Cyber Attacks Typology

Saw this acronym to describe the types of cyber threats and thought it was useful.


STRIDE


Spoofing – Falsifying identity to gain systems access


Tampering – Making unauthorized changes to data or systems


Repudiation – Forging identify of actions to data or system to deny responsibility or even blame a 3rd party


Information Disclosure – Stealing (exfiltrating) information and disclosing it to unauthorized individuals


Denial of Service – Depriving legitimate users access to data or systems


Elevation of Privilege – Transforming user account to allow it to exceed legitimate user privileges (e.g. admin account or superuser)


Funny-sad enough, these six types of cyber attacks can cause any information security officer to lose their stride. 😉


(Source Photo: Andy Blumenthal 

Willy Wonka Wears Google Glass TOO

Willy Wonka Wears Google Glass TOO

I can only say that my fascination with Google continues to grow daily.

Years ago, I used to joke, “What is this G-O-O-G-L-E?”

But now, I know and marvel at how Google is information!

And every type of information from news and facts to shopping and entertainment:

Research is Google.
eCommerce is Google.
Entertainment is Google.

Google this…Google that.

Archive, index, search, discover, access…learn, grow.

Google has quite literally ushered in a new age of enlightenment, no really!

The focus is on information…Google’s mission statement is:

“Organize the world’s information and make it universally acceptable and useful.”

If you believe that knowledge and learning is one of the core underpinnings for personal growth and global development then you can appreciate how Google has been instrumental in unleashing the information age we are living in.

Of course, information can be used for good and for evil–we still have free choice.

But hopefully, by building not only our knowledge, but also understanding of risks, consequences, each other, and our purpose in life–we can use information to do more good than harm (not that we don’t make mistakes, but they should be part of our learning as opposed to coming from malevolent intentions).

Google is used for almost 2/3 of all searches.

Google has over 5 million eBooks and 18 million tunes.

Google’s YouTube has over 4 billion hours of video watched a month.

Google’s Blogger is the largest blogging site with over 46 million unique visitors in a month.

But what raises Google as the information provider par excellence is not just that they provide easy to use search and access to information, but that they make it available anytime, anywhere.

Google Android powers 2/3 of global smartphones.

Google Glass has a likely market potential for wearable IT and augmented reality of $11B by 2018.

Google’s Driverless Car will help “every person [traveling] could gain lost hours back for working, reading, talking, or searching the Internet.

Google Fiber is bringing connection speeds 100x faster than traditional networking to Kansas City, Provo, and Austin.

Google is looking by 2020 to bring access to the 60% of the world that is not yet online.

Dr. Astro Teller who oversees Google[x] lab and “moonshot factory” says, “we are serious as a heart attack about making the world a better place,” and he compares themselves to Willy Wonka’s magical chocolate factory. (Bloomberg BusinessWeek)

I like chocolate and information–and yes, both make the world a better place. 😉

(Source Photo: here by (a)artwork)

Learning IT Security By Consequences

This is a brilliant little video on IT Security.

What I like about it is that it doesn’t just tell you what not to do to stay safe, but rather it shows you the consequences of not doing the right things.

Whether you are letting someone into your office, allowing them borrow your badge, leaving your computer unsecured, posting your passwords, and more–this short animated video shows you how these vulnerabilities will be exploited.

It is also effective how they show “Larry” doing these security no-no’s with signs everywhere saying don’t do this.

Finally, the video does a nice job summing up key points at the end to reinforce what you learned.

I think that while this is simpler than many longer and more detailed security videos that I have seen, in a way it is more successful in delivering the message in a practical, down-to-earth approach that anyone can quickly learn core basic practices from.

Moreover, this video could be expanded to teach additional useful IT security tips, such as password strengthening, social engineering, and much more.

I believe that even Larry, the unsuspecting office guy, can learn his lesson here. 😉

(Note: This is not an endorsement of any product or service.)

Catching More Flies With Honey

Catching More Flies With Honey

There’s an old saying that you can catch more flies with honey than with vinegar.

And this is true in cyberspace as well…

Like a honey pot that attracts cyber criminals, organizations are now hiring “ethical hackers” to teach employees a lesson, before the bad guys teach them the hard way.

The Wall Street Journal (27 March 2013) reports that ethical hackers lure employees to click on potentially dangerous email links and websites, get them to provide physical access to data centers and work site computers, or give up passwords or other compromising information through social engineering.

The point of this is not to make people feel stupid when they fall for the hack–although they probably do–but rather to show the dangers out there in cyberspace and to impress on them to be more careful in the future.

One ethical hacker company sends an email with a Turkish Angora cat (code-named Dr. Zaius) promising more feline photos if people just click on the link. After sending this to 2 million unsuspecting recipients, 48% actually fell for the trick and ended up with a stern warning coming up on their screen from the cyber security folks.

Another dupe is to send an faux email seemingly from the CEO or another colleague so that they feel safe, but with a unsafe web link, and see how many fall for it.

While I think it is good to play devil’s advocate and teach employees by letting them make mistakes in a safe way–I do not think that the people should be named or reported as to who feel for it–it should be a private learning experience, not a shameful one!

The best part of the article was the ending from a cyber security expert at BT Group who said that rather than “waste” money on awareness training, we should be building systems that don’t let users choose weak passwords and doesn’t care what links they click–they are protected!

I think this is a really interesting notion–not that we can ever assume that any system is ever 100% secure or that situational awareness and being careful should ever be taken for granted, but rather that we need to build a safer cyberspace–where every misstep or mistake doesn’t cost you dearly in terms of compromised systems and privacy. 😉

(Source Photo: Dannielle Blumenthal)

Tweet On, Dead Or Alive

Tweet On, Dead Or Alive

So recently, I saw the movie Vanilla Sky with Tom Cruise who plays a wealthy playboy who has everything, but has a horrible disfiguring accident as a result of a disgruntled girlfriend, and Cruise ends up in despair, overdosing, and ultimately in cryonic suspension–but with the added package of being in a lucid dream while in frozen suspension for 150 years.

