jump to navigation

Porn, Steganography & Al Qaeda = Bad News May 2, 2012

Posted by Chris Mark in InfoSec & Privacy, Risk & Risk Management, terrorism.
Tags: , , , , , , ,
add a comment

“Believe half of what you see and nothing that you hear”…Benjamin Franklin

Recently it was disclosed that German cryptographers had managed to decipher plans taken from an Al Qaeda operator who had a memory card confiscated.  According to the story: “On May 16 last year, a 22-year-old Austrian named Maqsood Lodin was being questioned by police in Berlin. He had recently returned from Pakistan via Budapest, Hungary, and then traveled overland to Germany. His interrogators were surprised to find that hidden in his underpants were a digital storage device and memory cards.  Buried inside them was a pornographic video called “Kick Ass” — and a file marked “Sexy Tanja.” “  As stated on Gary Kessler’s website: (more…)

UPDATE: Copying of GlobalRiskInfo Blog (and others) April 24, 2012

Posted by Chris Mark in Industry News, InfoSec & Privacy, Piracy & Maritime Security.
Tags: , , ,
1 comment so far

2nd UPDATE: lT appears that the company  read my blog and has now (after April 24th) included sources to a few of their posts. Interestingly, the AKE post still does not have AKE’ information included.  I also welcome them to add my own blog to their list of references.  Here is a link to Dr. Heather Mark’s post on her experience with plagiarism.

UPDATE: Curiosity got the best of me so I started checking the other blog posts.  I should be grateful that the company did not simply cut and past my content.  Here are other “borrowed items”.  It is a disgrace when a company cannot do their own work.  At a minimum, writers are required to cite their sources and give attribution.  The absence of even a mention of where the content originated is, in my opinion, intended to cause the reader to assume it is original work.

April 11th, 2012 Post- “Pirates Demand Dh11M to Free Hostages” is a direct cut and paste of The National.ae post of the same name.

April 9th, 2012 Post- “Somali Pirates hijack Vessel with 17 on Board” is a direct cut and paste of an MSNBC.com article of the same name that originally was published on Indiatoday.

The most glaring of these actions can be seen in the post titled: “Somali Pirate Activity Reaches 15 Month High”.  This was originally an article of the same name published by Bloomberg where the information was provided by Intelligence Company AKE who also provides Maritime Security.  The article was copied verbatim with all references to AKE removed.  The intent is clear.

It is pointless to review any further.

 ORIGINAL Few things frustrate a writer more than someone using their work without attribution.  Today a company introduced new blog with numerous posts dated from Jan 2012-April 2012 .  In reviewing the blog, it certainly appears that the company has done little more than “borrow” my own work and not provide attribution to me..the originating author.

Of 15 posts, fully 1/3 appear to be  summaries of my own work.   Maybe I should be flattered?  Maybe the company is simply acknowledging my expertise over their own. Feel free to read the articles and decide…(each of the GlobalRiskInfo posts predate the summarized posts) (more…)

Chris Mark Speaking in London- “Hactivists, CyberSpies, & Thieves: Risk & Data Centric Security” April 18, 2012

Posted by Chris Mark in Industry News, InfoSec & Privacy, Risk & Risk Management.
Tags: , , , , , , ,
add a comment

On June  19th, Chris Mark (that is me;) will be hosting a workshop at the CISO Intelligence Forum: Energy in London, England.  My particular workshop will be titled: “How to select a security vendor”Not really..that was a bad joke 😉 (security geeks get it).  The 1/2 day workshop will be titled: “Hactivists, CyberSpies, and Data Thieves: A Discussion of Risk & Data Centric Approaches to Security”.  You can download the brochure here.  While my own workshop is sure to be the most well attended (another bad joke), I do have to give some props to the other speakers.  This event has some top shelf talent shelf talent speaking including speakers from the PCI SSC, Lanco, SOCA, and Northrup Grumman, among others.  If you are looking for solid information on data security in the energy segment, this is the place to be.

Chris Speaking at Piracy Week Hamburg- April 23-26, 2012 April 17, 2012

Posted by Chris Mark in Industry News, InfoSec & Privacy, Piracy & Maritime Security.
Tags: , , , , ,
2 comments

I am off to Hamburg, Germany next week to speak at the 11th Annual Combating Piracy event sponsored by Hanson Wade.  If you are in Germany, come by.  Hanson Wade puts on some great events.  I am speaking for Guardian Maritime Security on the topic of CyberSecurity in the Maritime Industry.  Last year I spoke on deterrence theory and the Value of armed guards in the protection of vessels.   Protection Vessels International (PVI) will be giving an update on the Evolving and Complex Tactics of Pirates.

As usual, some company will speak on “selecting a security vendor” in an attempt to win business.  I would think for 4K Euros people would expect to hear more than a sales pitch from a struggling company…but…I digress.

I am actually excited about attending to catch up with some friends, talk to new clients and most importantly…eat at Subway. That’s right..there is a Subway sandwich store in Hamburg, Germany!  Many people are unaware that Marine Corps Snipers and Subway have a long history together.

I may be taking a short hiatus while in Germany but will get back to writing as soon as I return.

(UPDATE)-“Interesting” Logic & Analysis – Verizon’s 2012 Data Breach Report April 17, 2012

Posted by Chris Mark in Industry News, InfoSec & Privacy, terrorism.
Tags: , , , , , , , ,
2 comments

I received a very insightful comment from one of the Verizon authors and thought it prudent to share. I think this explanation is very helpful for companies looking at infosec controls.  Here it is, in part(emphasis added): “You make a valid point about the fact that a determined attacker would simply try again if the first attempt failed. However, our finding that most breaches are avoidable through relatively simple controls doesn’t overlook this as you suggest. Our data show that most criminals aren’t determined to breach a particular victim and likely won’t try again if met with decent resistance. In fact, the extreme opportunistic nature of target selection means they likely won’t even be attacked w certain controls in place because automated probes will skip on down the street after jiggling the door handle a bit.  You can read the full comment, in ‘comments’.  The entire post is you continue reading. (more…)