Security-Related Re- port #56 Starts on Page 19
Transcription
Security-Related Re- port #56 Starts on Page 19
ISSN 1061-5725 Volume 32, No. 7 July2014 www.ucs.org UI Project—Article 3: UI Cash and Fiduciary Reporting : Pages 22 to 26 Security-Related Report #56 Back to the Future Part 3 Starts On Page 5 Product Review Microsoft Surface Pro 3 Laptop/Tablet Starts on Page 19 LET US ALL GIVE THANKS THIS DAY FOR OUR FREEDOM - PAID FOR IN THE BLOOD OF OUR PAST AND SERVING SERVICEMEN AND WOMEN! Page 2 UTAH COMPUTER SOCIETY—BLUE CHIPS MAGAZINE June 2014, I visited several sites dealing with the growth of the USA. Especially I learned more of the Discovery Corps, also known as the Lewis & Clark expedition. Between May 1804 and September 1806, 31 men, one woman, and a baby traveled more than 2,000 miles from the plains of the Mississippi River to the shores of the Pacific Ocean. They called themselves the Corps of Discovery. Their goal was to find a water route to the Pacific Ocean. They drafted maps, collected samples, and documented their experiences in a major core of the newly acquired Louisiana Purchase. From their efforts came the famous Oregon Trail. The maps drawn covering their 2,000+ mile journey compared to modern technology were off in scale by about 40 miles! John C. Frémont about 35 year later, armed with the Discovery Corp maps, and knowledge from the fur trapper/traders, lead 3 expeditions which documented the South Pass (Wyoming) connection to the Oregon Trail, the north passage over the Great Salt Lake and the trail through the Sierras to California. This information now opened the West to the young USA for expansion, and began the migration west. Discovery in the late 1840's of gold in California, lead to the rush of people seeking wealth and new homes. Those explorers made it possible for many hundreds of thousands to move to new hopes, lives, and homes. This was where a few lead the greater numbers to the future! So to those early peoples, with little information and mostly primitive resources, we who live now offer thanks for the nation that arose. This brings to mind the fact that during the 1970's there were a few individuals who had a dream of creating the personal computer. The PC was to be something different from what existed then. Large July 2014 computers with multiple input output devices were expensive and required space and large teams of people to design, create, program, and operate. Unlike the unfulfilled dream of the 1700's and 1800's to find a water passage way through to the Pacific Ocean; the PC explorers were not dreaming of a non-existent passage, but realities to be invented or developed, then marketed and consumerized. Some names to be remembered include: Steve Jobs (Apple); Philippe Kahn (Borland); Bill Gates (Microsoft); Linus Torvalds (Linux open-source); Edward Feigenbaum (Artificial Intelligence); Edward J. McCluskey (algorithm for logic synthesis); Robert W. Bemer (variant character sets); Vernon L. Schatz & Barney Oldfield (EFT & banking system applications); Robert E. Kahn (TCP/IP protocols); Thomas E. Kurtz, Nicklaus E. Wirth, John G. Kemeny, John McCarthy, & Alan Perlis (computer languages); Bob O. Evans & Ivan Sutherland (compatible computers & graphics); David J. Wheeler (assembly language programming); and Arthur Burks & Jeffrey Chuan Chu (electronic computer logic design). And so many more. http://www.computer.org/portal/web/awards/ pioneer Also, I wish to pay tribute to the many individuals who served over the years to bring personal computing to others. Some of these early 1970's groups still meet - such as some Atari groups. No matter the focus though, it has been the explorer pioneers who made user groups the place to go to have someone help. Eventually, the internet has replaced many functions, such as new products, demonstrations, and recent changes. But the personal hands-on experience remains for many people the real value of the personal computer user group. To all those who have donated freely their time and other resources, I thank you! July 2014 UTAH COMPUTER SOCIETY—BLUE CHIPS MAGAZINE Page 3 a 501(c)(3) Educational corporation Magazine Staff Editor Promoting computer technology via publication and presentations — James Alexander 801-250-2269 Review Editor/ Security & Technology Reporter Assistant Editor — Don Nendell (801) 613-1619 Other Staff: Bob Beaudoin; Permission to Copy Permission is granted to other nonprofit PC user groups to reproduce any article published in this newsletter, provided credit is given Blue Chips Magazine and the author (s) of the reproduced materials. Reprinted articles are subject to the terms of their respective copyright holders. BCM Business James Alexander 801 250-2269 Submissions Contributors are encouraged to submit text articles for publication in ASCII text only. Photos in .TIF or .JPG format only. Line graphics, tables, in almost any vector or .TIF format. Do not imbed graphics or tables in text files. All articles must be received by the 25th of the month preceding the month of publication. All articles become the property of the Utah Computer Society, Inc. and by submitting an article, the author gives permission for the Blue Chips Magazine Staff to edit the submission. The author also gives permission for republication in other users groups’ communications. Reader comments are appreciated, but the editorial staff reserve the right to assure the publication is constructive and educational to our readers. Pig Sig Summer Picnic When: Wed Jul 9, 2014 6:30pm – 8:30pm MST Contact Bob Beaudoin at: http://ucs.org/rsvp.php DEAR ABBY: At 2 p.m., July Fourth, I would love nothing better than for all Americans to stop briefly and give our country a ring ... well, THREE rings to be exact. On July 4, 1963, President John F. Kennedy proclaimed the ringing of bells nationwide with the words, "Let's ring freedom bells!" I was a White House aide then, and I vividly recall how exciting it was when bells rang across the nation coast to coast. Since then, many Americans have forgotten to keep the tradition going. From one American to another, I ask all citizens to help me revive the ringing of bells at 2 p.m. this July Fourth in celebration of the adoption of the Declaration of Independence. It's easy. Ring a bell, shake your keys, tap a glass or find a bellringing app on your smartphone. It will give our country a much-needed sense of unity and connection to our past as one nation, one people. Please, Abby, make your millions of readers aware of this effort. As inscribed on the Liberty Bell, "Let us proclaim liberty throughout the land unto all the inhabitants thereof." -- CARMELLA LASPADA, FOUNDER, NO GREATER LOVE DEAR CARMELLA: I'm glad to help. I agree that shared traditions are the glue that binds us together as a nation. So readers, on July Fourth, take a moment to quietly reflect on what this holiday is all about. Then make a joyful noise and thank God for his blessings on our country and the freedoms we enjoy today. That's the American spirit! - http://www.uexpress.com/dearabby/2014/6/30/let-freedom-ring-from-coast-to Page 44 Page UTAH COMPUTER SOCIETY—BLUE CHIPS MAGAZINE July2013 2014 December UTAH COMPUTER SOCIETY—BLUE CHIPS MAGAZINE Back to the Future! Part 3 It’s Time to Talk Again About Individual Security, But First, These Words... Security-Related Report #56 Oh Say Can You See? I Can, and So Will You! By Don Nendell Three score and 3 years ago our Blue Chip forefathers brought forth this award winning Blue Chip Magazine. Today as I write this (06-25-14) we embark on yet another epic journey into unchartered, turbulent waters, mostly unknown to our beloved Country - the Land of the Free, Home of the Brave. An historic moment for a relatively inauspicious publication, but then, we do this for love - love of country, love of community, and love of computer literacy, but not necessarily in that order. Donald Nendell, Assistant Editor Dear Reader, “If you are reading this in a non-PDF format, you are missing a large part of the whole Report/Review 1 & 2. You should, therefore, stop reading and immediately follow the steps outlined in the Footnotes 1 & 2 below. Which BTW are: 1. If you are reading this Report/Review from directly off of an Internet search, you could very well be seeing it in HTML (or Text) format. Yuk! There are No Graphics in those two (2) formats! To see all the beautiful Graphics in this Report/ Review - the ones that we’ve worked so very hard to entertain you with - you will need to follow the procedures outlined in 2 below. Enjoy! Again, our web page is: (www.ucs.org). 2. See the actual Reports/Reviews in the Blue Chips Magazine (BCM) Archives (i.e., begin your search on the lefthand side of the web page) at: www.ucs.org. Note. Always choose the top option, i.e., PDF format for its beauty. First things first: As per usual, this Report is lovingly dedicated to my beloved wife of over 27 ½ years, Donna, my one and only, my Super-hero, Superstar, Confidante and Everything, who passed away over 18 months ago on 10/16/12! So sad… RIP My Beautiful Lover and - As she was Then, and so she is Now, “A Sequestered Heavenly Angel...” 