podcast

Why security pros still fly

Dave Farquhar security ,

Security researcher Chris Roberts has posted some inflammatory things about Boeing airplanes earlier this year, going as far as claiming to have once used the in-flight entertainment system, with a special cable, to send commands to one of the engines and affect the plane’s flight.

When I first heard Roberts’ assertions, my initial reaction was to ask why any security professional would continue to board a plane. Then last week Patrick Gray had the brilliant idea to talk to an Airbus pilot. After listening to the interview, I felt better.

Read more

Nostalgia can make you younger

Dave Farquhar Health, Music, Retro Computing, security , , , , , ,

This month’s Social Engineer podcast featured psychology professor Dr. Ellen Langer, whose specialty is mindfulness. Dr. Langer brought up a lot of important things, including the idea of work-life integration rather than the more difficult work-life balance, but another thing she briefly touched on really resonated with me. She brought up a study, originally done in the late 1970s, where a group of 80-somethings were immersed in 1959 for a week. At the end of the week, they didn’t act like 80-somethings anymore. It seems nostalgia can make you younger.

That got me thinking about the power of nostalgia.

Read more

Meet Waze, the crowdsourced GPS

Dave Farquhar Android , , ,

I’ve read a few things here and there about Waze, a crowdsourced GPS that runs on smartphones, including those that run Android, Apple, and Windows. Its premise is simple: Based on how traffic is moving, it figures out the fastest way to get where you want to go. It adds intelligence to the GPS.

The trade-off, of course, is that it’s tracking you too. The data is anonymized, they promise, but it’s up to you to decide whether it’s a showstopper.

Read more

Identify bad guys through writing style

Dave Farquhar security, Writing , , , , , ,

This month’s Social Engineer podcast discussed a tactic to identify bad guys through writing style, something the hosts expressed surprise was possible.

This won’t be news to anyone who minored in English or Communications or Journalism. A lot of factors go into style—where we grew up, where our parents are from, what we read growing up, our life experience, and it really is like a fingerprint. Fitzgerald’s Gatsby called everyone “Old Sport,” and we all have something like that, it’s just usually more subtle. I’ll say, “taste this,” when my wife or mother in law will say “taste of this.” That’s a regional thing. I pick up on that because I’m interested in language. A really good linguist can pick up on a lot more than that, and machine learning can potentially pick up on still more.

If you recall, it was the Unabomber’s long manifesto that brought down Ted Kaczynski.  Other forensics proved it, but the investigation began with his brother’s observation that the manifesto “sounded like Ted.”

Read more

Data breaches don’t cost anything–so here’s why they matter

Dave Farquhar security , , , , ,

What seems like a million years ago, when Sony Pictures got breached, some pundits were predicting that was the end of the company. I always thought that was hyperbole, but I have to admit I never went to the extreme of saying breaches are nearly harmless, which seems to be the current popular thinking.

Indeed, a financial analyst went on the Down the Security Rabbit Hole podcast and said breaches are an investment opportunity. Just buy the dip.

Read more

How to become an Info Assurance Analyst

Dave Farquhar security , , , , , , , , , , , ,

So, CNN/Money ran a story on the best 100 jobs in the United States, based on pay, projected job growth over the next 10 years, and quality of life ratings. And there was my job title, at #9. I think you should want to become one, so here’s how to become an Info Assurance Analyst.

The field desperately needs more of us, so I’m happy to share with you how to become someone like me. Read more

The dwindling writing market

Dave Farquhar Writing ,

I get the occasional query from people who say I should promote my blog more, so that I can get an audience and write a book about this or that, and then I read stuff like this. Basically, writing is getting more and more commoditized, and writers are making less and less, not that they ever made much in the first place. And then I heard on a podcast that the average technical book sells 5,000 copies.

Fifteen years ago, I was in the home stretch of writing a book–my first, and so far only book. All told, I made around $13,000 off that book, between book royalties and publishing derivative articles in magazines, all before taxes, of course. I wrote about 20 hours a week for six months to do it, so, perhaps if I’d made it my full-time gig, I might have been able to make $52,000 a year. But that was when computer books were hot and big-box book stores were booming. I’m not confident I could make $52,000 as an author today. Read more

How to protect executives traveling to hostile countries

Dave Farquhar security , , ,

Slashdot ran a story about executives being targets in high-end hotels in the Far East. I didn’t realize this was a new phenomenon; perhaps I just assumed it’s been going on all along.

At any rate, it’s possible to protect against it.

Read more

Predicting the future, circa 2003

Dave Farquhar security, Windows , , , , , , ,

In the heat of the moment, I searched my blog this weekend for quotes that could potentially be taken out of context and found something rather prophetic that I wrote in the heat of the moment 11 1/2 years ago:

Keeping up on Microsoft security patches is becoming a full-time job. I don’t know if we can afford a full-time employee who does nothing but read Microsoft security bulletins and regression-test patches to make sure they can be safely deployed. I also don’t know who would want that job.

Who ended up with that job? Me, about a year after I left that gig. It actually turned out I was pretty good at it, once I landed in a shop that realized it needed someone to do that job, and utilized that position as part of an overall IT governance model.

Read more

Home Depot: A security pro’s dilemma

Dave Farquhar security , , ,

I was listening to podcasts about the Home Depot breach, and something occurred to me.

Home Depot isn’t talking much about the breach. And it’s driving security pros nuts.

But the general public takes silence as a sign that everything’s going great. So their silence is winning the PR battle in the court that matters, which is public opinion at large. Read more