security – Page 4 – Observations Along the Road

Being Safe Online

Posted onWednesday, January 11, 2017Authorcahwyguy

As you have probably figured out by now, I accumulate articles of interest as I wander the web, and periodically collect them into themed articles.Today is no exception, and our topic for today is cybersecurity — specifically, whether anyone is safe online (or is it just an illusion), and how to really make the situation better.

Foreign Actors. In recent weeks, a big question has been whether Russia hacked the US — particularly, the DNC and RNC. Donald Trump, in his news conference today, finally admitted that it was likely Russia did, but that other countries could as well. What is the basis for the belief that Russia was behind things? Brian Krebs, in an article written before the CIA report was released, has a very good analysis. Krebs notes, “It probably doesn’t matter how many indicators of compromise and digital fingerprints the Obama administration releases on this incident: Chances are decent that if you asked a panel of security experts a year from now whether the march of time and additional data points released or leaked in the interim have influenced their opinion, you’ll find them just as evenly divided as they are today.” This is because providing strong attribution is difficult, short of your hacker being stupid, just because of the nature of Internet communications. The article points out that there are specific breadcrumbs that lead to the conclusion, and notes why the public has become skeptical. Of everything. I suggest you read that analysis, and then think about it in light of the BBC disclosure that there are unconfirmed reports that Russia has something on Trump. Ask yourself: If the Russians hacked the DNC, why did they want Trump to win (this is not to say they manipulated the election to do so)? Could it be that they didn’t need to worry about him for other reasons?
Data Breaches. Brian also has a really good article on data breeches, and in particular, some immutable truths about such breaches. He explains them in more detail in the article, but here they are in a nutshell: “(•) If you connect it to the Internet, someone will try to hack it. (•) If what you put on the Internet has value, someone will invest time and effort to steal it. (•) Even if what is stolen does not have immediate value to the thief, he can easily find buyers for it. (•) The price he secures for it will almost certainly be a tiny slice of its true worth to the victim. (•) Organizations and individuals unwilling to spend a small fraction of what those assets are worth to secure them against cybercrooks can expect to eventually be relieved of said assets.” First, think about this with respect to the above. Both the DNC and RNC had servers on the Internet. Were they hacked? Most certainly. What was that information worth? Ask Hillary Clinton. Now, you deal with banks and businesses that put your information on the Internet. Now think about the truisms above. Which organizations should you deal with? How much do they value your information?
Online Shopping. Dovetailing with all of this is an article from my web hosting service, Webhost, on what to be aware of when you shop online. They, too, go into a bit of detail, but their tips boil down to: (•) Shop online at home (or on a secure connection); (•) Make sure you have text, email, and/or phone security alerts set up with your financial institutions; (•) Always look for HTTPS when shopping; (•) If you’re shopping through a retailer’s mobile app, make sure it is an official version with a reputable company or developer behind it; (•) Use the ‘too good to be true’ rule and trust your gut. I’d add to this the adage to stay in a well-lit well populated part of the Internet. By that I mean: use companies that have a reputation to uphold — they are more likely to do things right.
Solving the Problem. The underlying problem for all of the above is that we are using a system that was never meant to be secure. That’s right: the basic and original protocols didn’t think about security because they believed everyone was trustworthy. The corollary to this is: if you want a secure system, you must engineer the security in from the start. Related to this, NIST has just announce a system security engineering website, based on their work with NIST SP 800-160. I’ve been doing a lot of close work with 800-160, and am working on gaining a deep understanding on it, and well as how all of the related processes (assessment, acquisition, and lifecycle) can work together. But 800-160 is a good start.

How To Be Smarter Than a Democrat?

Posted onMonday, December 19, 2016Tuesday, December 20, 2016Authorcahwyguy

Well, sorry to say (from my point of view), but it looks like Donald Trump has won the electoral college vote. We won’t know for sure until the votes are counted by the House in January, but I’m sure that election won’t be hacked.

Yup, sure.