3. It’s really been working and I am going to continue presenting the News and Views to you in an entirely different format than I’ve used in these past 16-17 years I’ve been doing these Reviews/Security-Related Reports for you. Once again I will list the URL’s and Titles of all of the articles/topics/videos I’ve researched for this S-R, and then some, whether I’ve actually used them in this Report, or not, that I had intended to present to you herein this month. Caveat. As in the past few months it’s just a “Wee” bit different again this month, however. Most URL’s are now embedded inside the article they support. Otherwise, the remainder of the URL’s, just like we’ve previously been doing will appear as Footnotes 5 (i.e., URL) or 6 (i.e., Video) and each will be designated #X), where X is the order in which it appears in the actual Footnote 5 or 6, respectively. In this way you can (cherry) pick them to your heart’s content. Here’s how: Place your curser on the actual colored URL in the article and while holding the CTRL button, left mouse click, and viola (or, as is necessary in some cases, alternatively highlighting it, i.e., between the parentheses, copying it and pasting it in your Browser Search Window). In this way, you can also choose which one(s) appeal(s) to your sense of urgency, personal and/or security-related interest, and thenceforth follow the same procedure(s) I would go through (i.e., if you so desire?) so as to bring it/them to life, and thus sh[r]ed (pun intended) greater illumination on the subject for you as it appears here in this BCM. So, sit back, relax and enjoy! BUT ALSO PLEASE BE ADVISED THIS PARTICULAR DIATRIBE STARTED 28 ISSUES BACK AND IT BEGAN WITH A HUGE , HUGE BANG! Cliff Millward—1933-2013 We also dedicate this Report to our beloved, longtime friend, associate, former military comrade, and coincidently enough, the former Editor of BCM, Clifford “Cliff” Millward (1933-2013). Cliff, we’ve all picked up the gauntlet and carried on your masterful work in your name, especially James Alexander, our new editor, myself, and Bob Beaudoin, our SYSOP. RIP Cliff! * * PS. ID THEFT, TOO! July 2014 UTAH COMPUTER SOCIETY—BLUE CHIPS MAGAZINE Page 5 What a Difficult Month This Has Been for Yours Truly Prelude Way back in May - it seems more like a year it was merely a HUGE piñata 32 full of e-mails that was troubling me. That was a piece of cake compared to what I’ve been faced with this month 4. Note. You really ought to see what that Footnote stands for, folks? I’ve re-earned my stripes, or badge, or medal, whatever they give now-a-days, and then some, just getting this far in the Magazine - and we’re not even started yet… Not being sacrilegious, or anything, far from it, I’ve never been more serious Please say a prayer for me, folks I’m really going to need it this time. OK? Introduction Have a happy 4th of July everyone, before I forget; as I’m really out here in the cold and I’m standing, the sign says, right between a “Rock and a Hard Place” just about now and, and, OMG I just looked over my shoulder and saw the “Danger Quicksand” sign? Well, that pretty well tells it like it is for me right about now… Maybe I had better explain myself and how I got to this point of seemingly, “No Return?” The Straight Scoop from Group Have you ever had a day (and/or even days?) where it felt like they were described perfectly in the first sentence of the novel, "1984" by George Orwell? You know, those kinds of days that described your life at that moment to a "T," the kind like, "There's 'trouble' in River City... and that starts with a capital "T?" For your edification, 1984 starts out, "It was a bright cold day in April, and the clocks were striking 13." At this minute I feel exactly like what Steven Wright, a comedian who specializes in deadpan delivery, once said. "Right now I'm having amnesia and Deja vu at the same time." I'm so frustrated if you stepped on my toe I'd honk. Actually I'd cry, because I stubbed my big toe a couple of days ago and "completely yanked off" my acrylic nail - I've got diabetes and lost both big toenails; each replaced with acrylic nails, you see? Wait, there's lots more, believe you me. I've lost so many hard drives (HD’s, both internal and external, plus USB Flash Drives) recently that they probably have a special place reserved just for my “Stuff” at the city dump? One of them, just for good measure, couldn't even be "found in the Fry's computer system data base," too; and I bought it there? It's so bad truthfully I don't even know where to start. I'll just have to ramble on as per usual, I guess? Remember my by-line is HIAWC? 4 Now it's plural, no longer singular. An example, right this minute, is that I just lost the HD I was saving this to, God’s witness, and have to use a USB Flash Drive as an emergency backup for the time being until I figure out what just happened to me? It just up and disappeared exactly like all the rest have been doing the past few months or so... Then, too, another external HD just popped up out of nowhere, and it hadn't been working for the past few days? I guess I hadn't shut it off, or something and it finally decided it wanted back in the game (someone is playing, BTW)? Shucks, even my cable TV in the front room, while listening to Pandora Radio, is stuttering like it's freezing down here in Vegas, or something? The craziest thing(s) is/are going on around here right now and they're getting worse by the day it seems? It's just a coincidence, I suppose? (Not!) that at this moment I'm doing research on the NSA for this month's article, again, I suppose? Ever since 1995 they have been watching me like a hawk because of my IT (see below), as a “Person of interest,” and just recently they've gotten a little bolder in their antics. Page 6 UTAH COMPUTER SOCIETY—BLUE CHIPS MAGAZINE July 2014 What a Difficult Month This Has Been, But Onward & Upward (Wow! The Pandora Radio just stuttered like a machine gun just as I was writing this - how's that for coincidence? Not!) I'll leave that one for a later date... How about this? I'm having to run between my office and Donna's office and using at least three (3) different PC's and two (2) different printers just to get this magazine to you this month. I'd say it was fun, but it's certainly been an awful lot more antagonistic now than the past 4-6 months have been, I can assure you of that. It seems to be getting worse, too? For instance, I have taken three (3) desktop PC's to the repair shop and had each and every one of them completely restored in the past 6 months, and now it looks like I may have another one to fight, too? The funny thing is, I initially take them to the computer shop and there they have worked perfectly; but strangely enough, not here in this house? Then, for no reason, they and USB Flash Drives (UFB's) just up and die on me on a moment’s notice. Strange, to say the least, I think you'd certainly have to agree? Here's what's more strange. I have been backing up my HD's with Acronis True Image religiously and amazingly I can't get a single one of those backups to work? Not a single one? That's why I have to take them all to the shop, you see? Here's what is even funnier, I've never, not ever in 30 years of computing even, been able to restore a single file from one of my backups (See graphic for the latest episode). I simply have to take a break right now - got to get some sleep once in a while - and truth be known, I'm actually afraid to turn this PC I'm working on right now off because: 1) It's Saturday night (actually Sunday morning and it's 2:00 A.M.); 2) It gave me a Black Screen of Death (3X yesterday) WITH ONLY A CURSOR BLINKING AND STARRING (maybe even LAUGHING?) OUT AT ME; and 3) I need to have the house exorcised real soon, Ya think? Time Out! Argh! I was so out of it that I accidently shut the stupid thing off without even thinking. Luckily it only took about a half hour, or so, but then who’s counting, to re-boot in the morning, but it certainly was touch and go there for a little while. Whew! FYI I had to locate and then transfer the data from a whole host of External HD's and UFB's and bring them together just to get this far. I don't know what to say or think it's so confusing right now? Oh well, Rome wasn't built in a day and neither can this Magazine be put together in a day either... So onward we slog. Prayers are greatly appreciated about now? July 2014 UTAH COMPUTER SOCIETY—BLUE CHIPS MAGAZINE Page 7 Back to the Future, Part 3 (Déjà vu All Over Again!) Déjà vu All Over Again! Every month, month in and month out, I collect a pile of newspaper clippings to sort through and pick out which only a choice few are worthy enough of being included in that particular month's BCM. Those piles are invariably 1-4" thick, believe it or not? Every single item I save is truly worthy, but limited magazine space and time dictate that only the Hallmark ones, where we care enough to send the very best to you, make it to these pages. What does all this mean? It means that things have generally not changed in the 17 years I've been doing these Reports and /Reviews. It's always, "Deja vu all over again" as Yogi Berra would say. If anything has changed, and they certainly have, then it's only been for the worse, and it's been all downhill ever since I heard a top DOD representative boldly proclaim in a Keynote speech to the Black Hat 2000 audience: "The hackers have won!" I've been attending Def Con's and Black Hat's for over 15 years now and writing all about it, and I can't do anything but to agree wholeheartedly. This month, at the end of the month, is Black Hat USA 2014, followed immediately thereafter by Def Con 22 (2014), is definitely no different - you'd expect anything less (See below)? For example: (Update) The closest "thing" to warning us "The Big One is Coming," so far (See also Gen. Alexander's 16 Update below): "Right now, Web attackers are amassing a global arsenal of knowledge and resources that is allowing them to expanding (sic) their reach well beyond financial services to virtually every industry, everywhere. Fueled by a fast-growing, well-organized threat marketplace, offering exorbitant salaries (and even employee benefits) to a critical but limited talent pool, attackers have created a powerful threat ecosystem with global reach and visibility." - Anna Jurgowski, SC Magazine vendor webcasts (Then extrapolate "The Big One is Coming," to Cyber warfare ala Bruce Schneier 15 (CTO, Co3 Systems, Inc. schneier@schneier.com, http://www.schneier.com) as he discusses in his latest CRYPTO-GRAM, June 15, 2014an article entitled: Disclosing vs. Hoarding Vulnerabilities (a critical must read at: (http://www.theatlantic.com/ technology/archive/2014/05/should-hackers-fixcybersecurity-holes-or-exploit-them/371197/ or http:// tinyurl.com/plv9gdf). While you're there continue on reading with his article: The NSA is Not Made of Magic at: (http:// www.schneier.com/crypto-gram-1406.html) A "potpourri" of Security-Related News Worth Noting Chinese Android phone has built-in spyware by Danielle Walker, Reporter, SC Magazine, June 18, 2014. A low-cost version of the Samsung Galaxy S4 smartphone, called the Star N9500, may have saved consumers a few bucks – but didn't spare them of malware, which came built in the phone. On Monday, a security firm in Germany, G Data, revealed Page 8 UTAH COMPUTER SOCIETY—BLUE CHIPS MAGAZINE July 2014 Back to the Future, Part 3 (Déjà vu All Over Again!) that the Android phone, which was manufactured in China, contained a Trojan called, “Uupay.D.” To the unsuspecting user, the data-stealing malware looks like a Google Play Store app. According to G Data, users can not uninstall the malicious app, as it is “integrated into the firmware of the device,” a company blog post said. Worse yet, the phone is reportedly sold through popular online retailers, like Amazon and eBay. Among the data vulnerable to the spyware are emails, text messages and banking details stored or inputted by mobile users. In addition, phone