With Equifax falling vicÂtim to hackÂers, the bad guys are now closÂing in on the cenÂter of our ecoÂnomÂic modÂel, credÂit.
With the inforÂmaÂtion of 143 MILLION peoÂple, the hackÂers now have the abilÂiÂty to creÂate bogus accounts for everyÂthing from library cards to credÂit cards. This is potenÂtialÂly the worst hack out there, and comÂbined with inforÂmaÂtion gleaned from othÂer hacks, espeÂcialÂly the OPM hacks where the ChiÂnese grabbed inforÂmaÂtion on peoÂple with secuÂriÂty clearÂances, this could be devÂasÂtatÂing for many indiÂvidÂuÂals.
So instead of gnashÂing teeth and wringÂing hands, defend yourÂself. Place blocks on your credÂit listÂings with all three sites. Doing so at one is /supposed/ to put a block on all three. These blocks typÂiÂcalÂly last 90 days, so be preÂpared to keep it up for a while. Equifax is offerÂing credÂit monÂiÂtorÂing, sign up for it. This may be a good time for serÂvices such as LifeÂLock. Iâm not endorsÂing any speÂcifÂic one of them, for there are sevÂerÂal, and I donât use one myself. And finalÂly, keep an eye on your accounts by reviewÂing charges, and disÂpute anyÂthing which you donât recÂogÂnize.
No matÂter who the next presÂiÂdent of the UnitÂed States is, one thing is for sure: cyber secuÂriÂty needs to be a focus of the adminÂisÂtraÂtion.
The disÂasÂter of Hillaryâs email servÂer, the wikÂileaks expoÂsures, the accuÂsaÂtions flyÂing across the globe towards and from RusÂsia, all have highÂlightÂed we must become experts at cyber secuÂriÂty, or we will fall to it.
For a decade or more now, the ChiÂnese and their satelÂlites have been attackÂing our sysÂtems, and pilÂferÂing techÂnolÂoÂgy which enables them to approach our techÂnoÂlogÂiÂcal supeÂriÂorÂiÂty. They may have surÂpassed us at this point, only time will tell. My dadâs 1938 preÂdicÂtion the westâs greatÂest danÂger would come from ChiÂna is comÂing true. A recent warnÂing from the DoD warnÂing against ChiÂnese made lapÂtops, echos what we already knew 10 years ago. I was shocked it was treatÂed as news.
Not only are we vulÂnerÂaÂble to nation states, but equalÂly to indiÂvidÂuÂals and crime orgaÂniÂzaÂtions. Indeed, it is in all nations interÂest to comÂbat this new form of warÂfare or else sucÂcumb to it.
Wake up AmerÂiÂca, realÂize who the eneÂmy is.
GoodÂbye WinÂdows phone, though I liked your feaÂtures and the potenÂtial in your O/S, you nevÂer lived up to the hopes and hype. After fixÂing the screen on my WinÂdows 8 phone, and gradÂuÂatÂing to my wifeâs WinÂdows phone, and upgradÂing it to the RCâs of WinÂdows 10, I have moved on to an LG G3, mainÂly because of price. It is nearÂly two genÂerÂaÂtions of LG G# old, but it still looks good, perÂforms betÂter than my Win 8/10 phone, and does have a greater selecÂtion of apps. By greater, I mean the 1 or 2 I realÂly wantÂed but could not get on the WinÂdows platÂform.
HeadÂlines are burstÂing with emergÂing stoÂries of how hackÂers have penÂeÂtratÂed US GovÂernÂment sites which one would think have the best proÂtecÂtion of all. HowÂevÂer, as we have learned, our own govÂernÂment falls prey to the same mindÂset many comÂpaÂnies have, that of comÂpliÂance verÂsus due diliÂgence. We can be comÂpliÂant with the law, but no adherÂing to due diliÂgence. We in the IT secuÂriÂty busiÂness are charged with proÂtectÂing data. Yet we have been browÂbeat into acceptÂing comÂpliÂance stanÂdards as the top limÂit, when we should be lookÂing down the road at what the threats will be tomorÂrow. RegÂuÂlaÂtions were writÂten yesÂterÂday, and we as forÂward thinkers, need to be lookÂing to tomorÂrow. ExecÂuÂtive teams charged with watchÂing every dime tend to short-change IT and secuÂriÂty because we donât bring in the cash, we only spend it. This is flawed logÂic since we empowÂer those who bring in the cash to do it betÂter, faster, and more secureÂly. Short-change IT and secuÂriÂty, and you ultiÂmateÂly hamÂper those who bring in the cash, and enable hackÂers to steal your data.