Unlike, say, how the election that got us Trump was hacked. We may never know whether what the Russians did was sufficient to change votes, but we know how they did it, and some of the ways the influence occured. So, let’s see if you can be smarter than a Democrat. Note that I’m not saying “Democrats” in general, but some specific Democrats in Hillary’s organization.

How did they basically do it? Social engineering. Read the New York Times account of the hack. Podesta was phished, and the starting place was a purported message from Google indicating an account had been hacked, and a password needed to be changed. That, combined with a warning message that mistyped “illegitimate” as “legitimate”, and the damage was done.

See, what people forget is that the weakest link in the security chain is the human link. It is incredibly easy to do a social engineering attack. Our nature is such that we want to be helpful, and we fall for it. Here’s an example: During our recent security conference, one of the banquet staff found a USB drive that someone left behind, and he asked us to return it to its owner. We promptly tossed it. What would you do? Many people would put it in their computer to find the owner — and potentially be hacked. Or they would just announce it and hand it to the owner, letting them be hacked. One never knows what changes were made to that drive when it was out of your sight (this, by the way, is a good reason to use encrypted USB drives).

What about other attacks? Those ads you see on webpages? They can insert malware into your router without you knowing it. They could bring in ransomware? My malware dectector has frequently intercepted malicious ads on non-malicious sites. Sites you go to every day. These sites often don’t have control of their ad networks.

By the way, you do have regular backups, right? Not always connected to your computer? Not in the cloud? Could you survive the sudden loss of your data?

As they say, fool me once, shame on you. Fool me twice, and…. well, we’ve just seen the fool get elected. Let’s not be fooled again.

P.S.: And what should you do about the fool? The answer is not to use your computer to sign a petition or send an email. The answer is to take time and write your congresscritters and senators, and as many other congressional people as you can, a hand-written letter. Legibly. This shows that the issue is important for you to take the time. Send it to their local office, or call. Insist that Congress hold Trump to the exact same standards of ethics, no conflicts of interest, and highest quality of minimally-partisan appointments to which they held Obama. Different Presidents should not have different standards. And, just like with Obama and Bill Clinton, they should investigate the littlest impropriety or questionable action by the President or any member of his administration. All Presidents and his staff should be held to the same standards.

PS: And if you don’t hold with that position, then please explain why Trump should not be held to the same standard. Party shouldn’t make a difference in how we expect the President to behave, so you must have some other reason. Our President should be the role model for the country, someone that our children can look up to see how a leader behaves.

Decision 2016: Understanding Email and Related Concerns

Posted onFriday, October 21, 2016Tuesday, October 25, 2016Authorcahwyguy

userpic=cardboard-safe A number of people I know refuse to vote for Hillary because they believe she mishandled classified information, and that the FBI was wrong in not prosecuting her. I’d like to convince them otherwise. So let’s do some reasoning, shall we?

We are talking about email here. What is a unique characteristic of email? It has a sender and a receiver. Suppose you are friends with Jared Fogle, the Subway guy. He decides to send you an email with one of his favorite pictures of children attached. It arrives in your server, unsolicited. Are you guilty of possession of child pornography? Even if you delete it when you receive it? It’s a serious question. I was once at a security conference where someone said one of the best attacks in the world is to go to a conference room computer, load child porn from a thumb drive onto that computer, and then delete it… and then report the person for possessing child porn. Look, he even knew he was guilty when he deleted it, right?

Wrong. The criminal is the person that loaded the illegal material, not the recipient.

The same rules apply with classified information. If someone emails you a classified document over an unclassified system, the person who is in big trouble is the person who originated that document (i.e., took content they knew was classified and entered it into an unclassified system) in the first place. The person who receives it is suppose to recognize and report it (although that doesn’t always happen), and their computer is appropriately cleaned (often with only a minor warning to them, because it wasn’t their fault).

Think about what you know about Hillary’s server. The messages that were found were sent to her; she didn’t originate them. At worst (and this is a supposition), she inadvertently forwarded them because they were not marked properly (plus who would send her classified info on a public computer).