conversations could also be picked up by the “extensive espionage program,” G Data warned (Source: http://www.scmagazine.com/chinese-android-phone-hasbuilt-in-spyware/article/356493/?DCMP=EMCSCUS_Newswire&spMailingID=8845271&spUserID=MjI5 OTI4MjMxMAS2&spJobID=321612585&spReportId=MzIx NjEyNTg1S0). Comment: And to think I was about to buy one, yes, the same Samsung Galaxy S4 smartphone, upon a salesperson's recommendation, not three (3) days ago at Fry's. FYI I had to throw away mine and Donna's cute "little" Kiu tablets, the same ones we got a couple of years ago from the club, because their batteries wouldn't hold a charge (Did you know that those batteries cost virtually as much as a brand new Android tablet?) - So sadly they simply had to go... The reason I needed a new tablet is because my very first licensee has a "new" Beta release out and I needed to test it out for him ASAP. BTW it's going to be a barnburner, you can count on it. More on that in the next couple of months. Get this: A strange coincidence occurred at Fry's during the purchase of my new Lenovo 10" tablet (w/ detachable keyboard) - a real beauty BTW. As I walked by the Microsoft representative in the store at the time demonstrating the brand new Microsoft 12" Surface Pro 3 laptop/tablet with Windows 8.1 installed, I stopped to listen to his spiel. They both were really great, i.e., the salesman and the new shinny PC. I thought that if my new licensee had a Windows version of the new APP I was Beta testing, I certainly would have bought one of those little beauties to test it on. It was priced quite nice. I then got the really brilliant idea of writing a Review on it somehow, someway, come hook or crook? Long story, short story, I've actually talked that "neat" representative, whose name BTW is, Kerry Lehto, a 20+ year Microsoft rep, into sending me enough material/ data to actually do that Review for you this month; "hot diggity dog," as Jedd Clappitt would say 8 (See page 19 for that Review). Back to the Future, i.e., news of the month. SMBs continue to use XP, face greater security risk by Teri Robinson, Associate Editor, SC Magazine, June 18, 2014. Microsoft may have ended support for Windows XP in April, but 18 percent of small and medium-sized businesses (SMBs) still use the operating system and face security risks, according to research from antivirus software provider Bitdefender. After conducting research from March to May 2014 on 5,000 companies in the U.K., the U.S., Spain, Germany and other countries, Bitdefender found 53 percent of the companies had upgraded to Windows 7 Professional. But with malware on the rise - one web marketing business reviewed had to fend off more than 800 million malware attacks - and more employees working remotely - 37 percent SMBs using XP are at risk. Microsoft no longer offers new security updates, non-security hotfixes, free or paid assisted support options or online technical content updates for XP, though the company did recently release an unscheduled zero-day patch for Internet Explorer that benefited the operating system (Source: http://www.scmagazine.com/smbscontinue-to-use-xp-face-greater-security-risk/article/356357/? DCMP=EMCSCUS_Newswire&spMailingID=8845271&spUserID=MjI5OTI 4MjMxMAS2&spJobID=321612585&spReportId=MzIxNjEyNT g1S0). Comment. That may well be, but my XP has just saved my bacon, folks. I’m to this point in this Report all because it worked, and the two (2) Win 7 Pro PC’s were/ still are all framused up (See above). BTW Walk a mile in my moccasins and then we a\l can converse on equal terms. Until then, you’re just going to have to take my word for this debacle I’m fighting through, as we speak. And, don’t forget, we’re not out of the woods, yet? BALS July 2014 UTAH COMPUTER SOCIETY—BLUE CHIPS MAGAZINE Page 9 Back to the Future, Part 3 (Déjà vu All Over Again!) (Update) New Zbot malware campaign discovered by researchers by Marcos Colón, Online Editor, SC Magazine, June 18, 2014, A new malware campaign spreading the Zeus Trojan via phishing messages was discovered by researchers early Wednesday. AppRiver, an email messaging and web security solutions firm, told SCMagazine.com on Wednesday that it had quarantined 400,000 messages so far – a number that had jumped up from 40,000 just earlier in the day. The malicious emails claim to be daily customer statements from “Berkeley Futures Limited,” a real company being imitated by miscreants, according to a blog post by Jonathan French, security analyst at AppRiver. Each message includes a password protected, encrypted ZIP file that helps the attachment get past anti-virus detection, and also may lead users into thinking the message is secure. However, the password is included in the body of the email, something that Fred Touchette, senior security analyst at AppRiver, believes should serve as a warning to recipients.... Considered one of the most prevalent Trojans in the threat landscape, the many variants of Zeus utilize key loggers and other features to tinker with a machine's security settings and monitor what a user types into their machine.... Although the tactics in this campaign aren't entirely new, Touchette warns users to pay attention to the contents of the email, especially if an attachment is password protected and includes the password within the email (Source: http:// www.scmagazine.com/new-zbot-malware-campaigndiscovered-by-researchers/article/356485/?DCMP=EMCSCUS_Newswire&spMailingID=8845271&spUserID=MjI5 OTI4MjMxMAS2&spJobID=321612585&spReportId=MzIx NjEyNTg1S0). (Update) Re. My Criticism of Gen. Alexander's 16 Lies in Black Hat 2013 Keynote, et al. (See my article about his lies in the September 2013 BCM 1,2 & 13, plus see also my Comment below). OKI, let’s see what he's up to now because he is undoubtedly the most knowledgeable security man in the universe right about now? Alexander: Cyber Security Pros Face Uphill Battle: Former NSA chief says rapid growth of data, malware will challenge security teams in coming years by Tim Wilson, Dark Reading, June 26, 2014. WASHINGTON -- Gartner Security & Risk Management Summit 2014 -- Former National Security Agency Director Keith Alexander says security professionals have their work cut out for them in the days ahead. Shedding his customary uniform for an everyday suit and tie, the former general -- who retired last month and is now hanging out a shingle as a security consultant -- offered a wide range of views in a keynote presentation here. The gist: Data and malware are growing at rates so fast that it will be difficult for any security organization to keep up. "In the coming year, it's estimated that we will create approximately 3.5 zetabytes of unique data -- that's more information than humans have produced in the last 5,000 years combined," Alexander said. "New technology is doubling every year. The top ten most in-demand jobs in 2013 were all jobs that didn't exist in 2004. "So what we're doing right now is preparing students for jobs that don't yet exist, using technology that hasn't yet been invented, and facing problems that we don't know about yet. It's a huge challenge," he said. At the same time, malware is growing at a corresponding rate, the former NSA director said. He recalled a recent partnership between the NSA and the Department of Defense in which the organizations uncovered 1,500 pieces of malware on US secret networks. "What causes me the greatest concern is what might happen if our nation was hit by a destructive cyber-attack," Alexander said, noting that most of the country's critical networks are operated by private industry. "If [a destructive attack] hit one of our Wall Street banks, the monetary damage could be in the trillions of dollars. We're not ready." He called for more cooperation across agencies, and across government and private industry. Not surprisingly, Alexander also condemned recent "media leaks" -- he never mentioned Edward Snowden by name -- and said that they have contributed to recent physical attacks and an increase in deaths in places such as Iraq and Afghanistan. "The situation isn't getting better, it's getting worse," he said. Even less surprisingly, Alexander defended the actions of the NSA in its intelligence-gathering and surveillance activities. He pointed to three recent investigations - including one headed by ACLU investigator Jeff Stone - which all indicate that the NSA is acting according to law. "The NSA is not authorized to do something without a court order describing how to do it," Alexander said. "If you have a problem with what the NSA is doing, it's probably not with the NSA itself, but with what they've been asked to do." [My emphasis] My Comment: "He was a soldier then and did what he was ordered to do... He could say nothing less, or nothing more for that matter!" However, nothing’s changed, or so it would seem? But then, how can he actually? ;-}] Page 10 UTAH COMPUTER SOCIETY—BLUE CHIPS MAGAZINE July 2014 Back to the Future, Part 3 (Déjà vu All Over Again!) Google, Facebook Warn NSA Bill Wouldn't Stop Mass Surveillance: Several powerful tech companies join a chorus of privacy groups withdrawing support for the USA Freedom Act which the House will vote on Thursday by Dustin Volz, NationalJournal, May 21, 2014. A day before the House will vote on a major bill designed to rein in government surveillance, a group of blue-chip tech firms are warning that the measure falls far short of what is advertised. The Reform Government Surveillance coalition - whose members include Google, Facebook, Microsoft, AOL, Apple, Twitter, LinkedIn, DropBox, and Yahoo - issued a statement Wednesday announcing it was pulling its support of the USA Freedom Act. The legislation would take the storage of phone records out of government hands and keep them with phone companies. But newly amended language in the bill has "moved in the wrong direction" of true surveillance reforms, the tech companies said. "The latest draft opens up an unacceptable loophole that could enable the bulk collection of Internet users' data," the coalition said. "While it makes important progress, we cannot support this bill as currently drafted and urge Congress to close this loophole to ensure meaningful reform." (Source: http://www.nationaljournal.com/tech/google-facebookwarn-nsa-bill-wouldn-t-stop-mass-surveillance-20140521). Comment. This would have been the most important piece of news for us in a very long time [in coming]. However, It’s just a lot of hot air, so far. A Measurement Study of Google Play. A recent scan of the Google Play market (See below) found that Android apps