You Have The Power, Mostly

Just when you thought it was safe to go back in the water, Russian hacking resurfaces in waters beyond the political. Sure, it was devastating when we realized that Russia had wormed its way into our electoral and democratic process, but that was apparently just the beginning of the story. (more…)

The Future of Cyber- Part Two

During a recent talk at The Chautauqua Institution, Denise Zheng held forth on the nature of cyber conflict: past, present, and future. A Senior Fellow and the Director of Technology Policy at the Center for Strategic and International Studies, Zheng has some interesting perspectives on the nature of cyber threats going forward. The concept of deterrence, for example is complicated, at least on a national or global scale. “Deterrence requires attribution supported by evidence, further supported by classified information and practices,” Zheng suggests, and governments know that for every action there is a reaction, often deploying the same technology. So global resolution of cyber threat potential seems problematic.

(more…)

The Future of Cyber- Part One

During a recent talk at The Chautauqua Institution, Denise Zheng held forth on the nature of cyber conflict: past, present, and future. A Senior Fellow and the Director of Technology Policy at the Center for Strategic and International Studies, Zheng has also worked as a senate staffer on the Homeland Security Committee, in the Computer Associates software engineering process, and, most recently, on cyber moonshots at DARPA. So her perspective on cyber reflects and informs those of consumers, governments, and leading edge developers. (more…)

The Smaller They Are, The Harder They Fall

While the media streams constantly with news of big-name breaches that threaten the global economy to the core, an even more significant story grows on the outer banks of public awareness. Sure, the big banks and retailers have lots of data to steal, but they also have the resources to protect their networks. The same is not always true of smaller enterprises. Perhaps in recognition of this, ransomware attacks on small businesses are increasing in greater numbers than their Goliath counterparts, according to Small Business Trends.

(more…)

No Such Thing As A Free Lunch

As remarkable as adware can be, both from the marketing side and the consumer side, the fact that banner ads and other promotions stem directly from your search habits is really the least of your worries. Imagine if the ads began to deploy code that controlled your computer, changed your default browser, and tracked your search habits for a Chinese marketing firm? (more…)

It’s A Family Affair

If you grew up in a large family, you know the sensation. Lots of aunts and uncles and thousands of cousins you saw on a limited basis, like every other year or so at a family reunion somewhere. Some of those kids were really weird, and they seem to come by it pretty naturally, since Uncle Fred and Aunt Eunice popped out of the RV with a gin and tonic in one hand and a fistful of political conspiracy theories in the other. Who knew Tolstoy was the second gun on the grassy knoll?

(more…)

Hacking Up Your Tex-Mex

Some breaches are just tough to stomach, and earlier this year that was especially true at Chipotle Mexican Grill stores across the country. Drawing details from a recent story on The Verge, every state in the Chipotle Nation, it seems, was affected by a credit card POS breach that garnered the hackers sensitive account information. No word yet on whether they wanted black beans or pinto beans with that data.

(more…)

Camp Songs For IT Professionals

It’s summertime, and the livin’ is easy. Fish are jumpin’, and the cotton is high. If you’re lucky, the old memories from summer camp return to the fore, as nostalgia delivers you from the daily stress of network security and constant threats.

(more…)

The Business Side Of Cyberthreats

The Wall Street Journal is not a publication prone to hyperbole, so a recent headline in the May 18th Business & Finance section screamed for attention. “Cyberthreats Breed Deep Unease” was the title of the article. The media would have us believe that all the really bad things seem to happen to multinationals or political parties. Nothing could be farther from the truth.

(more…)

When Cybersecurity Is Mainstream

Let’s face it. Most IT Departments feel undervalued or ignored. Like lawyers, you try to avoid them at cocktail parties until you need one. At least that’s the way it was in the old days, like back in 2015 or so. With the ever-advancing wave of cyberthreats and our reluctance to reduce the epic size of our digital footprints, cybersecurity is entering the mainstream in new and surprising ways. Consider a long but thorough examination of the current state of cybersecurity in, of all places, The New Yorker. Known more for it’s insights into western philosophy and the Upper Easy Side, even The New Yorker has recognized the growing ubiquitousness of cyberthreats. Have you?

