!
*
* PS. ID THEFT, TOO!
July 2014
Page 5
What a Difficult Month This Has Been for Yours Truly
Prelude
Way back in May - it
seems more like a year it was merely a HUGE
piñata 32 full of e-mails
that was troubling me.
That was a piece of cake
compared to what I’ve
been faced with this
month 4. Note. You
really ought to see
what that Footnote
stands for, folks? I’ve
re-earned my stripes,
or badge, or medal,
whatever they give
now-a-days, and then
some, just getting this far in the Magazine - and we’re
not even started yet… Not being sacrilegious, or anything, far from it, I’ve never been more serious Please say a prayer for me, folks I’m really going to
need it this time. OK?
Introduction
Have a happy 4th of
July everyone, before I
forget; as I’m really out
here in the cold and I’m
standing, the sign says,
right between a “Rock
and a Hard Place” just
about now and, and,
OMG I just looked over
my shoulder and saw the
“Danger Quicksand”
sign? Well, that pretty
well tells it like it is for me
right about now… Maybe
I had better explain myself and how I got to this
point of seemingly, “No
Return?”
The Straight Scoop from Group
Have you ever had a
day (and/or even
days?) where it felt like
they were described
perfectly in the first
sentence of the novel,
"1984" by George Orwell? You know, those
kinds of days that described your life at that
moment to a "T," the
kind like, "There's
'trouble' in River City...
and that starts with a
capital "T?" For your
edification, 1984 starts
out, "It was a bright
cold day in April, and the clocks were striking 13."
At this minute I feel
exactly like what
Steven Wright, a
comedian who specializes in deadpan
delivery, once said.
"Right now I'm having amnesia and
Deja vu at the same
time." I'm so frustrated if you
stepped on my toe I'd honk. Actually I'd cry, because I
stubbed my big toe a couple of days ago and
"completely yanked off" my acrylic nail - I've got diabetes
and lost both big toenails; each replaced with acrylic
nails, you see? Wait, there's lots more, believe you me.
I've lost so many hard drives (HD’s, both internal and
external, plus USB Flash Drives) recently that they probably have a special place reserved just for my “Stuff” at
the city dump? One of them, just for good measure,
couldn't even be "found in the Fry's computer system
data base," too; and I bought it there? It's so bad truthfully I don't even know where to start. I'll just have to
ramble on as per usual, I guess?
Remember my by-line is HIAWC? 4 Now
it's plural, no longer singular. An example, right this minute, is that I just lost the
HD I was saving this to, God’s witness,
and have to use a USB Flash Drive as an
emergency backup for the time being
until I figure out what just happened to
me? It just up and disappeared exactly
like all the rest have been doing the past
few months or so... Then, too, another
external HD just popped up out of nowhere, and it hadn't been working for the
past few days? I guess I hadn't shut it off,
or something and it finally decided it
wanted back in the game (someone is
playing, BTW)? Shucks, even my cable
TV in the front room, while listening to
Pandora Radio, is stuttering like it's
freezing down here in Vegas, or something? The craziest thing(s) is/are going
on around here right now and they're
getting worse by the
day it seems? It's just
a coincidence, I suppose? (Not!) that at
this moment I'm doing research on the
NSA for this month's
article, again, I suppose? Ever since
1995 they have been
watching me like a
hawk because of my
IT (see below), as a
“Person of interest,”
and just recently
they've gotten a little
bolder in their antics.
Page 6
July 2014
What a Difficult Month This Has Been, But Onward & Upward
(Wow! The Pandora Radio just stuttered like a machine gun just as I was writing this - how's that for
coincidence? Not!) I'll leave that one for a later date...
How about this? I'm having to run between my office
and Donna's office and using at least three (3) different PC's and two (2) different printers just to get this
magazine to you this month. I'd say it was fun, but it's
certainly been an awful lot more antagonistic now
than the past 4-6 months have been, I can assure you
of that. It seems to be getting worse, too? For instance, I have taken three (3) desktop PC's to the repair shop and had each and every one of them completely restored in the past 6 months, and now it looks
like I may have another one to fight, too? The funny
thing is, I initially take them to the computer shop and
there they have worked perfectly; but strangely
enough, not here in this house? Then, for no reason,
they and USB Flash Drives (UFB's) just up and die on
me on a moment’s notice. Strange, to say the least, I
think you'd certainly have to agree?
Here's what's more strange. I have been backing up
my HD's with Acronis True Image religiously and
amazingly I can't get a single one of those backups to
work? Not a single one? That's why I have to take
them all to the shop, you see? Here's what is even
funnier, I've never, not ever in 30 years of computing
even, been able to restore a single file from one of my
backups (See graphic for the latest episode).
I simply have to take a break right now - got to get some
sleep once in a while - and truth be known, I'm actually
afraid to turn this PC I'm working on right now off because: 1) It's Saturday night (actually Sunday morning
and it's 2:00 A.M.); 2) It gave me a Black Screen of Death
(3X yesterday) WITH ONLY A CURSOR BLINKING AND
STARRING (maybe even LAUGHING?) OUT AT ME; and
3) I need to have the house exorcised real soon, Ya
think? Time Out!
Argh! I was so out of it
that I accidently shut
the stupid thing off
without even thinking.
Luckily it only took
about a half hour, or
so, but then who’s
counting, to re-boot in
the morning, but it
certainly was touch and go there for a little while. Whew!
FYI I had to locate and then transfer the data from a
whole host of External HD's and UFB's and bring them
together just to get this far. I don't know what to say or
think it's so confusing right now? Oh well, Rome wasn't
built in a day and neither can this Magazine be put together in a day either... So onward we slog. Prayers are
greatly appreciated about now?
July 2014
Page 7
Back to the Future, Part 3 (Déjà vu All Over Again!)
Déjà vu All Over Again!
Every month, month in and month out, I collect a pile
of newspaper clippings to sort through and pick out
which only a choice few are worthy enough of being
included in that particular month's BCM. Those piles
are invariably 1-4" thick, believe it or not? Every single item I save is truly worthy, but limited magazine
space and time dictate that only the Hallmark ones,
where we care enough to send the very best to you,
make it to these pages. What does all this mean? It
means that things have generally not changed in the
17 years I've been doing these Reports and /Reviews.
It's always, "Deja vu all over again" as Yogi Berra
would say. If anything has changed, and they certainly have, then it's only been for the worse, and it's
been all downhill ever since I heard a top DOD representative boldly proclaim in a Keynote speech to the
Black Hat 2000 audience: "The hackers have won!"
I've been attending Def Con's and Black Hat's for over
15 years now and writing all about it, and I can't do
anything but to agree wholeheartedly. This month, at
the end of the month, is Black Hat USA 2014, followed immediately thereafter by Def Con 22 (2014), is
definitely no different - you'd expect anything less
(See below)? For example:
(Update) The closest "thing" to warning us "The Big One
is Coming," so far (See also Gen. Alexander's 16 Update
below): "Right now, Web attackers are amassing a global
arsenal of knowledge and resources that is allowing
them to expanding (sic) their reach well beyond financial
services to virtually every industry, everywhere. Fueled
by a fast-growing, well-organized threat marketplace,
offering exorbitant salaries (and even employee benefits)
to a critical but limited talent pool, attackers have created
a powerful threat ecosystem with global reach and visibility." - Anna Jurgowski, SC Magazine vendor webcasts
(Then extrapolate "The Big One is Coming," to Cyber
warfare ala Bruce Schneier 15 (CTO, Co3 Systems, Inc.
[email protected], http://www.schneier.com) as he
discusses in his latest CRYPTO-GRAM, June 15, 2014‫‏‬an
article entitled: Disclosing vs. Hoarding Vulnerabilities (a
critical must read at: (http://www.theatlantic.com/
technology/archive/2014/05/should-hackers-fixcybersecurity-holes-or-exploit-them/371197/ or http://
tinyurl.com/plv9gdf).
While you're there continue on reading with his article:
The NSA is Not Made of Magic at: (http://
www.schneier.com/crypto-gram-1406.html)
A "potpourri" of Security-Related News Worth Noting
Chinese Android phone has built-in spyware by Danielle
Walker, Reporter, SC Magazine, June 18, 2014. A low-cost
version of the Samsung Galaxy S4 smartphone, called the
Star N9500, may have saved consumers a few bucks – but
didn't spare them of malware, which came built in the phone.