contained thousands of secret authentication keys that could be maliciously used to access private cloud accounts on Amazon or compromise end-user profiles on Facebook, Twitter, and a half-dozen other services. The finding is the result of PlayDrone, a system that uses a variety of hacking techniques to bypass security measures intended to prevent third parties from crawling Google Play. The brainchild of computer scientists at Columbia University, PlayDrone comprehensively indexed Play contents, downloaded more than 1.1 million apps, and decompiled more than 880,000 of them. It is believed to be the first largescale measurement of the sprawling Google marketplace, which offers more than one million apps and has fostered 50 billion app downloads to date. One of the most surprising observations PlayDrone made was that many apps contain secret authentication keys that can compromise accounts belonging to both developers and end users.... Two House Committees approve bill to end mass NSA surveillance by: John Wagley, GSN: Government Security News, May 9, 2014. The House Intelligence Committee approved the USA Freedom Act Thursday, a bill that would put far greater restrictions on how the National Security Agency is able to collect and analyze Americans’ phone records. The approval comes about a year after former NSA contractor Edward Snowden first brought the surveillance program to light. The approval, by voice vote in a closed session, comes just a day after the House Judiciary Committee voted 32-0 in its favor. The Intelligence Committee decided to vote on the USA Freedom Act instead of its own, competing bill, which some said did not go far enough to curtail surveillance activities. (Source: http://www.gsnmagazine.com/article/41150/ two_house_committees_approve_bill_end_mass_nsa_sur). The Columbia University researchers' academic paper released this week focused on apps found in Google Play during a single day in June 2013. Given the response from Amazon and other affected services, it's likely that most or all of that improperly embedded information has been removed. But it's also possible that additional secret keys have subsequently been put into apps that have been published or updated since the 2013 snapshot was taken. PlayDrone uncovered other interesting facts about Google Play. For instance, a small percentage of free apps account for almost all downloads. The crawler also found that a quarter of Google Play contains "duplicative application content." Now that the research has become public knowledge, it will be worth watching to see if Google Play will include changes that prevent it from being crawled by PlayDrone or similar engines (Source: http://www.cs.columbia.edu/~nieh/pubs/ sigmetrics2014_playdrone.pdf). July 2014 UTAH COMPUTER SOCIETY—BLUE CHIPS MAGAZINE Page 11 Back to the Future, Part 3 (Pretty Near Déjà vu All Over Again!) NOTEWORTHY NOTEWORTHY THIS COULD BE CLOSE TO #1 IN REALITY Page 12 UTAH COMPUTER SOCIETY—BLUE CHIPS MAGAZINE July 2014 Back to Our Back to the Future, Part 3 (Déjà vu All Over Again!) ago this month, Americans learned that their government was engaged in secret dragnet surveillance, which contradicted years of assurances to the contrary from senior government officials and intelligence leaders. On this anniversary, it is more important than ever to let Congress and the administration know that Americans will reject half-measures that could still allow the government to collect millions of Americans' records without any individual suspicion or evidence of wrongdoing. A Couple More “Things” Before Signing Off 1. Unsafe cookies leave WordPress accounts open to hijacking, 2-factor bypass. Ars Technica. "Memo to anyone who logs in to a WordPress-hosted blog from a public Wi-Fi connection or other unsecured network: It's trivial for the script kiddie a few tables down to hijack your site even if it's protected by two-factor authentication. Yan Zhu, a staff technologist at the Electronic Frontier Foundation, came to that determination after noticing that WordPress servers send a key browser cookie in plain text, rather than encrypting it, as long mandated by widely accepted security practices." (Source: http:// arstechnica.com/security/2014/05/unsafe-cookies-leavewordpress-accounts-open-to-hijacking-2-factor-bypass/). 2. 1-Year After a "Landmark" Security Event (Sorry, No Wringer This Time, It's Not the Big One, yet). Give Snowden his due: He made a surveillance debate possible by Michael McGough, LA Times, July 31, 2014. They call it the “Snowden effect.” Whatever you think of fugitive former National Security Agency consultant Edward J. Snowden - hero, traitor, something in between his revelations about electronic surveillance programs have inspired a debate about broad questions of policy that was impossible because of the secrecy that enshrouded the programs themselves and their legal rationale. And that debate in turn has prompted defenders of the program to acknowledge that it can be reformed (See below) (http://www.latimes.com/opinion/opinion-la/la-olnsa-leaks-snowden-20130731-story.html). 3. LA Times Op-Ed Ron Wyden, Mark Udall and Rand Paul: How to end the NSA dragnet by Ron Wyden, Mark Udall and Rand Paul, LA Times, June 16, 2014. A year It is time to end the dragnet - and to affirm that we can keep our nation secure without trampling on and abandoning Americans' constitutional rights. For years, in both statements to the public and open testimony before the House and Senate, senior government officials claimed that domestic surveillance was narrow in focus and limited in scope. But in June 2013, Americans learned through leaked classified documents that these claims bore little resemblance to reality. In fact, the NSA has been relying on a secret interpretation of the USA Patriot Act to vacuum up the phone records of millions of law-abiding citizens. Under a separate program, intelligence agencies are using a loophole in the law to read some Americans' emails without ever getting a warrant. Dragnet surveillance was approved by a secret court that normally hears only the government's side of major cases. It had been debated only in a few secret congressional committee hearings, and many members of Congress were entirely unaware (of) it. When laws like the Patriot Act were reauthorized, a vocal minority of senators and representatives - including the three of us - objected, but the secrecy surrounding these programs made it difficult to mobilize public support. And yet, it was inevitable that mass surveillance and warrantless searches would eventually be exposed. When the plain text of the law differs so dramatically from how it is interpreted and applied, in effect creating a body of secret law, it simply isn't sustainable. So when the programs' existence became public last summer, huge numbers of Americans were justifiably stunned and angry at how they had been misled and by the degree to which their privacy rights had been routinely violated. Inflated claims about the program's value have burst under public scrutiny, and there is now a groundswell of public support for reform. Benjamin Franklin once warned that a society that trades essential liberties for short-term security risks losing both. That is still true today, and even the staunchest defenders of mass surveillance concede that reforms are inevitable. The debate over exactly what reforms should be made is likely to continue for at least the next few years as Americans continue to learn about the scale of ongoing government surveillance activities (Source: http://www.latimes.com/opinion/op-ed/la-oe -wyden-nsa-surveillance-20140617-story.html). July 2014 UTAH COMPUTER SOCIETY—BLUE CHIPS MAGAZINE Page 13 Back to the Future, Part 3 (Pretty Near Déjà vu All Over Again!) And in Conclusion While doing my daily ritual of "hanging upside down" on my Relax-theBack inversion table I had time to ponder (I do this invariably day-in-dayout 24/7/365) - on this occasion - the question of "Why Edward Snowden wasn't eliminated by Black Ops teams before he got to ~" (fill in the blank for yourself here)? Or, more specifically, "How did he ever make it to Russia, of all places?" Caveat. I'm not a conspiracy theorist, but I've begun to study (and document) all the "incredibly strange happenings" in and around my life since I discovered in 1995 (and patented) the answer to the 4000 year-old problem of Secret Key Exchange. That's a long time and an awful lot of unanswered questions, believe you me. Remember my byline is "Happiness is a working computer" (HIAWC)? 4 I've always attributed it to my military service, but now... I'M NOT ALTOGETHER TOO SURE ABOUT "ALL THIS STRANGE PHENOMENA ‘STUFF’?" You have to wonder yourself about all these strange things I report to you here in BCM, don't you; and that's not even the tip of the iceberg? True statement. I have only intuited and hinted here in BCM “what I have been feeling, plus all these strange happenings to me" for a very, very long time now (See graphic below for the “best one to date”). Anyway, today after my usual routine, I finally had another "epiphany” and did a Google search on "Black Ops and Edward Snowden?" As a result, a few of the possible answers to my long sought after questions are now starting to come to light. Wow! Talk about an eye opening? I've only been writing about "The Big One Coming" for 29 months now, and some of this kind of fits together after this morning's search, finally. A snippet of what I've uncovered scares me now more than ever. FYI I've told many people that "I'd be the luckiest man alive just to see the light of day each day I wake up!" True. I'm not making any claims or suppositions, or anything, all this merely follows all the strange phenomena that happens to me personally day in and day out. Also, a potential, albeit strange, but aren't we talking strange here, answer to "Why Me, Lord?” Why do all these computer problems happen “SEEMINGLY” only to me?" "What is going on in my life that has exacerbated all this, and is growing daily, plus it is also, strangely enough, transferred onto the preponderance of all of my close friends/acquaintances/contacts?" They, too, have reported to me strange things are happening to them now, as well? Now, go back and look at just a few of my trials and tribulations I've shared with you here in past BCM’s, and when put together, you might scratch your head, too? "Am I loony and the only one this sort of nonsense is happening to?" Again, "Why Me, Lord?" Take for instance the "Huge catastrophic" troubles I've been having and sharing with you