(more…)

Hacking Ain’t What it Used to Be

Do you remember 1986? The first class was inducted into the Rock and Roll Hall of Fame, the Challenger Space Shuttle disaster rocked our world, and Top Gun was the highest grossing film of the year. That year also brought us the Computer Fraud and Abuse Act (CFAA), a law that many have suggested hasn’t kept up with the rapid pace of technological innovation. After all, ARPANET was in its infancy in 1983, and the World Wide Web wouldn’t become a consumer reality until around 1990. Protecting isolated computers is a wildly different thing from keeping networked devices secure in the IOT world. (more…)

The Imperfect Storm

There’s a storm brewing, potential chaos lurking in the wings. And I’m not talking about politics. Though, if we’re being honest, there’s a storm brewing there, too. We can argue cause and effect, but the world is changing in palpable ways, probably more rapidly than we imagine. (more…)

When The Chips Are Down

Ever had that feeling that someone is watching you, like the door is ajar and folks just passing by the office can see everything on your desk? Have you felt that way for the last seven years? If so, you’re not alone, especially if your computers use Intel chips with vPro technology. According to a recent Ars Technica report, Intel has only recently provided a patch to a backdoor in your network that has been open since the year Facebook was launched. Think about that.

(more…)

Arraigned On The Planes Of Spain

Back when Julie Andrews was in her theatrical prime, there was more than just The Sound of Music in the hills. In My Fair Lady, she repeated “the rains in Spain stay mainly on the plains” in an effort to lose her cockney accent. One could argue that Eliza Doolittle was trying to escape her past and enjoy the liberty associated with a new identity, a new language, a new sense of freedom. The same might be said of Peter Yuryevich Levashov, a Russian hacker whose fingerprints are said to be found on such exploits as the Russian intrusion into our 2016 elections. (more…)

Introverted Social Media

Even if we could isolate the recent activity of Russian hackers, imagine a mainstream marketplace for nefarious services provided by invisible people paid in Bitcoin.The information you seek is mined from the personal profiles and accounts of your target audience, whether that audience is a cheating spouse or a rebellious teenager with a hidden social media presence. It’s a complete violation of privacy, and we feed our own vulnerability with every trace of our digital footprint. (more…)

Is That Toaster Listening To Us?

In the interest of your organization’s OPSEC, step away from the microwave before you answer this question. There is no telling who might be listening right now. And if you’ve ever had Russian dressing on your salad, be sure you state that explicitly. Denial is not just a river in Egypt. Here’s the question: How confident are you that your cybersecurity practices are up to speed? (more…)

Who’s Watching The Watchers?

It’s been a strange month or two in the world, and that’s not simply a political statement. There is a very real sense that somebody’s watching, all of us, all the time, and that we should take that for granted. Increasingly, it seems, that voyeurism extends beyond our digital footprint and into our everyday physical spaces. While novelists and science fiction authors have been seizing on the approach of these days for decades, the Luddites are always the last to know. But, you might ask, who is watching the watchers? Apparently, that would be Wikileaks. (more…)

Now You See It, Now You Don’t

Hacker trying to hack into phoneStand against the wall. That’s the common advice given to tourists when they start to make calls on their smartphones in foreign lands. It’s not the roaming charges you have to look out for any longer. It’s now the roaming thieves who want to steal your phone in broad daylight and compound the pain by phishing your account information to unlock, wipe, and resell the phone. By standing against the wall, you limit the access and cover your blind side. Sadly, the stories are anything but rare. (more…)

Bundle Up To Avoid The Cold

Forest covered in snowWith every passing week, it seems, cyberthreats and hacks inundate the news cycle and bring home the absolute insecurity that most of us experience (or should) when we take even the smallest of baby steps with our digital footprints. Of late, it’s the Russians who seem to take center stage, hacking our politics and manipulating our elections. Though we could debate the extent of the success, nobody seems to doubt the intent any longer. If those chilly diplomatic breezes seem to intimate a second cold war, will cyber be the weapon of choice? Is it already?

(more…)

Better Take That Call

Person using smartphoneHacking is a double-edged sword, in many ways illustrated by the roles of white hat and black hat hackers. Our intrusions into our own digital spaces can facilitate preventive maintenance of our digital footprint as well as morph into the digital boot on our own necks. That’s the nature of the beast. (more…)

Executive Orders

great sealLots of talk about Executive Orders these days. They’ve been issued in such a flurry that it can be difficult to keep track of what’s being ordered and who’s being affected. On the drafting table, according to CyberScoop, is an EO that initiates President Trump’s efforts on cybersecurity. It doesn’t seem to have the aggressive edge that the others have had, if protests are to be used as a gauge. Nobody seems to be protesting the cybersecurity orders so far, and even former Obama administration officials have indicated that they agree with the order. Still, what does all this mean to folks in the trenches? (more…)

