Nike Is A National Disgrace

Nike recalled their sneakers from retailers with the Betsy Ross American Flag.

And they did it right before Independence Day this Thursday.

NIKE is a national disgrace!

Nike, should be standing strong to proudly display the American Flag, but rather they are like the Evil Axis, Iranians, that put it on the heel of their shoe–step on it and spit on it.

This is what we get as a nation when patriotism is turned on it’s head, and people that want to bring down this country and destroy it are instead elevated as spokespeople and even fraudulent politicians for it.

Who would’ve thought after 9/11 that America would self-destruct from enemies within rather than from without. 😦

(Source Photo: Andy Blumenthal)

Our Assets Are Compromised

So in the games that nations play, spy games is #1 on the hit parade.

Of course, it’s about using information to get a strategic advantage. 

It runs the gamut from pure espionage in terms of stealing state secrets and intellectual property to conducting stealthy subversive acts to undermine enemies and competitors. 

Whatever spies do, it’s all about compromising assets…whether they be human, information, or critical infrastructure. 

From turning patriots into traitors, words into info warfare, or critical infrastructure in trojan horses ready to im/explode…whatever leads to getting the upper-hand or advantage. 

What one nation comes to rely on for their sustainment and survival is instead exploited and turned against them like a trojan horse or modern-day malware.

And with people, using money, sex, ideology, compromising material (Kompromat), or threats against loved ones–it’s simply about appealing to either opportunism or extortion. 

So truly defense means protecting not only what before one’s eyes, but also what in the rear and at the flanks. 

When the over 21 million personnel records and background investigations where stolen from OPM on virtually all federal employees (civilian, military, and intelligence personnel) a door was left open and the demon is still hiding and waiting to cross the threshold, infiltrate, exfiltrate, and compromise. 

As an society that meaningfully values an open and transparent democracy, we can perhaps too easily become lured or lax to common sense safeguards and vigilance, but that does not excuse negligence, incompetence or stupidity.

Rich people and countries around the world can unknowingly falter by becoming overly comfortable and full of themselves…to the point where many don’t fully care about their jobs or their country, as they sit in their mansions, designer clothes, and with busting bellies.

From the need to vastly improve our competencies in cyberwarfare to defending ourselves from a tidel wave of global terrorism to upgrading the U.S. nuclear triad against resurgent superpowers and dangerous rogue dictators, we have let our guard down to compromise. 

Is expelling 35 Russian diplomats an effective strategy against their technical attempts to subvert our free and democratic elections or does it just underscore how vulnerable we continue to be?

When as a country and with our leadership, we decide to get serious rather than stay scared and war weary then we will not only stand firm again, but fight against weakness and compromise of ourselves. 😉

(Source Photo: Rebecca Blumenthal)

A Terrorism Wake-Up Call To Western Civilization

“On her way to work one morning

Down the path alongside the lake

A tender-hearted woman saw a poor half-frozen snake

His pretty colored skin had been all frosted with the dew

“Oh well,” she cried, “I’ll take you in and I’ll take care of you”

“Take me in oh tender woman

Take me in, for heaven’s sake

Take me in oh tender woman,” sighed the snake

She wrapped him up all cozy in a curvature of silk

And then laid him by the fireside with some honey and some milk 

Now she hurried home from work that night as soon as she arrived 

She found that pretty snake she’d taken in had been revived

“Take me in, oh tender woman 

Take me in, for heaven’s sake

Take me in oh tender woman,” sighed the snake

Now she clutched him to her bosom, “You’re so beautiful,” she cried

“But if I hadn’t brought you in by now you might have died”

Now she stroked his pretty skin and then she kissed and held him tight 

But instead of saying thanks, that snake gave her a vicious bite

“Take me in, oh tender woman 

Take me in, for heaven’s sake

Take me in oh tender woman,” sighed the snake

“I saved you,” cried that woman

“And you’ve bit me even, why?

You know your bite is poisonous and now I’m going to die”

“Oh shut up, silly woman,” said the reptile with a grin 

“You knew damn well I was a snake before you took me in 

“Take me in, oh tender woman 

Take me in, for heaven’s sake

Take me in oh tender woman,” sighed the snake”

(Source Lyrics The Vicious Snake by Oscar Brown Jr. and the Reading By Donald Trump)

Refugee Crisis OR Something More Sinister And Deadly?

When presidential candidate, Donald Trump said, “I will build a big beautiful safe zone in Syria for the refugees“–many on the left were aghast. 

Then I got forwarded this video on what’s happening in Europe or to Europe (and to a far more limited extent to America).

The basic question raised–are the throngs of people making their way from the Middle East, North Africa, and Asia to Europe (and to America):

1) REFUGEES: Is this diversity, multiculturalism, humanitarianism, and truly helping refugees in need?

OR

2) MIGRANTS: Is this the overrunning of a continent and society–driven by the desire for money, land, power, sex and religious domination–without anyone ever even firing a shot?