this month alone: 1) The sudden "catastrophic loss" of a "complete partition of 'critical' SR material" - yet leaving the adjoining "relatively harmless" partition on the external HD completely unharmed - just this month alone (See above)?; 2) The sudden, unexpected "Blue screen of death" on Donna's "slowly dying" desktop, only to return to life a few days later, for no apparent reason? BTW I'm writing this on her PC right now, how 'bout them apples?; 3) Having to go between three (3) PC's and two (2) printers to get this to you this month alone, all because of these unexplained, sudden problems?; and 4) There's lots, lots more! True story! Now take a look at just one of those findings from my search this morning: "Author of book on Snowden's NSA files reveals his work started to 'self-delete’ before his eyes even as he wrote it. Author Luke Harding claims his work 'self-deleted' in front of his eyes while he was writing on the link between NSA and Silicon Valley. Harding still doesn't know what, or who, was responsible" - Dailymail.com.uk. Then, too, check out: NSA hacks into a Writer's Computer After He Starts Writing Book About the Agency written by James F. Marino. BTW Luke Harding's book is entitled: "The Snowden Files," and has received a number of positive reviews in regard to its accuracy, and can be purchased on Amazon.com (Source: http://911themotherofallblackoperations.blogspot.com/2014/02/ author-writing-book-regarding-edward.html) My Comment. I've had a number of close encounters of this kind, et al., myself, ever since I've been down here in Vegas. If memory serves, same-o, same-o up there in SLC, too? Else, where did “HIAWC”4 come from all these years then, I ask you? Area 51 stuff(?) because it’s worse down here? I sincerely doubt it, but then, who knows? "Only the Shadow Knows?" Go figure? Have a Happy, Safe and Sane 4th of July, plus the rest of your lives, folks! P.S. My humble thanks goes out to Kerry Lehto. Now skip over to page 19 and read Kerry’s wonderful Review of the Microsoft 12” Surface Pro 3 tablet. See ‘Ya at Black Hat USA 2014 & Def Con 22! Ciao! August 7-10, 2014 Page 14 UTAH COMPUTER SOCIETY—BLUE CHIPS MAGAZINE July 2014 Back to the Future, Part 3 (Déjà vu All Over Again!) Footnotes 1 If you are reading this Report/Review from directly off of an Internet search, you are seeing it in HTML (or text) format. Yuk! There’s No Graphics there! To see all the beautiful Graphics in this Report/Review - the ones that we’ve worked so very hard to entertain you with - you will need to follow the procedures outlined in Footnote 2 below. Enjoy! Again, our web page (www.ucs.org).” 17. Chinese Android phone has built-in spyware - SC Magazine 18. Code Spaces shuts down following DDoS extortion, deletion of sensitive data - SC Magazine 19. Creating Temporary Security Credentials for Mobile Apps Using Identity Providers - AWS Security Token Service “See the actual Reports/Reviews in the Blue Chips Magazine (BCM) Archives (i.e., begin search on lefthand side of web page) at (www.ucs.org). 20. Edward Snowden Neither a hero nor a traitor - Los Angeles Times Note. Always choose the top option, i.e., PDF format for its beauty. 22. FAA bars drones near airports Government Security News 2 3 Feature(s) precisely identified as reason(s) for designating this Review/Report as “Security-Related.” In this case, everything. 4 My Hard Earned Byline: Happiness Is A Working Computer (HIAWC). 5 Videos Used, or Not Referenced to, in S-R #56: 1. Netflix Ad Spoofs Amazon's Drone Dreams - IEEE Spectrum_files 6 URL’s Used, or Not Referenced to, in S-R #56: 21. Edward Snowden - WikiSpooks 23. FOX News Shows - The O'Reilly Factor - Do you believe President Obama 24. Getting Started with the AWS SDK for Android - AWS SDK for Android 25. Give Snowden his due He made a surveillance debate possible - Los Angeles Times 26. Google, Facebook Warn NSA Bill Wouldn't Stop Mass Surveillance - NationalJournal.com 1. Advanced Attacks Are The New Norm, Study Says 37. HSI warns parents about online dangers for children Government Security News 2. ALERT - CryptoLocker Has A Competitor That Is Worse CryptoDefense 38. IoT Summit Seeks Balance Between Being Cautious and Not Falling Behind 3. Google Says Those Who Email Gmail Users Have ‘No Legitimate Expectation of Privacy’ TIME.com 29, LinkedIn accounts can easily be taken over if HTTPS is not always enabled by default - SC Magazine 4. NSA Spying Electronic Frontier Foundation 30. More reasons to rein in the NSA - Los Angeles Times 5. Supreme Court won't take on constitutionality of NSA metadata program - SC Magazine 31. Mr. President, put these curbs on the NSA - Los Angeles Times 6. Surveillance is the Business Model of the Internet Bruce Schneier SecurityWeek.Com 32. New Zbot malware campaign discovered by researchers - SC Magazine 7. Worse Than CryptoLocker 33. OAuth - Wikipedia, the free encyclopedia 8. 888poker scraps Suarez endorsement deal iGaming Business 34. PayPal Two-Factor Authentication Broken 9. A 21st century right to privacy - Los Angeles Times 35. Public gets first look at once-secret court order on NSA surveillance - Los Angeles Times 10. A little cough or ummm shouldn’t ruin your video. Make them history with the… 36. Ron Wyden, Mark Udall and Rand Paul How to end the NSA dragnet - Los Angeles Times 11. A too-modest proposal to rein in the NSA's phone records program - Los Angeles Times 37. Secret keys stashed in Google Play apps pose risk to Android users, developers Ars Technica 12, Alexander Cyber Security Pros Face Uphill Battle 38. SMBs continue to use XP, face greater security risk SC Magazine 13. Alexander Cyber Security Pros Face Uphill Battle_2 39. 'Star Wars' museum is coming to Chicago 14. Authenticating Users of AWS Mobile Applications with a Token Vending Machine Articles & Tutorials Amazon Web Services 15. AWS console breach leads to demise of service with “proven” backup plan Ars Technica 16. Black Hat USA 2014 Embedded & Vulnerable 40. Supreme Court's landmark ruling bars warrantless search of cell phones - SC Magazine 41. Survey finds 25% of breaches go undetected for more than 24 hours Government Security News 42. Talk stresses IoT concerns as today's problems - SC Magazine July 2014 UTAH COMPUTER SOCIETY—BLUE CHIPS MAGAZINE Page 15 Back to the Future, Part 3 (Déjà vu All Over Again!) 43. Tech savvy homeowners expect connected homes, worry about privacy, breaches - SC Magazine 44. That Toy Is Now a Drone, Says the FAA - IEEE Spectrum 45. 'The Mother Of All Black Ops' 46. ThisIsWhyYouNeedAGun BLUtube 47. ThreatTrack Security sets new standard in advanced threat defense Government Security News 48. Two House Committees approve bill to end mass NSA surveillance Government Security News 49. Webcast Sneak Peek at the Next Snagit UpdateTechSmith Blogs 7 Pollyanna principle from Wikipedia, the free encyclopedia. The Pollyanna principle (also called Pollyannaism or positive bias) is the tendency for people to agree with positive statements describing them. The phenomenon is similar to the Forer effect. Research indicates that, at the subconscious level, the mind has a tendency to focus on the optimistic while, at the conscious level, it has a tendency to focus on the negative. This subconscious bias towards the positive is often described as the Pollyanna principle (Source: http://en.wikipedia.org/wiki/ Pollyanna_principle). 8 Tout de suite: French expressions analyzed and explained by Laura K. Lawless, About.com Guide. Tout de suite is one of the most common expressions in the French language, and is just one of several ways to say “right away, immediately.” Because of its pronunciation, tout de suite is sometimes misspelled “toute suite” or even, in English, “toot sweet.” An example: (Fr) J’arrive tout de suite. (Engl) I’ll be there in a moment. 9 Jed Clampett: [bounces a golf ball on the kitchen table, thinking it’s a “golf egg”] “Well doggies! Strictly speakin’, I don’t think these are fresh laid.” (Source: Memorable quotes for “The Beverly Hillbillies” (1962). 10 MacScouter: Songs for Scouts and Scouters This is a good one for summer camp, because you can get many more jellyfish on the rock .... Next verse, same as the first, it never gets better, it only gets worse. www.macscouter.com/songs/SillySongs.asp 11 Definition of: information warfare: Also called “cyberterrorism” and “cyberwarfare,” it refers to creating havoc by disrupting the computers that manage stock exchanges, power grids, air traffic control, telecommunications and defense systems. The traditional viruses, Trojans and denial of service attacks are part of the arsenal, all aimed at disrupting a government rather than a company. Information warfare is increasingly the first offensive move before the start of a physical attack. The military in many countries have full-time cyberwarriors on the payroll, because the more successful a cyberattack on an early warning defense system, the greater the success of the real attack. For example, according to the book “Cyber War,” North Korea may have as many as a thousand hackers stationed in China, working on knocking out systems in South Korea and other countries. The first book to deal with the subject was “Information Warfare: Chaos on the Electronic Superhighway,” written by Winn Schwartau in 1994. Cited above, “Cyber War,” by Richard A. Clarke and Robert K. Knake is an eye-opening treatise on the subject, released in 2010 (Source: http://www.pcmag.com/ encyclopedia_term/0,1237,t=information+warfare&i=44971,00.asp). 12 You can delegate authority, but not responsibility. This morning as I was talking with my pastor, I remembered something a captain once said to me when I was in the US Army. He said this: You can delegate authority, but you cannot delegate responsibility. His point was that you can give others the power to do things on your behalf–especially in the military – but, no matter who does something wrong or right, the final responsibility always lies with the one delegating authority. His particular case-in-point was a military operation that had gone SNAFU. (For you civilians, that’s “Situation Normal: All Fouled Up.”) Because that operation is probably still a secret 26 years later, I can’t tell you the specifics, but true to my captain’s saying, the blame for the mistakes in that operation all fell on the commander who coordinated it. In common parlance, “Blame rolls uphill.” (Source: http:// gpettitnoel.wordpress.com/2010/07/20/you-can-delegateauthority/). 