The Internet of Misfit Toys

Inherent to the narrative about the Internet of Things has been the assumption that greater efficiencies would save consumers time and money. It stands to reason that if your toaster talks to your watch, it would know that about 15 minutes after waking up, you would want your toast to pop up and be plated. Further, it goes without saying that your life would be dramatically improved if your thermostats were in on the conversation, so that the kitchen and breakfast room could begin to warm at about the same time as the toast. (more…)

A Good Defense is the Best Offense

Let’s say you’re the DNC and you’re really upset about the recent hacking perpetrated by the Russians. Or, we could imagine you’re the US Government, and you’re feeling vulnerable and diplomatic and vengeful, all at the same time. A recent NY Times article expands on the President’s feelings along these lines, and the frustration he feels at having a mighty cyber arsenal at his disposal when revenge only makes matters worse.
(more…)

A Secret History of Bad Relationships

Have you ever been THAT guy, the one who is only trying to be honest when everybody turns to him to point out the flaws in the system? You’re the one who remembers the office party everybody else wants to forget, down to the details that are all but lost to the ages. You’re there to remind Chuck in Sales & Marketing that numbers are down and click-throughs and conversions are sure to follow, even when Chuck didn’t ask. What? It’s the truth. You’re just putting it out there. Now imagine you simply harbored all this information and people sought you out and analyzed your memories. (more…)

Bold New World

Cybersecurity is approaching oxygen and water on the list of things we need to survive in this crazy world of ours. The threats are very real, whether deployed by governments around the globe or 400-pound hackers in their bed or the window booth at the corner coffee shop. The technology we create to make our lives easier now requires extraordinary vigilance, but it’s not the machines we should fear, as science fiction writers originally thought. The biggest threats seem to be the humans manipulating the good technology for bad purposes, and we can never completely isolate ourselves from them. Or can we? (more…)

You Will Save the World Several Times Today

This one goes our to all of the IT professionals our there sporting haute pocket protectors filled with government pens and .5mm mechanical pencils; the troops at the front lines of cybersecurity where the CAT 5 clicks into the road, and the hum and warmth of the server room gives indication to the heat and fire of network significance. You were the heroes of calculus and band camp, but your swagger has been under-appreciated by popular culture for years. That is until now. (more…)

Somewhere Between Sliced Turkey and Santa Claus

 

Working SantaYour organization has weathered some storms, am I right? The valleys between the peaks, when sales slow and payroll weighs heavy on the mind. You’ve hired through the good times and had to cut back in the lean times, but you’ve steadied the ship and there’s quite a bit to be thankful for as you try to recover from Aunt Eunice’s cornbread stuffing. And how about some steady quarterly earnings and revenue growth to go with that maize? That would be the best gift of all to slide down the chimney in a couple of weeks. (more…)

And In Other News

circusWhile the world has been watching the American political circus over the past several years, a recurring question put forth by all parties has been, “Can this or that person be trusted with the nuclear codes?” This is an important question, no doubt, but one that overshadows an even more significant question. Granted, the President is the single gatekeeper to the national arsenal, but enemies foreign and domestic seem to be making their own keys to nuclear infrastructure these days. (more…)

REM and the Lyrical State of Cybersecurity

Way back when, in a world before the Internet, when information moved by postal truck and mere facsimile, there strode upon the earth an alternative rock band whose words were even more prescient now than when they first uttered them. And while REM exited stage left, their pronouncement that “It’s the end of the world as we know it” enjoys fresh relevance with each wave of technological advance. (more…)

Dyn-A-Mite!

dynamiteA closer look at recent chaotic events surrounding the DDoS attacks on Dyn DNS reveals some frightening things about our rapidly growing dependence on the Internet. A recent NY Times article does a great job of explicating the events in layman’s terms, including the warning, “And the threats will continue long after Election Day for a nation that increasingly keeps its data in the cloud and has oftentimes kept its head in the sand.” (more…)

All Motivated with No Place to Go

Using digital tablet double exposureAn election cycle is great for reminding citizens what they’re looking for in a leader, a party, and a government. Granted, we don’t need endless election cycles, but a democratic republic depends on an educated and motivated citizenry. So we’ve got that going for us.

