jump to navigation

My Confession about “The Other Woman”- Carly August 9, 2015

Posted by Chris Mark in Uncategorized.
Tags: , , , , , , , ,
add a comment

CarlyI apologize for using some ClickBait to get your attention but I wanted to talk about “The Other Woman” in the 2016 US Presidential Race.  Carly Fiorina. I watched the early debate without any real interest until I heard Carly speak.  Carly Fiorina was impressive (IMHO) in the debates and really got my attention!  The dig on Carly Fiorina has been a “fake scandal” (see how I did that?  Using a Clinton cliche?:) related to her role as CEO of HP and her ‘laying off’ of 30,000 employees.  Like many readers of this blog, I lived through the Dot Com Crash.  At the time I worked for the World’s largest Hosting provider (over 4,000 employees).  After 12 rounds of lay-offs the company went bankrupt.  The idea that it is unacceptable for the CEO (any CEO) of HP to restructure during this time is laughable.  CEO’s get paid to make tough choices and sometimes those choices affect employees.  CEOs of public companies have a fiduciary duty to shareholders. This means that she is legally required to act in the interests of the shareholders first.  Not doing so can actually be a crime.  This is business 101.

If you have not had a chance to watch the debates, please take the time as I believe it will be worth the investment.  Carly was impressive and, more importantly to me, she was earnest and had a plan.  She was direct, articulate, presidential and demonstrated she understood the issues.  I hope to see more.

CyberGhost Guest Post- “5 easy steps to increase privacy on Windows 10” August 6, 2015

Posted by Chris Mark in Uncategorized.
Tags: , , , , , , , , , ,
1 comment so far

cyberghostBelow is a guest post from CyberGhost  on how to increase privacy on Windows 10. This is very timely and great advice!.  I have upgraded to Windows 10 and really think it is a huge upgrade over Windows 8/8.1 but (there is always a but) there are some serious privacy concerns. (SERIOUS) Thanks to CyberGhost’s Silvana Demeter for providing this valuable info! BTW…I am very familiar with CyberGhost really like their products.  Check them out!

“On July 29, Microsoft has released its new operating system, Windows 10, available globally in 190 countries. The new version offers new features and completes different gaps. Windows 10 is fluid and fast and its new browser Microsoft Edge might win back a lot of users being super-fast.

Some privacy related concerns appear though, one possible problem being that data such as contacts, calendar, mail, messages are transferred to Microsoft’s servers, creating a more detailed user’s profile. Another feature that is infringing one’s privacy is the advertising ID assigned to individuals that are later targeted with specifically tailored ads. Even encrypting the hard drive won’t make an improvement to the privacy since the keys are stored by default on OneDrive. These new settings and features are aimed at increasing productivity, as they make apps and operating system smarter.

In order to improve the future experience of its users, Microsoft uploads data on their servers. As stated in the Terms of Service, Microsoft has the right to share this data whenever it has a good faith belief doing so is necessary to: 1.comply with applicable law or respond to valid legal process, including from law enforcement or other government agencies; 2.protect our customers, for example to prevent spam or attempts to defraud users of the services, or to help prevent the loss of life or serious injury of anyone; 3.operate and maintain the security of our services, including to prevent or stop an attack on our computer systems or networks; or 4.protect the rights or property of Microsoft, including enforcing the terms governing the use of the services.”

In addition, all these settings are ON by default and will remain enabled if not unchecked while installing or upgrading to Windows 10.

All the data used by the Microsoft account (@live.com, @outlook.com, @msn.com – necessary for most of the new features) is scanned by Microsoft’s services. The location or even the talks with Cortana (searches, reminders, notes, and actions) are also processed by Microsoft’s services: “We also share data with Microsoft-controlled affiliates and subsidiaries; with vendors working on our behalf; when required by law or to respond to legal process; to protect our customers; to protect lives; to maintain the security of our services; and to protect the rights or property of Microsoft.”

How to increase privacy on Windows 10

The Privacy settings can be managed by searching the term privacy in the start menu and most of the modules that send data to Microsoft can be disabled.

Below are some important features that can be changed to obtain more privacy:

  • Disable advertiser ID: open the settings and search for “advertising;” open “Choose if apps can use your advertising ID” and disable the first option: “Let apps use my advertising ID for experiences across apps”
  • Disable “…info about how I write” so that the text one types and writes with a stylus is not sent to Microsoft servers
  • Disabling the Advertising ID in the “Privacy Settings.”

o    “Let apps use my Advertising ID…” -> OFF

o    “Send Microsoft info about how I write..” -> OFF

o    “Location” -> OFF

  • Speech, Inking, & typing: If all options are cleared, Cortana will also be disabled

Another new feature introduced by Windows 10 is “Wi-Fi Sense” – a feature that syncs all Wi-Fi passwords to the cloud and shares them with the contact list. Through this functionality, the PC will be able to exchange passwords and automatically connect to WIFI, even to unprotected hotspots. The “Wi-Fi Sense” feature can be disabled by accessing Settings, “Wi-Fi” and then “Change Wi-Fi Settings.” Lucian Crisan, Head of Support and QA at CyberGhost VPN and former Microsoft employee recommends this change in order to avoid man-in-the-middle attacks and phishing attempts.”