13 (Repeat from S-R #28, #29, #30, #31, #32, #33 Pts 1 and 2 1 & 2, #35, #36, #37, #38, #39, #40, #41, #42 and #43) I’ve been associated with Security-Related (S-R) subjects/ topics/episodes/relationships in one form or another for over 17 years now. I’ve actually been writing S-R Reports, et al., for over 14 years, too (FYI This is my 143rd S -R to date, if I haven’t lost count, that is). And I swear, with each S-R I write I feel more like I’m actually just a Sprog (i.e., a “Newbie”) after all of the “Things/Stuff/etc.” I have been discovering/uncovering for myself just in this single 17 month period of S-R research, plus writing the previous 16 S-R Reports (See my BCM’s starting back in the March and April, 2012 BCM’s, respectively for those beginning S-R’s 1 & 2) 14 The Spotlight on Social Media. In the last SC Magazine Spotlight of the year (i.e., 2012), the focus is on social media and the security and privacy ramifications it is creating in the workplace. Cyber criminals [and NSA See above)] obviously love social media sites, given: 1) the amount of users who flock there to interact; 2) the variety of ideas for attacks they have spawned; and, 3) sites like Twitter and Facebook form a vast repository for personal data, making accidental disclosure or intentional targeting a real concern (My emphasis here). The shared common problem, ergo, is: 1) Individual users must ponder their own relationships with social networking sites and the privacy and security issues that plague them; and, 2) Business executives must figure out just how to marry business-related social media use (via BYOD’s) with all the risks that they embody, and then decide if social networking is friend or foe. Download the SC Spotlight here! (Source: http:// forms.madisonlogic.com/Form.aspx? pub=18&pgr=259&frm=446&autodn=1&src=2397&ctg=1&ast Page 16 UTAH COMPUTER SOCIETY—BLUE CHIPS MAGAZINE July 2014 Back to the Future, Part 3 (Déjà vu All Over Again!) =23724&crv=0&cmp=7204&yld=0&clk=582072980511018 4199&pi=2166548&em=yahootien2%40hotmail.com). Note. This is only going to increase in numbers and intensity if the predictions of BYOD sales holds true? “Mobile is a truly disruptive technology...the numbers are dizzying. Apple is forecast to sell almost 1.7 million of the iPhone 5 per day in December worldwide and is marching toward 1 billion iOS units sold by 2015. Android is selling even more, activating close to 1.5 million units per day. This is forecast to double by next year,” - Jay McBain, Chief Social Officer, ChannelEyes FYI Facebook’s data warehouse is 2,500 times bigger now than in 2008. Stay tuned, now that NSA has been outed by Edward Snowden... 15 CRYPTO-GRAM is written by Bruce Schneier. Bruce Schneier is an internationally renowned security technologist, called a “security guru” by The Economist. He is the author of 12 books - including “Liars and Outliers: Enabling the Trust Society Needs to Survive” - as well as hundreds of articles, essays, and academic papers. His influential newsletter “Crypto-Gram” and his blog “Schneier on Security” are read by over 250,000 people. He has testified before Congress, is a frequent guest on television and radio (See also: Security experts Bruce Schneier and Mikko Hypponen on the NSA, PRISM and why we should be worried, http:// blog.ted.com/2013/07/17/security-experts-on-the-nsasreal-problems/), has served on several government committees, and is regularly quoted in the press. Schneier is a fellow at the Berkman Center for Internet and Society at Harvard Law School, a program fellow at the New America Foundation’s Open Technology Institute, a board member of the Electronic Frontier Foundation, an Advisory Board Member of the Electronic Privacy Information Center, and the Security Futurologist for BT - formerly British Telecom. See <http://www.schneier.com>. 16 Gen. Keith Alexander wears three (3) security hats: He is the current Director of the National Security Agency (DIRNSA), Chief of the Central Security Service (CHCSS) and Commander of the United States Cyber Command. Note. the later two (2) commands being the “et al. “ referred to above (Source: Wikipedia, the Free Encyclopedia). 17 USAF Officer’s Effectiveness Report (OER) The purpose of the officer evaluation system is to provide the “Air Force with information on the performance and potential of officers for use in making personnel management decisions, such as promotions, assignments, augmentations, school selections, and separations. It is also intended to provide individual officers information on their performance and potential as viewed by their evaluators.” - AFR 36-10, Officer Evaluations (Source: http:// www.airpower.maxwell.af.mil/airchronicles/aureview/1985/ may-jun/meyer.html) 18 Mobile device users should take this as a warning that Google and Apple can provide access to data stored on an encrypted device at least in some circumstances, says Christopher Soghoian, principal technologist with the ACLU’s Speech, Privacy and Technology Project. “That is something that I don’t think most people realize,” Soghoian says. “Even if you turn on disk encryption with a password, these firms can and will provide the government with a way to get your data.” 19 (From blogs on AR-15.com, Home of the Black Rifle) a. And how many of us don’t even have a simple password locking our phones? I’m an Android user. I found it interesting that Google resets the password, which then alerts the phone owner that their device has been tinkered with. (Don’s Comment: FYI I THINK THAT HAS ALREADY HAPPENED TO MY VERY OWN BIONIC (ANDROID) PHONE (PLUS MY DESKTOP PC, AND OTHERS) ALREADY. For Instance: I HAD A BIG PROBLEM WITH MY BIONIC PASSWORD RESET A COUPLE OF MONTHS AGO, AND TA! DA! B-I-N-GO). b. Originally Posted By IBU-14_Gunner: I’ve always wondered if hard drive encryption software has back doors that the developers can utilize to assist law enforcement. Does anyone know if they do?? Ans. Most encryption is solid, but you’ve got to use it right. Weak passwords, unsecured keys, etc., are usually a bigger problem than the actual encryption (Don’s Comment: My emphasis here. This is the crux of the whole matter - passwords, not encryption (unless, of course, it is a “Proprietary” encryption algorithm, which can be an entirely different matter then.) Note. Funny, this even got over to Pakistan (A Terrorist H [e]aven?) ... I wonder why? See: (http://www.purepakistan.com/english/articles/141334/ Apple-deluged-by-police-demands-to-decrypt-iPhones) 20 Analytic Interviewing. Analytic Interviewing is about gleaning information that most people tend to overlook. From gestures of discomfort to hidden signs of emotion and language inconsistencies, the analytic interview process is about putting behavioral clues into a larger context of interviewing... At the core of the Analytic Interviewing technique is rapport building. Through observation of the most successful interviewers to scientific research on the effects of rapport, time and again results show that the best interviewers are those that put others at ease. The premise behind rapport building is simple, people like those who are most like them. By building rapport you are creating a personal connection, building trust and making it more difficult for the person to lie to you. Above all it puts the person at ease enabling the interviewer to observe and gather a baseline by noting the persons expressiveness, rate of gesticulation, tone of voice, mannerisms of speech and even assessing personality type, providing a clear behavioral profile to compare to during the interview. The rapport phase also plays a key role in establishing the type and tone of the interviewing process. (Source: http:// www.facscodinggroup.com/wp-content/uploads/2011/12/venewsletter-volume-2_issue-5-final.pdf). 21 How to Catch a Lying Boss by Gigi Starr, eHow Contributor. If your boss is saying things that aren't true, you will see telltale signs. A lying boss not only makes work stressful, but July 2014 UTAH COMPUTER SOCIETY—BLUE CHIPS MAGAZINE Page 17 Back to the Future, Part 3 (Déjà vu All Over Again!) also corrodes trust and creates tension among coworkers. Even worse, controlling the situation can be difficult and hazardous to your job health. Thus, it's vitally important to ensure your evidence is solid, or you'll be painted as the liar. Employing a few tactics will help you confirm your whistle-blowing is right on target (Source: http:// www.ehow.com/how_6532332_catch-lyingboss.html#ixzz2erQkASx5). 22 Hold’er Newt (Source: https://soundcloud.com/ waywordradio/1333-callerkate-holdernewt-mp3). 23 Ya Got Trouble Lyrics by From The Music Man. (Re. Song Extract) Harold: Mothers of River City! Heed the warning before it’s too late! Watch for the tell-tale sign of corruption... People: Trouble, oh we got trouble, Right here in River City! With a capital “T” That rhymes with “P” And that stands for Pool, That stands for pool. We’ve surely got trouble! Right here in River City, Right here! Gotta figger out a way To keep the young ones moral after school! Trouble, trouble, trouble, trouble, trouble... (Source: http://www.stlyrics.com/lyrics/themusicman/ yagottrouble.htm) 24 From the original poem, “To a Mouse, on Turning Her Up in Her Nest with the Plough,” a Scots poem written by Robert Burns in 1785 (Source: http://en.wikipedia.org/wiki/To_a_Mouse). 25 “Ya’ll come back now ya hear,” was a quote from a television show called The Beverly Hillbillies. (See more at: http://www.chacha.com/question/what-movie-says-‘yall -come-back-now-ya-hear’#sthash.0dTlEIPS.dpuf). 26 You Are There (1953–1957) TV Series - 30 min Drama/History. Walter Cronkite hosted the re-enactments of historical events. Shows included "The Landing of the Hindenburg", "The Salem Witchcraft Trials", "The Gettysburg Address,” "The Fall of Troy", and "The Scuttling of the Graf Spee". Stars: Walter Cronkite, Paul Birch, E.G. Marshall (See more at:IMDbPro). 27 Our Mission. The Institute of Analytic Interviewing (IAI) is dedicated to excellence in training and it’s instructors are committed to teaching the latest skills that have proven to work in the field and are supported by scientific research. 28 Shill. Def. A shill, also called a plant or a stooge, is a person who publicly helps a person or organization without disclosing that they have a close relationship with the person or organization. "Shill" typically refers to someone who purposely gives onlookers the impression that they are an enthusiastic independent customer of a seller (or marketer of ideas) for whom they are secretly working. The person or group who hires the shill is using crowd psychology to encourage other onlookers or audience members to purchase the goods or services (or accept the ideas being marketed). Shills are often employed by professional marketing campaigns (Source: http:// en.wikipedia.org/wiki/Shill). 