“Warren & Brandeis Cringe”- Identification through Typing March 21, 2012
Posted by Chris Mark in InfoSec & Privacy, Laws and Leglslation.Tags: Chris Mark, DARPA, InfoSec & Privacy, mark consulting group, privacy, security, the right to privacy, typing authentication, warren and brandeis
add a comment
Several years ago a few researchers demonstrated that the way in which people type is unique enough to be used to identify that person with a high degree of confidence. It is not simply speed but includes cadence, time between particular keystrokes and other aspects. This week DARPA announced that they are working to make the solution a reality. Due to the uniqueness of a person’s typing DARPA says: “mimicking keystroke dynamics is physiologically improbable,” This means that it would increase the challenge of masquerading as another person. I mark this up as “good in theory and terrifying in practice”. In a talk last year a DARPA representative explained the process as such: “is move to a world where you sit down at a console, you identify yourself, and you just start working, and the authentication happens in the background, invisible to you, while you continue to do your work without interruptions.” This is precisely where the issue comes to life. (more…)
More Security Theater – “CyberCops and Robbers” March 15, 2012
Posted by Chris Mark in Industry News, Risk & Risk Management, Uncategorized.Tags: bank robberies, Chris Mark, fbi, mark consulting group, risk, security, security theater
add a comment
Today in my Google alerts, I had a story from FoxNews (…ahemm) titled “CyberCops and Robbers; Digital Posses to Bust Bank Robbers” After reading the article, I had to write a post and discuss (rant?) about the fluff that is being proposed. The article talks about a new initiative by the FBI and select banks where banks that comply with certain rules and agree to be involved in the program get to post a “badge” on their door like the one in this post.
There are so many flaws and issues with this approach, I don’t know where to start. This is Security Theater at its finest. For those who are unfamiliar with the term, Bruce Schneier, in his book Beyond Fear, coined the phrase security theater. Security theater describes security countermeasures intended to provide the feeling of improved security while doing little or nothing to actually improve security. (more…)
22 Arrested in Iranian Backed Plot Against US and Israeli Embassies March 14, 2012
Posted by Chris Mark in Industry News, Risk & Risk Management, terrorism.Tags: Azerbaijain, Chris Mark, Iran, risk management, security, Stuxnet, terrorism
add a comment
According to FoxNews and Agence France Presse, 22 people have been arrested inside Azerbaijan suspected of planning attacks against the US and Israeli embassies inside Baku. According to the reports, the attacks were planned for the benefit of Iran.
“Twenty-two citizens of Azerbaijan have been arrested by the national security ministry for cooperating with the Iranian Sepah,” the ministry said, referring to the Iranian Revolutionary Guards, according to AFP. “On orders of the Sepah, they were to commit terrorist acts against the US, Israeli and other Western states’ embassies and the embassies’ employees.” (more…)
“Black and Tans”?! Really?…A Little Market Research Can Prevent Embarassment March 13, 2012
Posted by Chris Mark in Industry News, Uncategorized.Tags: black and tans, branding, che guevara, Chris Mark, mark consulting group, marketing, nike, security
add a comment
This is a bit off topic but relevant, nonetheless. I was talking to some acquaintances about the upcoming US elections and somehow the topic turned Mexico, Guatemala, and finally to Che Guevara. My friends said: “Che who?” I almost fell over but, due to my extensive Marine Corps sensitivity training, instead I replied with a loud and derisive: “What the Hell!? Are you kidding me?! You don’t know who Che Guevara is?!“ I didn’t really say that, but I should have 😉 How can any American now know about Che Guevara? Again, I digress…You can read about him here.
Today, I am reading the news and there is a story about how Nike, in honor of St. Patrick’s day, named a new shoe the “Black and Tan”. The blog readers from the UK and Ireland are probably picking themselves off the floor right about now. My mental response to the news was: “WTH!? You named a shoe the Black and Tans?!“ (more…)
The Carpenter, Not the Hammer, Builds the House March 8, 2012
Posted by Chris Mark in InfoSec & Privacy, Risk & Risk Management, weapons and tactics.Tags: Chris Mark, cybersecurity, InfoSec, mark consulting group, risk management, security
add a comment
I was in a discussion yesterday with a friend of mine who happens to be the Editor in Chief of The Counter Terrorist Magazine. Chris and I served together long ago and I always enjoy talking to him as he is one of the most insightful people I know. He mentioned what he felt was the over reliance on technology in CT operations and how it was causing people to lose sight of the fact that it is the people that matter and not the tools.
I find this particularly relevant in all areas of security but especially in information security. In a past life I operated as a Marine Scout/Sniper. When my civilian friends learn of this, it is not uncommon for me to hear the question: “What is the best rifle to use?” (more…)
Global Security, Privacy, & Risk Management 