I finished teaching the vLive version of MGT 512 yesterday and I think it was a good experience. This was the second time in a row the students hung around to chat after class and I treasure that. One of them brought up the 20 CC. He was concerned since he had five guys assigned to the project, but it seemed to be going slowly.
Maybe I was speaking out of school as they say, but I shared that it was slow going at SANS as well. He told me that really made him feel better.
Then he said what was freaking him out was attending a presentation from Dr. Eric Cole, where he said, the 20 CC, are really the minimum things we need to do to accomplish what is reasonable and prudent.
Smile. Such is the life of security, the bad guys only have to win every once in a while, we have to win every time.
Thursday, June 6, 2013
Saturday, April 27, 2013
The increasingly documented world
Since I do not watch TV, I miss a lot and fail to chronicle events that many people see. I was reading a Forbes article on a recent Apple commercial. Fortunately there is a copy on Youtube. The punch line was more photos are taken every day with the iPhone than with any other camera.
Next week in San Diego I am part of a panel on emerging trends. The fact that everyone with a smart phone is a journalist is hardly news, but the trend gets stronger every week. Where did the photos and videos of the Boston bombing shootout largely come from and what were they posted to?
Next week in San Diego I am part of a panel on emerging trends. The fact that everyone with a smart phone is a journalist is hardly news, but the trend gets stronger every week. Where did the photos and videos of the Boston bombing shootout largely come from and what were they posted to?
Tuesday, April 23, 2013
Daemon - Book Review
I do not normally read fiction, it is so hard to keep up with security as it is. However Wesley McGrew recommended the book and he is one sharp cookie, so I ordered it from Amazon. The premise, at least I think it is the premise, this is a complex book, is that a video game genius dies ( are we sure he is dead; this we is not, I saw Swordfish ) and leaves a computer program that is essentially taking over the world for its own purposes.
There was a detective involved, (Sebeck), but they frame him and kill him off ( not sure why). As the book comes to a close we are down to two people with a clue, a smart pretty girl at NSA, (Phillips), and a mysterious hacker, (Ross).
We do not really seem to come to a conclusion, but Wesley also recommended I buy Freedom which I did. Here is hoping we get to some conclusion for Daemon Industries LLC in the second book.
It is a dangerous book for a geek to read, make no mistake about it. 632 pages means when you realize you are hooked, you are going to pull an all nighter because you can't put the book down. There is no chance I am going to pick up Freedom today, tonight I have to sleep and I have an important meeting tomorrow. Thank heavens for the $20.00 bag of 100% Kona coffee at Costco. First pot of coffee for the year, but I really need it.
There was a detective involved, (Sebeck), but they frame him and kill him off ( not sure why). As the book comes to a close we are down to two people with a clue, a smart pretty girl at NSA, (Phillips), and a mysterious hacker, (Ross).
We do not really seem to come to a conclusion, but Wesley also recommended I buy Freedom which I did. Here is hoping we get to some conclusion for Daemon Industries LLC in the second book.
It is a dangerous book for a geek to read, make no mistake about it. 632 pages means when you realize you are hooked, you are going to pull an all nighter because you can't put the book down. There is no chance I am going to pick up Freedom today, tonight I have to sleep and I have an important meeting tomorrow. Thank heavens for the $20.00 bag of 100% Kona coffee at Costco. First pot of coffee for the year, but I really need it.
Monday, April 22, 2013
Phone Spear Phishing?
Just got a phone call and it was not on the office phone line, it was on our backup line. The incoming phone number was blocked.
Indian sounding accent. I am from the Microsoft Systems Support, may I speak to the owner of the computer.
Well sir, we have a number of computers here, which one.
The one that belongs to Kathy.
Kathy was also in the office, so I handed her the phone.
Ma'am you have downloaded a malicious file and we need to help you clean it up.
Thank you sir, what do I need to do.
Boot your computer.
It is already running.
OK, do you see the start button?
No, do you mean finder?
Ma'am it looks like a flag and it is on the bottom left side of your screen.
The thing on my computer on the bottom left side of the screen looks like a happy face.
Ma'am you should have a flag shaped icon to start your Windows computer.
But sir, it is a Mac.
Sorry to have troubled you Ma'am; goodbye.
Mike Poor turned me on to this link that shares a lot more information:
https://www.facebook.com/cutsec/posts/436939479729667?comment_id=2674772
Indian sounding accent. I am from the Microsoft Systems Support, may I speak to the owner of the computer.
Well sir, we have a number of computers here, which one.
The one that belongs to Kathy.
Kathy was also in the office, so I handed her the phone.
Ma'am you have downloaded a malicious file and we need to help you clean it up.
Thank you sir, what do I need to do.
Boot your computer.
It is already running.
OK, do you see the start button?
No, do you mean finder?
Ma'am it looks like a flag and it is on the bottom left side of your screen.
The thing on my computer on the bottom left side of the screen looks like a happy face.
Ma'am you should have a flag shaped icon to start your Windows computer.
But sir, it is a Mac.
Sorry to have troubled you Ma'am; goodbye.
Mike Poor turned me on to this link that shares a lot more information:
https://www.facebook.com/cutsec/posts/436939479729667?comment_id=2674772
Wednesday, March 27, 2013
Mobile Device Management (MDM)
I started a poll on LinkedIn to try to understand which MDM people are using.
Alan wrote in and said they use MaaS360 from FiberLink.
Alan wrote in and said they use MaaS360 from FiberLink.
Andre wrote: "My company uses Sybase Afaria but we've app-pen-tested AirWatch, MobileIron, and Good (in that order -- from most prevalent to least prevalent) for our customers, too. I have not even heard of the others and I've been doing mobile app pen-tests for 2 years now"
Sunday, November 4, 2012
@tqbf First they came for the small round rare-earth magnet sets
Thomas Ptacek posted this on Twitter. I was not sure of the context."First they came for the small round rare-earth magnet sets, and I said nothing." Then I read this news story about Mother Russia's new Internet Surveillance system:
http://www.wired.com/dangerroom/2012/11/russia-surveillance/all/
"Most importantly, however, the new Roskomnadzor system introduces DPI (deep packet inspection) on a nationwide scale. Although DPI is not mentioned in the law, the Ministry of Communications — along with the biggest internet corporations active in Russia — concluded in August that the only way to implement the law was through deep packet inspection."
"Most importantly, however, the new Roskomnadzor system introduces DPI (deep packet inspection) on a nationwide scale. Although DPI is not mentioned in the law, the Ministry of Communications — along with the biggest internet corporations active in Russia — concluded in August that the only way to implement the law was through deep packet inspection."
Stolen cell phone pictures, a cautionary tale
The Register carried an article about a woman with revealing pictures of herself that were stolen by two Verizon employees working on her phone. They then distributed the pictures.
Anything on the Internet is going to be around forever. Use caution. "the two men worked at a Verizon store in Bartow, Florida, where one, Joshua Stuart, 24, helped a nubile local waitress transfer her data from her old handset to a new smartphone. Unbeknownst to her, he also took a copy of some of the pictures from the phone's memory for his personal perusal, it's alleged, as well as for a colleague."
Anything on the Internet is going to be around forever. Use caution. "the two men worked at a Verizon store in Bartow, Florida, where one, Joshua Stuart, 24, helped a nubile local waitress transfer her data from her old handset to a new smartphone. Unbeknownst to her, he also took a copy of some of the pictures from the phone's memory for his personal perusal, it's alleged, as well as for a colleague."
Subscribe to:
Posts (Atom)