"123456" pick up sticks....

“123456”

What do you think about when you read those numbers? Me? I see what my bank account should look like $123,456 (I aspire to be a 1%er) but alas, it is only $12.34.  That’s OK though, I will EARN my way.  I digress. This particular set of numbers, according to SplashData.com, seems to be one of the most common passwords that people seem to use.  HUHHHH???? WHATTT!!! OK, I get it, there are some people who just don’t get it or are too lazy to understand the importance of SECURITY when it comes to one’s personal data, but it can’t be that difficult to understand! When you leave your home, don’t you take the time to use a key to lock the deadbolt etc.? Then why would you not take the time and create a complex password for all your computing needs?

According to SplashData’s article “Password” unseated by "123456" on SplashData's annual Worst Passwords list, “password has lost its title as the most common and therefore Worst Password, and two-time runner-up "123456" took the dubious honor. "Password" fell to #2.”

I have a friend who is a farmer; he has a degree and makes a very good living for himself.  He does most of his book keeping the old fashioned way using ledger books etc.  I asked him why he doesn't use a computer and he told me “I just never got around to figuring out how to use one.” I thought to myself, he must be an anomaly an oddity, surely there can’t be that many people who can’t use or don’t know how to use a computer? (I have a feeling; the 123456 password would be his.) After reading this article, I see my assumptions are not correct.  There must be thousands or tens of thousands of people who don’t get it, so 123456 it is for their “defense against the dark arts” (Sorry, watched Harry Potter this weekend).

With all the hub bub in the news lately in regards to cyber security incident’s, you would think that people would wake up and realize they are in danger “Grave Danger” (Harry Potter again) and do a little research on good ol computer security measures especially password safety.  If you are one of these folks, please Check out the article by Robert Siciliano (2011) titled 15 Tips To Better Password Security from McAfee.com.  He has several, well 15, tips to better familiarize yourself with better password protection.

Now a word from our creator...

“A prudent man foresees the difficulties ahead and prepares for them; the simpleton goes blindly on and suffers the consequences.” Proverbs 22:3

References:

SplashData. (2013). "Password" unseated by "123456" on SplashData's annual "Worst Passwords" list.  Found at http://splashdata.com/press/worstpasswords2013.htm

Rowlings, J.K. (2007) Harry Potter and the Order of the Phoenix.

Siciliano, Robert. (2011). 15 Tips To Better Password Security. McAfee.com.  Found at http://blogs.mcafee.com/consumer/15-tips-to-better-password-security

 

 

Does the government have to run it?

“The House of Representatives approve Cyber security funding increase” or so it goes… According to an article in Homelandsecuritynewswire.com (Jan 20, 2014) the congress has allocated $447 million of our tax dollars to the Defense Department Cyber command unit.  I have mixed feelings about this only because I know the government can’t seem to run anything correctly and even efficiently.  So I look at the $447 million number and double it because, well… It isn’t their money it’s ours so they will once again spend like tomorrow was never coming and waste most of it.  To be clear, I do think that it is a good idea to have a centralized department to maintain our nation’s cyber security but can’t we partner with private firms to do this for the government?  In my opinion, having a private firm run this program would save US the tax payer more than if good ol Uncle Sam did it instead.  OK, my fiscal conservative side is showing I’ll back off…. According to the article, “The funding jump is mostly attributed to the growth of cyber mission forces, Pentagon officials told Nextgov on Tuesday.  In March 2013, about 834 active duty military and civilian personnel were on staff, Cyber Command chief Gen.  Keith Alexander told lawmakers at the time. The goal is to grow cyber forces by 2,000 personnel annually, until 2016.”  This looks to me that our government is starting to shift their collective focus on the nations cyber safety and cyber defenses instead of the conventional theaters of war we have been pursuing over the last several years, especially since the number of cyber incidents has almost doubled over the past few years.  I will say, this statement is a good thing for folks like me who are going to school just for this reason.  Our talents will be in high demand and very marketable… Now the Capitalist in me comes out.

Parting shot:

Our nation is under attack by a people who we cannot see, have really no idea where they are or really what they want until they strike.  It is our nations interest to find the best and brightest stars in this area and put them to work thwarting the onslaught of the advancing hoards of hackers and Hacktivists, etc. I just have an uneasy feeling when the government is the one in charge of the program.  It seems like the “C” students always seem to run things.