On Monday, a security firm in Germany, G Data, revealed
Page 8
July 2014
that the Android phone, which was manufactured in
China, contained a Trojan called, “Uupay.D.” To the unsuspecting user, the data-stealing malware looks like a
Google Play Store app. According to G Data, users can
not uninstall the malicious app, as it is “integrated into the
firmware of the device,” a company blog post said. Worse
yet, the phone is reportedly sold through popular online
retailers, like Amazon and eBay. Among the data vulnerable to the spyware are emails, text messages and banking details stored or inputted by mobile users. In addition,
phone conversations could also be picked up by the
“extensive espionage program,” G Data warned (Source:
http://www.scmagazine.com/chinese-android-phone-hasbuilt-in-spyware/article/356493/?DCMP=EMCSCUS_Newswire&spMailingID=8845271&spUserID=MjI5
OTI4MjMxMAS2&spJobID=321612585&spReportId=MzIx
NjEyNTg1S0).
Comment: And to think I was about to buy one, yes,
the same Samsung Galaxy S4 smartphone, upon a
salesperson's recommendation, not three (3) days
ago at Fry's. FYI I had to throw away mine and
Donna's cute "little"
Kiu tablets, the same
ones we got a couple
of years ago from the
club, because their
batteries wouldn't
hold a charge (Did you
know that those batteries cost virtually as
much as a brand new
Android tablet?) - So
sadly they simply had
to go... The reason I
needed a new tablet is
because my very first licensee has a "new" Beta release out and I needed to test it out for him ASAP.
BTW it's going to be a barnburner, you can count on
it. More on that in the next couple of months.
Get this: A strange coincidence occurred at Fry's during the
purchase of my new Lenovo 10" tablet (w/ detachable keyboard) - a real beauty BTW. As I walked by the Microsoft representative in the store at the time demonstrating the brand
new Microsoft 12" Surface Pro 3 laptop/tablet with Windows
8.1 installed, I stopped to
listen to his spiel. They both
were really great, i.e., the
salesman and the new
shinny PC. I thought that if
my new licensee had a Windows version of the new
APP I was Beta testing, I
certainly would have bought
one of those little beauties to
test it on. It was priced quite nice. I then got the really brilliant
idea of writing a Review on it somehow, someway, come
hook or crook? Long story, short story, I've actually talked
that "neat" representative, whose name BTW is, Kerry Lehto,
a 20+ year Microsoft rep, into sending me enough material/
data to actually do that Review for you this month; "hot diggity dog," as Jedd Clappitt would say 8 (See page 19 for
that Review). Back to the Future, i.e., news of the month.
SMBs continue to use XP,
face greater security risk
by Teri Robinson, Associate
Editor, SC Magazine, June
18, 2014. Microsoft may
have ended support for Windows XP in April, but 18
percent of small and medium-sized businesses
(SMBs) still use the operating system and face security
risks, according to research
from antivirus software provider Bitdefender. After conducting research from March
to May 2014 on 5,000 companies in the U.K., the U.S., Spain,
Germany and other countries, Bitdefender found 53 percent
of the companies had upgraded to Windows 7 Professional.
But with malware on the rise - one web marketing business
reviewed had to fend off more than 800 million malware attacks - and more employees working remotely - 37 percent SMBs using XP are at risk. Microsoft no longer offers new
security updates, non-security hotfixes, free or paid assisted
support options or online technical content updates for XP,
though the company did recently release an unscheduled
zero-day patch for Internet Explorer that benefited the operating system (Source: http://www.scmagazine.com/smbscontinue-to-use-xp-face-greater-security-risk/article/356357/?
DCMP=EMCSCUS_Newswire&spMailingID=8845271&spUserID=MjI5OTI
4MjMxMAS2&spJobID=321612585&spReportId=MzIxNjEyNT
g1S0). Comment. That may well be, but my XP has just
saved my bacon, folks. I’m to this point in this Report all
because it worked, and the two (2) Win 7 Pro PC’s were/
still are all framused up (See above). BTW Walk a mile in
my moccasins and then we a\l can converse on equal
terms. Until then, you’re just going to have to take my
word for this debacle I’m fighting through, as we speak.
And, don’t forget, we’re not out of the woods, yet? BALS
July 2014
Page 9
(Update) New Zbot malware campaign discovered by researchers by
Marcos Colón, Online Editor, SC Magazine, June
18, 2014, A new malware
campaign spreading the
Zeus Trojan via phishing
messages was discovered by researchers early Wednesday. AppRiver, an email messaging and web security solutions firm, told SCMagazine.com on Wednesday that it
had quarantined 400,000 messages so far – a number
that had jumped up from 40,000 just earlier in the day.
The malicious emails claim to be daily customer statements from “Berkeley Futures Limited,” a real company
being imitated by miscreants, according to a blog post by
Jonathan French, security analyst at AppRiver. Each message includes a password protected, encrypted ZIP file
that helps the attachment get past anti-virus detection,
and also may lead users into thinking the message is secure. However, the password is included in the body of
the email, something that Fred Touchette, senior security
analyst at AppRiver, believes should serve as a warning
to recipients.... Considered one of the most prevalent Trojans in the threat landscape, the many variants of Zeus
utilize key loggers and
other features to tinker
with a machine's security
settings and monitor
what a user types into
their machine.... Although the tactics in this
campaign aren't entirely
new, Touchette warns
users to pay attention to
the contents of the email,
especially if an attachment is password protected and includes the
password within the
email (Source: http://
www.scmagazine.com/new-zbot-malware-campaigndiscovered-by-researchers/article/356485/?DCMP=EMCSCUS_Newswire&spMailingID=8845271&spUserID=MjI5
OTI4MjMxMAS2&spJobID=321612585&spReportId=MzIx
NjEyNTg1S0).
(Update) Re. My Criticism of Gen. Alexander's 16 Lies in
Black Hat 2013 Keynote, et al. (See my article about his
lies in the September 2013 BCM 1,2 & 13, plus see also my
Comment below). OKI, let’s see what he's up to now because he is undoubtedly the most knowledgeable security man in the universe right about now?
Alexander: Cyber Security Pros Face Uphill Battle: Former NSA chief says rapid growth of data, malware will
challenge security teams in coming years by Tim Wilson,
Dark Reading, June 26, 2014. WASHINGTON -- Gartner
Security & Risk Management Summit 2014 -- Former National Security Agency Director Keith Alexander says security
professionals have their work cut out for them in the days
ahead. Shedding his customary uniform for an everyday suit
and tie, the former general -- who retired last month and is
now hanging out a shingle as a security consultant -- offered
a wide range of views in a keynote presentation here. The
gist: Data and malware are growing at rates so fast that it will
be difficult for any security organization to keep up.
"In the coming year, it's estimated that we will create approximately 3.5 zetabytes of unique data -- that's more information
than humans have produced in the last 5,000 years combined," Alexander said. "New technology is doubling every
year. The top ten most in-demand jobs in 2013 were all jobs
that didn't exist in 2004. "So what we're doing right now is
preparing students for jobs that don't yet exist, using technology that hasn't yet been invented, and facing problems that
we don't know about yet. It's a huge challenge," he said.
At the same time, malware is growing at a corresponding
rate, the former NSA director said. He recalled a recent partnership between the NSA and the Department of Defense in
which the organizations uncovered 1,500 pieces of malware
on US secret networks. "What causes me the greatest concern is what might happen if our nation was hit by a destructive cyber-attack," Alexander said, noting that most of the
country's critical networks are operated by private industry. "If
[a destructive attack] hit one of our Wall Street banks, the
monetary damage could be in the trillions of dollars. We're
not ready." He called for more cooperation across agencies,
and across government and private industry. Not surprisingly,
Alexander also condemned recent "media leaks" -- he never
mentioned Edward Snowden by name -- and said that they
have contributed to recent physical attacks and an increase in
deaths in places such as Iraq and Afghanistan. "The situation
isn't getting better, it's getting worse," he said.
Even less surprisingly, Alexander defended the actions of the
NSA in its intelligence-gathering and surveillance activities.