 

As IT professionals, you might have a vested interest in the actions and attentions of government. At some level, investments in infrastructure and mechanisms can only be made by governments, and the responsibility for maintaining that infrastructure falls to them as well. Think of roads and bridges. And the Internet has evolved into a really complex infrastructure, a road that bridges cultures around the globe. Without legislating the access and traffic, at some level governments need to do what they can to facilitate safe and steady flow of information and opportunity. (more…)

Blue Skies and Fireflies

Businessman using his tablet phone on airplane. Business travel and communication concept.If you have flown lately, you might have noticed a new wrinkle in the use of cell phones in flight. In addition to limiting use to airplane mode on those devices so equipped, the crew currently prohibits the use of or charging of any Samsung Note 7 device at any point while aboard the plane. CNET offers a brief explanation here for why that message has been added to the mix with making sure your tables and seats are in the upright and locked position. (more…)

Be Driven to Be the Driver

Mad Max Rolling Thunder

American truck speeding on freeway, blurred motion.Have you ever been passed by a big rig and thought to yourself how glad you were that somebody was at the helm of that rolling bundle of death? Have you ever seen a roadside littered with billboards advertising legal services for victims of crashes involving big rigs? Maybe seen the ads on television? If so, you probably take little solace in the idea that big rigs are evolving toward autonomous operation only slightly more slowly than cars, and most new cars already come equipped with the required hardware. Put on a hockey mask and crank a chainsaw, cause you got a real massacre on your hands. (more…)

A Made-for-TV Reality

Cable News is Not Enough

Mixing the newsThis election cycle will go down in history as one of the strangest in American history. Both candidates face low favorability numbers and they remain statistically close in most of the polls. This is widely known to anyone who watches cable news programs, mainly because those networks tend to recycle the news over and over again, day after day, and week after week. No reason to blame the networks, though, because that’s the business model. And, quite frankly, there is only so much human activity that is newsworthy, though they seem to always push those boundaries as well. (more…)

Going Rogue

It’s Not Just for Sarah Palin

citiBack in the day, when heartless senior management pointed out the flaws of the working man, the most retribution he would reasonably fear is that his car would get keyed in the parking lot. Sure, it’s a 1972 Corvette Stingray, but it’s still just a car. And that’s about as far as it would go. Nowadays, disgruntled employees swing a much bigger hammer, and the key they carry now slides down your network and leaves a scratchy mess the size of Texas. Literally. (more…)

The Golden Age of Cyber

zerodaysHave you ever been watching an action/adventure film and noticed the lag in technology? Like Tom Cruise suspended above a top-secret console pulling a floppy disc from his bag of tricks, or some other actor who knows nothing about cybersecurity delivering well-scripted lines that ring hollow? Maybe, generations from now, people will look back at our current relationship with the digital world with the same wonder with which we view science fiction. 2084 may make 1984 look quaint and anachronistic, but shouldn’t popular culture facilitate the general public’s understanding of the risks in the ether? Shouldn’t Hollywood do a better job of revealing cybersecurity experts to be the rock stars that you are? Am I right? (more…)

Get Your Head in the Game

helmetRemember the old days, when military pilots wore wool-lined leather helmets and big, clunky headsets? Probably not, since those practices tapered off after World War Two. By the time fighter pilots came into your field of vision, it was probably Tom Cruise singing “You’ve lost that loving feeling” while Goose couldn’t eject from the backseat. It didn’t end well for Goose, but you have to remember ICEMAN and MAVERICK in bold print on the helmets as the frosty colleagues pulled together to fight off the Russians and save the day. In addition to the monogram, the helmets had been upgraded to include oxygen masks and room for the really cool aviator sunglasses. Negative, Ghost Rider, the pattern is full. (more…)

Jackware In The Box

carjackFans of this blog — and let’s be honest, who isn’t a fan? — will recall a recent post that detailed the carjacking of a Jeep Cherokee from several miles away. It was an effort to demonstrate the security vulnerability of cars equipped with wireless access points and other IoT equipment. And it worked. Cars were recalled, security issues were addressed, and we now have an additional lens through which to view rapidly advancing car technology. But what if the car is advancing beyond us, the drivers? (more…)

Open Says A Me

2faPasswords are the first line of defense for critical network infrastructure. Building an organizational expectation for strong password use in no longer seen as an option. It is now a requirement. If you can get your staff to deploy 8-12 characters randomly selected from all varieties available, that’s $uPer GrE@+. (more…)

Bond. Cyber Bond.

cyber bondsCapitalism is a wonderful thing. Free markets have helped humans identify and meet demands by supplying the products and services that envelop an economy. It is also worth noting that necessity is often called the mother of invention, and cybersecurity is not removed from the influence of this type of thinking. (more…)