But, you say, people have been prosecuted for having classified information on unclassified computers. Yup. But look at those cases closely: they put that information on those systems, often with the intent to exfiltrate it to an unauthorized party. In fact, espionage laws requires that intent to be present, and provably present. I have not seen any articles that demonstrated that Secretary Clinton took a document she knew was classified, put it on her email server, and sent it to someone else with the explicit intent to exfiltrate it. That is why the FBI did not prosecute her, even though there was classified information found.

But, you say, she sent messages with classified information. Other than possibly inadvertent forwarding, my understanding of those incidents is that the information was not classified at the time it was sent; it was classified sometime later. In these cases, what matters is the classification at the time it was sent. Subsequent classification does not expose anything because there is nothing that indicates the original message was confirmed as classified information. It has the same status of classified information published by Wikileaks in the New York Times — if you don’t know it is classified, it has no authority.

Again, there is no evidence (and remember: one is innocent until proven guilty) that Secretary Clinton took information from a marked, classified document, and then entered that information onto her server with the intent to exfiltrate it. That is the crime.

If your sole reason for voting against Hillary is that you believe she mishandled classified information, then I suggest you change your mind. Secretary Clinton — as demonstrated by her debate behavior — is some that always thinks before she speaks and is always prepared. She knows what is classified, and does not discuss it publicly (unlike Donald Trump, who has disclosed some of his intelligence briefings). She is cautious in how she words things and says things; again, a behavior we have not seen in Mr. Trump). Secretary Clinton cannot control what people send her, and whether they mark it correctly. Her only infraction here is not recognizing mis-marked information and reporting it (for she has already acknowledged the mistake of having the private server in the first place, and indicated she would not do it again… and at the time she did it, private servers were permitted for unclassified information).

ETA 10/25/16: My friend Rick Smith over at Cryptosmith has a great article on this subject. Reading it, another cybersecurity colleague, Dave Bell, wrote: “This is a nice exegesis of the laws and regulations surrounding classified information in general and classified email in particular. Lapses in following Department rules on disclosure are not ILLEGAL (in the sense of violating laws) unless the information is covered by the Espionage Act (circa WWI) or the Atomic Energy Act of 1946. The article points to a more detailed, lawyerly article.”

Lastly, you’ll say, she deleted all this email. That make her guilty of something, right? Nope. In America, absence of evidence does not imply guilt. The courts require that guilt be proven beyond a reasonable doubt, and there is a presumption of innocence. Just as Mr. Trump is not guilty of all the sexual assault claims until he has his day in court, and the actual evidence presented and a jury convinced, Secretary Clinton is innocent until there is actual evidence of a crime with a conviction. One cannot have the standards be different for some citizens.

So, let’s drop the whole canard about Hillary’s emails. It is up there in the meaningless category with the canard that she is responsible for her husband’s infidelities. Ah, but you say, if that’s a canard than Trump’s behavior is a canard. Potentially, you’re right. Nothing has been proven yet in court. He is only accused, and not proven guilty. He’s as pure as Bill Cosby. Yet words do demonstrate attitude, and he is on record for what he has said, and has not (a) apologized for the words, and (b) changed the behavior. Contrast this with Bill Clinton — there has been no evidence that his behavior has been repeated since the incidents in the 1990s.

A Sweet Circular News Chum, with Raisins

Posted onMonday, October 3, 2016Tuesday, October 4, 2016Authorcahwyguy

round challah userpic It’s Rosh Hashanah afternoon (L’Shana Tovah to all), and I’m exhausted from the morning. Yet I have a bunch of news chum to post. Let’s see if we can braid it into something sweet and circular, coming back by the end to where I started. This time, we’ll just give headlines and a few comments.

