Do you know what is in your wallet? Do you have a treasure trove of PII in there? What if you lose it or someone steals it?
Kiplinger.com offers a short, informative, online slide show that offers good advice to us all.
A great quote from America the Vulnerable:
When convenience butts heads with security, convenience wins. This is true even among security professionals. If these people won’t follow their own rules, others won’t follow them either. In short, if security is not built into our systems, our systems won’t be secure.
In short, our systems must be both easy and secure … a big challenge.
Today, NASA posted the following photo taken from space on September 11, 2001, with these comments:
Visible from space, a smoke plume rises from the Manhattan area after two planes crashed into the towers of the World Trade Center. This photo was taken of metropolitan New York City (and other parts of New York as well as New Jersey) the morning of September 11, 2001. “Our prayers and thoughts go out to all the people there, and everywhere else,” said Station Commander Frank Culbertson of Expedition 3, after the terrorists’ attacks.
The following day, he posted a public letter that captured his initial thoughts of the events as they unfolded. “The world changed today. What I say or do is very minor compared to the significance of what happened to our country today when it was attacked.”
Upon further reflection, Culbertson said, “It’s horrible to see smoke pouring from wounds in your own country from such a fantastic vantage point. The dichotomy of being on a spacecraft dedicated to improving life on the earth and watching life being destroyed by such willful, terrible acts is jolting to the psyche, no matter who you are.”
May we never forget the devastation on that fateful day of September 11, 2001. But let us always remember the selfless service given courageously by so many that day.
When I was in 7th grade, I played the trombone in the Gooding, Idaho, Jr. High band – or at least tried to play it. Once, we participated in a music festival where I played a solo rendition of the soaring anthem, “Jerusalem,” in front of a judge. When I finished the piece, she remarked, “the trombone can be a beautiful instrument.” I was devastated of course, and was somewhat relieved to hang up my trombone, so to speak, when we moved to a tiny town without a band the next year.
I was reminded of that incident this morning when I read a Mashable article, “Top 5 Misconceptions about the Cloud,” sponsored by Western Digital. The fifth “misconception” was “You Can’t Beef Up Security on the Cloud.” In my mind’s eye, I could almost see my trombone judge saying, “The cloud can be a secure place.”
So what’s the problem? Much like a 7th grader’s ill-conceived belief that he could impress a judge with little practice and poor technique, the article’s overly simplistic recommendation for bolstering cloud security was “You can use behavior-based key management servers and encryption key management to give your files an extra layer of protection.”
Cloud security entails much, much more than that.
I can accept that cloud based solutions can be well-secured, but we must not be complacent or expect great results with little effort.
Pastebin reported this morning that a repository of all credit card PIN codes had been leaked. Here is a small sample of the leaked data.
The big question is, “To change, or not to change my PIN?”
On August 28th, I blogged that CNET reported on a congressional committee that wanted to know whether Huawei was a national security threat.
According in an article this week in ThreatPost, Huawei issued a position paper addressing the allegations. John Suffolk, Huawei’s global cyber security officer stated:
“We have never damaged any nation or had the intent to steal any national intelligence, enterprise secrets or breach personal privacy and we will never support or tolerate such activities, nor will we support any entity from any country who may wish us to undertake an activity that would be deemed illegal in any country.
“Huawei does not, and would not, support, condone or conduct activities intended to acquire sensitive information related to any country, company or individual, nor do we knowingly allow our technology to be used for illegal purposes.”
Whether or not Huawei is culpable has yet to be proven or disproven conclusively, but the current tenuous conditions in the cybersecurity field has many people on edge. The ThreatPost article quoted Shawn Henry, a former FBI official:
“It’s hard to explain the threat to some organizations. Some people get it, but many don’t. The entire threat out there is kind of like an iceberg. The part that most people hear about is the part above the water line, the unclassified threats. People don’t hear about what’s below the water line, which is everything that’s happening in the classified environments. It doesn’t get a lot of attention outside of the classified environment, but I can tell you that it’s deep and broad and extensive.”
It is indeed a challenging world we live in. Let’s be careful out there!
Recently, I have received several invitations to join the “schoolFeed by Classmates” app on Facebook – from people I knew and went to school with in Richfield, Idaho, many years ago. I am very, very selective these days about which apps I authorize, by I finally signed up. When I joined the app, I hoped to connect with a few new people whom I haven’t seen for ages. However, I was presented with a long list of folks who all graduated from Richfield High School – just not the tiny one I attended with only 13 people in my graduating class!
The trouble with this app is that it apparently fails to recognize that “Richfield High School” can apply to any number of high schools in the country, not just the tiny one I went to. I suppose those on the list are all nice people, but just not the ones I remembered. But I did get a nice complement for a picture I posted from a person I had never met! How bad is that?
This is a clear example of how attaching an attribute like “Richfield High School” to my online identity does little good unless that attribute is unique enough to satisfy the need for which it was intended. In this case, it fell woefully short!
But the app is in “beta” release – which automatically forgives all blatant errors, even if they strike at the very heart of the app’s driving purpose, right?
I had never seen a Fisher Karma automobile before yesterday – but there they were – three of the gorgeous vehicles parked on a street near the Willis Tower in Chicago. Just wish I could have driven one of them.
An interesting observation in Joel Brenner’s book, “America the Vulnerable.”
The overlapping and ever-expanding appetite of government and commerce to keep tabs on us— and our own appetite for keeping tabs on one another— means that it’s virtually impossible to elude our own autobiographical trail of purchasing habits, property ownership, employment history, credit scores, educational records, and in my case, a security clearance record a mile long.
What have you added to your trail today? Are you sure you wanted to do that?