Ideas to Help Autistic Kids Who Wander- For Caregivers August 4, 2015

Posted by Chris Mark in Uncategorized.
Tags: , , , , , , ,
2 comments

LocatorI read this morning about another beautiful little boy who had drowned after wandering (called Elopement in the Autism community) away from his grandparents house and drowning. As the parent of an awesome little Autistic boy I am heartbroken for the family and realize just how easily this can happen to families.  My thoughts and prayers go out to the family of little Sidney Heidrick.

Below are some quick stats on Autistic kids and elopement.

  • Roughly half, or 48%, of children with an ASD attempt to elope from a safe environment, a rate nearly four times higher than their unaffected siblings
  • In 2009, 2010, and 2011, accidental drowning accounted for 91% total U.S. deaths reported in children with an ASD ages 14 and younger subsequent to wandering/elopement.
  • More than one third of ASD children who wander/elope are never or rarely able to communicate their name, address, or phone number
  • Two in three parents of elopers reported their missing children had a “close call” with a traffic injury
    32% of parents reported a “close call” with a possible drowning
  • Wandering was ranked among the most stressful ASD behaviors by 58% of parents of elopers
    62% of families of children who elope were prevented from attending/enjoying activities outside the home due to fear of wandering
  • 40% of parents had suffered sleep disruption due to fear of elopement

While not the answer to every situation, Heather and I have explored a number of technologies.  If you are the care taker of an Autistic child, These may help..(We are not in any way associated with the products.  I don’t want anyone to think I am promoting these for any other reason than to help save lives..)

  • AngelSense GPS Tracker for kids.  We own one.  It is very valuable.  It has a ton of functionality and will alert you via email when the child leaves a certain area (that you define).  Absolutely worth looking at…
  • PetLoc8Tor  Not a GPS but works like the old school James Bond type locators.  It beeps and shows lights as you get closer.  Designed for pets but the actual ‘beacon’ is tiny and can be attached to a belt loop, pocket etc.  $99 and very effective out to 400 yards and works indoors.  I have tested in a large supermarket and it works well!  Just another tool that we use.

It breaks my heart to see these little guys and girls wander and get hurt.  Please pass this on if you think it could be of any value to a family with an Autistic child.

Thanks
Children with ASD are eight times more likely to elope between the ages of 7 and 10 than their typically-developing siblings

Dupont’s Titanium Oxide Color Recipe- Stolen for Chinese Advantage July 22, 2015

Posted by Chris Mark in Industry News, InfoSec & Privacy, Risk & Risk Management.
Tags: , , , , , , , ,
add a comment

Oddly (to me anyhow) this is the 2nd most  popular post on my blog!  It was written over 3 years ago but since it gets so much traffic I thought I should re-post.  Here it is in 2015!

Many mistakenly believe that only “high tech” secrets and intellectual property are targets for intellectual property theft.  In a clear example of how any propriety secret can be considered a target, a scientist (Tse Chao) who worked for Dupont from 1966-2002 (36 years!) pleaded guilty in Federal court on Thursday to committing espionage for a company controlled by the Chinese government.  Mr. Chao testified that he provided confidential information to Chines controlled Pangang Group. What did he steal? Among other things, the recipe for Dupont’s Titanium Dioxide.  What is TD used in?  Titanium Dioxide is the ingredient in many white products that makes the products white.  Products such as paint, toothpaste, and Oreo cookie filling!  Stealing the ingredients to Oreos shows just how low cyberthieves will go!   According to court documents: “DuPont’s chlorine-based process was eagerly sought by China, which used a less efficient and more environmentally harmful production method”

I have worked with a number of large companies who, when asked why they did not protect trade secrets, replied that they did not believe their industry or type of product was of interest.  Make no mistake.  If your company has a unique process, technology, or product, it IS of interest to many companies.  Unfortunately, the US Government has released reports that state that China is sponsoring much of the US and European cyber espionage.

photo from: http://www.titaniumexposed.com

Asymmetric Warfare 101 July 21, 2015

Posted by Chris Mark in Risk & Risk Management, weapons and tactics.
Tags: , , , , , ,
1 comment so far

With the current state of affairs I thought it appropriate to ‘republish’ this blog post from 2012. You can also read the article from Secure Payments Magazine on the same topic applied to InfoSec.

