How to ‘Disappear’ on Happiness Avenue in Beijing

On a busy Monday afternoon in late October, a line of people in reflective vests stood on Happiness Avenue, in downtown Beijing.


Moving slowly and carefully along the pavement, some crouched, others tilted their heads towards the ground, as curious onlookers snapped photos.

It was a performance staged by the artist Deng Yufeng, who was trying to demonstrate how difficult it was to dodge CCTV cameras in the Chinese capital.

As governments and companies around the world boost their investments in security networks, hundreds of millions more surveillance cameras are expected to be installed in 2021 – and most of them will be in China, according to industry analysts IHS Markit.

By 2018, there were already about 200 million surveillance cameras in China.

And by 2021 this number is expected to reach 560 million, according to the Wall Street Journal, roughly one for every 2.4 citizens.

China says the cameras prevent crime.

And in 2018, the number of victims of intentional homicide per head of population in China was 10 times lower than in the US, according to the UN Office on Drugs and Crime.

But a growing number of Chinese citizens are questioning the effect on their privacy.

They also wonder what would happen if their personal data was compromised.

‘Recruited volunteers’

It is rare for Chinese citizens to stage protests against government surveillance.

And it is not without risk.

But creative types such as Deng are coming up with innovative ways to bring the issue out into the open.

Before the performance, he measured the length and width of Happiness Avenue with a ruler.

He then recorded the brands of the 89 CCTV cameras alongside it and mapped out their distributions and ranges.

image - hacking

Billions Spent on U.S. Defenses Failed to Detect Giant Russian Hack


The broad Russian espionage attack on the U.S. government and private companies, underway since spring and detected only a few weeks ago, is among the greatest intelligence failures of modern times.


WASHINGTON — Over the past few years, the United States government has spent tens of billions of dollars on cyberoffensive abilities, building a giant war room at Fort Meade, Md., for United States Cyber Command, while installing defensive sensors all around the country — a system named Einstein to give it an air of genius — to deter the nation’s enemies from picking its networks clean, again.

It now is clear that the broad Russian espionage attack on the United States government and private companies, underway since spring and detected by the private sector only a few weeks ago, ranks among the greatest intelligence failures of modern times.

Einstein missed it — because the Russian hackers brilliantly designed their attack to avoid setting it off. The National Security Agency and the Department of Homeland Security were looking elsewhere, understandably focused on protecting the 2020 election.

The new American strategy of “defend forward” — essentially, putting American “beacons” into the networks of its adversaries that would warn of oncoming attacks and provide a platform for counterstrikes — provided little to no deterrence for the Russians, who have upped their game significantly since the 1990s, when they launched an attack on the Defense Department called Moonlight Maze.

Something else has not changed, either: an allergy inside the United States government to coming clean on what happened.

Continue reading “Billions Spent on U.S. Defenses Failed to Detect Giant Russian Hack”

Sci-fi Surveillance: Europe’s Secretive Push Into Biometric Technology





surveillance illustration
EU science funding is being spent on developing new tools for policing and security. But who decides how far we need to submit to artificial intelligence?.

atrick Breyer didn’t expect to have to take the European commission to court. The softly spoken German MEP was startled when in July 2019 he read about a new technology to detect from facial “micro-expressions” when somebody is lying while answering questions.

Even more startling was that the EU was funding research into this virtual mindreader through a project called iBorderCtrl, for potential use in policing Europe’s borders. In the article that Breyer read, a reporter described taking a test on the border between Serbia and Hungary. She told the truth, but the AI border guard said she had lied.

A member of the European parliament’s civil liberties committee and one of four MEPs for the Pirate party, Breyer realised that iBorderCtrl’s ethical and privacy implications were immense. He feared that if such technology – or as he now calls it, “pseudo-scientific security hocus pocus” – was available to those in charge of policing borders, then people of colour, women, elderly people, children and people with disabilities could be more likely than others to be falsely reported as liars.

Using EU transparency laws, he requested more information from the European commission on the ethics and legality of the project. Its response was jarring: access denied, in the name of protecting trade secrets.

So Breyer sued. He wants the European court of justice to rule that there is an overriding public interest in releasing the documents. “The European Union is funding illegal technology that violates fundamental rights and is unethical,” Breyer claimed.

Breyer’s case, which is expected to come before the court in the new year, has far-reaching implications. Billions of euros in public funding flow annually to researching controversial security technologies, and at least €1.3bn more will be released over the next seven years.

Continue reading “Sci-fi Surveillance: Europe’s Secretive Push Into Biometric Technology”

8 Ways to Get More Done in Microsoft Word With Less Work



Love it or hate it, at 37 years and counting, Microsoft Word is old enough to run for president or have gotten divorced (maybe a couple times). It might even experience unexplainable back pain in the morning.

Word not going anywhere—at least not for a while. And even if you use it every day, there are still probably plenty of super-helpful tips, tricks, and shortcuts you haven’t discovered. Here’s a quick list of some of the more useful ones.

Note: I’m using Microsoft Word for Office 365 on a Windows 10 PC but I’ll list Mac equivalents where available.


If you’re the type of person who likes to get something—anything—on the page just so you don’t have to stare unblinkingly into all that white space, you may be happy to know that Word puts a couple forms of dummy text close at hand.

Should you be a fan of the classic Lorem ipsum prose, simply type =lorem(4,3) and hit Enter to get four paragraphs of Lorem ipsum at a length of three sentences each. Replace the digits in the parentheses to get however many paragraphs and sentences you need, respectively.

If you’re not a fan of Lorem ipsum, then replace lorem with rand instead—for example: =rand(4,3)—to get what appears to be documentation lifted from Word’s help file.