The O shaped iPod? On Rosh Hashanah, you dip Apples in Honey, so where else to start but with a circular Apple product. This article describes a new circular design for the iPod Shuffle that is quite cool, if a Shuffle has enough storage for your needs.
The Taxonomy of Tech Holdouts. As we’re talking about iPods, here are the nine archetypes of planned non-obsolecence, from the Anachronist to the Careful Curator. I think I’m the latter.
Navy scuttles sailors’ enlisted rating titles in huge career shake-up. Moving from holdouts to non-holdouts. The Navy is holding on to specialist ratings no more. Effective immediately, sailors will no longer be identified by their job title, say, Fire Controlman 1st Class Joe Sailor. Instead, that would be Petty Officer 1st Class Joe Sailor.
New college at Onizuka Station pays homage to the ‘Blue Cube’. Moving from the Navy to their sister service, the Air Force. Those in the Bay Area might remember the blue cube, the former Onizuka AFS. It has been converted into a local college, but still plays homage to its history. The walkways leading from the parking lot to the campus are speckled with flecks of blue paint harvested from the cube. Once inside, there is the Onizuka Cafe for hungry students and the Satellite Lounge next door for relaxation and study. Two murals that previously had been inside the cube are now hung in campus hallways. One features the Challenger shuttle with a memorial poem. The other is signed by many former employees of the Onizuka Air Force Station and coincidentally features a large owl—Foothill’s mascot—with a lightning bolt in its talons.
An Abandoned Hospital in West Adams Has Been Filled With Fine Art. Moving from an Abandoned Air Station to an Abandoned Hospital, although this one is still abandoned. The LA Metropolitan Hospital was one of the first black hospitals, but it close a few years ago and is pending redevelopment. However, for the next month, there is an interesting art exhibit in the abandoned hospital.
Texas prisons ban books by Langston Hughes and Bob Dole – but ‘Mein Kampf’ is OK. A hospital is a pubic service building, and so is a prison. So here’s an interesting prison story: prisons in Texas have banned books by Bob Dole, Harriet Beecher Stowe or Sojourner Truth. But inmates are more than welcome to dig into Adolf Hitler’s “Mein Kampf” or David Duke’s “My Awakening.” The rationale: they ban offensive language or violence or sex, but not offensive ideas.
Palestinians’ Abbas seeks British apology for 1917 Jewish homeland declaration. Moving from Hitler to another group that doesn’t like the Jews: the Palestinians. According to the Palestinian President, Britain should apologize for its 1917 declaration endorsing the founding of a Jewish homeland in Palestine and should recognize Palestine as a state.
Your Samsung washing machine might be about to explode. Moving from explosive ideas to explosive washers. The problem it appears, is a defective support rod that is causing washer tubs to separate, potentially launching wires, nuts and other parts. Boom!
The one step you shouldn’t skip when cooking with your cast iron pan. Moving from the Laundry Room to the kitchen, here are some tips regarding use of cast iron pans.
Fat Flora? Gut Bacteria Differ in Obese Kids. What do you cook in a cast iron pan? Food. And what happens if you eat too much food? You get fat. Researchers have found that obese children have a different population of microorganisms living in their intestinal tracts, compared with lean children. These microorganisms appear to accelerate the conversion of carbohydrates into fat, which then accumulates throughout the body, the researchers said.
Attack of the plastic eaters: Can mushrooms, bacteria and mealworms save the planet from pollution? Speaking of bacteria, it runs out they may be the solution to accumulating plastic. As it turns out, nature might offer us the solution to our man-made problems. Scientists around the world are harnessing — in test tubes, under glass domes, and within large bioreactors — the power of living things that can digest plastic without suffering harm.
Inside Arizona’s Pump Skimmer Scourge. Of course, if you’re in Arizona, you should keep a close eye on your plastic — not due to bacteria, but criminals that are doing a lot of skimming of gas and other credit cards.
Why the Hallmark Card Company Owns Thousands of Priceless Artworks. Plastic, of course, refers to a credit card, and who is one of the largest purveyors of greeting cards? Hallmark. Here’s the history of Hallmark, and why the company owns lot of priceless art.
UC Berkeley mascot Oski celebrates 75th birthday. Of course, you send greeting cards on an anniversary, and it just so happens that Oski, the mascot of UC Berkeley, is celebrating an anniversary — his birthday.
Horses can communicate with people using symbols. Oski is a bear, and another type of animal is a horse. It turns out that twenty three horses learned to tell trainers if they wanted to wear a blanket or not. Subjects were shown three symbols: a horizontal bar to say “I want a blanket”, a blank square for “No change”, and a vertical bar for “I don’t need a blanket”. They learned the meanings in a day or two and using them to convey if they were too warm or too cold, building the case for self-awareness.