He pointed to three recent investigations - including one
headed by ACLU investigator Jeff Stone - which all indicate
that the NSA is acting according to law. "The NSA is not authorized to do something without a court order describing how
to do it," Alexander said. "If you have a problem with what
the NSA is doing, it's probably not with the NSA itself,
but with what they've been asked to do." [My emphasis]
My Comment: "He was a soldier then and did what he
was ordered to do... He could say nothing less, or nothing more for that matter!" However, nothing’s changed,
or so it would seem? But then, how can he actually? ;-}]
Page 10
July 2014
Google, Facebook Warn
NSA Bill Wouldn't Stop
Mass Surveillance: Several powerful tech companies join a chorus of
privacy groups withdrawing support for the
USA Freedom Act which the House will
vote on Thursday by
Dustin Volz, NationalJournal, May 21, 2014. A day before the House will vote
on a major bill designed to rein in government surveillance, a group of blue-chip tech firms are warning that the
measure falls far short of what is advertised. The Reform
Government Surveillance coalition - whose members include Google, Facebook, Microsoft, AOL, Apple, Twitter,
LinkedIn, DropBox, and Yahoo - issued a statement
Wednesday announcing it was pulling its support of the
USA Freedom Act. The legislation would take the storage
of phone records out of government hands and keep them
with phone companies. But newly amended language in
the bill has "moved in the wrong direction" of true surveillance reforms, the tech companies said. "The latest draft
opens up an unacceptable loophole that could enable the
bulk collection of Internet users' data," the coalition said.
"While it makes important progress, we cannot support
this bill as currently drafted and urge Congress to close
this loophole to ensure meaningful reform." (Source:
http://www.nationaljournal.com/tech/google-facebookwarn-nsa-bill-wouldn-t-stop-mass-surveillance-20140521).
Comment. This would have been the most important
piece of news for us in a very long time [in coming]. However, It’s just a lot of hot air, so far.
A Measurement Study of Google Play. A recent scan of the
Google Play market (See below) found that Android apps
contained thousands of secret authentication keys that could
be maliciously used to access private cloud accounts on
Amazon or compromise end-user profiles on Facebook, Twitter, and a half-dozen other services.
The finding is the result of PlayDrone, a system that uses a
variety of hacking techniques to bypass security measures
intended to prevent third parties from crawling Google Play.
The brainchild of computer scientists at Columbia University,
PlayDrone comprehensively indexed Play contents,
downloaded more than 1.1 million apps, and decompiled
more than 880,000 of them. It is believed to be the first largescale measurement of the sprawling Google marketplace,
which offers more than one million apps and has fostered 50
billion app downloads to date.
One of the most surprising observations PlayDrone made
was that many apps contain secret authentication keys that
can compromise accounts belonging to both developers and
end users....
Two House Committees approve bill to end mass NSA
surveillance by: John Wagley, GSN: Government Security News, May 9, 2014. The House Intelligence Committee approved the USA Freedom Act Thursday, a bill that
would put far greater restrictions on how the National Security Agency is able to collect and analyze Americans’
phone records. The approval comes about a year after
former NSA contractor Edward Snowden first brought the
surveillance program to light. The approval, by voice vote
in a closed session, comes just a day after the House
Judiciary Committee voted 32-0 in its favor. The Intelligence Committee decided to vote on the USA Freedom
Act instead of its own, competing bill, which some said did
not go far enough to curtail surveillance activities. (Source:
http://www.gsnmagazine.com/article/41150/
two_house_committees_approve_bill_end_mass_nsa_sur).
The Columbia University researchers' academic paper released this week focused on apps found in Google Play during a single day in June 2013. Given the response from Amazon and other affected services, it's likely that most or all of
that improperly embedded information has been removed.
But it's also possible that additional secret keys have subsequently been put into apps that have been published or updated since the 2013 snapshot was taken.
PlayDrone uncovered other interesting facts about Google
Play. For instance, a small percentage of free apps account
for almost all downloads. The crawler also found that a quarter of Google Play contains "duplicative application content."
Now that the research has become public knowledge, it will
be worth watching to see if Google Play will include changes
that prevent it from being crawled by PlayDrone or similar
engines (Source: http://www.cs.columbia.edu/~nieh/pubs/
sigmetrics2014_playdrone.pdf).
July 2014
Page 11
Back to the Future, Part 3 (Pretty Near Déjà vu All Over Again!)
NOTEWORTHY
NOTEWORTHY
THIS COULD BE CLOSE TO #1 IN REALITY
Page 12
July 2014
Back to Our Back to the Future, Part 3 (Déjà vu All Over Again!)
ago this month, Americans learned that their government was
engaged in secret dragnet surveillance, which contradicted
years of assurances to the contrary from senior government
officials and intelligence leaders. On this anniversary, it is
more important than ever to let Congress and the administration know that Americans will reject half-measures that could
still allow the government to collect millions of Americans'
records without any individual suspicion or evidence of
wrongdoing.
A Couple More “Things” Before Signing Off
1. Unsafe cookies leave WordPress accounts open to
hijacking, 2-factor bypass. Ars Technica. "Memo to
anyone who logs in to a WordPress-hosted blog from a
public Wi-Fi connection or other unsecured network: It's
trivial for the script kiddie a few tables down to hijack your
site even if it's protected by two-factor authentication. Yan
Zhu, a staff technologist at the Electronic Frontier Foundation, came to that determination after noticing that WordPress servers send a key browser cookie in plain text,
rather than encrypting it, as long mandated by widely accepted security practices." (Source: http://
arstechnica.com/security/2014/05/unsafe-cookies-leavewordpress-accounts-open-to-hijacking-2-factor-bypass/).
2. 1-Year After a "Landmark" Security Event (Sorry,
No Wringer This Time, It's Not the Big One, yet). Give
Snowden his due: He made a surveillance debate possible by Michael McGough, LA Times, July 31, 2014.
They call it the “Snowden effect.” Whatever you think of
fugitive former National Security Agency consultant Edward J. Snowden - hero, traitor, something in between his revelations about electronic surveillance programs
have inspired a debate about broad questions of policy
that was impossible because of the secrecy that enshrouded the programs themselves and their legal rationale. And that debate in turn has prompted defenders of
the program to acknowledge that it can be reformed (See
below) (http://www.latimes.com/opinion/opinion-la/la-olnsa-leaks-snowden-20130731-story.html).
3. LA Times Op-Ed Ron Wyden, Mark Udall and Rand
Paul: How to end the NSA dragnet by Ron Wyden, Mark
Udall and Rand Paul, LA Times, June 16, 2014. A year
It is time to end the dragnet
- and to affirm that we can
keep our nation secure
without trampling on and
abandoning Americans'
constitutional rights. For
years, in both statements to
the public and open testimony before the House and
Senate, senior government
officials claimed that domestic surveillance was narrow in
focus and limited in scope. But in June 2013, Americans
learned through leaked classified documents that these
claims bore little resemblance to reality. In fact, the NSA has
been relying on a secret interpretation of the USA Patriot Act
to vacuum up the phone records of millions of law-abiding
citizens. Under a separate program, intelligence agencies are
using a loophole in the law to read some Americans' emails
without ever getting a warrant.
Dragnet surveillance was
approved by a secret court
that normally hears only the
government's side of major
cases. It had been debated
only in a few secret congressional committee hearings, and many members of
Congress were entirely unaware (of) it. When laws like
the Patriot Act were reauthorized, a vocal minority of senators
and representatives - including the three of us - objected, but
the secrecy surrounding these programs made it difficult to
mobilize public support. And yet, it was inevitable that mass
surveillance and warrantless searches would eventually be
exposed. When the plain text of the law differs so dramatically from how it is interpreted and applied, in effect creating
a body of secret law, it simply isn't sustainable. So when the
programs' existence became public last summer, huge numbers of Americans were justifiably stunned and angry at how
they had been misled and by the degree to which their privacy rights had been routinely violated. Inflated claims about
the program's value have burst under public scrutiny, and
there is now a groundswell of public support for reform. Benjamin Franklin once warned that a society that trades essential liberties for short-term security risks losing both. That is
still true today, and even the staunchest defenders of mass
surveillance concede that reforms are inevitable. The debate
over exactly what reforms should be made is likely to continue for at least the next few years as Americans continue to
learn about the scale of ongoing government surveillance
activities (Source: http://www.latimes.com/opinion/op-ed/la-oe
-wyden-nsa-surveillance-20140617-story.html).
July 2014
Page 13
Back to the Future, Part 3 (Pretty Near Déjà vu All Over Again!)
And in Conclusion
While doing my daily
ritual of "hanging upside
down" on my Relax-theBack inversion table I
had time to ponder (I do
this invariably day-in-dayout 24/7/365) - on this
occasion - the question of
"Why Edward Snowden
wasn't eliminated by
Black Ops teams before
he got to ~" (fill in the
blank for yourself here)?
Or, more specifically,
"How did he ever make it to Russia, of all places?"