DevSecOps:  Solving the Add-On Software Security Dilemma

military operations



The lack of standard practices in the DevOps communities is causing growing friction as security teams line up against developers. This internal friction leaves software they develop and organizations that use the apps vulnerable to attacks and breaches.

A report released Sept. 30 by open source security and license management company WhiteSource explores various factors contributing to the siloed software development culture and what steps are needed to achieve agile, mature, DevSecOps practices — which involves integrating IT security as a shared function among all DevOps teams.

The report shows feelings of increased pressure among software development teams to overlook security features to meet short development lifecycles.

That finding is especially significant in light of revelations that more than half of all developers polled in the report said they have either no secure coding training or only an annual event. Add to this lack of security training among software coders the finding that fewer than one-third of organizations have a defined, agreed-upon vulnerability prioritization process.


The DevSecOps Showdown

Perhaps an even more alarming dilemma is that on average just half of the organizations have an AppSec champion on their teams. More evidence of the security divide between teams is that even when security professionals say there is one, developers do not always agree, according to the report entitled “WhiteSource DevSecOps Insights, Security vs. Developers: The DevSecOps Showdown.”

“If developers feel they are neglecting security to stay on schedule, something in the DevSecOps process is broken,” warn the report writers.

WhiteSource surveyed over 560 application security professionals and software developers. Those results show that while most security professionals and developers believe that their organizations are in the process of adopting DevSecOps, most organizations still have a way to go, according to Rami Sass, CEO and co-founder of WhiteSource. The distance yet traveled is especially significant when it comes to breaking down the silos separating development at security teams, he noted.

“Full DevSecOps maturity requires organizations to implement DevSecOps across the board. Processes, tools, and culture need to evolve in order to break down the traditional silos and ensure that all teams share ownership of both security and agility,” Sass said.

Continue reading “DevSecOps: Solving the Add-On Software Security Dilemma”

Quickbooks Logo

Quickbooks Logo

Quickbooks Logo


At quick glance, ‘expertly framed’ Quickbooks phishing email looks legit


Attackers impersonating Quickbooks on the Microsoft 365 platform create a sense of urgency to compel their victims to “promptly” pay fake invoices allegedly from a legitimate vendor, thereby opening them up to a future malicious act.

Such phishing attacks are growing increasingly common, according to blog post from researchers at Abnormal Security who have observed 900 “attacks in the mailboxes of over 20 different customers,” with the expectation that the rate will continue to tick upward as users flock to Quickbooks online services.

These latest attacks use spoofing to bypass traditional mail filters and gain legitimacy, sending emails that seem to originate from The bad actors then prompt recipients to click on “Review and Pay,” which redirects them to[dot]php.

The attack is effective in part because the email is received on the same day the invoice is due, prompting the recipient to possibly act in haste without close scrutiny of the details. Among the red flags that may go overlooked: The suspicious landing page link or the headers that “reveal that the true sender domain is ‘,’ which fails authentication,” said Abnormal researchers.

The bad actors have put considerable effort into creating a convincing email that Abnormal said, “is expertly framed,” using Inuit Quickbooks logos and links.

“Additionally, the email states at the bottom to check with the business owner before paying to avoid fraud, giving the recipient a false sense of security as it seems counterintuitive for an attacker to warn their target about their potentially malicious email,” the researchers said.

surveillance illustration

U.S.-made technologies are aiding China’s surveillance of Uighurs. How should Washington respond?

source: &

The sweeping surveillance China has brought to bear against its Uighur Muslim minority is staggering. An overwhelming number of cameras generate an overwhelming amount of footage. Until recently, it was unclear how authorities sifted through it to serve their repressive ends. Now, the New York Times has provided an answer: with the help of U.S.-made technologies.


An investigation published this month reveals how supercomputers chug away inside a cloud computing complex in the Xinjiang region. Purportedly, these computers can analyze 1,000 video feeds simultaneously and search more than 100 million photos in a single second. The aim is to monitor cars, phones and faces — putting together patterns of behavior for “predictive policing” that justifies snatching people off the street for imprisonment or so-called reeducation. This complex opened four years ago, and it operates on the power of chips manufactured by U.S. supercomputer companies Intel and Nvidia.

Continue reading “U.S.-Made Technologies Are Aiding China’s Surveillance”

Though it’s unknown who the hackers were, early signs point to a group with the possible backing of a nation state.


As if the world needed another challenge in 2020, hackers have been found to be targeting the cold supply chain for the COVID-19 vaccine, reports The Financial Times. The cold supply chain is critical in the deployment of the vaccine, which takes highly specialized equipment to keep vaccine doses at chillingly low temperatures so they can still be effective when administered to an individual.

The Pfizer vaccine needs to be store at at least -94ºF (-70ºC) and the Moderna vaccine needs to remain at -4ºF (-20ºC) to stay viable. If the systems that operate that supply chain—including the ones responsible for keeping the freezers online—are disrupted, the doses of the vaccine could become ineffective before they are administered.

The hacking attempts on the cold storage supply chain were first uncovered by IBM’s threat intelligence task force and targeted a cold chain platform operated by the Gavi vaccine alliance. The attack involved a phishing attempt to obtain login details for the cold supply chain systems. Currently, it’s unknown if the attackers were trying to steal trade secrets related to the cold supply chain—or if they were attempting to disrupt the supply chain itself.

Though it’s unknown who the hackers were, early signs point to a group with the possible backing of a nation state. Claire Zaboeva, a senior strategic cyber-threat analyst at IBM, said the attack “was an extremely well-researched and well-placed campaign. And that does potentially point to a very competent person or team.” As of now, it’s also unknown if the hackers succeeded in gaining access to the cold storage supply chain network.



“it’s also unknown if the hackers succeeded in gaining access”