Of course, a square is a simple polygon, and if you keep adding sides to a polygon infinitely, you end up with a circle. An a circle, of course, is the shape of the new iPod Shuffle, which permit us to spiral back to where this post began. Of course, circles and spirals are the shape of a round Challah, which we dip in honey as we wish EVERYONE a happy and healthy new year. May you all be written and inscribed for the happiest of years.

Things You Probably Didn’t Think About

Posted onSunday, August 7, 2016Authorcahwyguy

userpic=don-martin Although you’re probably still wondering why an article written in Spring 1995 seems so eerily accurate about Donald Trump today, I’d like to give you some more things that you probably haven’t thought about:

Gases and the Body. You’ve probably become more and more aware of the microbiome in our bodies. You probably haven’t given a lot of thought to the gasses in our bodies, except when they escape from ends of the digestive track. However, a new study shows how the gases swirling inside our bodies can power our brains and affect the way we act. Some gaseous neurotransmitters (or gasotransmitters) are produced by your organs and tissues. Others—such as nitric oxide (NO), carbon monoxide (CO), hydrogen sulfide (H₂S), methane (CH₄), hydrogen (H₂), and ammonia (NH₃)—are the products of fermentation in your gut by microscopic organisms like bacteria. These tiny molecules feed and help regulate your cells and those of the microbes living inside you—complex relationships that can have much larger consequences. An interesting addendum: biological processes can also be harnessed to turn Carbon Dioxide into a fuel.
Drywall. It know, it sounds like something out of Surprisingly Awesome: The exciting history of drywall (gypsum board). Gypsum is noncombustible, and compared to other wall materials, like solid wood and plaster, gypsum boards are much lighter and cheaper. As a result, drywall is popular in homes across the U.S.: According to the Gypsum Association, more than 20 billion square feet of drywall is manufactured each year in North America. It’s the staple of a billion-dollar construction industry that depends on quick demolition and building. It can also be deadly.
Architectural Security. Have you ever closely looked at the architectural characteristics when you are out and about. It turns out that many of them exist to enhance security. “The inside of a building in it of itself can be a security tool,” says Geoff Manaugh, an architecture writer and blogger of BLDGBLOG. “If you don’t think about buildings in terms of security and you don’t think of architecture in terms of burglary, you can really easily overlook these things.”
The Most Cost Effective Pizza. Due to the nature of geometric math, the larger pizza is almost always the most cost effective pizza. Just remember to refrigerate the leftovers. The math of why bigger pizzas are such a good deal is simple: A pizza is a circle, and the area of a circle increases with the square of the radius.
Embedded Links. Much as you try not to do it, a determined hacker can design a link such that almost anyone will likely click on it. Human traits like curiosity “cannot be patched” against these kinds of vulnerabilities, says one leading computer science researcher. And so, you can be the smartest security buff in the world, yet researchers could probably still trick you into clicking on a dangerous link.

Something Different to Chew On

Posted onSaturday, July 30, 2016Saturday, July 30, 2016Authorcahwyguy

userpic=levys I know my last few posts have been political — it is just that my concerns over the Republican nominee have incited a passion in me that makes me want to ensure his defeat. So a last political note, and then we’ll move on to something different to chew: some news chum about food, medicine, and science.

But first

… to those of you who cannot bring yourself to vote for Hillary because of her character and the character flaws you think you see, please read this article. You’ll learn how you’ve been fed a diet of genetically modified truth, something empty of nutrition and value, and that has spoiled your appetite for something that is actually healthy. Then read this article, and learn why the Clinton that you see in the news is very different than the Clinton those that work with her see, and why those who do work with her are fiercely loyal to her.