Caveat. I'm not a conspiracy theorist, but I've begun to
study (and document) all the "incredibly strange happenings" in and around my life since I discovered in 1995
(and patented) the answer to the 4000 year-old problem of
Secret Key Exchange. That's a long time and an awful
lot of unanswered questions, believe you me. Remember
my byline is "Happiness is a working computer" (HIAWC)?
4
I've always attributed it to my military service, but now...
I'M NOT ALTOGETHER TOO SURE ABOUT "ALL THIS
STRANGE PHENOMENA ‘STUFF’?" You have to wonder yourself about all these strange things I report to
you here in BCM, don't you; and that's not even the tip
of the iceberg? True statement.
I have only intuited and hinted here in BCM “what I have
been feeling, plus all these strange happenings to me" for
a very, very long time now (See graphic below for the
“best one to date”). Anyway, today after my usual routine, I finally had another "epiphany” and did a Google
search on "Black Ops and Edward Snowden?" As a
result, a few of the possible answers to my long sought
after questions are now starting to come to light.
Wow! Talk about an eye
opening? I've only been
writing about "The Big
One Coming" for 29
months now, and some
of this kind of fits together after this morning's search, finally. A
snippet of what I've uncovered scares me now
more than ever. FYI I've
told many people that
"I'd be the luckiest man alive just to see the light of day
each day I wake up!" True. I'm not making any claims or
suppositions, or anything, all this merely follows all the
strange phenomena that happens to me personally day in
and day out. Also, a potential, albeit strange, but aren't we
talking strange here, answer to "Why Me, Lord?” Why do
all these computer problems happen “SEEMINGLY” only
to me?" "What is going on in my life that has exacerbated
all this, and is growing daily, plus it is also, strangely
enough, transferred onto the preponderance of all of my
close friends/acquaintances/contacts?" They, too, have reported to me strange things are happening to them now, as
well?
Now, go back and look at just a few of my trials and tribulations I've shared with you here in past BCM’s, and when put
together, you might scratch your head, too? "Am I loony and
the only one this sort of nonsense is happening to?" Again,
"Why Me, Lord?"
Take for instance the "Huge catastrophic" troubles I've been
having and sharing with you this month alone: 1) The sudden
"catastrophic loss" of a "complete partition of 'critical' SR material" - yet leaving the adjoining "relatively harmless"
partition on the external HD completely unharmed - just this
month alone (See above)?; 2) The sudden, unexpected
"Blue screen of death" on Donna's "slowly dying" desktop,
only to return to life a few days later, for no apparent reason? BTW I'm writing this on her PC right now, how 'bout
them apples?; 3) Having to go between three (3) PC's and
two (2) printers to get this to you this month alone, all because of these unexplained, sudden problems?; and 4)
There's lots, lots more! True story!
Now take a look at just one of those findings from my search
this morning: "Author of book on Snowden's NSA files reveals
his work started to 'self-delete’ before his eyes even as he
wrote it. Author Luke Harding claims his work 'self-deleted' in
front of his eyes while he was writing on the link between
NSA and Silicon Valley. Harding still doesn't know what, or
who, was responsible" - Dailymail.com.uk. Then, too, check
out: NSA hacks into a Writer's Computer After He Starts
Writing Book About the Agency written by James F. Marino. BTW Luke Harding's book is entitled: "The Snowden
Files," and has received a number of positive reviews in regard to its accuracy, and can be purchased on Amazon.com
(Source: http://911themotherofallblackoperations.blogspot.com/2014/02/
author-writing-book-regarding-edward.html) My Comment.
I've had a number of close encounters of this kind, et al.,
myself, ever since I've been down here in Vegas. If memory serves, same-o, same-o up there in SLC, too? Else,
where did “HIAWC”4 come from all these years then, I
ask you? Area 51 stuff(?) because it’s worse down here?
I sincerely doubt it, but then, who knows? "Only the
Shadow Knows?" Go figure? Have a Happy, Safe and
Sane 4th of July, plus the rest of your lives, folks!
P.S. My humble thanks goes out to Kerry Lehto. Now
skip over to page 19 and read Kerry’s wonderful Review
of the Microsoft 12” Surface Pro 3 tablet. See ‘Ya at
Black Hat USA 2014
& Def Con 22!
Ciao!
August 7-10, 2014
Page 14
July 2014
Footnotes
1
If you are reading this Report/Review from directly off of
an Internet search, you are seeing it in HTML (or text)
format. Yuk! There’s No Graphics there! To see all the
beautiful Graphics in this Report/Review - the ones that
we’ve worked so very hard to entertain you with - you will
need to follow the procedures outlined in Footnote 2 below. Enjoy! Again, our web page (www.ucs.org).”
17. Chinese Android phone has built-in spyware - SC
Magazine
18. Code Spaces shuts down following DDoS extortion,
deletion of sensitive data - SC Magazine
19. Creating Temporary Security Credentials for Mobile
Apps Using Identity Providers - AWS Security Token Service
“See the actual Reports/Reviews in the Blue Chips
Magazine (BCM) Archives (i.e., begin search on lefthand side of web page) at (www.ucs.org).
20. Edward Snowden Neither a hero nor a traitor - Los
Angeles Times
Note. Always choose the top option, i.e., PDF format
for its beauty.
22. FAA bars drones near airports Government Security
News
2
3
Feature(s) precisely identified as reason(s) for designating this Review/Report as “Security-Related.” In
this case, everything.
4
My Hard Earned Byline: Happiness Is A Working
Computer (HIAWC).
5
Videos Used, or Not Referenced to, in S-R #56:
1. Netflix Ad Spoofs Amazon's Drone Dreams - IEEE
Spectrum_files
6
URL’s Used, or Not Referenced to, in S-R #56:
21. Edward Snowden - WikiSpooks
23. FOX News Shows - The O'Reilly Factor - Do you believe President Obama
24. Getting Started with the AWS SDK for Android - AWS
SDK for Android
25. Give Snowden his due He made a surveillance debate possible - Los Angeles Times
26. Google, Facebook Warn NSA Bill Wouldn't Stop Mass
Surveillance - NationalJournal.com
1. Advanced Attacks Are The New Norm, Study Says
37. HSI warns parents about online dangers for children
Government Security News
2. ALERT - CryptoLocker Has A Competitor That Is
Worse CryptoDefense
38. IoT Summit Seeks Balance Between Being Cautious
and Not Falling Behind
3. Google Says Those Who Email Gmail Users Have
‘No Legitimate Expectation of Privacy’ TIME.com
29, LinkedIn accounts can easily be taken over if HTTPS
is not always enabled by default - SC Magazine
4. NSA Spying Electronic Frontier Foundation
30. More reasons to rein in the NSA - Los Angeles Times
5. Supreme Court won't take on constitutionality of
NSA metadata program - SC Magazine
31. Mr. President, put these curbs on the NSA - Los Angeles Times
6. Surveillance is the Business Model of the Internet
Bruce Schneier SecurityWeek.Com
32. New Zbot malware campaign discovered by researchers - SC Magazine
7. Worse Than CryptoLocker
33. OAuth - Wikipedia, the free encyclopedia
8. 888poker scraps Suarez endorsement deal iGaming Business
34. PayPal Two-Factor Authentication Broken
9. A 21st century right to privacy - Los Angeles Times
35. Public gets first look at once-secret court order on
NSA surveillance - Los Angeles Times
10. A little cough or ummm shouldn’t ruin your video.
Make them history with the…
36. Ron Wyden, Mark Udall and Rand Paul How to end
the NSA dragnet - Los Angeles Times
11. A too-modest proposal to rein in the NSA's phone
records program - Los Angeles Times
37. Secret keys stashed in Google Play apps pose risk to
Android users, developers Ars Technica
12, Alexander Cyber Security Pros Face Uphill Battle
38. SMBs continue to use XP, face greater security risk SC Magazine
13. Alexander Cyber Security Pros Face Uphill Battle_2
39. 'Star Wars' museum is coming to Chicago
14. Authenticating Users of AWS Mobile Applications
with a Token Vending Machine Articles & Tutorials
Amazon Web Services
15. AWS console breach leads to demise of service
with “proven” backup plan Ars Technica
16. Black Hat USA 2014 Embedded & Vulnerable
40. Supreme Court's landmark ruling bars warrantless
search of cell phones - SC Magazine
41. Survey finds 25% of breaches go undetected for more
than 24 hours Government Security News
42. Talk stresses IoT concerns as today's problems - SC
Magazine
July 2014
Page 15
43. Tech savvy homeowners expect connected
homes, worry about privacy, breaches - SC Magazine
44. That Toy Is Now a Drone, Says the FAA - IEEE
Spectrum
45. 'The Mother Of All Black Ops'
46. ThisIsWhyYouNeedAGun BLUtube
47. ThreatTrack Security sets new standard in advanced threat defense Government Security News
48. Two House Committees approve bill to end mass
NSA surveillance Government Security News
49. Webcast Sneak Peek at the Next Snagit UpdateTechSmith Blogs
7
Pollyanna principle from Wikipedia, the free encyclopedia. The Pollyanna principle (also called Pollyannaism
or positive bias) is the tendency for people to agree with
positive statements describing them. The phenomenon is
similar to the Forer effect. Research indicates that, at the
subconscious level, the mind has a tendency to focus on
the optimistic while, at the conscious level, it has a tendency to focus on the negative. This subconscious bias
towards the positive is often described as the Pollyanna
principle (Source: http://en.wikipedia.org/wiki/
Pollyanna_principle).