References:

House approves $447 for Cyber Command. (Jan, 2014) homelandsecuritynewswire.com

http://www.homelandsecuritynewswire.com/dr20140120-house-approves-447-for-cyber-command

Stay Informed.. Educate yourself and don't be a victim.

This week in my class, we are discussing many security issues, one of them being Security Awareness.  We were asked to design flyers that would be used in a business or even a school that would make a poignant point about some type of security that we all should deal with.  So, I made a few, one about the importance of computer security and not letting your “Stuff” get compromised and another about the need to be almost street smart and not being fooled by the wolf in sheep’s clothing.  Both of these themes are very important to me because they both deal with educating yourself before you put yourself out there.  It is so important that you have a secure and safe network so you can do what you need to in today’s online world. It seems that a week doesn’t go by when I don’t get a scam e-mail or now even a scam text on my cell phone about some “ACCOUNT ISSUE... Please call us at…” and “Oh a rich uncle in Nigeria that I never knew about….” And it is only going to get worse as troubles in our economy continue to escalate. The sad thing is that people actually fall for this garbage.   

A few years back, I went to a nieces apartment down in SoCal (BOO Dodgers!!) and saw that she had a nice Linksys router set up for her network and I asked her how she was securing it? She tilted her head a bit and said wha??? Huh? I then said “Did you change the default password and SSID?” again, a glazed unappreciated glaze… A friend hooked it up and left it totally unsecure and get this…. She does her online banking on a PC on that network.  I almost lost it, so, the good uncle I am, I scolded her, lovingly of course, and spent the next few hours setting up her network.  I tried to explain to her how important it is to stay secure and even used the comparison of locking your house; you don’t just leave your door open all the time so anyone can come in do you? Especially in greasy sleazy L.A.

Laker losers….

Parting shot:

My point to my rant is, we all need to get up to speed, stay up to speed and do what we have to do in order to stay safe offline as well as online.  Educating yourself is the best defense a person can have.  The Internet has so many resources to look at and use in order to get off on the right foot. Stay informed.

“Education costs money, but then so does ignorance.” Claus Moser.

"I promise to eat less and encrypt more"

HAPPY NEW YEAR!!! “Should auld acquaintance be forgot…..”  

I’ll stop… Truthfully, I thought it was “Should OLD acquaintance be forgot…” By the way, what does that mean?  Anyway, it’s a new year again which means it’s time for all of us to once again make promises to ourselves and our love ones and then forsake most if not all of them, casting our promises aside like yesterday’s rubbish.  We all mean well, but in these times of rush, rush rush it is very hard to stay focused on what NEEDS to be done since we constantly get bombarded with… Well, life.  I know that going to the gym or walking the dog more is beneficial but so is protecting your assets, your identity, you’re STUFF.  I always try and keep my personal info out of the hands of people who want to use it wrongly, but truth be told, I fail from time to time.  But this year “I vow to be more vigilant with my personal information!” and the Target hack has really got me thinking.  I usually only use one credit card for purchases but on occasion have used my debit card too.  This really isn't a good idea to do because if fraudsters drain your bank account, the bank may reimburse all the charges but you most likely will be on the hook for any overdraft charges that occur as a result of the fraudulent goings on.  DON'T USE YOUR DEBIT CARD FOR ANYTHING BUT THE ATM!!

How about encryption? We all should use this one.  E-mails are one of the biggest concerns to me.  I recently bought a house and I must have sent 20+ e-mails to and fro to various lenders and realtors etc. that had some very personal info and attachments on them.  Each time I hit send; I gulped, closed my eyes, did the sign of the cross and prayed for mercy.  Encrypting ones data really should be a no brainer.

Back it up… I know another no brainer but how often do we actually do it? I try and do it monthly but since I have 3 PC’s at home that I am in charge of, I occasionally forget.  This is one of the most important things we should do and it should be done weekly.  If you lose your device or it is compromised in some fashion, a solid backup can really save your behind and get you back on your feet quickly.

Finally, I am going to utilize a password manager.  I have wanted to do this for some time now but just haven pulled the trigger yet.  I found a great article in Informationweek.com written by Dino Londis (2013) that discussed his thoughts about this topic and even gives several options that you can consider.  If you are interested, check out the link below, it is a good read.

