Thoughts On The Wire

Holy criminy, my feet hurt. Day #1 down, and let met tell you it was worth every moment.

BSides was indescribable. It was very much as described, the “anti-conference”. RSAC was good too. Got some tsotchkes, met a few reps I need to build relationships with, got some free bread and spirits. All in all, a really good first day.

More tomorrow, with details…I hope.

Posted in Geek, Security

Facebook Privacy: 10 Settings Every User Needs to Know.

I often harp…mostly at my kids, family, and friends…about privacy, 3rd party apps, and the general nasty crap that can target your information and share it in ways you never imagined with people you’d never agree to.

This article provides a rock solid foundation to taking control of your privacy on Facebook. I said foundation on purpose…this is a good start, but to keep up with the changes you’ll have to read the change of service announcements and regularly review these settings. This isn’t a do it once, fire and forget scenario.

So, I wish you luck, and I hope you take this advice to heart. Happy posting!

Posted in Geek, Privacy, Security

Last year I plagiarized and shared a family tradition from a colleague of mine. The resolutions and tradition is summed up simply; commit to doing these things each year, and then you recount the tale with your friends & family at the New Year. So here goes…

Go three places you’ve never been…

• Germany. I was lucky enough to visit Schwetzingen, Heidelberg, Kaiserslautern, Garmisch, and Munich. I had a wonderful time in this old and rich country. What nice people. Continue reading ‘Resolutions Redux’

Posted in Geek, Personal

CPL Phillip Duggan, USMC Reserves, was at an Augusta, GA Best Buy for the annual Toys for Tots drive when a commotion broke out. Best Buy employees confronted a man they caught shoplifting, who brandished a knife to make his escape. The employees backed away, but the Marines at the toy drive were not put off by a mere blade and proceed to control the man until authorities could arrive. During the struggle, CPL Duggan was stabbed in the back. He was treated at a local hospital and released, apparently in good condition.

One knife wielding punk versus 4-5 US Marines? Sounds like his lumps were earned.

Semper Fi boys. And take care of that wound CPL Duggan. Well done, gentlemen.

Marine at ‘Toys for Tots’ drive stabbed by theft suspect – CNN.com.

Posted in Sheepdog

Gunnar Peterson has a short posting about a different way of verifying user identity. We are all familiar with The Security Question† which myself and others have written of before, as well as some possible ways to enhance that method. ††

But what Jakobsson, Yang, and Wetzel call “Preference based Authentication” goes a bit farther, but perhaps not as deep. I’ve only skimmed some sections so maybe there *is* depth here after all. It looks very good. I can’t wait to tear into it this evening.

† “What is your mothers maiden name” will get you smacked with a medium-sized trout, unless your answer is amusing and cheeky, like “She Who Must Not Be Named” or similar geek fair.

†† I have suggested answering questions in a non-sequitur -ist manner, e.g. “What is your favorite color?” can be answered with “Herringbone” or “Houndstooth” and “Do you expect me to talk?” can be answered with “No Mr. Bond, I expect you to die. HAHahahaha.” These depend on whether you must answer a set list of questions, or if you can enter your own questions. Usefulness decreases severely if the authentication mechanism let’s the actor choose the answer from a list, rather than enter a response. (Think the Sesame Street childrens program… ‘One of these things is not like the others, one of these things does not belong…’)

Posted in Geek, Privacy, Security

With the busy retail season kicking off in earnest, many predators and crooks step things up a notch this time of year as well. I’ll be sharing specific tips and scams to beware of, but I’d like to start with some simple rules of thumb:

1. TANSTAAFL (There Ain’t No Such Thing As A Free Lunch) This is nearly as important as The Golden Rule. If it looks too good to be true, it probably is; don’t commit to anything you can’t mull over and check on. Sales people do *not* care about your financial well-being, they care about closing a deal…High pressure sales and limited time offers are a Bad Idea as often as not.
2. No one in Nigeria has any money to share with you. They don’t have it. Seriously. They’re all broke over there (just like we are over here.)
3. Bill Gates, Barack Obama, and Al Gore do not want you to send that email to all of your email contacts, and they will not send you $5 for doing so. The spammers want you to do it so they can SEND MORE SPAM. Just stop sending that stuff already.
4. Most of us have gotten a lot better with the “WARNING! VIRUS!!1 DO NOT OPEN EMAIL MESSAGE IF IT SAYS (insert random text here)” But you know what? Don’t open any email message if it has an attachment and you didn’t expect it…in fact, stop sending attachments if they aren’t necessary. We’ve got these great hosting services like Flickr, Imageshack, YFrog, and many others that let you post something and send a LINK to the person(s) you’re sharing with.

Anyway, there is more to come. Have a safe, pleasant, joyous holiday season. Merry Christmas, Happy Hanukkah, Yuletide Greetings, Happy Kwanzaa, or simply Happy Holidays.

Posted in Geek, Privacy, Security

Excerpt: On Sheep, Wolves, and Sheepdogs.

I’ve seen this referenced a few places, but this link has the best body of text from the original subject. This is very good reading for anyone who knows, loves, or is friends with a Soldier or Law Enforcement Officer. I had difficulty explaining to friends and family why I used to carry a weapon while off-duty. I couldn’t put words to the ideas that justified the purpose and reason for going armed while “off duty”.

A short excerpt:

The sheep generally do not like the sheepdog. He looks a lot like the wolf. He has fangs and the capacity for violence. The difference, though, is that the sheepdog must not, cannot and will not ever harm the sheep. Any sheepdog who intentionally harms the lowliest little lamb will be punished and removed. The world cannot work any other way, at least not in a representative democracy or a republic such as ours.

Still, the sheepdog disturbs the sheep. He is a constant reminder that there are wolves in the land. They would prefer that he didn’t tell them where to go, or give them traffic tickets, or stand at the ready in our airports in camouflage fatigues holding an M-16. The sheep would much rather have the sheepdog cash in his fangs, spray paint himself white, and go, “Baa.”

I’ve not worn a badge for 10 years, but I still consider myself a sheepdog.

Woof.

Posted in Personal, Security

Please accept my families wishes that you have a pleasant and safe holiday weekend.

While you are at your festivities, I ask you to please take a moment to remember the tragic victims of suicide among our US Armed Forces.

Thank you, and God bless.

Posted in Personal

I shared some info on GeoTagging and smartphones recently from the smart guys over at ICanStalkU.com, and it’s only taken a month for big media to see the story, make a big deal about it, and spread it around like they’ve broken some major ground themselves. 

Anyway, it’s still important to understand the problem, so here we go again.

Some Pithy Article Name: The New York Times

Geotagging Risks and Solutions: Help Net Security

Pretty much anything else you find is a “reprint” of the first article.

Posted in Fail, Geek, Privacy, Security