The CISSP is conÂsidÂered a stanÂdard in the IT secuÂriÂty arseÂnal, and has a fearÂsome repÂuÂtaÂtion when the day comes to sit and take it. 250 quesÂtions and 6 hours paints an omiÂnous picÂture. UndauntÂed by the blogs and even the books purÂportÂed to assist you in passÂing it, I took the test and passed it the first time around. This despite lisÂtenÂing to one of my felÂlow testers who announced it was his third time around, which solicitÂed the response of anothÂer tester that he needÂed to be slapped conÂsidÂerÂing the test is $599 a pop. So how did I pass this test? First, after letÂting it lapse, I went and passed the CompÂTia SecuÂriÂty + exam. I studÂied for about 3 months for this test, and was rewardÂed with an 858. This studyÂing and my preÂviÂous colÂlege work gave me a very good basis for passÂing the 5 domains covÂered by the SecuÂriÂty +. I then set my sights on the CISSP. I startÂed studyÂing in DecemÂber of 2015, and took the test April 14th, one day priÂor to the test forÂmat change. Iâm not sure what the difÂferÂences are, but the domains changed from 10 to 8, and I wasnât willÂing to delay any furÂther and find out. I used three refÂerÂences, Shon HarÂrisâ 6th EdiÂtion, Shonâs PracÂtice Exam, and finalÂly David Millerâs CISSP book. I must say, the forÂmat and conÂtent of these two authors made these book choicÂes excelÂlent, as both covÂered slightÂly difÂferÂent mateÂrÂiÂal and their preÂsenÂtaÂtion was also a conÂtrast, which kept the studyÂing interÂestÂing. I firmÂly believe my backÂground, which mirÂrored the inch deep and mile wide paraÂble of the test, preÂpared me where the third time around felÂlow admitÂted to being in netÂwork secuÂriÂty for the last 10 years, and I feel that is where his focus was. He was too deep in the weeds to see the big picÂture. No, Iâm not going to pass along any of the answers or quesÂtions. First, the code of ethics espoused by ISC2 forÂbid it, secÂond, I signed a NDA statÂing I wouldnât, and third, I donât rememÂber any of them. It is my usuÂal pracÂtice to go through a test, answerÂing the quesÂtions, or markÂing those I want to come back to, then checkÂing the entire test one more time. I marked one to come back too, yeah, out of 250, and about halfway through decidÂed I was not going back through any quesÂtions once I was done. The quesÂtions seemed pretÂty straight forÂward for the most part, though there were I few I did sit and conÂtemÂplate for a few minÂutes. About 180 or so quesÂtions into it, I began to lose focus a litÂtle, but batÂtled through it and cruised to the finÂish line. I comÂpletÂed the test in 3 hours, and was glad it was done. Of course, the âConÂgratÂuÂlaÂtions!â on the form I was handÂed after the test was the best part. My sugÂgesÂtion to canÂdiÂdates wantÂiÂng to take this test. Start way out, I studÂied someÂwhere along the lines of 7 months before takÂing the test. Study difÂferÂent books from difÂferÂent authors/publishers. Each one will hit difÂferÂent subÂjects with varyÂing degrees of detail. RememÂber the book answer rules, not your perÂsonÂal expeÂriÂence. Take pracÂtice exams from difÂferÂent venÂdors, and take a full 250 quesÂtion exam a few times before your test to get a feel for the endurance aspect. Good Luck!
Update: I was offiÂcialÂly awardÂed my CISSP on 1 June 2015!
âIâm an honÂest perÂson,â still reverÂberÂates through my head. This stateÂment was made by a young Air Force offiÂcer after hearÂing my explaÂnaÂtion as to why he could not take his perÂsonÂal camÂera into a SCIF (SenÂsiÂtive ComÂpartÂmentÂed InforÂmaÂtion FacilÂiÂty) to downÂload some perÂsonÂal picÂtures. For the uniniÂtiÂatÂed, a SCIF is where super-senÂsiÂtive inforÂmaÂtion is received, processed and stored. Even those indiÂvidÂuÂals with Top Secret clearÂances are denied access unless they have been read-on to the speÂcial proÂgrams withÂin.
