Drug makers struggle with ‘supply and demand’ concept
Speaking of trouble, the World Economic Forum meets at Davos, Switzerland this week to engage in its annual circus of the wealthy. Big Pharma piped up and said it wants money to develop antibiotics to replace/augment their current lineup to which bugs have become resistant. Extortion, much?
Hello? Your drugs don’t work any longer, which means sales will go down. They don’t work because you oversold them, jackasses. You don’t get to change ‘supply and demand’. Your incentive is and always has been profits, which only happen if you sell a working product. Too bad you screwed your golden goose — and us.
Here’s an idea: in the meantime, the U.S. government should fund a competing government-owned drug research and manufacturing facility the way it funds DARPA. The public will benefit directly from the research it bought, and if private drug companies can do better, even using freely available public research, they can knock themselves out.
Still want incentives? Sure. We get a chunk of the company in exchange for a handout, just like General Motors. Now beat it and get back to research or bean counting, whatever it is you really do.
Speaking of drugs, Chinese caught spying on pharmaceutical firm GlaxoSmithKline
Along with four others, a senior-level manager and biotechnology expert based at Glaxo’s Pennsylvania facility was charged with conspiracy, wire fraud, money laundering, and theft of trade secrets. An interesting spin on this story is the involvement of a twin sibling used in money laundering. Glaxo has been at the heart of a couple other corruption stories in China, including reports of bribery and industrial espionage. These Glaxo-related stories all read like telenovela scripts.
Hey, look! A leaky backdoor built into encrypted phone calls
Shocking, just SHOCKING, that a backdoor might be so flawed that a single master key could allow the holder access to ALL phone calls in an encrypted system. It’s not shocking that GCHQ is pushing this system’s security protocol it developed in-house.
Android phones used for banking may be infected with two-factor defeating malware
Wow. This is pretty creepy. You’d think your voice would be your bond in banking, but it can be used to access your account even though your voice is part of a two-factor authentication system. Android.bankosy is the bug in question; better read this article because it’s pretty complex stuff.
That’s enough trouble for now. Make some of your own.
Video popularity in Facebook’s ‘walled garden’ means change for news outlets
This is not good. This is AOL’s model come full circle. Increasingly Facebook is shutting down access from outside, forcing news outlets to move inside, and to produce video instead of text content in order to fight for attention. Numerous outlets are affected by this trend, including the former AOL (now Huffington Post). The capper is Facebook’s persistent tracking of any users, including those who click on Facebook links. What will this do to general election coverage? Facebook really needs effective competition — stat.
Weather and bad flu season raised French deaths above WWII’s rate
Wow. I knew the flu was bad last year, but this bad? Ditto for Europe’s weather, though the heat wave last summer was really ugly. Combined, both killed more French in one year than any year since the end of World War II, while reducing overall life expectancy.
FDA issues guidelines on ‘Postmarket Management of Cybersecurity in Medical Devices’ for comment
Sure hope infosec professionals jump all over this opportunity to shape policy and regulation. Imagine pacemakers being hacked like a Chrysler 300, or reprogrammed without customer knowledge like a VW diesel, or surveilling user like a Samsung smart TV…
UK’s Cameron says one thing, UK’s arms dealers another with sales of £1Bn arms to Saudi Arabia
Can’t. Even. *mumbles something about pig porker*
“The day after the prime minister [David Cameron] claimed to be ‘trying to encourage a political process in Yemen’ and declared ‘there is no military solution in Yemen’, official figures reveal that in just the three months July to September, the government approved the sale of over £1bn worth of bombs for the use of the Royal Saudi Air Force. …
[Source: The Guardian]
Lack of transparency problematic in fatal French drug trial
Like talking to a brick wall to get answers about the drug involved in one death and five hospitalizations after 94 subjects were given an experimental drug. On the face of it, simultaneous rather than staggered administration may have led to multiple simultaneous reactions.
Canadian immigrant helped two Chinese soldiers attempt theft of U.S. military aircraft plans
You want to know how ‘chaining’ works? Here’s a simple real world example allegedly used to spy on U.S. military aircraft: Identify a key node in a network; identify the node’s key relationships; sniff those connections for content and more key nodes. A Chinese immigrant in aircraft biz, located in Vancouver, shares email addresses of key individuals in the industry with Chinese officers. They, in turn, attempt to hack accounts to mine for plans, which their contact in Vancouver vets.
