jump to navigation

The Danger of Biometrics for Personal Use – Limited Legal Protection October 17, 2016

Posted by Chris Mark in Uncategorized.
Tags: , , , , , , , , ,
1 comment so far

iStock_000006910296XSmall 2I have never been a proponent of using Biometrics and have frequently made jokes about  not wanting “the man” to have my finger prints.  Well, it looks like my position may have been well founded.

Recently, it was reported in Forbes.com that on May 29th, 2016 the US Government had filed a motion for the court to require residence in a Lancaster, California home to provide their fingerprints to open an iPhone.  More disturbingly, the motion called for: “authorization to depress the fingerprints and thumbprints of every person who is located at the SUBJECT PREMISES during the execution of the search and who is reasonably believed by law enforcement to be the user of a fingerprint sensor-enabled device that is located at the SUBJECT PREMISES and falls within the scope of the warrant.” In short, they didn’t just want the finger prints they wanted to force the residents to actually ‘use their finger’ to open the phone.  The warrant was not available to the public, nor were other documents related to the case.  Like many people, I asked “how can the courts do this?”  It would seem to me like an invasion of privacy (among other things).  Marina Medvin of Medvin law said: ““They want the ability to get a warrant on the assumption that they will learn more after they have a warrant. “Essentially, they are seeking to have the ability to convince people to comply by providing their fingerprints to law enforcement under the color of law – because of the fact that they already have a warrant. They want to leverage this warrant to induce compliance by people they decide are suspects later on. This would be an unbelievably audacious abuse of power if it were permitted.”  Unfortunately, it was indeed permitted.

Is it legal?  According to the article in Forbes:

“In past interpretations of the Fifth Amendment, suspects have not been compelled to hand over their passcode as it could amount to self-incrimination, but the same protections have not been afforded for people’s body data even if the eventual effect is the same. Citing a Supreme Court decision in Schmerber v. California, a 1966 case in which the police took a suspect’s blood without his consent, the government said self-incrimination protections would not apply to the use of a person’s “body as evidence when it may be material.”

It also cited Holt v. United States, a 1910 case, and United States v. Dionisio, a 1973 case, though it did point to more recent cases, including Virginia v. Baust, where the defendant was compelled to provide his fingerprint to unlock a device (though Baust did provide his biometric data, it failed to open the iPhone; after 48 hours of not using Touch ID or a reboot Apple asks for the code to be re-entered.).

As for the Fourth, the feds said protections against unreasonable searches did not stand up when “the taking of fingerprints is supported by reasonable suspicion,” citing 1985′s Hayes v. Florida. Other cases, dated well before the advent of smartphones, were used to justify any brief detention that would arise from forcing someone to open their device with a fingerprint.”

We do know that the warrant was served.  It does appear that you cannot be forced to give up a passcode as it could amount to Self Incrimination under the 5th Amendment however you do not have the same protections for biometrics. This is another instance where the law has not kept pace with technology.  For this reason, and others I will not use biometrics for personal security.

Chris Mark in “Using Security Metrics” Book June 9, 2016

Posted by Chris Mark in cybersecurity, Uncategorized.
Tags: , , , , , , ,
add a comment

Screen-Shot-2016-06-09-at-10.55.59-AM.pngA number of months ago I was interviewed regarding my opinion on the effectiveness of security metrics.  I was notified today that the eBook has been published.  Titled “Using Security Metrics” the book includes 33 authors and according to the publisher:

“We asked 33 security experts how they communicate security program effectiveness to business executives and the Board.

They share their recommendations and best practices in this ebook. If you’re a security professional, you’ll find their insights indispensable for helping you better communicate with business executives and Board members who often do not speak the security language. Download this ebook to learn about:

  • Security Metrics That Tell a Story to the Board
  • Security Metrics That Help Boards Assess Risk
  • Security Metrics for Threat Management
  • Security Metrics that Drive Action in the Financial Services Industry

My contribution can be found starting on page 39.  You can download the eBook here!.