… to those who are Republican who still can’t bring themselves to vote for Clinton after seeing the truth — those who deny the truth about Clinton just as you deny climate science and the value of vaccines — then read this post. Learn how, as the DNC and Trump’s behavior has shown, he spits in the face of traditional Republican values, and has in fact ceded the Republican values of patriotism, love of country, belief in the people of this country, belief in the quality of the American military and support for Veterans to the Democratic party. The man is clearly not a Democrat, and does not reflect Republican values, and is not deserving of your support. If you can’t vote for Clinton, then vote for Gary Johnson or abstain for voting for President. Don’t vote for a man that clearly does not deserve to be the leader of your Republican party. (I note I say this as a Democrat, but a Democrat who believes we need a sane and valid Republican party, because it is the diversity of sane political views that leads to the compromises that makes this country strong).

And now, on to something different to chew upon:

Bell Peppers. Just as I can’t stomach Donald Trump, I cannot stomach bell peppers. Here’s an interesting analysis of the chemical difference between green, yellow, and red bell peppers.
Dealing with Tinnitus. The din of the election, and the constant irritant of the statements of Donald Trump, can be silenced by turning off the news and Facebook. Not so with the constant din of Tinnitus (which I deal with). Here’s an interesting article on some therapy to deal with Tinnitus.
Belly Fat. Trump is a fat head, something loaded with empty calories and empty promises. You know what you can do to get rid of that fat. However, one of the problems I’m dealing with — and one which neither candidate addresses — is belly fat. Here’s a good article on the best way to get rid of belly fat.
Wheat Sensitivity. Listening to the news and watching the behavior of Trump can make you sick to your stomach. So can eating wheat. It now appears that science has confirmed there are wheat sensitivities independent of Celiac disease.
Risky Behavior. I’ve been pointing out for the last few days how risky it is to vote for Trump. It is also risky to answer quizzes on Facebook. They collect far too much data. For example, just today I saw a meme going around asking people to share where they were born. How many of you have seen a security question asking where the hospital you were born in was located? Be careful what you answer.
Cybersecurity Risks. We all know how Trump has invited a foreign government to interfere in our elections by hacking into his opponent’s parties servers. What else could they hack into? Voting machines? 3-D printers? The latter is a real risk, for there are tons of risks that we can’t see in 3-D printing.
Planned Obsolescense. Donald Trump has recently taken to discounting the opinions of respected generals and Gold Star parents. He would probably encourage the business sense of another famous general, General Electric, who specifically designed light bulbs to burn out. This turns out to be a big deal for LED bulbs, who have lifetimes measured in, well, human lifetimes. But don’t worry. LED manufacturers are now designing LEDs to intentionally fail early.

Hmmm, I guess I do have politics on my mind after all.

Clearin’ of the Links: Science, Technology, and Medicine Chum

Posted onThursday, June 30, 2016Friday, July 1, 2016Authorcahwyguy

userpic=mad-scientist I’m still working on clearing out the links that accumulated during the Hollywood Fringe Festival (FB), with a goal of getting them all done before you take off for the Fourth of July weekend. I may already be too late. Here’s a chunk that are loosely related to science, medicine, and technology:

