Your Days Are Numbered

Anger.JPEG

How low do some people go? 


So far this year, there have been over 100 bomb threats to Jewish community centers, synagogues, and schools–threatening innocent men, women, and children. 


In just three months, from the election through February 7, there have been over 1,300 hate incidents targeting a variety of religious and ethnic groups since the election–this is a 650% increase over “normal.”


Thank G-d, nothing large-scale and serious has actually happened.


But hate is alive and well in the USA. 


Already, there’s been one arrest of a left-wing extremist. 


You can be sure that more will follow!


Those evil people with bias, prejudice, and hate in their hearts and violence on their minds will see justice done. 


It’s a matter of time…


Unanimously 100 Senators have called for swift action. 


We have some of the finest law enforcement in the entire world. 

And with every hateful act, you are leaving a most wonderful forensic trail of evidence that will lead them right back to you. 


It’s one thing for people to disagree politically, religiously, socially or otherwise but it’s another to be a racist and hater and seek to do bad.


You may be calling in bomb threats, but what’s ticking is the clock on you…the countdown has begun until you’re caught and then you’ll be counting the years and decades locked securely behind bars, wasting away, and doing your hard time and penance for the crimes you have done and the evil you espouse. 


With justice, may G-d hear it, see it, and let it be done. 😉


(Source Photo: Andy Blumenthal)

A Word Indeed

The information in your smartphone and managed by your telecommunications carrier is available and accessible to others with today’s tools and following the right processes.Bloomberg BusinessWeek(29 March 2012) reports on a new tool for law enforcement that captures your data from smartphones.It is called the Cellebrite or Universal Forensic Extraction Device (UFED).

As the video describes it works with almost every mobile device out there–over 1,800 of them.

And when attached to a smartphone, it can extract everything from your call log, emails, texts, contact list, web history, as well as photos and videos.

The forensic tool can even retrieve deleted files from your phone.

Your smartphone is a digital treasure trove of personal information and the privacy protection afforded to it is still under debate.

The article cites varying court opinions on “whether it’s fair game to examine the contents of a mobile phone without a warrant,” since it is in the suspect’s immediate possession.

According to law enforcement sources quoted in the article, “we use it now on a daily basis.”

Aside from the contents on the phone itself, Bloomberg BusinessWeek (29 September 2012) earlier reported that telecommunications companies are also storing your personal data for various lengths of time.

For example, detail call records and text contacts are retained for up to 7 years and phone location information indefinitely, depending on the carrier.

This data is available too under the processes specified in the Electronic Communications Privacy Act.

While the technology is constantly getting better for us to electronically manage our information and communicate with each other, the reach and life cycle of digital information can certainly be far and long.

As we should all by now know, working remotely, digitally, in cyberspace, and encrypting, deleting, or even attempting to destroy data files does not ensure their ultimate privacy.

In that respect, both digital and non-digital information are the same in one very important facet and that is as we all learned early in life that “a word once said cannot be taken back.”

>Activity Monitoring and Enterprise Architecture

>

When you log on at work, many of you probably—know it or not–click on an acknowledgement that you consent to monitoring of your activities.

When you are working, your time and your “privacy” are not really your own!

Organizations routinely conduct various sorts of monitoring include network monitoring, intrusion detection monitoring, and now more and more, monitoring of employee activities online. This is an important part of the organization’s technical and security architecture.

  • Network focusedNetwork monitoring describes the use of a system that constantly monitors a computer network for slow or failing systems and that notifies the network administrator in case of outages via email, pager or other alarms. It is a subset of the functions involved in network management.”
  • External focused–“An intrusion detection system (IDS) is used to detect several types of malicious behaviors that can compromise the security and trust of a computer system. This includes network attacks against vulnerable services, data driven attacks on applications, host based attacks such as privilege escalation, unauthorized logins and access to sensitive files, and malware (viruses, trojan horses, and worms).” (Wikipedia)
  • Internal-focused–An activity monitoring tool, according to ComputerWorld Magazine, 7 April 2007, “monitors all activities on an end-user’s system to make sure that no data or computer usage policies are violated. If a violation does occur, the agent issues an alert to the company’s security team and begins collecting data for further review.”

While we all can understand the need for network monitoring and intrusion detection systems, many find internally-focused activity monitoring, a put-off, a display of lack of trust in the employees, or a violation of our privacy.