Now ask yourself whether these key individuals are in or related to anyone in the Office of Personnel Management database.
Ugh. Keep whacking those moles.
Saudi Arabia may sell shares in oil producer Aramco
Listing Aramco could create the most valuable company in the world, worth over a trillion in U.S. dollars. The move may raise cash to pay down some of the Saudi government’s debt, but it opens the oil producer to public scrutiny. Would it be worth the hassle?
With Russia increasingly eating into Aramco’s market share of China, and OECD countries’ oil consumption falling, selling shares in Aramco may not raise enough cash as its revenues may remain flat. Prices for utilities have already been raised within Saudi Arabia, shifting a portion of expenses to the public. What other cash-producing moves might Saudi Arabia make in the next year?
Detroit’s annual Autoshow brings VW’s CEO for more than a visit to tradeshow booth
Looks like Volkswagen’s Matthias Mueller will be tap dancing a lot next week — first at the 2016 North American International Auto Show, which unofficially opens Sunday, and then with the Environmental Protection Agency.
What’s the German word for “mea culpa”? Might be a nice name for a true “clean diesel” vehicle.
Data breaches now so common, court throws out suit
You’re going to have to show more than your privacy was lost if you sue a company for a data breach. Judge Joanna Seybert for U.S. District Court for the Eastern District of New York dismissed a class action suit against craft supplies retailer Michael’s last week, writing that lead plaintiff “has not asserted any injuries that are ‘certainly impending’ or based on a ‘substantial risk that the harm will occur.” Whalen’s credit card had been used fraudulently, but she wasn’t liable for the charges.
Annoyingly, Clapper v Amnesty International USA was used as precedent, much as it had been in last summer’s suit against Home Depot for a data breach. At this rate, retailers will continue to thumb their noses at protecting their customers’ data, though identity theft-related losses amount to more than all other property theft losses combined [pdf].
Don’t forget China: DOJ raids Chinese hoverboard company’s stall at CES 2016
I can’t find any previous examples of law enforcement conducting a raid at a trade show — if you know of one, please share in comments. The Department of Justice’s raid yesterday on Changzhou First International Trade Co.’s booth at CES 2016 doesn’t appear to have precedent. Changzhou’s hoverboard product looks an awful lot like Future Motion’s Onewheel, which had been the subject of a Kickstarter project. The Chinese hoverboard was expected to market for $500, versus the Onewheel at $1500.
Makes me wonder if there are other examples of internet-mediated crowd-funded technology at risk of intellectual property theft.
Pass the Patron. I’m declaring it tequila-thirty early today.
China halts stock trading after market sinks more than 7%
Second time this week trading has been suspended in China, with free fall blamed on Chinese currency, lower oil prices, economic slowdown. Some also blame North Korea’s nuclear test, but anecdotes from Pacific Rim region suggest news about the test did not receive the same level of attention across Asia as in U.S. Not much feedback at the time this post was written in news media about response to market by China’s leadership.
Richard Perle’s long tail seen in North Korea
Worth revisiting an analysis on North Korea’s nuclear program written last January by Siegfried Hecker of Stanford University’s Center for International Security and Cooperation (CISAC). I agree with Hecker’s assessment, only surprised he didn’t name Richard Perle specifically for the cascade of diplomatic fail on North Korea that began under the Bush administration.
Self-driving cars, now self-driving passenger drones?
At CES 2016, China’s Ehang Inc. showed off a single-passenger drone, launched by commands entered on a tablet. The drone has no backup controls, which sounds scary as hell for a passenger flying 1000-1600 feet above the ground at +60 miles per hour. I can hear George Jetson screaming, “Jane! Stop this crazy thing!” even now. FAA would be insane to permit these devices in the U.S.
Unnamed sources say VW may buy back polluting cars sold in U.S.
This report could be a trial balloon floated by Volkswagen to see if a buy-back or a hefty discount on a new car will appease U.S. owners of so-called “clean diesel” vehicles. Is this really a satisfactory remedy to fraud?