Medicine Chum

Understanding Migraines. One of the ills that plague me are migraines (which, luckily for me, are mild compared to what others get). No one knows precisely what triggers migraines, or how the various abortives work. Some think it is related to nerves in the head, and some think it is related to blood flow. A new genome-wide association study published in Nature Genetics suggests that a migraine may primarily stem from problems with the blood supply system. This could lead to new ways to treat migraines.
More Than Human. We’re discovering more and more than the human organism is much more than the human organism — that is, much of what contributes to our health or lack thereof is our microbiome. Further, our overfocus on being “germ-free” has significantly hurt our biome, and may be the single largest contributor to our various health maladies — including obesity. Here’s another biome story — this time, the involvement of the biome with what has been called Chronic Fatigue Syndrome. Specifcally, researchers say they’ve found biological markers of the illness in the blood and gut bacteria of people with systemic exertional intolerance disease (SEID) (a/k/a CFS). Their results were published in the journal Microbiome. In this study, found clear differences between the blood and guts of healthy versus sick people. Compared to healthy controls, people with ME/CFS had weaker and less diverse bacterial ecosystems in their guts, as well as higher levels of immune inflammation in their blood. These differences were so clear that the researchers were able to spot nearly 83 percent of the time which participants had ME/CFS just by looking at their bacterial and immune response results.
Being Like Everyone Else. If everyone else did something with no proven medical benefit for medical reasons (like, for example, overusing bacterial soap), would you do it? A study that is unsurprisingly proving very viral on social networks is highlighting one such thing: most women these days are “preparing for the Olympics” for claimed medical benefit, when there is none (where “preparing for the Olympics” == “going Brazilian” == removing hair on their … == insert your own euphemism here). My attitude, for whatever it is worth, is that women are their most beautiful when they look like women — not airbrushed models or pre-pubescent girls — but women – with imperfections and hair and some parts large and some parts small and some parts inbetween. While we’re on that subject (and while we’re clearing links), here’s an article I found on two-piece suits for large chested ladies. What bothered me about that article is that the chest was the only part that was large. Why weren’t there two-pieces for ladies who happened to be large in other places as well? As it is, an article like that is just perpetuating body dismorphic ideas, just like shaving everywhere does.
How Old is Your Body? I’m 56. Recently, I’ve been wondering if there is any part of my body that has been with me all 56 years. So I was quite pleased to see an article come across my feeds that asked the same question: How old is your body? What component of your body has been around the longest time? For example: brand new fingernails every six months, 2-7 years for the hair on our heads, new skeletal muscles every 15 years. But those neurons in your brain? Never replaced.

Technology Chum

Automotive Security. We were having a discussion on our van this morning about car security, specifically how some thieves are collecting automotive RFID signals, and then going around parking lots broadcasting them, unlocking cars, and stealing stuff inside. I had noted how cars are generally better protected against theft, and how entertainment units are less likely to be stolen than radios of old. Another rider pointed out, however, that the keyless ignition cars are easier to steal. In general, our cars are weak in terms of security — so it is good at the Senator is pushing to increase cybersecurity protections in cars.
LED Streetlight Dangers. More and more cities are going to LED streetlights because they use less energy and are brighter. Now the AMA has come out with some cautions on LED lighting: cool it and dim it. The AMA’s statement recommends that outdoor lighting at night, particularly street lighting, should have a color temperature of no greater than 3000 Kelvin (K). Color temperature (CT) is a measure of the spectral content of light from a source; how much blue, green, yellow and red there is in it. A higher CT rating generally means greater blue content, and the whiter the light appears. The new “white” LED street lighting which is rapidly being retrofitted in cities throughout the country has two problems, according to the AMA. The first is discomfort and glare. Because LED light is so concentrated and has high blue content, it can cause severe glare, resulting in pupillary constriction in the eyes. Blue light scatters more in the human eye than the longer wavelengths of yellow and red, and sufficient levels can damage the retina. This can cause problems seeing clearly for safe driving or walking at night. It can also affect our sleep cycles and rhythms (which is why many people recommend using f.lux to turn down the blue on your screens in the evening).
Tweaking Your Facebook Feed. Many of us who came from LJ miss the days of a sequential feed, where you know you could catch up on your friends. Facebook has never been quite the same. But Facebook is now providing some details on how to tweak your feed. First, they’ve disclosed their news feed algorithm, which will now show posts from friends higher up in the feed than posts from Pages like news outlets. Based on these new values, there are now some specific tweaks that you can do to make your newsfeed what you want it to be.

Science Chum

Lift Me Up. You might have heard about the helium shortage. That shortage may be going away, as scientists have discovered new Helium resources, and new ways to extract it. That’s good news, as helium is a vital nobel gas (used in much more than balloons), and there is not an easy way to make more.
Drill Me Down. Scientists also believe they have found new water supplies in the central valley of California, albeit at a deeper depth and with greater salinity. Will this solve California’s drought? I doubt it.