8
Tout de suite: French expressions analyzed and explained by Laura K. Lawless, About.com Guide. Tout de
suite is one of the most common expressions in the
French language, and is just one of several ways to say
“right away, immediately.” Because of its pronunciation,
tout de suite is sometimes misspelled “toute suite” or
even, in English, “toot sweet.” An example: (Fr) J’arrive
tout de suite. (Engl) I’ll be there in a moment.
9
Jed Clampett: [bounces a golf ball on the kitchen table,
thinking it’s a “golf egg”] “Well doggies! Strictly speakin’, I
don’t think these are fresh laid.” (Source: Memorable
quotes for “The Beverly Hillbillies” (1962).
10
MacScouter: Songs for Scouts and Scouters This is a
good one for summer camp, because you can get many
more jellyfish on the rock .... Next verse, same as the
first, it never gets better, it only gets worse.
www.macscouter.com/songs/SillySongs.asp
11
Definition of: information warfare: Also called
“cyberterrorism” and “cyberwarfare,” it refers to creating
havoc by disrupting the computers that manage stock
exchanges, power grids, air traffic control, telecommunications and defense systems. The traditional viruses, Trojans and denial of service attacks are part of the arsenal,
all aimed at disrupting a government rather than a company. Information warfare is increasingly the first offensive
move before the start of a physical attack. The military in
many countries have full-time cyberwarriors on the payroll,
because the more successful a cyberattack on an early
warning defense system, the greater the success of the
real attack. For example, according to the book “Cyber
War,” North Korea may have as many as a thousand
hackers stationed in China, working on knocking out systems
in South Korea and other countries. The first book to deal
with the subject was “Information Warfare: Chaos on the
Electronic Superhighway,” written by Winn Schwartau in
1994. Cited above, “Cyber War,” by Richard A. Clarke and
Robert K. Knake is an eye-opening treatise on the subject,
released in 2010 (Source: http://www.pcmag.com/
encyclopedia_term/0,1237,t=information+warfare&i=44971,00.asp).
12
You can delegate authority, but not responsibility. This
morning as I was talking with my pastor, I remembered something a captain once said to me when I was in the US Army.
He said this: You can delegate authority, but you cannot delegate responsibility. His point was that you can give others the
power to do things on your behalf–especially in the military –
but, no matter who does something wrong or right, the final
responsibility always lies with the one delegating authority.
His particular case-in-point was a military operation that had
gone SNAFU. (For you civilians, that’s “Situation Normal: All
Fouled Up.”) Because that operation is probably still a secret
26 years later, I can’t tell you the specifics, but true to my
captain’s saying, the blame for the mistakes in that operation
all fell on the commander who coordinated it. In common parlance, “Blame rolls uphill.” (Source: http://
gpettitnoel.wordpress.com/2010/07/20/you-can-delegateauthority/).
13
(Repeat from S-R #28, #29, #30, #31, #32, #33 Pts 1 and
2 1 & 2, #35, #36, #37, #38, #39, #40, #41, #42 and #43) I’ve
been associated with Security-Related (S-R) subjects/
topics/episodes/relationships in one form or another for
over 17 years now. I’ve actually been writing S-R Reports, et al., for over 14 years, too (FYI This is my 143rd S
-R to date, if I haven’t lost count, that is). And I swear,
with each S-R I write I feel more like I’m actually just a
Sprog (i.e., a “Newbie”) after all of the “Things/Stuff/etc.”
I have been discovering/uncovering for myself just in this
single 17 month period of S-R research, plus writing the
previous 16 S-R Reports (See my BCM’s starting back in
the March and April, 2012 BCM’s, respectively for those
beginning S-R’s 1 & 2)
14
The Spotlight on Social Media. In the last SC Magazine
Spotlight of the year (i.e., 2012), the focus is on social media
and the security and privacy ramifications it is creating in the
workplace. Cyber criminals [and NSA See above)] obviously
love social media sites, given: 1) the amount of users who
flock there to interact; 2) the variety of ideas for attacks they
have spawned; and, 3) sites like Twitter and Facebook form a
vast repository for personal data, making accidental disclosure or intentional targeting a real concern (My emphasis
here). The shared common problem, ergo, is: 1) Individual
users must ponder their own relationships with social networking sites and the privacy and security issues that plague
them; and, 2) Business executives must figure out just how to
marry business-related social media use (via BYOD’s) with all
the risks that they embody, and then decide if social networking is friend or foe.
Download the SC Spotlight here! (Source: http://
forms.madisonlogic.com/Form.aspx?
pub=18&pgr=259&frm=446&autodn=1&src=2397&ctg=1&ast
Page 16
July 2014
=23724&crv=0&cmp=7204&yld=0&clk=582072980511018
4199&pi=2166548&em=yahootien2%40hotmail.com).
Note. This is only going to increase in numbers and
intensity if the predictions of BYOD sales holds true?
“Mobile is a truly disruptive technology...the numbers are
dizzying. Apple is forecast to sell almost 1.7 million of the
iPhone 5 per day in December worldwide and is marching
toward 1 billion iOS units sold by 2015. Android is selling
even more, activating close to 1.5 million units per day.
This is forecast to double by next year,” - Jay McBain,
Chief Social Officer, ChannelEyes
FYI Facebook’s data warehouse is 2,500 times bigger
now than in 2008.
Stay tuned, now that NSA has been outed by Edward
Snowden...
15
CRYPTO-GRAM is written by Bruce Schneier. Bruce
Schneier is an internationally renowned security technologist, called a “security guru” by The Economist. He is the
author of 12 books - including “Liars and Outliers: Enabling the Trust Society Needs to Survive” - as well as
hundreds of articles, essays, and academic papers. His
influential newsletter “Crypto-Gram” and his blog
“Schneier on Security” are read by over 250,000 people.
He has testified before Congress, is a frequent guest on
television and radio (See also: Security experts Bruce
Schneier and Mikko Hypponen on the NSA, PRISM
and why we should be worried, http://
blog.ted.com/2013/07/17/security-experts-on-the-nsasreal-problems/), has served on several government committees, and is regularly quoted in the press. Schneier is a
fellow at the Berkman Center for Internet and Society at
Harvard Law School, a program fellow at the New America Foundation’s Open Technology Institute, a board
member of the Electronic Frontier Foundation, an Advisory Board Member of the Electronic Privacy Information
Center, and the Security Futurologist for BT - formerly
British Telecom. See <http://www.schneier.com>.
16
Gen. Keith Alexander wears three (3) security hats: He
is the current Director of the National Security Agency
(DIRNSA), Chief of the Central Security Service (CHCSS)
and Commander of the United States Cyber Command.
Note. the later two (2) commands being the “et al. “ referred to above (Source: Wikipedia, the Free Encyclopedia).
17
USAF Officer’s Effectiveness Report (OER) The purpose of the officer evaluation system is to provide the “Air
Force with information on the performance and potential
of officers for use in making personnel management decisions, such as promotions, assignments, augmentations,
school selections, and separations. It is also intended to
provide individual officers information on their performance and potential as viewed by their evaluators.” - AFR
36-10, Officer Evaluations (Source: http://
www.airpower.maxwell.af.mil/airchronicles/aureview/1985/
may-jun/meyer.html)
18
Mobile device users should take this as a warning that
Google and Apple can provide access to data stored on
an encrypted device at least in some circumstances, says
Christopher Soghoian, principal technologist with the ACLU’s
Speech, Privacy and Technology Project. “That is something
that I don’t think most people realize,” Soghoian says. “Even
if you turn on disk encryption with a password, these firms
can and will provide the government with a way to get your
data.”