Asymmetric Warfare can be described as the strategy of using weapons, tactics, and methods to render the asymmetry that exists between two adversaries as moot.  Consider the US Military for a moment.  Since the end of World War II, which is arguably the start of US hegemony, the United States has fielded what many believe is the most powerful conventional military in the history of the world (or at least modern world).  In spite, of this fact the US, and her allies) have struggled in conflicts in Vietnam, Somalia, and most recently in Iraq, and Afghanistan.  In each of these theaters it was groups of lesser-trained, relatively ill-equipped insurgents that created significant challenges to the US military.  By applying guerilla tactics, and employing IEDs and other technologies, the adversaries were able to balance the perceived asymmetry between the might of the US and their own capabilities.

The US is not alone in this dubious distinction of struggling with conventionally weaker adversaries.  The Soviet Union was defeated in Afghanistan in the 1980s, and a much weaker France, led by Napoleon, defeated the powerful Prussian Military.  France, in turn, lost French Indochina with the coup-de-grace coming in the surrender at Dien Bein Phu in 1954.  If each of these countries were militarily superior to their foes, how did they end up losing their respective wars?  These examples outline the effectiveness of asymmetric warfare.

While there exist a number of different definitions of Asymmetric Warfare, in a basic sense it applies to the strategies and tactics employed by a militarily weaker opponent to take advantage of vulnerabilities in the stronger opponent.  As an example, few military forces on the planet would face the US military and her allies in open combat either on land or the sea.  Doing so would be certain suicide.  A look at the Persian Gulf War in 1991 shows the result of taking on the military might of the Western World in open combat.  The Battle of Medina Ridge is a prime example.  In this battle between the US 2nd Brigade, 1st Armored Division against the Iraqi, 2nd Brigade of 2nd Medina Luminous Division the US recorded 1 killed, and 30 wounded while recording 4 tanks as being damaged.  The Iraqis, meanwhile, reported “heavy manpower losses” while reporting 186 tanks destroyed and 127 Armored Fighting Vehicles destroyed.

If a militarily inferior opponent cannot face the US, or Western powers in open combat, how do they fight?  It is fair to day the days of Mahanian sea battles are behind us.  Quite simply, they employ strategies that render the superior military might irrelevant or at least less relevant.  Guerilla warfare is an example of an asymmetric strategy against a militarily superior foe.  As stated in the military classic “On Guerrilla Warfare” by Mao Tse-Tung:

“At one end of the spectrum, ranks of electronic boxes buried deep in the earth hungrily spew out endless tapes.  Scientists and engineers confer in air conditioned offices; missiles are checked by intense men who move about them silently, almost reverently….in forty minutes the countdown begins.

At the other end of the spectrum, a tired man wearing a greasy felt hat, a tattered shirt, and soiled shorts is seated, his back against a tree.  Barrel pressed between his knees, butt resting on the moist earth between his sandaled feet, is a browning automatic rifle. ..Draped around his neck, a sausage-like cloth tube with three day’s supply of rice…In forty minutes his group of fifteen men will occupy a previously prepared ambush.”

This is warfare today.  Unfortunately, the US, and her allies have learned that technology alone cannot win a war against a determined, creative enemy.

As discussed earlier the concept of Asymmetric Warfare is a field of some debate.  When applying the concept to the business, and specifically the Information Security arena, it is more appropriate to apply the concept of Asymmetric Threats posited by C.A. Primmerman.  Without going through too much of the math, and modifying Primmerman’s original theory, we can state that a threat can be expressed using the following two statements:

  1. Adversary A could & would attack Adversary B by doing X
  2. Adversary B could & would respond to Adversary A by doing X.

Now we have the simple conclusion that statement (1) represents an asymmetric action if statement (2) is false, and it represents a symmetric action if statement (2) is true.

As an example of this concept working in practice, consider the following:

1a. Adversary A would attack Adversary B by using terror tactics against the civilian population.

2a.  Adversary B would respond to Adversary A by terror tactics against the civilian population.

If statement 2a is false then the threat in 1a is asymmetric.

According to Pimmerman, an Asymmetric Threat must meet three criteria.  These have been modified for our purposes and include:

  1. It must involve a weapon, tactic or strategy that the adversary both could and would use against another adversary.
  2. It must involve a weapon, tactic, or strategy that the would not or could not be be employed by one adversary.
  3. It must involve a weapon, tactic, or strategy that, if not countered, could have serious consequences. If a threat meets these three criteria, it would be considered asymmetric.

As any student of military strategy can attest, being in a purely defensive mode is a losing proposition.  Unfortunately, in many instances asymmetric threats place one adversary in an almost purely defensive position.  One of my favorite quotes that appears appropriately relevant now is by Julius Ceasar:

“There is no fate worse than being continuously under guard, for it means you are always afraid.”

While not intended to be a comprehensive discussion of Asymmetric Threats the basic concepts are relevant in today’s world.