Rethinking Saudi Arabia’s future in a time of cheap oil
Another worthwhile read, if a bit shallow. It’s time to model not only Saudi Arabia’s future, but a global economy no longer dependent on oil; what risks are there for OPEC countries if they cannot depend on increasing oil revenues? Could political instability spread across Central and South America as it has in the Middle East and Africa? How will climate change figure into the equation, as it has in Syria? And then back to economic unease in China, where the market has reacted negatively to lower oil prices.
I’m out of pocket this morning, will check in much later. Talk amongst yourselves as usual.
Yesterday evening, an Antares rocket built and operated by Orbital Sciences Corporation exploded shortly after liftoff. The rocket was intended to ferry supplies and equipment to the International Space Station. Orbital and Spacex have taken over some of the duties supplying the space station since the termination of NASA’s shuttle program.
In the early aftermath of the explosion, word came out that the crash site had to be secured because sensitive cryptographic equipment was on board:
The Cygnus mission was non-military, but the company’s Antares program manager, Mike Pinkston, said the craft included “some classified cryptographic equipment, so we do need to maintain the area around the debris in a secure manner”.
That initially struck me as odd. The International Space Station has a large number of cooperating countries, including Russia. It’s hard to imagine that the US would put sensitive equipment into the hands of cosmonauts right now, given the cool state of US-Russian relations. Of course, it would make sense for ISS communications to be encrypted in order to prevent meddling by hackers, but movement all the way to classified (and presumably military or NSA-level) encryption seems to be excessive.
This morning, we are seeing walk-back on the presence of classified equipment:
Shortly after the explosion, CNN quoted a launch director as saying that the spacecraft contained classified “crypto” equipment, but early Wednesday a NASA spokesman said by email that “We didn’t have any classified items on board.”
In trying to make sense of what could have been behind these strange statements, I ran across this interesting announcement of a new cryptographic technology that European scientists have proposed evaluating in an experiment on the space staion:
A team of European researchers have proposed a series of experiments that, if successful, could turn the International Space Station into a key relay for a quantum communications network.
The key basis of physics underlying quantum communications is entanglement. Entangled particles are connected in a way that pretty much defies common sense. If you change the spin of one of the particles, the spin of its entangled counterpart will change – even if they’re miles apart. And that change happens nearly instantaneously – at least four orders of magnitude faster than the speed of light, according to a recent experiment.
Another remarkable aspect of this technology that sounds almost too good to be true is its potential security. After noting that quantum networks are quite fragile, the Forbes article continues:
But why bother with these networks at all if they’re so fragile? The answer is pretty simple – because they’re almost perfectly secure. Here’s how it works. Let’s say that I want to send a message to New York City. My message is going to travel through normal channels, but it will be encrypted with a key. That key is transmitted via the entangled photons – so the changes I make to entangled particles on my end almost instantly show up in the particles in New York. We then compare the measurements of what I changed in my photons to those states in New York City.
Those measurements then comprise an encryption key for our communications. So even if our communications are bugged, nobody can read them without knowing that encryption key. And here’s the important thing: if somebody were to try to eavesdrop on the quantum entanglement, they would alter the spin of the photons. So the measurements I make and the measurements made in New York would be out of sync – thus letting us know that we have an eavesdropper. It also prevents us from creating an encryption key, so we don’t send any communications. Theoretically, a quantum encrypted network is almost perfectly secure. (That said, they’re not perfect, and there are some exploits.)
The announcement from the European group that they wished to carry out the experiment based on what Einstein called “spooky action over a distance” came last April. Then, in June, it was announced that China had carried out a key demonstration of concept experiment back in 2010 but waited four years to publish the result.
With China announcing progress on the technology, one would think that the West would want to accelerate its work in the area, so it would not be at all surprising if equipment for the European experiment was among the items lost when the rocket exploded. Further, one would expect that Orbital would have been told that security for that equipment would be of the very highest level. In discussing the issue of sensitive equipment among the Antares wreckage, PCWorld this morning mentioned the incident of China perhaps examining the wreckage of the US stealth helicopter that was left behind after the mission to kill Osama bin Laden. It could well be that for this crash site, keeping the debris away from prying eyes from China is behind the call for security. Note also that the experiment quite likely would have been coordinated by the European Space Agency on behalf of the European scientists, so NASA’s claim that “We didn’t have any classified items on board” could be parsed as not applying to any classified items that ESA might have had on the rocket.