19
(From blogs on AR-15.com, Home of the Black Rifle)
a. And how many of us don’t even have a simple password
locking our phones? I’m an Android user. I found it interesting
that Google resets the password, which then alerts the phone
owner that their device has been tinkered with. (Don’s Comment: FYI I THINK THAT HAS ALREADY HAPPENED TO
MY VERY OWN BIONIC (ANDROID) PHONE (PLUS MY
DESKTOP PC, AND OTHERS) ALREADY. For Instance: I
HAD A BIG PROBLEM WITH MY BIONIC PASSWORD RESET A COUPLE OF MONTHS AGO, AND TA! DA! B-I-N-GO).
b. Originally Posted By IBU-14_Gunner:
I’ve always wondered if hard drive encryption software has
back doors that the developers can utilize to assist law enforcement. Does anyone know if they do?? Ans. Most encryption is solid, but you’ve got to use it right. Weak passwords,
unsecured keys, etc., are usually a bigger problem than
the actual encryption (Don’s Comment: My emphasis
here. This is the crux of the whole matter - passwords,
not encryption (unless, of course, it is a “Proprietary”
encryption algorithm, which can be an entirely different
matter then.)
Note. Funny, this even got over to Pakistan (A Terrorist H
[e]aven?) ... I wonder why?
See: (http://www.purepakistan.com/english/articles/141334/
Apple-deluged-by-police-demands-to-decrypt-iPhones)
20
Analytic Interviewing. Analytic Interviewing is about
gleaning information that most people tend to overlook. From
gestures of discomfort to hidden signs of emotion and language inconsistencies, the analytic interview process is about
putting behavioral clues into a larger context of interviewing...
At the core of the Analytic Interviewing technique is rapport
building. Through observation of the most successful interviewers to scientific research on the effects of rapport, time
and again results show that the best interviewers are those
that put others at ease. The premise behind rapport building
is simple, people like those who are most like them. By building rapport you are creating a personal connection, building
trust and making it more difficult for the person to lie to you.
Above all it puts the person at ease enabling the interviewer
to observe and gather a baseline by noting the persons expressiveness, rate of gesticulation, tone of voice, mannerisms
of speech and even assessing personality type, providing a
clear behavioral profile to compare to during the interview.
The rapport phase also plays a key role in establishing the
type and tone of the interviewing process. (Source: http://
www.facscodinggroup.com/wp-content/uploads/2011/12/venewsletter-volume-2_issue-5-final.pdf).
21
How to Catch a Lying Boss by Gigi Starr, eHow Contributor. If your boss is saying things that aren't true, you will see
telltale signs. A lying boss not only makes work stressful, but
July 2014
Page 17
also corrodes trust and creates tension among coworkers.
Even worse, controlling the situation can be difficult and
hazardous to your job health. Thus, it's vitally important to
ensure your evidence is solid, or you'll be painted as the
liar. Employing a few tactics will help you confirm your
whistle-blowing is right on target (Source: http://
www.ehow.com/how_6532332_catch-lyingboss.html#ixzz2erQkASx5).
22
Hold’er Newt (Source: https://soundcloud.com/
waywordradio/1333-callerkate-holdernewt-mp3).
23
Ya Got Trouble Lyrics by From The Music Man. (Re.
Song Extract) Harold: Mothers of River City! Heed the
warning before it’s too late! Watch for the tell-tale sign of
corruption... People: Trouble, oh we got trouble, Right
here in River City! With a capital “T” That rhymes with “P”
And that stands for Pool, That stands for pool. We’ve
surely got trouble! Right here in River City, Right here!
Gotta figger out a way To keep the young ones moral after
school! Trouble, trouble, trouble, trouble, trouble...
(Source: http://www.stlyrics.com/lyrics/themusicman/
yagottrouble.htm)
24
From the original poem, “To a Mouse, on Turning Her Up
in Her Nest with the Plough,” a Scots poem written by Robert
Burns in 1785 (Source: http://en.wikipedia.org/wiki/To_a_Mouse).
25
“Ya’ll come back now ya hear,” was a quote from a
television show called The Beverly Hillbillies. (See more
at: http://www.chacha.com/question/what-movie-says-‘yall
-come-back-now-ya-hear’#sthash.0dTlEIPS.dpuf).
26
You Are There (1953–1957) TV Series - 30 min Drama/History. Walter Cronkite hosted the re-enactments
of historical events. Shows included "The Landing of the
Hindenburg", "The Salem Witchcraft Trials", "The Gettysburg Address,” "The Fall of Troy", and "The Scuttling of
the Graf Spee". Stars: Walter Cronkite, Paul Birch, E.G.
Marshall (See more at:IMDbPro).
27
Our Mission. The Institute of Analytic Interviewing (IAI)
is dedicated to excellence in training and it’s instructors
are committed to teaching the latest skills that have
proven to work in the field and are supported by scientific
research.
28
Shill. Def. A shill, also called a plant or a stooge, is a
person who publicly helps a person or organization without disclosing that they have a close relationship with the
person or organization. "Shill" typically refers to someone
who purposely gives onlookers the impression that they
are an enthusiastic independent customer of a seller (or
marketer of ideas) for whom they are secretly working.
The person or group who hires the shill is using crowd
psychology to encourage other onlookers or audience
members to purchase the goods or services (or accept the
ideas being marketed). Shills are often employed by professional marketing campaigns (Source: http://
en.wikipedia.org/wiki/Shill).
29
Intentionally left blank
30
Same song second verse could gonna get better could
gonna get worse (Source: http://www.lyrster.com/songslyrics/same-song-second-verse-gonna-get-better-couldget-worse.html).
Or, An Annoying Song (Tune: Battle Hymn of the Republic).
I know a song that gets on everybody's nerves
- And this is how it goes: (Repeat indefinitely!)
31
Jeff Moss, the founder of DefCon, was a founding
sponsor of TrustyCon, along with iSec Partners and the
Electronic Frontier Foundation (EFF) (Source: http://
sreaves32.wordpress.com/2014/03/11/trustycon-vs-rsa-andnsa-new-conference-pushes-trustworthy-agenda/).
32
For those that may not know… a piñata (Spanish pronunciation: [piˈɲata]) is a container often made of papiermâché, pottery, or cloth; it is decorated, and filled with
small toys or candy, or both, and then broken as part of a
ceremony or celebration. Piñatas are most commonly
associated with Mexico, but their origins are considered
to be in China. The idea of breaking a container filled
with treats came to Europe in the 14th century, where the
name, from the Italian pignatta, was introduced. The
Spanish brought the European tradition to Mexico, although there were similar traditions in Mesoamerica. The
Aztecs had a similar tradition to honor the birthday of the
god Huitzilopochtli in mid December. According to local
records, the Mexican piñata tradition began in the town
of Acolman, just north of Mexico City, where piñatas
were introduced for catechism purposes as well as to coopt the Huitzilopochtli ceremony. Today, the piñata is
still part of Mexican culture, the cultures of other countries in Latin America, as well as the United States, but it
has mostly lost its religious character. (Source: Wikipedia Read more: http://www.sofritoforyoursoul.com/
promoting-healthy-culture-building-a-better-pinata/
#ixzz30RA8Y9CY).
33
"And now, will our first challenger enter and sign in,
please." What's My Line? was one of the earliest sucesses
of Mark Goodson/Bill Todman Productions. It premiered on
the CBS primetime schedule on Thursday, February 2, 1950
at 8:00PM EST, broadcasting from the CBS television studio
at New York's Grand Central Station, airing on alternate
weeks at first.... Then, the show began to air weekly starting
on October 1st, 1950, when CBS moved the show to Sunday
nights at 10:30PM EST, where it remained until the final
broadcast on September 3, 1967. Every episode aired were
original, while most shows were broadcast live, some were
pre-recorded, even during the summers. Reruns never aired
until the launch of Game Show Network (now GSN) in December, 1994 (Source: http://www.oocities.org/
televisioncity/4439/wml50.html).
34
The introduction from The Shadow radio program "Who
knows what evil lurks in the hearts of men? The Shadow
knows!" spoken by actor Frank Readick Jr., has earned a
place in the American idiom. These words were accompanied
by an ominous laugh and a musical theme, Camille Saint-
Page 18
July 2014
Saëns' Le Rouet d'Omphale ("Omphale's Spinning
Wheel", composed in 1872). At the end of each episode
The Shadow reminded listeners that, "The weed of crime
bears bitter fruit. Crime does not pay... The Shadow
knows!" (Source: http://en.wikipedia.org/wiki/
The_Shadow).