I recentÂly heard comÂments from IT proÂfesÂsionÂals about how medÂical providers were takÂing picÂtures of test results with their perÂsonÂal cell phones, then emailÂing them to anothÂer provider for their opinÂion. DependÂing upon the inforÂmaÂtion includÂed in the picÂture, this could be a seriÂous vioÂlaÂtion of ProÂtectÂed Health InforÂmaÂtion (PHI), which proÂhibits the transÂmisÂsion of patient idenÂtiÂfiÂable inforÂmaÂtion over unseÂcure means. AccordÂing to these IT proÂfesÂsionÂals, the providers have been repeatÂedÂly warned, yet conÂtinÂue the pracÂtice.
Weâve all seen the movies where a spy takes picÂtures of docÂuÂments which are then uploaded to the bad guys servers, givÂing them an edge on whatÂevÂer the inforÂmaÂtion was about. Hence the reaÂson camÂeras, tape recorders, and othÂer unapÂproved recordÂing devices are proÂhibÂitÂed from SCIFs. The punÂishÂment when caught is severe, and could result in loss of the offenderâs clearÂance, rank, monÂey, and posÂsiÂble jail time. PHI is that medÂical or payÂment inforÂmaÂtion which can be traced back to an indiÂvidÂual. While it is true 2G/3G/4G phones encrypt data, this encrypÂtion only occurs over-the-air between the phone and the towÂer. The transÂmisÂsion between your towÂer and the recipientâs towÂer or land-line phone is not encryptÂed. The oldÂer 2G stanÂdard, which many of the recentÂly disÂcovÂered rogue cell phone towÂers force phones to, was cracked back in 1999, and thus is easÂiÂly snooped. There are also known weakÂnessÂes in the way 3G encrypÂtion is impleÂmentÂed, makÂing the posÂsiÂbilÂiÂty of decrypÂtion greater. Plus, unless the providers are diliÂgent and delete the phoÂtos, a trove of inforÂmaÂtion awaits the perÂson who steals or finds the phone.
The best way to mitÂiÂgate secuÂriÂty breachÂes such as these are:
- TrainÂing: annuÂal or more freÂquent trainÂing regardÂing the restricÂtions may help the user underÂstand why the rules are in place and how it helps them and their orgaÂniÂzaÂtion. At the very least, this trainÂing helps supÂport letÂting the indiÂvidÂual go if they conÂtinÂue to break the rules.
- AlterÂnaÂtives: give the users an alterÂnaÂtive, approved method of transÂmitÂting the inforÂmaÂtion. The alterÂnaÂtive must be as user-friendÂly as posÂsiÂble, else the user will not use it. Most of the time, this will include secure email on a comÂpaÂny issued phone, or faxÂes. Yes I know, faxÂes are an archaÂic, slow, and potenÂtialÂly unreÂliÂable method of transÂmitÂting data, yet they are still prevaÂlent in health care.
- MonÂiÂtor: once the trainÂing and alterÂnaÂtives have gone out, folÂlow up and ensure comÂpliÂance. This step helps reinÂforce numÂbers 1 and 2, and shows the users the comÂpaÂny is seriÂous about proÂtectÂing inforÂmaÂtion.
The averÂage user is not necÂesÂsarÂiÂly as attuned to the threats to inforÂmaÂtion as a secuÂriÂty proÂfesÂsionÂal is. Providers have received years of speÂcialÂized trainÂing regardÂing how the body works, how medÂicaÂtions affect it, and estabÂlished proÂtoÂcols for dealÂing with illÂnessÂes. It is the IT Professionalâs job to proÂvide serÂvices the users can and want to use, while maskÂing or altoÂgethÂer hidÂing the comÂplexÂiÂties of keepÂing inforÂmaÂtion secure.
