December 26th, 2011

Karsten Nohl rates mobile operator security.

The NYTimes has an article on Karsten Nohl's latest research into cell phone security:
In a study of 31 mobile operators in Europe, Morocco and Thailand, Karsten Nohl, a Berlin hacker and mobile security expert, found that many operators provided poor or weak defenses to protect consumers from illicit surveillance and identity theft.

Mr. Nohl said he was able to hack into mobile conversations and text messages and could impersonate the account identities of cellphone users in 11 countries using an inexpensive, 7-year-old Motorola cellphone and free decryption software available on the Internet. He has tested each mobile operator more than 100 times, he said, and has ranked the quality of their defenses.

He plans to present his results at a convention of the Chaos Computer Club, a hackers’ group, in Berlin, where he will open the project to researchers in other countries.

In compiling his research, which was conducted from Sept. 1 through the past week, Mr. Nohl measured a network’s vulnerability to three attacks: the interception of voice and text messages, the impersonation of a cellphone user’s identity to make calls or hear voice mails and the tracking of a cellphone user’s location through the Internet and the cell network. He then ranked the operators in the three categories by compiling a risk scale, with 100 percent representing the best possible security and zero representing none.

While the research was limited mostly to Europe, Mr. Nohl, a German citizen who received a doctorate in computer science at the University of Virginia, said the level of security provided by U.S. network operators was on a par with European operators, meaning there was also room for improvement.

In Asia, the Middle East and Latin America, the level of mobile security varies widely and can be much lower. Operators in India and China, Mr. Nohl said, encrypt digital traffic poorly or not at all, either to save on the network’s operating costs or to allow government censors unfettered access to communications.
I'm looking forward to seeing his results.

It's not about return on investment, it's about return of investment.

From Business Week:
The U.S. government received record demand for its bonds in 2011, pushing longer-maturity Treasuries to their best performance since 1995 in a sign that President Barack Obama may have little difficulty financing a fourth consecutive year of $1 trillion budget deficits.

The Treasury Department attracted $3.04 in bids for each of the $2.135 trillion in notes and bonds sold, the most since the government began releasing the data in 1992 during the George H. W. Bush administration. The U.S. drew an all-time high bid-to-cover ratio of $9.07 for $30 billion of four-week bills it auctioned on Dec. 20 even though they pay zero percent interest.
This is one of those things that tends to go on until it reverses abruptly. On the other hand, as long as the Europeans continue their Keystone Cops routine, it'll probably continue.

(I don't know why the dateline on this Bloomberg wire story is tomorrow, however.)