29 Intentionally left blank 30 Same song second verse could gonna get better could gonna get worse (Source: http://www.lyrster.com/songslyrics/same-song-second-verse-gonna-get-better-couldget-worse.html). Or, An Annoying Song (Tune: Battle Hymn of the Republic). I know a song that gets on everybody's nerves I know a song that gets on everybody's nerves I know a song that gets on everybody's nerves - And this is how it goes: (Repeat indefinitely!) 31 Jeff Moss, the founder of DefCon, was a founding sponsor of TrustyCon, along with iSec Partners and the Electronic Frontier Foundation (EFF) (Source: http:// sreaves32.wordpress.com/2014/03/11/trustycon-vs-rsa-andnsa-new-conference-pushes-trustworthy-agenda/). 32 For those that may not know… a piñata (Spanish pronunciation: [piˈɲata]) is a container often made of papiermâché, pottery, or cloth; it is decorated, and filled with small toys or candy, or both, and then broken as part of a ceremony or celebration. Piñatas are most commonly associated with Mexico, but their origins are considered to be in China. The idea of breaking a container filled with treats came to Europe in the 14th century, where the name, from the Italian pignatta, was introduced. The Spanish brought the European tradition to Mexico, although there were similar traditions in Mesoamerica. The Aztecs had a similar tradition to honor the birthday of the god Huitzilopochtli in mid December. According to local records, the Mexican piñata tradition began in the town of Acolman, just north of Mexico City, where piñatas were introduced for catechism purposes as well as to coopt the Huitzilopochtli ceremony. Today, the piñata is still part of Mexican culture, the cultures of other countries in Latin America, as well as the United States, but it has mostly lost its religious character. (Source: Wikipedia Read more: http://www.sofritoforyoursoul.com/ promoting-healthy-culture-building-a-better-pinata/ #ixzz30RA8Y9CY). 33 "And now, will our first challenger enter and sign in, please." What's My Line? was one of the earliest sucesses of Mark Goodson/Bill Todman Productions. It premiered on the CBS primetime schedule on Thursday, February 2, 1950 at 8:00PM EST, broadcasting from the CBS television studio at New York's Grand Central Station, airing on alternate weeks at first.... Then, the show began to air weekly starting on October 1st, 1950, when CBS moved the show to Sunday nights at 10:30PM EST, where it remained until the final broadcast on September 3, 1967. Every episode aired were original, while most shows were broadcast live, some were pre-recorded, even during the summers. Reruns never aired until the launch of Game Show Network (now GSN) in December, 1994 (Source: http://www.oocities.org/ televisioncity/4439/wml50.html). 34 The introduction from The Shadow radio program "Who knows what evil lurks in the hearts of men? The Shadow knows!" spoken by actor Frank Readick Jr., has earned a place in the American idiom. These words were accompanied by an ominous laugh and a musical theme, Camille Saint- Page 18 UTAH COMPUTER SOCIETY—BLUE CHIPS MAGAZINE July 2014 Back to the Future, Part 3 (Déjà vu All Over Again!) Saëns' Le Rouet d'Omphale ("Omphale's Spinning Wheel", composed in 1872). At the end of each episode The Shadow reminded listeners that, "The weed of crime bears bitter fruit. Crime does not pay... The Shadow knows!" (Source: http://en.wikipedia.org/wiki/ The_Shadow). 34 Meanwhile Back At The Ranch: Clark Family Experience, from the Album The Clark Family Experience, April 9, 2002 (Album available for $9.49 USD on Amazon) (http://www.amazon.com/gp/product/ B0015K4P4G/ref=dm_mu_dp_trk7/182-31389911966524) July 2014 UTAH COMPUTER SOCIETY—BLUE CHIPS MAGAZINE Page 19 Product Review Microsoft Surface Pro 3: The Laptop/Tablet Evolution Continues In early 2013, Microsoft introduced the Surface Pro, its first attempt to blend the laptop and tablet experiences into one device. Surface Pro has evolved quickly, with the release of Surface Pro 2 last fall and Surface Pro 3 on June 20, 2014. Here’s an overview of Surface Pro 3 highlights and how it fares against offerings from Apple and Samsung. Beautiful 12 Inch Display The most obvious upgrade from the original two Surface Pro devices is the larger display of Surface Pro 3. The display has been expanded from 10.6 inches to 12 inches and features a crisp 2160 x 1440 ClearType Full HD resolution. With a small change in the shape of the device (more square than rectangle), the aspect ratio has changed accordingly, from 16:9 in Surface Pro 2 to 3:2 for Surface Pro 3. Microsoft says this makes it easier to use the device whether holding it horizontally or vertically, and this makes sense. And of course, with the larger display comes a larger keyboard/cover, which addresses one of the main issues of Surface Pro 2. By and large, business customers — whom this device is primarily marketed to — complained that the old keyboards were too small and cramped to type on. The new keyboard offers a more pleasant typing experience. The magnetic snap-in keyboard also has an extra magnet that raises the keyboard at an angle on flat surfaces, for more ergonomic typing. Choice of Processors While Surface Pro 2 featured the 4th Generation Intel Core i5 (Haswell) processor, Surface Pro 3 has expanded the offering to three choices: i3, i5 or i7, all 4th Generation Haswell processors as well. This enables a wide range of pricing and computing power to end users. Offering this choice indicates that Microsoft recognizes its customers have a wide range of needs and uses from these devices. Customers might range from casual laptop users who also want a tablet in the same device, to high-end corporate power users who need a very light and portable device for office and travel scenarios. Surface Pen The Surface Pen, included in the box, features more than 250 levels of pressure and is one of the finest if not the finest digital pens in the market. Designed to mimic the look and feel of a real pen, its aluminum construction provides a solid but not too weighty feel (20 grams, about 0.7 ounces). Click on the button at the top of the pen, and a OneNote page opens up in Surface — even if the device is asleep. This is very handy for jotting phone numbers, notes or thoughts you don’t want to forget and want to keep on your device. Traditional pen and paper is still nice, of course, but for those who use OneNote or just need to write down some quick thoughts, this is a very nice use for the device. Additional buttons on the Surface Pen allow for erasing and selecting content. Digital pens have come a long way, and you need to at least try this one to see how smooth it is to use. Lighter Weight Surface Pro 3 weighs just 1.76 pounds, and the combined weight with the optional keyboard/cover is only around 2.5 pounds. Compare this to a typical laptop weight, and Surface Pro 3 is much more portable. From Surface Pro 2 to Surface Pro 3, Microsoft added a larger screen yet shrunk the device — it’s thinner and lighter now. Any-Position Kickstand The original Surface Pro kickstand had just one position; this was upgraded to a dual-position kickstand in Surface Pro 2. The natural progression would be to add a third position to Surface Pro 3, right? Instead, the kickstand fully flexes to any position, allowing for easy screen viewing on your lap, an airplane tray table, or a desktop. UTAH COMPUTER SOCIETY—BLUE CHIPS MAGAZINE Page 20 July 2014 Upgraded Cameras and Speaker Placement Surface Pro 3 now sports 5MP cameras in the front and rear of the device, significant upgrades from Surface Pro 2. In addition, speakers have been moved from the side of the device to the front, providing greater audio clarity with Dolby Audio-enhanced sound. Combined with front- and rear-facing microphones, the device provides a rich audio-visual experience for Skype and other videoconferencing apps, as well as simple video or audio playback use. Other Interesting Specs For the curious, here are some other interesting specs of Surface 3: Battery life: Around 9 hours of web viewing, about the same as Surface Pro 2. This makes sense, as both Surface Pro 2 and Surface Pro 3 share the same Haswell processor. For memory-intensive applications, Surface Pro 3 should last from 4 to 5 hours on a full charge. Wireless: Wifi 802.11ac/802.11 a/b/g/n, Bluetooth 4.0 Ports: Same as Surface Pro 2 — one full-size USB 3.0, mini DisplayPort, and microSD card reader Installed software: Windows 8.1 Professional, Skype Wi-Fi, OneNote, email client, Fresh Paint, Flipboard, and many other apps (Office is not included) Enterprise readiness: With a Trusted Platform Module (TPM) chip, BitLocker Drive Encryption, and full Domain Join capabilities. Configuration and Pricing Here’s a summary table of Surface Pro 3 configurations and pricing: St Pro R or ces A ag sor M e $$ i3 4 G B 64 GB $799 i5 4 G B 12 8 GB $999 8 G B 8 G B 25 6 GB 51 2 GB i7 i7 $1,5 49 $1,9 49 i5 8 G B 25 6 GB $1,2 99 July 2014 UTAH COMPUTER SOCIETY—BLUE CHIPS MAGAZINE Page 21 The optional keyboard/cover is $129. Other accessories include a new docking station ($199) with three USB 3.0 ports, two USB 2.0 ports, Gigabit Ethernet port, 3.5mm audio input/output connection, Mini DisplayPort, and security lock slot. Surface Pro 3 and the Competition Surface Pro 3 is geared for those who want a high-end laptop and a tablet experience in one device. Make no mistake, it’s engineered to directly compete — and outcompete — with Apple and Samsung on similar devices. Screen size and resolution: Although the MacBook Air and MacBook Pro have larger screens (around 13 inches), Microsoft says that because of Surface Pro 3’s higher resolution, more content can fit in its 12-inch screen, allowing more room for multitasking. MacBook Air and MacBook Pro are not touchscreen capable. Microsoft’s main competition from Samsung in this arena is the Galaxy Note Pro, which also has a high-resolution touchscreen. Pen: With a lack of touchscreen capability, MacBook Air and MacBook Pro do not compete in this area. Samsung does have good pen capabilities with the Galaxy Note Pro. Software: Surface Pro 3’s use of Windows 8.1 Professional allows you to install all the Windows desktop software you are used to, including Office 2013. While Apple and Samsung feature more apps in their app stores, the Galaxy Note Pro falls far short in terms of Office 2013 and other Windows applications. For people