Cyber Attacks Typology

Saw this acronym to describe the types of cyber threats and thought it was useful.


STRIDE


Spoofing – Falsifying identity to gain systems access


Tampering – Making unauthorized changes to data or systems


Repudiation – Forging identify of actions to data or system to deny responsibility or even blame a 3rd party


Information Disclosure – Stealing (exfiltrating) information and disclosing it to unauthorized individuals


Denial of Service – Depriving legitimate users access to data or systems


Elevation of Privilege – Transforming user account to allow it to exceed legitimate user privileges (e.g. admin account or superuser)


Funny-sad enough, these six types of cyber attacks can cause any information security officer to lose their stride. 😉


(Source Photo: Andy Blumenthal 

Modesty And Privacy Of Body and Information

Modesty.jpeg

So modesty and privacy is very important in terms of propriety and security.


Both are intimately connected. 


Already as children, we learn not to show or talk about our “privates” to others. 


And as adults, we understand that there are certain things about ourselves that we don’t just talk about or divulge to others indiscriminately. 


Not being discrete with these and showing either your private parts or your personal information can get you in a load of trouble by giving others the opportunity to take undue advantage of you. 


Both open you up to be ridiculed or even raped of your person or information identity. 


That which is yours to use with others in propriety is instead disclosed for taking out from your control and for use against you. 


Security demands modesty of body and of information, and if not taken seriously, then no amount of lame covering will keep that which is private from public consumption. 😉

Please Tell Us Your Diabolical Intentions

Disclosure

So Russia is escalating in Syria (from devastating air strikes to sea-launched cruise missiles, and now a possible land offensive) and even considering expanding into Iraq. 

Our initial reaction…

We believe this is a fundamental mistake.”  –Maybe a mistake for us, but not for Russia who is wielding their mighty bear claws and showing a decisive victory!  

Upon further reflection…

We are not prepared to cooperate on strategy.”  — Is this perhaps because we don’t have one, and Russia apparently does. 

Syria is not going to turn into a proxy war between the Russia and the United States.” — Okay, so the alternative is to capitulate and give the Middle East over to Russia, like with Crimea and Eastern Ukraine. And what then will we let over to the Russians, Chinese, and Iranians next (because there’s no reason for them to stop there)? 

One of the profound difficulties dealing with Russia in Syria or elsewhere is how opaque Putin’s intentions are and how the Russia system lies about what they are up to.” — Gee whiz, we can’t figure out what Russia is up to as they slam Assad’s opposition (that we are supporting) into smithereens? We’re expecting the competition to tell us their strategy, and why should they do that? 

This last one is perhaps the most bizarre as we all implicitly understand that an adversary is not going to divulge their strategy, and moreover are using misinformation and deception to throw us off balance and advance their objectives. 

It is time for us to bring sanity back to the military equation here.

Immediately…

– Establish a no fly zone over Syria. 

– Put our own base on the ground or military assets into sharp play. 

– Issue a cease and desist ultimatum and mean it. 

The time for losing is over, and the time for winning must begin. 

We can pretend that we can look the other way and simply avoid a conflict, but all we are doing is bringing ever more devastating confrontation that much closer as we lose ground, credibility, and allies (who fear the commitment and iron hand of Russia far more than our own wavering and dubious one)–and we deceive ourselves far more than our adversaries could ever deceive us. 😉

(Source Photo: Andy Blumenthal)

Snapchat, Eat Your Heart Out

Disappearing Ink
As so many of you app users know, Snapchat allows you to send texts, drawings, photos, and videos, but with privacy, knowing they will disappear in a few seconds.



Disappearing messages is certainly not a new idea–in spycraft or for kids. 



Remember the disappearing ink (or maybe you’ve forgotten because it disappeared)?



Well, this is a photo of disappearing-disappearing ink!



Someone apparently stole the disappearing ink right out of the packaging in the store–it has truly disappeared. 😉



(Source Photo: Rebecca Blumenthal)

Lock Or Peephole

Privacy
So is that keyhole in privacy for a lock and key or as an exhibitionistic peephole?