Parting shots: It seems that a day doesn't go by where we don’t hear something in the news about XYZ Company getting hacked or ABC group claiming they did some nefarious deed to XYZ etc. We all need to do our part to protect our assets and be vigilant so these clowns have a much harder time getting the goods…

“Run Silent, Run Deep” A novel by Edward Beach Jr.

Cited:

Londis, Dino. (2013). 10 Top Password Managers.  Informationweek.com.

http://www.informationweek.com/security/risk-management/10-top-password-managers/d/d-id/1109759?

Uncle Sam wants YOU to spy on your neighbor…

Back in June of 2013, many reports came out about the federal government asking its employee’s to spy on one another, “Thou shall snitch on thy neighbor”.  Sounds so nefarious doesn’t it?  According to Jonathan Landay and Marisa Taylor of the McClatchy Report (2013), this is exactly what is going on in our country.  The President has given the order to all federal employees’ to report suspicious activities.  According to the article, “Federal employees and contractors are asked to pay particular attention to the lifestyles, attitudes and behaviors – like financial troubles, odd working hours or unexplained travel.” Hmmm, what about the nervous tick I get when I drink too much coffee Mr. President?  Should I worry? OK, I get it, do we really want another episode of “Falcon and the Snowman?” (MGM Studios, 1985) or Edward Snowden spilling the beans on top secret US military and other issues of the day? Absolutely not! BUT, do we want to constantly look over our shoulders hoping no one is looking suspiciously at us? One of the big issues I see is if you DO NOT report someone who is doing harm; you can be held culpable and may face criminal charges.  Huhhhh?  So what happens when a fed employee does something, you know nothing about it but because of your associations with them, you get strung up too?  How about the “Look at me, Look at me” guy who wants to make a name for himself and starts a campaign to discredit people because they look or act a certain way just so they get noticed, or someone just doesn’t like you so they make stuff up?  I am all for profiling, this is a fantastic method that “TRAINED” (I’m yelling here!!) law enforcement officials can use to help thwart bad characters etc. but Joe from accounting who gets a daylong seminar in Threat Behavior has no reason to do this, nor should he be ordered to do so. 

I came across an article from Kate Tummarello (2013) of theTheHill.com, titled “Government “Rarely” follows Cyber security best practices” that pointed me to a report to the President on cyber security and what the government should do in order to secure our nation.  The report, titled “Immediate Opportunities for Strengthening the Nations Cyber security” (2013) written by the “President’s Council of Advisers on Science and Technology” is a very interesting read indeed, (see link below.)  In it, the authors discuss many issues that they see and outline methods that our government can undertake to strengthen our defenses both foreign and domestically.  My favorite part of the reports states the following, “The Federal Government rarely follows accepted best practices. It needs to lead by example and accelerate its efforts to make routine cyber-attacks more difficult by implementing best practices for its own systems.” (p. 1).  This is the lead into the report… Tells you something doesn’t it.  Please take a moment and read it if you can, it really is interesting.

Parting Shots: There are many things the government can do to secure our nations assets, such as educating employee’s, working with the public sector and not against them, getting out of date software and hardware up to date, as well as, multiple other things, but asking people to be tattle tales should not be one of them.

 

References:

Landay, Jonathan and Taylor, Marisa. (2013).  Experts: Obama’s plan to predict future leakers unproven, unlikely to work.  McClatchy report.  McClatchyDC.com

http://www.mcclatchydc.com/2013/07/09/196211/linchpin-for-obamas-plan-to-predict.html#.Ud1k_T4a8gR

 Tummarello, Kate.  (2013) White House advisers: Government 'rarely' follows cybersecurity best practices. The Hill.  TheHill.com

http://thehill.com/blogs/hillicon-valley/191254-white-house-advisers-government-rarely-follows-cybersecurity-best

Lander, E., Holdren, J., Savitz, M., Press, W.  (2013). Immediate Opportunities for Strengthening the Nations Cybersecurity.  (p. 1)

http://www.whitehouse.gov/sites/default/files/microsites/ostp/PCAST/pcast_cybersecurity_nov-2013.pdf

To BLOCK or NOT TO BLOCK!! and how do I do it?