who don’t like the Windows 8 tile screen, it’s easy to set a Windows 8 device to boot to the traditional desktop in Windows 8.1. Conclusion Surface Pro 3 is getting very positive reviews all across the web, and this article has reviewed the main reasons for this. There are very few things not to like about Surface Pro 3. Microsoft is evolving the laptop/table experience very nicely. About the Author Kerry Lehto has worked with Microsoft in various capacities since the early 1990s. He is co-author of the first trade books on Microsoft FrontPage, which sold internationally in more than a dozen languages. Today he is a professional writer, editor and trainer out of Las Vegas, Nevada, specializing in corporate content services, business writing and editing, and coaching/training. Page 22 UTAH COMPUTER SOCIETY—BLUE CHIPS MAGAZINE July 2014 I am writing articles about Unemployment Insurance (UI) accounting and reporting. This is the third of these articles. The purpose of these articles will be three fold: 1. Sharing experiences/ opinions/ideas in UI accounting and reporting; 2. Answering questions about federal reporting requirements; and 3. Sharing ideas and constructive counterpoints to help improve the functions of UI reporting. At the end of each article, there will be an index of articles and recent notifications from DOL-ETA (with appropriate URLs). Questions, opinions, and counterpoints should be sent to jamesncut@gmail.com to be considered for inclusion in these articles. Previously, discussed were the differences between cash reporting and GAAP (accounting) reporting. UI Projects Introduction & Article 1: Conflict or Usage of Cash vs Financial Reporting—Page 2833, April 2014 BCM http://www.ucs.org/mag/pdf/apr14.pdf UI Projects Article 2: Cash Flow & ETA Reports - Page 23-24, June 2014 BCM www.ucs.org/mag/pdf/jun14.pdf http:// Article 3: UI Cash and Fiduciary Reporting Generally, there are few or no penalties when reporting is incomplete. [Note: Incomplete, late, incorrect, faulty, and fraudulent reports (to Treasurer/Financial Director, legislature, governor, and US-DOL-ETA) may: generate outside audits; require corrective action plans; or/and cause embarrassment/reassignment/ resignation; etc.] However there is one area of reporting which carries monetary penalties to a SESA Fiduciary reporting. Fiduciary reporting is where a person has financial responsibilities for: 1. Handling monies for someone else; 2. Legally liable for monies payable; 3. Filing timely reports. The UI operations have always had Fiduciary requirements - reporting income received by claimants or taxes paid by employers. For the most part accuracy has been accomplished or happened with protest by the SESA. About two decades ago (early 1990s), changes in the IRS tax code made UI benefits taxable for income; and provided (as arranged by DOL-ETA) that UI operations provide claimant elected tax withholding for Federal and state (where applicable) income taxes. Income tax withholding places the UI operations liable to penalties from late deposits or late forms, as reflected on the IRS Pub 15, and forms 945 and 945-A via EFTPS . ( https://www.eftps.gov/eftps/ , http://www.irs.gov/pub/irs-pdf/i945.pdf , http://www.irs.gov/pub/irs-pdf/p15.pdf , and http:// www.irs.gov/pub/irs-pdf/p15a.pdf ) As benefits are paid (issued), UI is required to withhold (if the election has been made) and deposit timely to the US Treasury. The timely deposit rule generally impacts all SESAs due to the volume of withholding. Most SESAs may be required to make withholding deposits daily or three to four days of each week (semiweekly schedule depositor). Failure to do so or report correctly can cost the UI operations up to 15% of the withholding deposit (late or missing) by date due. Page 23 UTAH COMPUTER SOCIETY—BLUE CHIPS MAGAZINE July 2014 The form 945 is an annual report, as is the 945A, which provides the details of deposit liabilities. Sadly, the form can be mis-read by the IRS (due to the SESA making payments every working day, where businesses make 1 or 2 payrolls per week), leading to IRS penalty assessments, which if not contested must be paid (not from the Trust Fund) by the SESA. UI operations needs to maintain data for when payment is authorized, then a separate date for the payment issuance. I mentioned contesting penalty assessments, only because it is possible for the 945-A form to reflect deposits out of order, this will cause a penalty assessment (thousands to hundreds of thousand dollars). Due to the volume of withholding by most SESAs, SESAs are required to make semi-weekly deposits Timely deposits are complicated by the types of payment systems used: checks; direct deposit; and/or debit/credit cards. Benefits paid by check are delayed being drawn from the Trust Funds due to the CMIA rules regarding average check clearance time [average time for an issued check to be cashed, typically 3-5 days]. IRS rules require withholding deposits generally on the day of issuance, rather than when paid; thus part of the reason for some differences. CMIA does allow for the tax payments to be drawn, even though the net payment on the check may occur many days later, However the differences of reporting the payments needs to be in accord to IRS rules on the 945-A and with tax deposits. Due to the complications, most finance-trust fund staff will maintain spreadsheets to track this. If staff have been doing their jobs correctly, management should contest penalty assessments; especially in this time when extra expenses must come out of already short state funds. Please note that states with income tax withholding may have similar rules as the IRS; or may have far less rapid deposit rules. Again if staff have kept good records; protest any penalty assessments due to perceived un-timely deposits. Page 24 UTAH COMPUTER SOCIETY—BLUE CHIPS MAGAZINE July 2014 945-A Annual reporting of Semi-Weekly Depositing form is ideal for businesses making no more than 2 paydays a week. SESAs may be required to make 4-5 payments per week; which makes the penalty assessment process complicated for SESAs. The 945-A is two pages with provision to make deposits every day of each month. (Six months to each page.) 1099-G adjustments. Presently, I am not aware of any SESA having been challenged on the subject of 1099-G form accuracy, but there does exist risk. The 1099-G (an IRS income from government sources report for an individual) must fully report calendar year UI benefits for the year indicated. “ state governments file this form if they made payments of unemployment compensation; or offsets; reemployment trade adjustment assistance (RTAA) payments.” In discussions with a few State Treasurer officers, I have heard of situations where the UI operations have in the past netted benefit summaries. Netting the UI benefits is incorrect, due to reducing an individual’s annual income. Benefits paid to or in-behalf of the claimant is considered taxable in the calendar year “paid’. Page 25 UTAH COMPUTER SOCIETY—BLUE CHIPS MAGAZINE July 2014 Box 1 (& Box 5 if RTAA was paid through UI) must be the Gross total of UI Benefits the claimant received before reductions such as withholding and child support. Box 4 is Federal withholding. Boxes 10 & 11 are for state tax withholding. It is a fact that over-payments of UI benefits occurs. Then UI operations (depending upon SESA laws and rules) may offset that over-payment against future benefit payments. If offsetting occurs in the same calendar year, then netting (where the income for the year is reduced) is appropriate. However, when offsetting occurs in a future calendar year, the offset amounts for a past calendar year are not to reduce the current year’s income reported on the 1099-G. Re-payment of benefit overpayments or prior year adjustments may be reported on a separate Form 1099-G, but must show the year impacted in box #3. Employer Form 940 reports Federal Unemployment tax is required to be paid by employers on each employee. The employer reports the tax on IRS form 940. The annual Form 940 is tied into quarterly Forms 941 and annual W-3/2s. Form 940 is compared with the SESA UI reported payroll by the SESA’s account and FEIN. Employers are allowed a reduction of the FUTA when employer have timely reported and paid in full the SUTA. When the IRS calculates there has been a shortfall of SUTA, the employer is given notice of the shortfall. Page 26 UTAH COMPUTER SOCIETY—BLUE CHIPS MAGAZINE July 2014 The employer must contact the SESA to obtain from the SESA a Form 940-C. There is not a proscribed Form 940– C from the IRS, but there are several required fields for each of the 4 quarters of each reported Calendar year. The 940-C is a fiduciary report of the employer’s compliance and timeliness of SUTA obligations for four quarters’ of a calendar year’s reporting. If the report meets IRS standards of the employer’s filing and paying the SUTA, employers may be granted full credit to reduced or no credit toward the FUTA obligations. http://www.irs.gov/pub/irs-prior/f940--2013.pdf There are no penalties for this form 940-C (unless, delays can be shown to be intended). All SUTA taxes must have been paid no later than January 31st following the end of the calendar year, and there is a time allowed of 20 days for the fourth quarter SUTA tax. However the IRS will disallow quarterly credits if payments to the SESA appear to have been missed or late. Consult local IRS Information Office for further details. All advisories, directives and handbooks are moved to the ETA Advisories and Memorandums system. If you wish to view any of these advisories, please click on the following link: http:// wdr.doleta.gov/directives/ TRAINING AND EMPLOYMENT NOTICE No. 35-13 (June 27, 2014) Subject: Statutory Provisions for Relief from Interest Charges and Federal Unemployment Tax Act (FUTA) Credit Reductions Resulting from Title XII Advances UNEMPLOYMENT INSURANCE PROGRAM LETTER No.16-14 (June 25, 2014) Subject: Unemployment Compensation for Employees of the United States Public Health Service CommisUNEMPLOYMENT INSURANCE PROGRAM LETTER No.15-14 (June 25, 2014) Subject: Minimum Disaster Unemployment Assistance (DUA) Weekly Benefit Amount: July 1 - September 30, UNEMPLOYMENT INSURANCE PROGRAM LETTER No.14-14 (June 18, 2014) Subject: Effect of the U. S. Supreme Court's Decision in United States v. Windsor on the Federal-State UI Program TRAINING AND EMPLOYMENT GUIDANCE LETTER No. 27-13 (June 18, 2014) Subject: Impact of the U.S. Supreme Court's Decision in United States v. Windsor on the Trade Adjustment Assistance Pr