At the Crossroads

crossroadsRobert Johnson is believed to have sold his soul to the devil at a crossroads in Clarksdale, Mississippi. Legend has it the devil offered Johnson in trade a well-tuned guitar and a peculiar gift for singing the blues. His songs have been made famous by Muddy Waters, Eric Clapton, and The Rolling Stones, among others. Despite this oft-intoned gift, Johnson suffered an early departure from this world, though one shudders at the thought of such talent descending eternally southward into fire and brimstone, a musical fate we’d more readily assign to boy bands and pre-pubescent pop stars. (more…)

Politics as Unusual

Regardless of your political affiliation or your favorite — or least unfavorite — candidate, the 2016 election cycle has been anything but predictable. If this were a circus, it would be a very good one. Instead, though, it is the pinnacle of the democratic mechanism by which we choose our leadership. That is a sobering reality that could make you reach for the bottle. (more…)

Organizational Climate Change

CrisisPlanning is part of business, and the emerging changes in our physical world certainly play into that. Unexpected rains and flooding seem to strike different regions of the country with increasing frequency, and the usual threats like hurricanes and tornadoes haven’t completely resigned the stage. (more…)

BREXIT and The Unbearable Lightness of Leaving

UK flagYour organization is an island of traditional values and modern technology. Your staff speaks a language that is unique to the industry and has a shop culture that has evolved from the first day you opened for business. You’ve conquered the universe, winning large contracts and making connections that have ushered in waves of revenue and progress. You’ve forged alliances with others in our global economy that strengthen both parties. You’ve faced unruly vendors and cut ties when necessary, and you’ve battled the mighty when compelled to do so, especially when industry momentum was threatened. (more…)

The Ubiquity of Remote Access

remote accessForget about the Internet of Things. Yeah, like that’s possible. But set that aside for the moment. Another stark reality of our new global economy and digital footpath is the flourishing of remote access. Road Warriors access their office PCs from business travel hotels from Scranton to Sacramento while small businesses choose NAS over cloud services, reaping the many benefits of local data control and network accessibility but facing the daunting reality of localized vulnerabilities. (more…)

Crazy Cousin Guccifer

Every family’s got at least one, a crazy uncle or distant cousin who adopts a scorched earth perspective when exiting the reservation or joining the circus or moving to Iowa to invest in an earthworm farm. You don’t hear much from them for a while, but the names and stories get opened up at family weddings and funerals, reunions marked by distant sadness and curiosity. Guccifer, aka Marcel Lazar, is a Romanian hacker who may seem new to the family, but his name should sound familiar very soon if not already. (more…)

I’m with the Government, and I’m Here to Hold a Hearing

dcWe hear a lot about homeland security, both the pursuit and the official government department. The TSA is probably the latter’s most visible, and often most toxic, representative, especially when you see the little old lady victimized by the random full body search. The work they do is important, but a lot of it never sees the light of day. That can be good or bad. On a slow day, though, you can witness the machinations that propel our homeland into great security, because a recent Senate Homeland Security Committee meeting was recorded and is viewable here. Granted, it’s a couple hours of your life you’ll never get back, but whatever inflates your balloon. (more…)

It’s Graduation Season

The waypoints on our life journeys are marked by ceremony. Weddings, funerals, births and Baptisms, and, from time to time, graduations. High school and college seem to be the major events, but the zealous have introduced kindergarten, grade school, middle school, and traffic school to the mix. So congratulations to those who wiped the points off their driving record with 8 hours of vehicular remediation, Your future is, indeed, bright. (more…)

Ransomware Exposed: Sextortion

Ransomware is not new. It’s been around for a while, and clever hackers have found ways to extort just the right amount of money to make it worth your while to settle. The balance is somewhere between what the data is worth and what it would cost you to recover it through normal machinations. Traditionally they’ve kept the number low enough that is was cheaper to pay up and walk away. An easy decision, perhaps, when the data is just that. Data. (more…)

Hackers Prove Patient But Swift

Breaching a global bank network is no smash and grab operation. As organizations focus and fund their cybersecurity resources with even greater alacrity, the bad guys have to continue to polish the edge of their sword, patiently waiting for the right opportunities to score bigger and bigger hits. Such is the case with the recent — and second — attack on Swift, the global messaging network banks use to move money around. If you think you’re covering all your bases and keeping your data out of harm’s way, you may be giving yesterday’s news and last week’s security protocols too much play. Hackers, in one small way, are like PGA Tour Pros: These Guys Are Good. (more…)

Veteran Owned Small BusinessCMMI Maturity Level 3CISSP® - Certified Information Systems Security ProfessionalCertified Penetration TesterITIL IT Service ManagementCertified Ethical HackerProject Management Institute CertifiedUS Department of Homeland SecurityDisaster Recovery Institute CertifiedCertified Information Systems Auditor