My kids love the Internet, or to be more precise, they love the fun and games that they can access on the Internet.  Some of these games can provide hours of fun and learning activities for them and who knows, they may actually learn something.  Now for the BUT sandwich, the Internet as we all know can also be a dark and seedy place as well, accidentally misspelling a URL can take them to places they should not be, not to mention, the chance of getting virus’s etc.  So what can we as parents do to minimize the exposure to these types of unfortunate web sites?

I have a suggestion… don’t let them on the Internet until they are 18, that way as a parent, your conscience is clear.  “Tongue planted firmly in cheek.”

 Kidding aside, we can do some things to mitigate this but you have to actually do it, the problem is how and where do you start? The first and most obvious is to talk to your kids, explain what might happen, how it can happen and DON’T hide it if it does.  Keeping an open mind and an open dialog with them can go a long way.  Secondly, check to see what parental controls your OS has to offer.  Microsoft, for example offers a “Parental Control” suite in their Windows products and it really isn’t too difficult to accomplish it.  Here is the link to the Microsoft page to set up the controls.  What I like about this is you as the administrator have the control, while your child only has a standard account.  You can restrict access to certain websites “Age appropriate” either manually or automatically.  Set time limits and even control access to games.  Again, please see the link above to get a much more detailed overview of this subject.

If you want to get a bit more draconian, you can even purchase or download free computer monitoring software that you can load onto your kids PC’s.  CNET.com is a great web site to get reviews and find a software platform that can fit your needs.  Programs to block websites or log keystrokes and basically monitor everything they do. You can be the NSA.....

Again, the goal in this post is to give you a few options that you can have in your arsenal to not only protect your kids from unwanted, inappropriate web content but to protect your PC from unwanted threats.  I have seen it happen, a child gets on a website, gets nervous and instead of closing the web page out, they accidentally click on a link on the page or a picture and the PC gets infected.  Explain to them the importance of knowing who is sending them something and that their e-mails can have infected attachments.  Instant messaging is another foul little beast that gets them.  What computer these days doesn’t have some sort of IM program? These programs are a hackers dream. Never, ever click on a link that is sent by anyone you do not know.  Phishing isn't a relaxing day at the lake…..

Parting Shots: So even though programs are out there, the best option, you have as a parent is knowledge.  The more you can pound into your kids thick, I know absolutely everything, skulls full of mush, the better you will be as well as them.

Facebook... Really?

Many years back I wanted to play Farmville but didn't want to create an account on Facebook but, I had no choice. So, I jumped into the Facebook arena and added my name to the long list of FB users… Remember, all I wanted to do was play Farmville, why? I don’t really know.  I digress… My thoughts about FB were this, “Only people with self-esteem issues or Narcissists use FB.” And do I really want to hear a friend or family member drone on and tell me all about their delicious baked Ziti recipes.  But I started to look and post and truth be told it was fun at times, to be able to see the changes in people who I hadn't seen for many years was a cathartic thing to some degree.  

Well, being a conspiracy theorist (No, he was born in America, I’ll give you that one J), I rarely put out too much data about myself or family and truly marveled at the people who would.  Not to mention all the risky pictures that they would post of themselves in, um… odd predicaments.  I would always tell my nephew.  “Dude, stop with the pics of you binge drinking with friends… it will come back to haunt you, that information is no longer yours and you can never get it back.” He could never really understand what I meant.  I’m just an old guy who is outta touch.  

As time went on I started to get a bit bored of FB and stopped all together.  I have wanted several times to delete my account but wanted to be able to keep in touch with old friends and like the fact that I could reach them in this fashion, but I really do hate my information still being out in the ether…  Someone with skills could get ahold of that data that FB says is private and do nefarious things with it.  Sure enough, just yesterday, I read the following article written by Jose Pagilery from CNNMoney, titled 2 Million Facebook Gmail and Twitter passwords stolen in massive hack. Here is the story by the way.  I will let you read the story and make your own conclusions but needless to say, sometimes, your data isn't always safe and yes nephew, I am right.  I truly hope that I or one of my FB friends were NOT part of that hack… 

Parting shots: Like I told my nephew, once you put something on the internet, it is out there for everyone to see, copy and use against you, especially if you are vying for a job, this can kill your chances.  It shouldn't but it can.  Limit your exposure to risk and keep your data to yourself.  Like Gandalf said to Frodo.. "Keep it secret, keep it safe."