It finalÂly hapÂpened. One of the two disks in my SynÂolÂoÂgy DS 211J bit the dust. This failÂure was announced by a subÂtle yet insisÂtent beep â beep â beep, at which time I accessed the web conÂsole and disÂcovÂered disk two had failed. What to do next. I had three 1TB disks, WestÂern DigÂiÂtal Blues in my deskÂtop, which were not being utiÂlized, so after shutÂting everyÂthing down, I took the SynÂolÂoÂgy and one of the disks up to my counter. I pulled up the manÂuÂal on the web, removed the two screws holdÂing the panÂel on, and voila, the covÂer was off. I idenÂtiÂfied disk two, it was clearÂly marked on the brackÂets holdÂing the disks, and removed the four screws, swapped the bad for the good, then replaced the screws and the panÂel. I plugged in all in, and beep â beep â beep. Hmmm. I read the manÂuÂal a litÂtle more, ok, duh, gotÂta rebuild the volÂume. StorÂage > VolÂume, turn the beep off! VolÂume ManÂagÂer > Repair Next Ensure the driÂve you replaced is selectÂed AcknowlÂedge the warnÂing FinÂish And off it goes. I have 1TB driÂves, so now it is a waitÂing game to see how long it takes. Some reviews with users havÂing 3TB driÂves spoke of 20 hours and countÂing. We will see! I also added my email as a notiÂfiÂcaÂtion address that barÂring a full failÂure, will alert me whenÂevÂer there are issues. Check the advanced tab for all the posÂsiÂble notiÂfiÂcaÂtions.
My work recentÂly purÂchased sevÂerÂal Microsoft SurÂface Pro 3 tablets with keyÂboards. We got the midÂdle of the road, i5 and 128Mb, the othÂers are not availÂable yet. IniÂtial impresÂsions: packÂagÂing is interÂestÂing, befitÂting the highÂly refined tablet and keyÂboard which it enclosÂes and proÂtects. The tablet itself feels rock solÂid, and the kick-stand is amazÂing, easÂiÂly adjustable from nearÂly verÂtiÂcal to almost flat. The keyÂboard and powÂer adapter snap into place, a feaÂture I demonÂstratÂed to the CEO with much glee! The keyÂboard feels high qualÂiÂty, the keys givÂing a response when depressed. The keyÂboard also has a lift capaÂbilÂiÂty, in the form of a joint near where it attachÂes to tablet. Also magÂnetÂic, it keeps the keyÂboard at a slight tilt, more comÂfortÂable for typÂing, or can be laid flat when watchÂing a movie. The pen has a purÂple butÂton on the end oppoÂsite the styÂlus tip, where the clickÂer would norÂmalÂly be, which brings up OneNote when depressed. Cool! This is a modÂiÂfiÂable feaÂture, but I havenât changed it yet. The AAAA batÂterÂies, yes, 4-A batÂtery which came with my pen was dead. We scramÂbled and purÂchased some for stock. The only real yuk came with the simÂplisÂtic pen sleeve, which Microsoft sugÂgestÂed you attach to the covÂer. If attached, the pen could get ripped off by conÂstant removal and inserÂtion of the tablet into a bag. I think a clever, elasÂtic pockÂet on the botÂtom of the keyÂboard, in the joint area where it attachÂes to the tablet, would have been betÂter? PerÂforÂmance was in-line with an i5. SnapÂpy screens, proÂgrams opened rapidÂly, the sysÂtem was a joy to use. I walked the CEO through a Microsoft slideshow I found on the web, and covÂered each of the details in depth. The only comÂplaint I heard was a comÂment regardÂing batÂtery life, but I feel that is probÂaÂbly a trainÂing issue more than anyÂthing else. This was the only thing I didnât covÂer, due to the short notice, her standÂing at my door wantÂiÂng the tablet, and will be covÂered more when time perÂmits. Iâll update this postÂing when I get mine (please please please), and have more info on how it operÂates. Sent from WinÂdows Mail
Two days ago, Microsoft dropped the price of the SurÂface RT by $150. That makes this move about nine or ten months late in comÂing. PerÂhaps this sigÂnals a shift in Microsoftâs thinkÂing, along with all the new manÂageÂment? Maybe when my SamÂsung ATIV 500, full-blown WinÂdows 8, which is secÂond in the tablet marÂket behind Apple, tablet dies I will get a SurÂface. That shouldnât be for anothÂer 3 or so years, plenÂty of time for Microsoft to become comÂpetÂiÂtive.