Director of VA Robert McDonald Compares Lines at VA to Disneyland & Lies about His Military Service May 31, 2016

Posted by Chris Mark in Uncategorized.
Tags: , , , , , , , , , ,
1 comment so far

McDonaldUPDATED POST- Last week VA Director Robert McDonald compared the lines at the VA to lines at Disneyland.  While most people were generally appalled by this ignorant and insensitive comment, Robert McDonald refuses to apologize.  Keep in mind this is the same idiot that has lied about his own military service and falsely claimed to be a Green Beret.  In addition to being an insensitive, ignorant buffoon he is also a liar who claims military honors to which he is not entitled.  The fact that President Obama still supports  this clown in his role as Director of the VA simply further demonstrates the current administration’s disdain for those who actually serve with honor.  Here is Obama’s National Security Advisor Susan Rice’s comments on traitor Bowe Bergdahl in 2014: “He served with honor and distinction.”  Those who betray their own country and their brothers and sisters in arms are treated with greater respect by this administration than those who actually serve honorably.

Original POST

Adding to my latest post about Sniper Posers…we have a new addition to the Stolen Valor club.  New Veterans Affairs Secretary (and former Proctor & Gamble CEO) Robert McDonald today admitted to lying about being a Special Forces Soldier (Green Beret).  This is the same person who confronted Iraq War Veteran  (both Iraq wars) and Republican Congressman Mike Coffman (R. Colorado) and pointedly asked “What have you done?”  McDonald then talked about how he had “…run a major company..”

It is bad enough when a civilian who has never served lies about their service.  It is more egregious when a military member who served honorably lies about their service. It is absolutely not acceptable when the Secretary of the VA lies about his service.  Let’s be clear, the VA is one of the most incompetent, corrupt organizations in the entire US Government.  Shame on him!  He belongs on the Stolen Valor Wall of Shame!

Chris Mark Speaking at OpenEdge 2016 Partner Advisory Board May 27, 2016

Posted by Chris Mark in cyberespionage, cybersecurity, Uncategorized.
Tags: , , , , , ,
add a comment

OpenEdgeI am honored to have been asked to present as the keynote speaker at the OpenEdge 2016 Partner Advisory Board on June 6th, in Chicago, Il.  I will be speaking on the state of cybercrime today and provide a live demonstration of the Dark Web as well as a description of how cyber thieves steal and use payment card data.  It should be a fun event for everyone!  If you are an OpenEdge Partner please consider attending!

1,000,000 InfoSec Job Openings in 2016! May 10, 2016

Posted by Chris Mark in cybersecurity, Industry News, InfoSec & Privacy.
Tags: , , , , , , , ,
add a comment

ATT_Sec_Conf_2015-076A recent article in Forbes Magazine outlines the current and projected information security job market.  According to the article the current job market is valued at $75 billion and is expected to grow to $170 Billion by 220.  More profoundly, CISCO estimates that there are currently 1 million InfoSec job openings in the US with, according to Peninsula Press, 209,000 currently unfilled! According to Virginia Lehmkuhl-Dakhwe, director of the Jay Pinson STEM Education Center at San Jose State University “The number of jobs in information security is going to grow tenfold in the next 10 years,”

I have been fortunate to have had a great career in information security over the past 15 years.  While my experience is unique, I have had opportunity to travel the World and work with some of the largest, and most complex companies around.  I have spoken at scores of events and have published dozens of articles and white papers.

Last year I wrote a blog post about how to get into the InfoSec career field.  Two things that many people may want to know off the bat.  1) a College Degree is NOT required (although often very helpful) and 2) The pay is VERY good. (basic supply and demand).  In my experience most people could probably get into the field with anywhere from 9-18 months of self-study.  You can get in quicker if you attend course.  For more information, please read my blog post: Getting Info Information Assurance Careers.

%d bloggers like this: