Showing posts with label Passwords. Show all posts
Showing posts with label Passwords. Show all posts

April 12, 2016

Turn, Press, Pull -- Gonna Get Ya

So as I go around town, I see more and more of these industrial-type control panels. 

The problem is that they are stupidly in the open and unprotected or otherwise easily defeated.  

While probably not a serious threat of any sort, this one apparently is a unit to control some fans in an underground garage open to the public. 

You see the knobs you can just turn.

And one with a yellow warning sticker above it.

As if that will keep someone with bad intentions from messing with it. 

You also see the red and yellow lights...hey. let's see if we can make those flash on, off, on.

Panel 13, nicely numbered for us--let's look for 1 to 12 and maybe 14+.

It just continues to amaze me that in the age of 9/11 and all the terrorism (and crime) out there that many people still seem so lackadaisical when it comes to basic security. 

Anyone in the habit of leaving doors and gates open, windows unlocked, grounds unmonitored, computers and smart phones without password protection, data unencrypted and not backed up, even borders relatively wide open, and so on. 

Of course, we love our freedom and conveniences.

We want to forget bad experiences.

Could we be too trusting at times?

Maybe we don't even believe anymore that the threats out there are impactful or real.

But for our adversaries it could just be as simple as finding the right open "opportunity" and that's our bad. ;-)

(Source Photo: Andy Blumenthal)

Share/Save/Bookmark

February 23, 2015

Keep 'Em Clean

My friend's mother used to say to always make sure to wear clean underpants in case you end up at at the doctor or in the hospital. 

I guess that's some good advice.

In that context, I thought this was a funny post on facebook about how passwords are like underpants:

"Change them often, keep them private, and never share them with anyone."

Maybe you could add to this list as follows:

- Make them difficult to guess at. 

- Don't use the same one for every occassion.

- Never put them out there in a conspicuous way. 

- And require that you change them at least every 90 day. ;-)

(Source Photo: Facbook)

Share/Save/Bookmark

May 6, 2013

Learning IT Security By Consequences


This is a brilliant little video on IT Security. 

What I like about it is that it doesn't just tell you what not to do to stay safe, but rather it shows you the consequences of not doing the right things. 

Whether you are letting someone into your office, allowing them borrow your badge, leaving your computer unsecured, posting your passwords, and more--this short animated video shows you how these vulnerabilities will be exploited.

It is also effective how they show "Larry" doing these security no-no's with signs everywhere saying don't do this. 

Finally, the video does a nice job summing up key points at the end to reinforce what you learned. 

I think that while this is simpler than many longer and more detailed security videos that I have seen, in a way it is more successful delivering the message in a practical, down-to-earth approach that anyone can quickly learn core basic practices from. 

Moreover, this video could be expanded to teach additional useful IT security tips, such as password strengthening, social engineering, and much more. 

I believe that even Larry, the unsuspecting office guy, can learn his lesson here. ;-)

(Note: This is not an endorsement of any product or service.)
Share/Save/Bookmark

March 29, 2013

Catching More Flies With Honey

There's an old saying that you can catch more flies with honey than with vinegar. 

And this is true in cyberspace as well...

Like a honey pot that attracts cyber criminals, organizations are now hiring "ethical hackers" to teach employees a lesson, before the bad guys teach them the hard way. 

The Wall Street Journal (27 March 2013) reports that ethical hackers lure employees to click on potentially dangerous email links and websites, get them to provide physical access to data centers and work site computers, or give up passwords or other compromising information through social engineering.

The point of this is not to make people feel stupid when they fall for the hack--although they probably do--but rather to show the dangers out there in cyberspace and to impress on them to be more careful in the future. 

One ethical hacker company sends an email with a Turkish Angora cat (code-named Dr. Zaius) promising more feline photos if people just click on the link. After sending this to 2 million unsuspecting recipients, 48% actually fell for the trick and ended up with a stern warning coming up on their screen from the cyber security folks. 

Another dupe is to send an faux email seemingly from the CEO or another colleague so that they feel safe, but with a unsafe web link, and see how many fall for it. 

While I think it is good to play devil's advocate and teach employees by letting them make mistakes in a safe way--I do not think that the people should be named or reported as to who feel for it--it should be a private learning experience, not a shameful one!

The best part of the article was the ending from a cyber security expert at BT Group who said that rather than "waste" money on awareness training, we should be building systems that don't let users choose weak passwords and doesn't care what links they click--they are protected!

I think this is a really interesting notion--not that we can ever assume that any system is ever 100% secure or that situational awareness and being careful should ever be taken for granted, but rather that we need to build a safer cyberspace--where every misstep or mistake doesn't cost you dearly in terms of compromised systems and privacy. ;-)

(Source Photo: Dannielle Blumenthal)
Share/Save/Bookmark

July 6, 2008

Biometrics and Enterprise Architecture

Biometrics is “the study of methods for uniquely recognizing humans based upon one or more intrinsic physical or behavioral traits.” (Wikipedia)

Biometrics is crucial for identifying and taking out of play enemy combatants, terrorists, and criminals or for providing access to trusted employees or partners in public or private sector organizations, like the intelligence community, defense, security, and various sensitive industries like financial, telecommunications, transportation, energy, and so forth.

National Defense Magazine, November 2007 has an article on the significant advances being made in biometric technologies and their applications to our organizations.

According to “’The National Biometrics Challenge,’ a report produced by the Office of the President’s National Science and Technology Council…’a tipping point in the maturation of the technology has been reached.’

Both the FBI’s Information Services Division and The Department of Defense Biometric Fusion Center are leading the way in this field.

Currently, identity is established based on the trinity: “something you know (such as a password), something you have (like an identity card), or something you are, which is where biometrics comes in.”

Biometrics includes technologies for recognizing fingerprints, facial features, irises, veins, voices, and ears, and even gait.

But these are technologies identification means are not fool-proof: remembering multiple complex passwords can be dizzying and identity cards can be lost, stolen, or forged. So biometrics becomes the cornerstone for identity management.

However, even biometrics can be spoofed. For example, fake rubber fingers have been used in lieu of a real fingerprint (although now there are ways with living flesh sensors to protect against this). So therefore, biometrics is evolving toward “multi-modial” collection and authentication. This could involve using 10 fingerprints versus one or combing fingerprint, iris scans, and digital mugshots (called the “13 biometrics template” and used to gain access in U.S. managed detention centers in Iraq) or some other combination thereof.

Biometrics has advanced so much so that an Iris scan system from Sarnoff Corp. of Princeton NJ “can scan and process 20 people per minute from distances of about 10 feet away, even those who are wearing glasses.”

The keys to further enterprise application of these technologies in our enterprises are the following:

  1. Lowering the cost (especially to make it available to local law enforcement agencies)
  2. Making it rugged enough for extreme environments for the military
  3. Making it portable so that it can be used for a variety of law enforcement and defense operations
  4. Reengineering business processes so that measurements are captured, stored, accessible, and readily available for making a match and generating a decision on someone’s identity in real-time
  5. Developing policies that “effectively govern the proper use of the data” and ensure adequate protection for civil liberties and privacy.

Overall, biometrics has moved from emerging technology to applied technology and needs to be planned into your identity management architectures.


Share/Save/Bookmark