Science People In the News

New Position: Steve Isakowitz. The Aerospace Corporation (my employer) has announced the selection of a new corporate President and soon-to-be CEO: Steve Isakowitz, former President of Virgin Galactic. Iskowitz is also a former CTO of Virgin Galactic. Previously, he held a wide variety of senior engineering, business, and management roles across the private and government sectors, including positions at NASA, the Office of Management and Budget, the Intelligence Community, and the Department of Energy. He replaces Wanda Austin, who has reached the corporate age limit for VPs and above.
Passing: Simon Ramo. Simon Ramo, the “R” in TRW, has passed away. Ramo shaped California aerospace and the space industry through organizations like TRW, and I should note that he is responsible for the company I work at: The Aerospace Corporation is actually an FFRDC spin-off of STL, Space Technology Laboratories, which went on to become TRW.
Passing: Steve Walker. Word came to me Thursday morning of the passing of Steve Walker, one of the seminal people in the field of cybersecurity. The formal obituary and funeral arrangements haven’t been published; I found a bio here. We’ll get something up on the ACSA In Memorium page as soon as we can.

A Lunchtime Musing: Managing Risk

Posted onThursday, June 16, 2016Thursday, June 16, 2016Authorcahwyguy

userpic=cardboard-safe If you hadn’t figured it out by now, I work professionally in the field of cybersecurity. One of the concerns in my field is the question of risk: how to manage it, how much is tolerable for an organization, what can be done to mitigate it. All of the cybersecurity techniques you know are related to the question: virus scanner mitigate the risk of malware; passwords mitigate the risk of unauthorized users; firewalls mitigate the risk of unauthorized systems accessing a network, and so forth.

I’ve been thinking a lot about risk in the aftermath of the tragedy in Orlando, and in particular about the reactions of our presumptive leaders, as well as the initiatives that always start after an event like this. Naturally, I see them all dealing with risk in some ways, and in someways misunderstanding risk.

Donald Trump has blinders on with respect to risk. He clearly sees risk — a lot of risk — in immigrants and terrorists, but is blind to the risk of home-grown terrorism, or risk that comes from easy access to assault weapons. Further, his approach to the risk he sees is to be clearly risk adverse. He has a low risk tolerance, and wants to (if possible) eliminate the risk through closing down immigration and building walls. His approach is impractical and costly, as experience has shown.

Hillary Clinton understands that the risk will be present, and wants to reduce it (understanding that it cannot be eliminated). This is where the call for restricting selected gun sales based on findings from background investigations, and calls for restricting the types of weapons come from. They will not eliminate all the possible terrorist actions on American soil, but they will serve to reduce the risk of those actions.

The mass populace also has difficult understanding the difference between risk mitigation and risk avoidance. There are segments who believe that all guns should be banned. Those folks have blinders on regarding risks: banning guns will not eliminate all gun risk (for there is still the criminal element), but it also ignores non-gun attacks. There are some who believe the more moderated approach of increasing the difficulty to get attack weapons is pointless if attacks are still possible. They are the type that are risk averse, and fail to see the benefit that comes from reducing risk.

With respect to terrorist attacks and home-grown gun attacks, we need to understand that we cannot eliminate them completely. The potential is already there, with existing weapons and the free-flow of ideas that our society permits. That is a risk we must accept. What we can — and must — do, is reduce the risk where we can: this means reducing the ability to buy and sell weaponry that can create massive casualties, increasing our ability to be resilient in the face of attack, and aggressively going after home-grown terrorism and terrorist cells (within our existing legal framework), with increased monitoring of those identified as being sympathetic or involved with those homegrown causes (again, while still remaining in our legal system with respect to monitoring and the rights of US citizens).

M	T	W	T	F	S	S
1	2	3	4	5	6	7
8	9	10	11	12	13	14
15	16	17	18	19	20	21
22	23	24	25	26	27	28
29	30

M	T	W	T	F	S	S
1	2	3	4	5	6	7
8	9	10	11	12	13	14
15	16	17	18	19	20	21
22	23	24	25	26	27	28
29	30