January 21, 2015
Breaking Protocol?
And how?
By accepting an invitation from the Congress of the United States of America to speak the truth about the dangers of a nuclear armed Iran, who is a designated State Sponsor of Terrorism.
Still trying to figure out under what protocol:
- Netanyahu was ushered into the White House through the back door.
- Netanyahu was snubbed for dinner while visiting at the White House.
- The Defense Minister of Israel was denied an audience at the White House.
- Ammunition was withheld from Israel, while under fire, during the Gaza War with Hamas, a designated terrorist organization.
- Sanctions are considered against Israel for building homes in Jerusalem the Capital of Israel, while sanctions are lifted against Iran as they build nuclear weapons to annihilate Israel and threaten America, "The Great Satan."
- Senior Administration official calls Netanyahu a Chickenshit.
Finally, and most upsettingly, the President travels all over the World and Middle East, but doesn't visit The Holy Land.
I don't get it, do you?
(Source Photo: here with attribution to gregpoo)
February 19, 2012
Big Phish, Small Phish
Additionally, phishing emails can contain attachments that infect recipient's computers with malware, creating a backdoor to control or compromise a system and its information.
In all of these cases, the intent of phishing is impersonate others and lure consumers into providing information that can be used to steal identities, money, or information.
In this fraudulent type, perpetrators pretend to be legitimate financial institutions, retailers, social media companies, and government agencies in an attempt to get you to divulge private information like date of birth, social security numbers, mother maiden names, account numbers, passwords and more.
Spear-phishing is a derivative of this scam that is targeted on specific people, and whaling is when the scam is perpetrated on organization executives or other high profile targets, which can be especially compromising and harmful to themselves or the organizations they represent.
- Delete email and messages that are unwarranted and ask for personal information
- Do not click on links, instead go directly to a website by using a search engine to locate it or copying the link and pasting it into the browser
- Configure your browser to block pop-ups
- Use anti-virus, firewalls, and anti-spam software
- Set up automatic security updates
- Input personal information only into secure sites, such as those that begin with "https"
- Only open attachments when you are expecting them and recognize where they are coming from
- Check financial statements upon receipt for any fraudulent activity
- If you are caught in a phishing scheme, notify law enforcement and credit reporting authorities immediately
- Always be cautious in giving out personal information
Big Phish, Small Phish
March 21, 2008
The Foreign Software Threat and Enterprise Architecture
Enterprise architecture is the developer and keeper of the organization's systems inventory, and it is the champion for system interoperability, integration, standardization, and modernization. Of course, all this within the framework of a secure information infrastructure.
What happens though when the security of systems is threatened from the inside—that is through malicious code itself?
Imagine a terrorist sleeper cell embedded in our country that can be activated at any time to cause destruction and havoc. So too, hidden malicious software code can be embedded in applications developed overseas or even by homegrown adversaries. And this code can be launched or used as a back door to disable our vital military systems for communications, weapons, navigation, and so on.Military Information Technology, April 2008, reports that “DoD combats risks of a ‘mole’ in software written in other nations.”
According to a March 2007 report by the Center for Strategic and International Studies (CSIS), “malicious code, cyber-attacks, and espionage [are cited] as top threats facing the DoD and defense industry today, resulting primarily from software developed overseas, and to a lesser extent, from the global use of commercial software.”
Further, “the CSIS report noted that the number of U.S. companies outsourcing software development overseas had grown 25% from 2003 to 2006.”
“In September [2007], the Defense Science Board Task Force…came to similar conclusions” about foreign software exploitation. It states: “'while COTS development environments are more porous to attack than those of DoD custom development environments,’ subversion of the latter is more like to achieve adversarial objectives.”
Custom code does not get the same scrutiny as commercial code (especially open source) and so it is more vulnerable to exploitation via back doors or malicious code written into the software.
Dan Geer, the chief scientist and vice president of Verdasys, a security software firm, states: “Instead of trying to put a mole in the CIA, they try to put a mole in software.”
While “the technology industry has made progress at finding which writing patterns leave software vulnerable to inadvertent bugs…we don’t have as good a handle on what malicious programmers introduce.”
So how can we architect safer software?
- Scan—conduct vulnerability scans of software to identify known vulnerabilities.
- Patch—when vulnerabilities are detected, patch them quickly.
- Inform—have developers disclose what tools they are using and how they developed the code.
- Test—embed security testing and analysis in all phases of the systems development life cycle.
- Measure—develop metrics for software assurance so it can be rated and improved on.
Of course, we also need to ensure that developers are security-cleared to work on the software being developed or customized and that we layer our defenses and create redundant systems so that we mitigate risk from any single particular entry point.
The Foreign Software Threat and Enterprise Architecture