Hillary, hackers, threats, and national security

I got a point-blank question in the comments earlier this week: Did Hillary Clinton’s home-made mail server put national secrets at risk of being hacked by our enemies?

Depending on the enemies, maybe marginally. But not enough that any security professional that I know of is worried about it. Here’s why.

Read more

How to get started in regulatory compliance

I had a search query about getting started in regulatory compliance, which I’ve written about before, but more from an organizational perspective. That won’t help you much from a career perspective.

I think most any CISSP will answer that question similarly, so I’ll take a stab at it. Read more

Just reach for it.

I lost a college classmate this week.

We weren’t close, so I didn’t take it as hard as some of our newsroom-mates undoubtedly did. But at the very least, as a human being with a soul and with two kids, I feel bad for the wife and two kids he left behind. It shook me up enough that a couple of my coworkers asked me Wednesday morning what was going on. I told them.

“Don’t try to make sense of something that doesn’t make sense,” the smartest guy in the room said. Read more

Don’t be too impressed with Snowden’s “ethical hacking training”

I saw this new headline regarding Edward Snowden, discussing his NSA hacking training. Don’t be impressed.

For several years, I lived in that same world Snowden lived in. I’ve gone out of my way to avoid mentioning this, but from 2005-2012, I was a consultant. I worked for several different companies, due to contracts changing hands and companies merging, but my client was the United States Air Force. And from 2011-2012, I even had direct dealings with the NSA. I attended NSA meetings in the Washington, D.C. area. I received NSA training–in person–in a security discipline called threat modeling. My job was to represent NSA to the Air Force three weeks out of the month, and represent the Air Force to the NSA on the fourth week.

Just don’t ask me anything about UFOs. Unlike some people, I didn’t snoop around on classified networks. Whenever possible, didn’t look at the data at all. If I had to look at data, I preferred to look at dummy data. If I actually did look at real, honest-to-goodness classified data, it was because I needed to know that information to do my job. I was a pretty good contractor, I think.

I also know about this training that Snowden put on his resume. Read more

A treasure trove of training material

Need to improve your security skills? Need a refresher course to brush up on some skills you haven’t used in a while? Or are you just looking for some CPEs or CEUs to keep your certification valid?

The United States Department of Defense offers a great deal of security training, much of which is freely available to all comers. Your tax dollars paid for it, so don’t feel bad about using it. Besides, if you use it to improve your networks, then your networks are less likely to become a source of attack on government networks, so they’re happy for you to use most of it.

Here’s a hint: Anything that isn’t viewable by the general public is marked ” *(DoD PKI Cert req’d).” If you don’t see that marking, then it’s free for you to view. Just click the link marked “Launch Training.” Read more

Cleaning USB drives with Linux

A longtime reader sent me a really good question today. If I had a USB flash drive and I didn’t know where it’s been or what it’s done, how would I clean it to make it safe to use? He said using Linux was fair game, so that made the answer a lot easier.

Note that as of 2015, a knowledgeable attacker can make a USB drive that will survive this cleaning method, so I only recommend this 90% of the time, and the problem is, it’s impossible to know which 90%.

Read more

End of the innocence for Mac security

Antivirus vendor Kapersky has identified a new trojan horse targetting Macintoshes.  It spreads a botnet based somewhere in China via an infected Microsoft Word document, typically sent as an e-mail attachment.

The spin is that if you don’t use Word on your Mac, you’re safe. That’s true–this week. But going forward, it’s going to take more than that. Read more

Google drops a bombshell, buys Motorola

I was shocked to read today that Google went out and plunked down $12.5 billion for Motorola. I’m sure that other Android phone makers aren’t exactly happy about it–it means Google is going to be competing with them, unless Google just bought Motorola for patents–but I don’t really see how Google had much choice.

Google risks alienating its partners, but…. More on that in a minute.
Read more

WordPress Appliance - Powered by TurnKey Linux