You know when you get that feelÂing, that someÂthing very bad just hapÂpened? That is the feelÂing I had when I pulled my Lumia 822 out of my pockÂet on SatÂurÂday. Or at least, the feelÂing I had when it slipped, I nearÂly had it, then crash, face first on the sideÂwalk. I had gotÂten lucky before, but not this time: the screen looked like a spiderâs web, cracked in jagged cirÂcles which radiÂatÂed out to every side. I franÂtiÂcalÂly pressed the On butÂton, hopÂing to see my familÂiar backÂground. SucÂcess, the phone was not dead, which despite the fracÂtured screen, worked perÂfectÂly. Now, what to do?
I did not purÂchase the insurÂance, which I think is a bit pricey. $6.99 per month, plus a $99 fee whenÂevÂer there is a claim. For that cash, Iâd rather reacÂtiÂvate my HTC WinÂdows 7 phone and sufÂfer anothÂer two years. So I did what any one would do, I googled replacÂing the screen. I was greetÂed with numerÂous ads from Ebay, which after a brief search, I bought one of the screens. I then perused youtube, and found a video for replacÂing the Lumia 820 screen. Seemed pretÂty simÂple, the biggest note was the T5 screw driÂver. And since it was the 820, the 822 couldnât be much difÂferÂent, right?
My screen came in on ThursÂday, and I swung by Loweâs and found a cheap set with the preÂreqÂuiÂsite torx screwÂdrivers. Armed with my new tools, a knife, a flashÂlight, and a cleared off table, I set to work.
The covÂer and batÂtery came out easÂiÂly, as did the memÂoÂry card and SIM. Next came the screws, 10 of them, all T5âs. Once all the screws were out, I attemptÂed to folÂlow the 820 instrucÂtions. Nope, the chasÂsis doesnât come off like the 820, great! I went back to youtube, and unable to find an 822 disÂasÂsemÂbly, checked sevÂerÂal of the othÂer modÂels for ideas. The most intriguÂing was the 900, where the glass comes out of the front. So with the ideas, I kept pushÂing and pokÂing, until finalÂly I disÂcovÂered pulling the top of the screen out was the trick.
With the screen out, I was able to remove the mothÂer board, disÂconÂnect the ribÂbon cables, and finalÂly see what I was up against. Unlike the 820, the 822 screen is secured in very close proxÂimÂiÂty to the inner screen. SorÂry, donât rememÂber what they are realÂly called. Secured with a sticky, tape like subÂstance. The next hour was spent careÂfulÂly cutÂting away at the tape with my knife until I was able to sepÂaÂrate the outÂer screen from the inner. ForÂtuÂnateÂly, the inner screen is recedÂed a litÂtle, so I was able to cut and pry the damÂaged screen withÂout harmÂing the othÂer.
After observÂing the ribÂbon cable, I was able to sepÂaÂrate the screen and inner plate. The reverse process was relÂaÂtiveÂly simÂple. There was still enough stickÂiÂness from the preÂviÂous tape for the new screen to adhere secureÂly to the plate. I was not able to remove and reatÂtach a very thin cushÂionÂing strip, which appeared to sepÂaÂrate the two screens. I have to hope it will do! After reversÂing the disÂasÂsemÂbly order, I was able to snap and screw everyÂthing into place. After insertÂing the batÂtery, I pressed the powÂer butÂton and received the red VerÂiÂzon box, but then a black screen with a white lightÂing bolt and gear wheel appeared. A quick google said to press the powÂer butÂton and down volÂume, which after I did that, the phone bootÂed norÂmalÂly. It was then I noticed a probÂlem with the sound. The up and down volÂume butÂtons appeared lopÂsided, and did not work. A quick disÂasÂsemÂbly, and reassemÂbly after verÂiÂfyÂing the butÂtons were in the right posiÂtion fixed the issue.
I now have my phone back, with a prisÂtine screen. Well, almost. There are some anomÂalies on the inside of the screen, swirls I didnât cause. Even with these defects, which are hardÂly noticeÂable, my phone is funcÂtionÂing norÂmalÂly. For $34 dolÂlars, $24 for the screen and $10 for the tools, and a couÂple of hours of careÂful work, I was able to repair my phone. I guess I will break down for an otterÂbox since my Lumia 822 likes to part ways at the most inopÂporÂtune times.
Is this a task for the regÂuÂlar Jane or Joe? No, while it is relÂaÂtiveÂly simÂple in hindÂsight, unless you are handy with screwÂing and cutÂting tools, take it to a local repair shop. It requires just enough nerve and steady hands to preÂclude the averÂage users from doing it!