The idea of somehow being placed in suspended animation after death in the hope of eventually being brought back to life with technologies in the future has been an interest of many who naturally seek immortality.

A company called Alcor Life Extension, not only researches cryonics, but also actually performs it and has over 100 patients preserved and frozen in liquid nitrogen (as well as over 30 pets).
Understanding the great desire for people to somehow defeat death, I was not completely surprised to read about LivesOn in the New York Times (2, March 2013), which is an algorithm being developed to continue Tweeting even after you are dead!

You can sign up at the website to join their beta trials–no, you don’t have to be dead yet!

But LivesOn will start learning what and how you normally Tweet and through artificial intelligence will start to tweet on its own for you and you can give it feedback to refine its performance.

It’s slogan of “When your heart stops beating, you’ll keep tweeting,” seems more than a little crude.

Given all the distress about accessing a person’s social media account after they die to learn more about them, their friends, perhaps the circumstances of their death, or even to post a closing to account–the legal and policy issues are still being worked out in terms of privacy and the user agreements for the sites.

With artificial intelligence now being able to, in a sense, take over for you and continue your posts even when you are dead, this practically begs the question of who you are and what makes you distinct from a computer that can mimic you to the world?

Can a computer or robot one day be able to assume your identity? How difficult would it really be? Would anyone even know the difference? And would they care? Are we all just patterns of thoughts and behaviors that can be predicted and mimicked, and if so what are we really? 😉

(Source Photo: here with attribution to Anders Sandberg)

From Adventure Photography to Lifelogging

Felix Baumgartner jumped from a helium-filled balloon lifted space capsule, one week ago today, to set a skydiving record from 24 miles up and reaching the speed of 834 miles per hour.

On Felix’s helmet was a GoPro video camera to capture this memorable event.

GoPro is the leader in wearable, waterproof, shockproof videocameras and has an especially strong market in action and extreme sports.

Their newest helmet-mounted camera is the HD HERO3 (available 17 October 2012), and it continues the significant trend to ever smaller, lighter, and more powerful cameras technology.

I like this video they put out showing the high resolution and exciting video taken while doing activities from surfing to mountain climbing, deep sea diving, flying, kayaking, and more.

I have a feeling that these cameras are going to make a leap from capturing adventure photography to being used for lifelogging and lifejournaling–where people capture major life events on a wearable camera, and in some extreme cases–they try to capture virtually their whole life!

As someone who has blogged now, thank G-d, for 5 1/4 years, I greatly value the ability to capture important events, share, and potentially influence–and lifelogging with discrete, wearable camera technology can take this even further. 

Of course, with this technology, we need the ability to search, discover, and access the truly memorable moment–those that are meaningful to you and can have a deep and lasting impact on others–and let’s face it, despite the rise of Reality TV, most of life is not quite a Kardashian moment. 😉

It sort of reminds me of the Wendy’s commercial, where the old lady asks from a fictitious competitor, “where’s the beef?” With lifelogging, blogging, or other capture and sharing technologies, the beef had better be there (people’s time is valuable)!

There are billions of people to reach–capture, reflect, share…in writing and with pictures–then truly, “The pen is mightier than the sword.”

Open Doors, Closed Minds

Door_closed

This was a funny photo at the local Pot Belly eatery. 

Their side door (right off their main entrance) is wide open, yet they have these two large signs that say “Keep Closed” and “For your safety back door must be locked at all times.”

And inside this guy with a clipboard is schmoozing away–seemingly ignoring everything.

No delivery in sight either–maybe just the morning checkup on things.

So much for safety, following the rules, and probably good common sense.

It reminded me of a couple of things:

One is sort of the opposite of this scenario, where in the office, virtually every manager/leader purports to have an “open door” policy, yet really while their door may be open, their minds are closed.

They don’t really listen to what people are telling them–issues, solutions, new ideas–they have their own ideas about things, how they are and how they ought to be. The others don’t really matter to them, because they are in charge.

In this case emotional intelligence, social/interpersonal skills, communication abilities, and teamwork are all pretty low. Surprisingly or not, this is quite a lot of managers out there, I think.

The other thing this scene brought to mind is a related issue of access. Sometimes, we may try to get a briefing or presentation, or even just a discussion with superiors, but they always seem too busy.

Without acccess, we are limited in pushing new ideas and innovations up and out–it stops with the gatekeepers. With access, we can work together to make great ideas and solutions even better.

It’s interesting that access–such a simple thing you would imagine, is such a big deal. But it is common too that rather than dealing with new ideas or difficult issues, managers may simply find it easier to simply not deal with “the noise.”

This is the equivalent of grade school, where you put the fresh-mouthed student in the corner, facing the wall, with a tall pointy dunce cap on their head–until they and everyone else gets the message that this not someone of significance. See them, laugh at them, then ignore them.

Access is another word for you mean something or you don’t, in your bosses mind, at least, and in how they communicate about you to others.

Lose access and you are in the wilderness and maybe will starve to death and die. Gain access and you have an opportunity to influence things for the positive–live and let others thrive.

Are you relevant or dead–is the door open–really or is it just a show.

Your job as a leader and follower is too figure out how to open doors all around you, to bridge divides, communicate what you really think in a way that can be heard, influence the way forward, and make people feel–really feel–that they are heard, that they do have something important to say and contribute, and that everyone is valuable.

Door open or closed–your mission is the same.

(Source Photo: Andy Blumenthal)