jump to navigation

UPDATE “Just Say No!”- to Facebook Login Request for Employment March 23, 2012

Posted by Chris Mark in Industry News, InfoSec & Privacy.
Tags: , , , , ,
add a comment

UPDATE: Kudos to Facebook for weighing in on this subject.  Facebook says that not only is the practice wrong, but it is a violation of Facebook’s terms of service.  Echoing what I (and others) have said, logging into someone’s FB page could expose the employer to a lawsuit.  “(W)e don’t think it’s right the thing to do,” she said. “But it also may cause problems for the employers that they are not anticipating. For example, if an employer sees on Facebook that someone is a member of a protected group (e.g. over a certain age, etc.) that employer may open themselves up to claims of discrimination if they don’t hire that person.”

I find myself posting on this subject occasionally because a neighbor, friend or other person will inform me that during an interview or application they were asked to provide their Facebook or other ‘social media’ login.  This topic seems to arise again, and again and was again highlighted on msnbc.com.  So, for those who are asking or saying: “Chris, if you have nothing to worry about, then why do you care?”  Valid question.  Let me answer.  First, if you are looking for a job, as a responsible professional person you should take care to not post inflammatory, racist, hateful or other items on your social media.  If you are a proud member of a hate group, you may want to keep that info private.   Pictures of you doing drugs, or being arrested in New Orleans is also probably a bad idea.  (more…)

“Failed State of Security”- Published by IDGA March 21, 2012

Posted by Chris Mark in InfoSec & Privacy, Laws and Leglslation, Risk & Risk Management.
Tags: , , , , , , ,
add a comment

The Institute for Defense and Government Advancement (IDGA) has published the whitepaper “Failed State of Security”; A Rational Analysis of Deterrence Theory & Its Effect on Cybercrime. Check it out!

Abstract  “In reviewing the literature on criminology and information security it appears that, while they share many common themes, there is a disconnect between the criminological theory and its application in information security.  Information security, as a field, is focused on the protection of information assets.  Criminology is focused on the prevention of criminal behavior.  As most information security practitioners will likely attest, there is little overlap between the two fields and there has been little research or focus on the use of crime theories on the prevention of cybercrimes.   This paper attempts to bridge the gap between the fields and highlight the deficiencies in the current approach of compelling victims to prevent cybercrime as opposed to deterring the criminals from committing cybercrimes.” 

“Warren & Brandeis Cringe”- Identification through Typing March 21, 2012

Posted by Chris Mark in InfoSec & Privacy, Laws and Leglslation.
Tags: , , , , , , , ,
add a comment

Several years ago a few researchers demonstrated that the way in which people type is unique enough to be used to identify that person with a high degree of confidence.  It is not simply speed but includes cadence, time between particular keystrokes and other aspects.  This week DARPA announced that they are working to make the solution a reality.   Due to the uniqueness of a person’s typing DARPA says: “mimicking keystroke dynamics is physiologically improbable,” This means that it would increase the challenge of masquerading as another person.  I mark this up as “good in theory and terrifying in practice”.  In a talk last year a DARPA representative explained the process as such: “is move to a world where you sit down at a console, you identify yourself, and you just start working, and the authentication happens in the background, invisible to you, while you continue to do your work without interruptions.”  This is precisely where the issue comes to life. (more…)

Social Media – Dangerously Anonymous & Plausibly Deniable March 19, 2012

Posted by Chris Mark in Industry News, InfoSec & Privacy, Risk & Risk Management, terrorism.
Tags: , , , , , ,
add a comment

Today on Foxnews was a story about a person who claimed to be an occupy Wall Street protester who tweated a threat to kill a police officer.  A user with the name “Smackema1” tweeted: “We won’t make a difference if we don’t kill a cop or 2,”  What is interesting about this is that the person had never attended any Occupy protests and was actually in Florida when he sent the tweet.  The author, who police are trying to identify, clarified his remarks to a Florida newspaper when he said: “It’s not like I meant anything of it. Who takes anything like that seriously? I’m in Florida, what am I going to do?”   (more…)

The Carpenter, Not the Hammer, Builds the House March 8, 2012

Posted by Chris Mark in InfoSec & Privacy, Risk & Risk Management, weapons and tactics.
Tags: , , , , ,
add a comment

I was in a discussion yesterday with a friend of mine who happens to be the Editor in Chief of The Counter Terrorist Magazine.  Chris and I served together long ago and I always enjoy talking to him as he is one of the most insightful people I know.  He mentioned what he felt was the over reliance on technology in CT operations and how it was causing people to lose sight of the fact that it is the people that matter and not the tools.

I find this particularly relevant in all areas of security but especially in information security.  In a past life I operated as a Marine Scout/Sniper.  When my civilian friends learn of this, it is not uncommon for me to hear the question: “What is the best rifle to use?”  (more…)