The New York Times had an excellent article on this yesteday, called “We Want Privacy, but Can’t Stop Sharing.”



We are compelled to share online to demonstrate that we are:



– Important

– Interesting

– Credible

– Competent

– Thoughtful

– Trustworthy



The problem is when you inappropriately overshare online, you may leave youself little to properly disclose in building real-world intimate relationships in a normal give and take of “opening and closing boundaries.”



Moreover, being like a lab rat or in a house of glass walls for all to watch indiscriminantly can leave us with feelings of “low self-esteem, depression, and anxiety.”



Being under observation–even when it is voluntary–implies being open to judgement and this can drain us of our ability to be ourselves, creative, and take calculated risks.



We don’t want to become too busy brushing our hair back and smiling for the camera and making everything (artificially) look like made for reality TV (e.g. Kardashian) perfection. 



The key to privacy is to disclose what needs to be shared, put a lock on what’s personal, and not arbitrarily leave the peephole eyes wide open. 😉

(Source Photo: here with attribution to g4ll4is)

What If They Can Read Our Redactions?

What If They Can Read Our Redactions?

The New Yorker has a fascinating article about technology advances being made to un-redact classified text from government documents.

Typically, classified material is redacted from disclosed documents with black bars that are technologically “burnt” into the document.

With the black bars, you are not supposed to be able to see/read what is behind it because of the sensitivity of it.

But what if our adversaries have the technology to un-redact or un-burn and autocomplete the words behind those black lines and see what it actually says underneath?

Our secrets would be exposed! Our sensitive assets put at jeopardy!

Already a Columbia University professor is working on a Declassification Engine that uses machine learning and natural language processing to determine semantic patterns that could give the ability “to predict content of redacted text” based on the words and context around them.

In the case, declassified information in the document is used in aggregate to “piece together” or uncover the material that is blacked out.

In another case prior, a doctoral candidate at Dublin City University in 2004, used “document-analysis technologies” to decrypt critical information related to 9/11.

This was done by also using syntax or structure and estimating the size of the word blacked out and then using automation to run through dictionary words to see if it would fit along with another “dictionary-reading program” to filter the result set to the likely missing word(s).

The point here is that with the right technology redacted text can be un-redacted.

Will our adversaries (or even allies) soon be able to do this, or perhaps, someone out there has already cracked this nut and our secrets are revealed?

(Source Photo: here with attribution to Newspaper Club)

Lets Play Chicken

Lets Play Chicken

So probably everyone knows the game of chicken.

They play this game in the movie Footloose–driving these big tractors towards each other waiting to see who flinches, chickens-out first, and veers out of the way before the vehicles collide. The person who moves out of the way first is the “chicken” (although that person is probably pretty darn smart not to risk getting him/herself killed!)

An article in the Wall Street Journal (18 February 2013) on making friends by sharing, but not oversharing, reminded me of this.

Like two vehicles driving towards each other–making friends is about coming together by disclosing who you are and what you are about–finding and enjoying commonalties, respecting each others differences, and being able to interact in a mutually satisfying way.

Driving gradually and carefully, you can get to know someone by mutually sharing and connecting–first a little, and then building on that with some more.

Beware of disclosing too much, too fast–it can make another person uncomfortable–like you’re dumping, desperate, or maybe a little crazy!

At the same time, not being able to open up can make the other person feel that you don’t like or trust them or maybe that you are a little boring, shallow or that you are hiding something.

Of course, the chemistry has to be there and it’s got be reciprocal–both the feeling and the sharing–users and stalkers need not apply.
However, if things aren’t working out between the two people and they are on course for a head-on collision, someone has got to get out of the way–maybe that person is a chicken or perhaps they just know when it’s time to say goodbye.

Anyway, chickens can either end up doing the chicken dance or they can end up as roadkill–it all depends on how they approach the other chicken. 😉

(Source Photo: Andy Blumenthal)