Microsoft’s “trusted computing platform.”
Microsoft’s “secure boot” technology.
The doublespeak almost writes itself these days. Whose “trusted computing”? Whose “platform”? And whose “secure boot”?
At least one government has expressed concerns in internal documents, buttressed by an unusual public statement in response to reports about the leaked documents.
According to German news outlet Die Zeit, internal documents from the Bundesamt fur Sicherheit in der Informationstechnik (Germany’s Federal Office for information Security – BSI) warn that Microsoft Windows 8’s Trusted Computing Platform poses a security risk.
The BSI issued a response, the first paragraph of which acknowledges the news reports; it also refers to an internal paper by the Bundeswirtschaftsministeriums (Germany’s Federal Ministry of Economics and Technology – BMWi) advising caution in using the Trusted Computing Platform. This may not be the first cautionary communication by the BMWi as it is not clear whether the paper referenced by the BSI today is the same internal paper issued on the subject in early 2012.
In the second paragraph, BSI denies it has issued any warning to private or public sector users, though this announcement doesn’t deny a warning might be warranted since government agencies are warning each other internally.
The third paragraph says that the Win 8 TCP (using Trusted Platform Module TPM 2.0) might offer improved security for some groups, though transparency should be offered by the manufacturer.
But the kicker is the fourth paragraph:
“From the BSI’s perspective, the use of Windows 8 combined with TPM 2.0 is accompanied by a loss of control over the operating system and the hardware used. As a result, new risks arise for the user, especially for the federal government and for those providing critical infrastructure. In particular, on hardware running Windows 8 that employs TPM 2.0, unintentional errors of hardware or the operating system, but also errors made by the owner of the IT system, could create conditions that prevent further operation of the system. This can even lead to both the operating system and the hardware employed becoming permanently unusable. Such a situation would not be acceptable for either the federal authorities or for other users. In addition, the newly-established mechanisms can also be used for sabotage by third parties. These risks must to be addressed.”
“Loss of control over the operating system” isn’t a minor trifle. This suggests that any and all computers with this “feature” could go rogue and operate in contravention to the owners’ instructions, at the direction of some unseen entity on a network or by injection of an application through thumb drive, disk drive, CD, etc.
This also suggests that a Win 8 system using TPM 2.0 might well reject any attempts to use an alternative operating system — a so-called “secure boot” might cut off any application other than Win 8. For all intents and purposes, a machine with Win 8 and TPM 2.0 will operate to Microsoft’s orders and to the orders of whomever is ordering Microsoft these days. It’s not out of the question that Win 8 systems lacking valid TPM 2.0 might be prevented from accessing the internet or any other network.
Which begs the question: if Windows 8 and TPM 2.0 are installed, whose computer is it? Continue reading
The New York Times headline for its story summarizing Barack Obama’s statement yesterday on the violence in Egypt parrots the administration’s hapless plea that Obama has few options in dealing with Egypt: “His Options Few, Obama Rebukes Egypt’s Leaders“. Obama’s grand statement delivered the stinging blow of canceling joint military exercises with the Egyptians. We also are reminded later in the article that the US has delayed delivery of four F-16 fighter jets without also being informed that this delay was announced prior to the massacre of Egyptian civilians.
In his statement, Obama never addressed the huge piece of leverage that the US does have in relation to Egypt. The roughly $1.5 billion in US aid that flows to Egypt each year is primarily for the military and supports about a third of the military’s budget. The article in the Times goes to great lengths to explain to us just why Obama can’t cut off this aid. We are told first that if we cut off aid, “Saudi Arabia, Kuwait and the United Arab Emirates” will rush into the void to provide the missing funding And if that isn’t scary enough, we are told a couple of paragraphs later that cutting off the aid would open the door for Russia and China to step in.
With the death toll from the crackdown now above 600 and likely to go much higer, and with grisly videos surfacing of civilians being gunned down in cold blood by the military, we see a quote from the standard anonymous “senior official” who says “There’s a basic threshold where we can’t give a tacit endorsement to them.”
Just wow. The Egyptian military has staged a coup in which they have removed a democratically elected (although dysfunctional and failed) government and massacred over 600 of its citizens in cold blood. None of that rises to the level of the “threshold where we can’t give a tacit endorsement to them”? What on earth do they have to do to get the US to cut them off?