34
Meanwhile Back At The Ranch: Clark Family Experience, from the Album The Clark Family Experience,
April 9, 2002 (Album available for $9.49 USD on Amazon) (http://www.amazon.com/gp/product/
B0015K4P4G/ref=dm_mu_dp_trk7/182-31389911966524)
July 2014
Page 19
Product Review
Microsoft Surface Pro 3: The Laptop/Tablet Evolution Continues
In early 2013, Microsoft introduced the Surface Pro, its first attempt to blend the laptop and tablet experiences into one device.
Surface Pro has evolved quickly, with the release of Surface Pro 2 last fall and Surface Pro 3 on June 20, 2014. Here’s an
overview of Surface Pro 3 highlights and how it fares against offerings from Apple and Samsung.
Beautiful 12 Inch Display
The most obvious upgrade from the original two Surface Pro devices is the larger display of Surface Pro 3. The display has
been expanded from 10.6 inches to 12 inches and features a crisp 2160 x 1440 ClearType Full HD resolution. With a small
change in the shape of the device (more square than rectangle), the aspect ratio has changed accordingly, from 16:9 in Surface Pro 2 to 3:2 for Surface Pro 3. Microsoft says this makes it easier to use the device whether holding it horizontally or vertically, and this makes sense.
And of course, with the larger display comes a larger keyboard/cover, which addresses one of the main issues of Surface Pro
2. By and large, business customers — whom this device is primarily marketed to — complained that the old keyboards were
too small and cramped to type on. The new keyboard offers a more pleasant typing experience. The magnetic snap-in keyboard also has an extra magnet that raises the keyboard at an angle on flat surfaces, for more ergonomic typing.
Choice of Processors
While Surface Pro 2 featured the 4th Generation Intel Core i5 (Haswell) processor, Surface Pro 3 has expanded the offering to
three choices: i3, i5 or i7, all 4th Generation Haswell processors as well. This enables a wide range of pricing and computing
power to end users. Offering this choice indicates that Microsoft recognizes its customers have a wide range of needs and uses
from these devices. Customers might range from casual laptop users who also want a tablet in the same device, to high-end
corporate power users who need a very light and portable device for office and travel scenarios.
Surface Pen
The Surface Pen, included in the box, features more than 250 levels of pressure and is one of the finest if not the finest digital
pens in the market. Designed to mimic the look and feel of a real pen, its aluminum construction provides a solid but not too
weighty feel (20 grams, about 0.7 ounces). Click on the button at the top of the pen, and a OneNote page opens up in Surface
— even if the device is asleep. This is very handy for jotting phone numbers, notes or thoughts you don’t want to forget and
want to keep on your device. Traditional pen and paper is still nice, of course, but for those who use OneNote or just need to
write down some quick thoughts, this is a very nice use for the device. Additional buttons on the Surface Pen allow for erasing
and selecting content. Digital pens have come a long way, and you need to at least try this one to see how smooth it is to use.
Lighter Weight
Surface Pro 3 weighs just 1.76 pounds, and the combined weight with the optional keyboard/cover is only around 2.5 pounds.
Compare this to a typical laptop weight, and Surface Pro 3 is much more portable. From Surface Pro 2 to Surface Pro 3, Microsoft added a larger screen yet shrunk the device — it’s thinner and lighter now.
Any-Position Kickstand
The original Surface Pro kickstand had just one position; this was upgraded to a dual-position kickstand in Surface Pro 2. The
natural progression would be to add a third position to Surface Pro 3, right? Instead, the kickstand fully flexes to any position,
allowing for easy screen viewing on your lap, an airplane tray table, or a desktop.
Page 20
July 2014
Upgraded Cameras and Speaker Placement
Surface Pro 3 now sports 5MP cameras in the front and rear of the device, significant upgrades from Surface Pro 2. In addition,
speakers have been moved from the side of the device to the front, providing greater audio clarity with Dolby Audio-enhanced
sound. Combined with front- and rear-facing microphones, the device provides a rich audio-visual experience for Skype and
other videoconferencing apps, as well as simple video or audio playback use.
Other Interesting Specs
For the curious, here are some other interesting specs of Surface 3:
Battery life: Around 9 hours of web viewing, about the same as Surface Pro 2. This makes sense, as both Surface Pro 2
and Surface Pro 3 share the same Haswell processor. For memory-intensive applications, Surface Pro 3 should last
from 4 to 5 hours on a full charge.
Wireless: Wifi 802.11ac/802.11 a/b/g/n, Bluetooth 4.0
Ports: Same as Surface Pro 2 — one full-size USB 3.0, mini DisplayPort, and microSD card reader
Installed software: Windows 8.1 Professional, Skype Wi-Fi, OneNote, email client, Fresh Paint, Flipboard, and many other
apps (Office is not included)
Enterprise readiness: With a Trusted Platform Module (TPM) chip, BitLocker Drive Encryption, and full Domain Join capabilities.
Configuration and Pricing
Here’s a summary table of Surface Pro 3 configurations and pricing:
St
Pro R or
ces A ag
sor M e
$$
i3
4
G
B
64
GB
$799
i5
4
G
B
12
8
GB
$999
8
G
B
8
G
B
25
6
GB
51
2
GB
i7
i7
$1,5
49
$1,9
49
i5
8
G
B
25
6
GB
$1,2
99
July 2014
Page 21
The optional keyboard/cover is $129. Other accessories include a new docking station ($199) with three USB 3.0 ports, two
USB 2.0 ports, Gigabit Ethernet port, 3.5mm audio input/output connection, Mini DisplayPort, and security lock slot.
Surface Pro 3 and the Competition
Surface Pro 3 is geared for those who want a high-end laptop and a tablet experience in one device. Make no mistake, it’s engineered to directly compete — and outcompete — with Apple and Samsung on similar devices.
Screen size and resolution: Although the MacBook Air and MacBook Pro have larger screens (around 13 inches), Microsoft
says that because of Surface Pro 3’s higher resolution, more content can fit in its 12-inch screen, allowing more room for
multitasking. MacBook Air and MacBook Pro are not touchscreen capable. Microsoft’s main competition from Samsung in
this arena is the Galaxy Note Pro, which also has a high-resolution touchscreen.
Pen: With a lack of touchscreen capability, MacBook Air and MacBook Pro do not compete in this area. Samsung does have
good pen capabilities with the Galaxy Note Pro.
Software: Surface Pro 3’s use of Windows 8.1 Professional allows you to install all the Windows desktop software you are
used to, including Office 2013. While Apple and Samsung feature more apps in their app stores, the Galaxy Note Pro
falls far short in terms of Office 2013 and other Windows applications. For people who don’t like the Windows 8 tile
screen, it’s easy to set a Windows 8 device to boot to the traditional desktop in Windows 8.1.
Conclusion
Surface Pro 3 is getting very positive reviews all across the web, and this article has reviewed the main reasons for this. There are
very few things not to like about Surface Pro 3. Microsoft is evolving the laptop/table experience very nicely.
About the Author
Kerry Lehto has worked with Microsoft in various capacities since the early 1990s. He is co-author of the first trade books on Microsoft FrontPage, which sold internationally in more than a dozen languages. Today he is a professional writer, editor and trainer
out of Las Vegas, Nevada, specializing in corporate content services, business writing and editing, and coaching/training.
Page 22
July 2014
I am writing articles about Unemployment Insurance (UI) accounting and reporting. This is the third of these articles.
The purpose of these articles will be three fold: 1. Sharing experiences/
opinions/ideas in UI accounting and reporting; 2. Answering questions about federal reporting requirements; and 3. Sharing ideas and constructive counterpoints to help improve the functions of UI reporting.
At the end of each article, there will be an index of articles and recent notifications from DOL-ETA (with
appropriate URLs). Questions, opinions, and counterpoints should be sent to [email protected] to
be considered for inclusion in these articles.
Previously, discussed were the differences between cash reporting and GAAP (accounting) reporting.