However, companies do actually have much to fear from their employees—especially the disgruntled or corrupt ones:

CyberDefense Magazine, August 2004, reports in “Beware of Insider Threats to Your Security” as follows: “Gartner estimates that 70% of security incidents that cause monetary loss to enterprises involve insiders…[that] recent FBI statistics show that 59% of computer hackings are done internally…[and that] a source inside the United states intelligence community stated that more than 85% of all incidents involving the attempted theft or corruption of classified data involved an individual who had already been thoroughly vetted and been given legal access to the data.

According to ComputerWorld, activity monitoring tools “features a video-like playback feature that lets security administrators view precisely what a user was doing before, during and after a policy violation was flagged. That can help the admins determine almost instantly whether the violation was an accident or the result of deliberate action…[Additionally, other tools] keeps an eye on all internal network traffic for sensitive or inappropriate material…[or] monitor database activity and check for improper access and other abuses.”

“Because the software [tools] can quickly correlate log even from practically every IT system, it also serve as both a “real-time alerting system and an after-the-fact forensic tool.”

Related products can actually be set up to quarantine a computer, when a policy violation is detected.

The architecture for monitoring the network and internal and external threats is becoming ever more sophisticated. While according to ComputerWorld, Gartner estimates that “less than 30% of Fortune 5,000 companies have installed such [activity monitoring] tools,” we can expect many more to adopt these in the near future.

These tools are vital in today’s information-rich environment where confidentiality, availability, and integrity are the backbone for our enterprise decision-making.

>Identifying a Phony and Enterprise Architecture

>

Part of what distinguishes a good enterprise architect from a mediocre one, is the ability to discern fact from fiction and the important from the mundane when it comes to the state of the enterprise. Having the skill to do this is critical to being able to establish viable targets and transition plans. A mediocre architect may collect information, but can’t spot the true nature of the enterprise, what is right and wrong with it and how it needs to course correct. The truly talented architect can make those distinctions.

Recently in the news there was an item about a doctored photo of a Tibetan antelope running harmoniously alongside the controversial high-speed train developed by China in the animals’ Himalayan habitat. When first released, this photo was accepted as genuine and only upon analysis was it discovered as a fake.

Just like with the photo of the Tibetan antelope, as enterprise architects, we must a look with circumspection and fine tuned analyses at the information presented, so that we can come to valid conclusions and not just accept everything at face value.

MIT Technology Review, 17 March 2008, reports that “new tools that analyze lighting in images help spot tampering.”

One MIT researcher states: “lighting is hard to fake…even frauds that look good to the naked eye are likely to contain inconsistencies that can be picked up by software.”

Similarly, in enterprise architecture, we need to proverbially shed light on the information we capture in the architecture to discern its meaning to the organization—are there really gaps or in our capabilities or does some executive just want to have the latest technology gadget to showcase? Are the redundancies identified in the enterprise needed for backup purposes or are they truly superfluous? Is a process efficient or is this just the way things have been done for so long, that no one really knows differently or wants to change? Is an opportunity really advantageous to the organization or is it fool’s gold?

These are tough questions and answered incorrectly, could lead the organizations down the wrong path and result in costly mistakes, such as unsatisfied customers, lost market share, wasted time and effort, and demoralized staff.

The MIT Technology Review article states: “many fraudulent images are created by combining parts of two or more photographs into a single image.”

Similarly, in enterprise architecture, facts are often misinterpreted or distorted by combining pieces of information that do not go together or by omitting information from the puzzle. For example, user needs and technology solutions can be combined as touted as the ideal solution for the enterprise, but in fact the solution is mismatched to the requirement. Or an IT investment may be heralded as the be all and end all, but critical information was not examined such as the security of the product, the vendor support and training available, the true cost including operations and maintenance in the out years and so on. So just as with photographs you can have errors of commission and omission.

Cynthia Baron, associate director of digital media programs at Northeastern University and author of a book on digital forensics states: “it’s amazing to me, some of the things that make their way onto the web that people believe are real. Many of the things that software can point out [as fraudulent], you can see with the naked eye, but you don’t notice it.”

This is the same with the information that enterprise architects analyze—so much of it is can be misinterpreted—but with a little more attention and a skilled architect, you can find the true meaning behind the data.

In the end a good enterprise architect can be worth their weight in gold to the organization.