One answer to that question is in the next paragraph:
And it could destabilize the region, particularly the security of Israel, whose 1979 peace treaty with Egypt is predicated on the aid.
It would appear that Egypt can kill all of its own civilians it wants with the weapons and money we provide as long as they don’t also kill any Israelis.
But there is another insidious tie in the US aid to Egypt. US defense contractors are making tons of money off of it. From a Bloomberg piece describing US support of the Egyptian military two years ago at the beginning of the uprising against Mubarak: Continue reading
Yesterday saw a number of developments in the ongoing story of the emerging H7N9 virus in the Shanghai region of China, as the virus was identified in pigeons being sold at a meat market and the culling of all poultry at that market was initiated. One close associate of an infected person still is being monitored in isolation after developing possible symptoms of the virus and might turn out to be the first case of person to person transfer of the virus. Meanwhile, the CDC already has started work in the US that could lead to a vaccine.
As I pointed out yesterday, key questions to be addressed in understanding how dangerous this virus will be revolve around the issue of how the virus jumps from one host to another and whether it acquires the ability to transfer from one person to another. Sadly, the most directly relevant research in the US on these questions remains suspended due to a cowardly display of security theater by the National Science Advisory Board for Biosecurity. Back in late 2011, I wrote about this board asking two prominent scientific journals to censor work that had been approved for publication. The work eventually was published, but only after a hiatus of about six months. As I pointed out at that time, the fears expressed by NSABB were then shown to be entirely unfounded.
In their report online today on the latest developments in the H7N9 emergence, CNN provided a link at the bottom of their story to this story they published back in January, with the headline “Bird flu research resumes — but not in U.S.” From that report:
Drama surrounding research on the deadly H5N1 avian flu continues, as 40 scientists urge work on the virus to continue in countries that have established guidelines on the safety and aims of the research. The United States is not among them.
This new correspondence, a letter from researchers published Wednesday in the journals Science and Nature, comes after a “voluntary pause” in the research, which scientists announced in January 2012.
In many countries, those objectives have been achieved, according to the letter, and researchers who have permission from their governments to continue this research should do so.
Ah, but the US never misses out on an opportunity to over-play its hand when it comes to security theater, so the work hasn’t restarted here:
But the United States has been unclear about how long it will be before it issues official guidelines for conditions under which H5N1 transmission research can continue, the letter says. As such, laboratories in the United States and facilities abroad that receive U.S. funding should not proceed with their transmission studies.
Back when the NASBB first proposed to censor the work that had been done, I had this to say (emphasis added):
However, in the case of the bird flu version of influenza virus, the basic flu virus is found worldwide and undergoes rapid changes. The fact that flu virus changes rapidly suggests that, as mentioned in the snippet above from ScienceInsider, a version similar [to] that developed in the controversial experiment could even arise naturally. Those who would suppress publication of details on how Fouchier’s group developed the pathogenic virus would prevent responsible researchers repeating the work in order to develop an effective treatment for the virus. Since the virus could arise naturally, preventing work on a treatment is completely irresponsible.
In the CNN article, we have this from one of the scientists whose work has been put on hold (emphasis added again):
“It’s so easily mutated, so the risk exists in nature already, and not doing the research is really putting us in danger,” Kawaoka said at a press conference Wednesday.
While NSABB was busily subjecting us to needless security theater, nature produced what could be the virus for which scientists were trying to prepare us. They were working with the H5N1 virus to address the very questions of host-jumping and person to person transmission that now lie at the heart of the H7N9 emergence. In the best of all worlds, H7N9 will turn out not spread quickly enough to turn into a deadly pandemic. In that good scenario, H7N9 will serve as a wake-up call to once again free the hands of researchers to carry out work that is vital to understanding deadly bird flu virus outbreaks. The alternative is too terrible to consider. If we see widespread death from H7N9, we will be left to wonder how many of those deaths could have been prevented if this important research had not been suspended.
Help me get over the hump and clue me in on a few things. I’ve been scratching my head wondering about these topics.
Suicide in Singapore — The recent “suicide” of a U.S. electronics engineer in Singapore looks fishy to me. It looked not-right to Financial Times as well; it appears no other domestic news outlet picked up this case for investigative reporting before FT. The deceased, who’d worked for a government research institute on a project related to Chinese telecom equipment company Huawei, is alleged to have hung himself, but two details about this case set off my hinky meter.