UI Projects Introduction & Article 1: Conflict or Usage of Cash vs Financial Reporting—Page 2833, April 2014 BCM http://www.ucs.org/mag/pdf/apr14.pdf
UI Projects Article 2: Cash Flow & ETA Reports - Page 23-24, June 2014 BCM
www.ucs.org/mag/pdf/jun14.pdf
http://
Article 3: UI Cash and Fiduciary Reporting
Generally, there are few or no penalties when reporting is incomplete. [Note: Incomplete, late, incorrect,
faulty, and fraudulent reports (to Treasurer/Financial Director, legislature, governor, and US-DOL-ETA)
may: generate outside audits; require corrective action plans; or/and cause embarrassment/reassignment/
resignation; etc.] However there is one area of reporting which carries monetary penalties to a SESA Fiduciary reporting. Fiduciary reporting is where a person has financial responsibilities for: 1. Handling
monies for someone else; 2. Legally liable for monies payable; 3. Filing timely reports.
The UI operations have always had Fiduciary requirements - reporting income received by claimants or
taxes paid by employers. For the most part accuracy has been accomplished or happened with protest by
the SESA. About two decades ago (early 1990s), changes in the IRS tax code made UI benefits taxable
for income; and provided (as arranged by DOL-ETA) that UI operations provide claimant elected tax
withholding for Federal and state (where applicable) income taxes.
Income tax withholding places the UI operations liable to penalties from late deposits or late forms, as
reflected on the IRS Pub 15, and forms 945 and 945-A via EFTPS . ( https://www.eftps.gov/eftps/ ,
http://www.irs.gov/pub/irs-pdf/i945.pdf , http://www.irs.gov/pub/irs-pdf/p15.pdf ,
and http://
www.irs.gov/pub/irs-pdf/p15a.pdf ) As benefits are paid (issued), UI is required to withhold (if the election has been made) and deposit timely to the US Treasury. The timely deposit rule generally impacts all
SESAs due to the volume of withholding. Most SESAs may be required to make withholding deposits
daily or three to four days of each week (semiweekly schedule depositor). Failure to do so or report correctly
can cost the UI operations up to 15% of the withholding deposit (late or missing) by date due.
Page 23
July 2014
The form 945 is an annual report, as is the 945A, which provides the details of deposit liabilities. Sadly,
the form can be mis-read by the IRS (due to the SESA making payments every working day, where businesses make 1 or 2 payrolls per week), leading to IRS penalty assessments, which if not contested must
be paid (not from the Trust Fund) by the SESA. UI operations needs to maintain data for when payment
is authorized, then a separate date for the payment issuance. I mentioned contesting penalty assessments,
only because it is possible for the 945-A form to reflect deposits out of order, this will cause a penalty
assessment (thousands to hundreds of thousand dollars).
Due to the volume of withholding by most SESAs, SESAs are required to make semi-weekly deposits
Timely deposits are complicated by the types of payment systems used: checks; direct deposit; and/or
debit/credit cards. Benefits paid by check are delayed being drawn from the Trust Funds due to the
CMIA rules regarding average check clearance time [average time for an issued check to be cashed, typically 3-5 days]. IRS rules require withholding deposits generally on the day of issuance, rather than when
paid; thus part of the reason for some differences. CMIA does allow for the tax payments to be drawn,
even though the net payment on the check may occur many days later, However the differences of reporting the payments needs to be in accord to IRS rules on the 945-A and with tax deposits. Due to the complications, most finance-trust fund staff will maintain spreadsheets to track this. If staff have been doing
their jobs correctly, management should contest penalty assessments; especially in this time when extra
expenses must come out of already short state funds. Please note that states with income tax withholding
may have similar rules as the IRS; or may have far less rapid deposit rules. Again if staff have kept good
records; protest any penalty assessments due to perceived un-timely deposits.
Page 24
July 2014
945-A Annual reporting of Semi-Weekly Depositing form is ideal for businesses making no more than 2
paydays a week. SESAs may be required to make 4-5 payments per week; which makes the penalty assessment process complicated for SESAs.
The 945-A is two pages with provision to make deposits every day of each month. (Six months to
each page.)
1099-G adjustments.
Presently, I am not aware of any SESA having been challenged on the subject of 1099-G form accuracy,
but there does exist risk. The 1099-G (an IRS income from government sources report for an individual)
must fully report calendar year UI benefits for the year indicated. “ state governments file this form if
they made payments of unemployment compensation; or offsets; reemployment trade adjustment assistance (RTAA) payments.” In discussions with a few State Treasurer officers, I have heard of situations
where the UI operations have in the past netted benefit summaries. Netting the UI benefits is incorrect,
due to reducing an individual’s annual income. Benefits paid to or in-behalf of the claimant is considered
taxable in the calendar year “paid’.
Page 25
July 2014
Box 1 (& Box 5 if RTAA was paid through UI) must be the Gross total of UI Benefits the claimant received
before reductions such as withholding and child support. Box 4 is Federal withholding. Boxes 10 & 11 are
for state tax withholding.
It is a fact that over-payments of UI benefits occurs. Then UI operations (depending upon SESA laws
and rules) may offset that over-payment against future benefit payments. If offsetting occurs in the same
calendar year, then netting (where the income for the year is reduced) is appropriate. However, when offsetting occurs in a future calendar year, the offset amounts for a past calendar year are not to reduce the
current year’s income reported on the 1099-G. Re-payment of benefit overpayments or prior year adjustments may be reported on a separate Form 1099-G, but must show the year impacted in box #3.
Employer Form 940 reports
Federal Unemployment tax is required to be
paid by employers on each employee. The
employer reports the tax on IRS form 940.
The annual Form 940 is tied into quarterly
Forms 941 and annual W-3/2s. Form 940 is
compared with the SESA UI reported payroll
by the SESA’s account and FEIN. Employers
are allowed a reduction of the FUTA when
employer have timely reported and paid in
full the SUTA. When the IRS calculates
there has been a shortfall of SUTA, the employer is given notice of the shortfall.
Page 26
July 2014
The employer must contact the SESA to obtain from the SESA a Form 940-C. There is not a proscribed
Form 940– C from the IRS, but there are several required fields for each of the 4 quarters of each reported Calendar year. The 940-C is a fiduciary report of the employer’s compliance and timeliness of
SUTA obligations for four quarters’ of a calendar year’s reporting. If the report meets IRS standards of
the employer’s filing and paying the SUTA, employers may be granted full credit to reduced or no credit
toward the FUTA obligations. http://www.irs.gov/pub/irs-prior/f940--2013.pdf There are no penalties
for this form 940-C (unless, delays can be shown to be intended). All SUTA taxes must have been paid
no later than January 31st following the end of the calendar year, and there is a time allowed of 20 days
for the fourth quarter SUTA tax. However the IRS will disallow quarterly credits if payments to the
SESA appear to have been missed or late. Consult local IRS Information Office for further details.
All advisories, directives and handbooks are moved to the ETA Advisories and Memorandums
system. If you wish to view any of these advisories, please click on the following link: http://
wdr.doleta.gov/directives/
TRAINING AND EMPLOYMENT NOTICE No. 35-13 (June 27, 2014)
Subject: Statutory Provisions for Relief from Interest Charges and Federal Unemployment Tax Act (FUTA)
Credit Reductions Resulting from Title XII Advances
UNEMPLOYMENT INSURANCE PROGRAM LETTER No.16-14 (June 25, 2014)
Subject: Unemployment Compensation for Employees of the United States Public Health Service CommisUNEMPLOYMENT INSURANCE PROGRAM LETTER No.15-14 (June 25, 2014)
Subject: Minimum Disaster Unemployment Assistance (DUA) Weekly Benefit Amount: July 1 - September 30,
UNEMPLOYMENT INSURANCE PROGRAM LETTER No.14-14 (June 18, 2014)
Subject: Effect of the U. S. Supreme Court's Decision in United States v. Windsor on the Federal-State UI
Program
TRAINING AND EMPLOYMENT GUIDANCE LETTER No. 27-13 (June 18, 2014)
Subject: Impact of the U.S. Supreme Court's Decision in United States v. Windsor on the Trade Adjustment Assistance Pr

Security-Related Re- port #56 Starts on Page 19

Transcription

Similar documents

traverse mountain Lehi, utah phone. 801.947.8300

OCTOBER 2005 ISSUE 1 KRABBESHOLM

Pro-SuITe™ TeST LIKe A Pro! DoCuMeNT LIKe A Pro! LoAD DATA

Security Revisited: What can we learn from

Experience the Freedom! - Custom Quick Release Pins

WHY THE YAKTRAX PRO WORKS

Mark`s Deck as PDF

View Document

Untitled - Double Penny Collection

KTV 161

Understanding Déjà vu - Pacific Neuropsychiatric Institute