• Every photo I’ve seen of engineer Shane Todd depicts a happy chap. Sure, depressed folks can hide their emotions, but comparing a photo of his family after his death to photos of him and you’ll see the difference. My gut tells me that if he was truly depressed, he should have looked more like his folks–flat, withdrawn, low affect. Perhaps meds could have messed with his head more than depression itself. But I’m not a psychologist or a pharmacologist, what do I know?
• Among all the details of the case, it’s said the victim’s face postmortem was white when his body was discovered. This doesn’t strike me as consistent with hanging; there should have been lividity above the ligature. Conveniently, Singapore’s law enforcement cleaned everything up so quickly there was no chance to see the crime scene or the body as found. Law enforcement also snagged the victim’s laptop and all other work-related stored content, save for a hard drive that looked like a speaker. Everything he was working on “disappeared” except for the contents of that drive.
The engineer had been very concerned about technology he was working on and its possible transfer, which included gallium nitride transistors with potential for both commercial and military applications. After poking around for some time on gallium compounds used in various computing, communications and other technology, nothing screams at me as highly sensitive technology that might get someone “suicided.” But…as I went through abstracts, it seems odd there are a substantive number of Chinese researchers working in on GaN-based technologies.
Thought these two points in particular jar my senses, more than just these two points don’t sit well. Read the story at the link above and see for yourself. (Original FT link here.)
What do you make of this case? Suicide or no? Strategic technology or no? Continue reading
The breathless reporting about the alleged Chinese hacking at The New York Times is truly annoying because of the shock it displays. The surprise any major government or private corporate entity shows at this point about any network-based security breach that appears to originate from China should be treated as propaganda, or a display of gross ignorance.
In 1999, the CIA’s Foreign Broadcast Information Service published a white paper entitled Unrestricted Warfare, written by the PRC’s Col. Qiao Liang and Col. Wang Xiansui. The publication outlined the methodologies a nation-state could deploy as part of an asymmetric war. Further, the same work outlined the U.S.’s weaknesses at that time were it to confront such asymmetric warfare. It did not focus any other nation-state, just the U.S.*
The colonels acknowledged that the U.S.—at the time of the paper—had considered using a range of tools in response to conflicts:
“…There’s no getting around the opinions of the Americans when it comes to discussing what means and methods will be used to fight future wars. This is not simply because the U.S. is the latest lord of the mountain in the world. It is more because the opinions of the Americans on this question really are superior compared to the prevailing opinions among the military people of other nations. The Americans have summed up the four main forms that warfighting will take in the future as: 1) Information warfare; 2) Precision warfare [see Endnote 8]; 3) Joint operations [see Endnote 9]; and 4) Military operations other than war (MOOTW) [see Endnote 10]. This last sentence is a mouthful. From this sentence alone we can see the highly imaginative, and yet highly practical, approach of the Americans, and we can also gain a sound understanding of the warfare of the future as seen through the eyes of the Americans. Aside from joint operations, which evolved from traditional cooperative operations and coordinated operations, and even Air- Land operations, the other three of the four forms of warfighting can all be considered products of new military thinking. General Gordon R. Sullivan, the former Chief of Staff of the U.S. Army, maintained that information warfare will be the basic form of warfighting in future warfare. For this reason, he set up the best digitized force in the U.S. military, and in the world. Moreover, he proposed the concept of precision warfare, based on the perception that “there will be an overall swing towards information processing and stealthy long-range attacks as the main foundations of future warfare.” For the Americans, the advent of new, high-tech weaponry, such as precision-guided weapons, the Global Positioning System (GPS), C4I systems and stealth airplanes, will possibly allow soldiers to dispense with the nightmare of attrition warfare. …”
The rise of military tools like drones for precision-guided stealth attacks was predicted; quite honestly, the PRC’s current cyber warfare could be a pointed response to Gen. Sullivan’s statement about information warfare.
But in acknowledging the U.S.’s future use of MOOTW, the colonels also offered up the most likely approaches in an asymmetric assault or response: trade war, financial war, new terror war in contrast to traditional terror war, ecological war. Of these, they cited a specific example of new terror war entity and attacks: Continue reading