No one wants to think the worst–even when terror is happening around us and ISIS is claiming to be planting thousands of terrorists among the refugees (like a massive Trojan Horse)–we still want to believe that we are doing the right thing, doing good, and helping people in need by welcoming them in. 

Most of us or our families have been refugees at one time or another–seeking safety and a better life–so we know what it’s like to need others and to need a chance–and we want to help others like others helped us. 

But watching the terror attacks, violence, rapes, and threats by some (or many, I don’t really know) of the current waves of “refugees”–one wonders is this like prior refugees coming and needing genuine help or something we’ve never quite seen before? 😉

Insuring Against Cyber Attacks

More and more, our technology is at risk of a cyber attack.

In fact, just today the Wall Street Journal reported that Iran has hacked into the Navy’s unclassified network.

While we can fix the computers that were attacked, the damage done in terms of data exfiltration and malware infiltration is another matter.

To fix the computers, we can wipe them, swap out the drives, or actually replace the whole system.

But the security breaches still often impose lasting damage, since you can’t get the lost data or privacy information back or as they say “put the genie back in the bottle.”

Also, you aren’t always aware of hidden malware that can lie dormant, like a trojan horse, nor can you immediately contain the damage of a spreading computer virus, such as a zero-day attack.

According to Federal Times, on top of more traditional IT security precautions (firewalls, antivirus, network scanning tools, security settings, etc.), many organizations are taking out cybersecurity insurance policies.

With insurance coverage, you transfer the risk of cybersecurity penetrations to cover the costs of compromised data and provide for things like “breach notification to victims, legal costs and forensics, and investigative costs to remedy the breach.”

Unfortunately, because there is little actuarial data for calculating risks, catastrophic events such as “cyber espionage and attacks against SCADA industrial controls systems are usually not covered.

DHS has a section on their website that promotes cybersecurity insurance where they state that the Department of Commerce views cybersecurity insurance as an “effective, market-driven way of increasing cybersecurity,” because it promotes preventive measures and best practices in order to lower insurance premiums and limits company losses from an attack.

Moreover, according to the DHS Cybersecurity Insurance Workshop Readout Report (November 2012) cybersecurity insurance or risk transfer is the fourth leg of a comprehensive risk management framework that starts with risk acceptance, risk mitigation, and risk avoidance.

I really like the idea of cybersecurity insurance to help protect organizations from the impact of cybersecurity attacks and for promoting sound cybersecurity practices to begin with.

With cyber attacks, like with other catastrophes (fire, flood, accident, illness, and so on), we will never be able to fully eliminate the risks, but we can prepare ourselves by taking out insurance to help cover the costs of reconstituting and recovery.

Buying insurance for cybersecurity is not capitulating our security, but rather adding one more layer of constructive defense. 😉

(Source Photo: Andy Blumenthal)

Malware Through A Charger

Who would’ve thought you can get cyber attacked this way…

Forbes is reporting that Georgia Tech researchers have discovered an exploit where malware could be introduced to your computer through the plug in AC power charger.

Based on their proof of concept, when you connect your computer and electrical plug, you could get more than an electrical charge to your Apple iOS computer–you could get hacked!

The malicious charger has been named Mactans and in the future could be put together by inserting a miniature computer board (e.g. a BeagleBoard) right into the base of a charger plug (larger than the one shown above).

The hack attack is enabled by the USB port which is used for charging and doubles as a data port so that the malicious code would be surreptitiously inserted into your computer.

So be careful what you plug into, because when you think you’re just powering up your battery, you may end up powering down your whole computer device.

This sort of reminds me of the shoe bomber that forever changed how we view seemingly innocuous shoes at the airport.

A shoe may not just be for walking, and a AC charger may not be just a power source anymore. 😉

(Source Photo: here with attribution to Lee Bennett)

Now You See It, Now You Don’t

Very cool new military technology by BAE Systems called Adaptiv–it’s an invisibility cloak (yes, we now have the technology of the Klingon Empire at our disposal!)

Hexagonal pixel plates are affixed to tanks (and soon battle ships) and these can change temperatures to be invisible to infra-red sensors and confuse heat seeking missiles.

Moreover, onboard cameras pick up surrounding scenarios and can display this onto the vehicle’s pixels, so that the military vehicles blend right into their environs.

Another trick, is that that the pixels can display alternate images to masquerade itself— so a tank is now a simple car or even a cow (according to Wired UK, 6 September 2011).

Like the Trojan Horse, I can only imagine what a military power could do by fully exploiting this capability–whether through the conduct of hit and run maneuvers or by invading and conquering  an unsuspecting foe.

This is the emergence of a whole new era of war-fighting capabilities, where camouflage is no longer just covering yourself with the basic elements, but rather where technology is used to create a virtual reality that masks the true physical.

On the battlefield, this technology will enable us to seemingly be there one minute, and gone the next (machines and people)–that’s technology magic that even Houdini would be envious of.

And yet, this is still just the beginning…we are only now bordering on the capabilities inherent in the Star Trek holodeck–where whole alternate environments are just a simulation away.

>What’s Lurking In The Update?

>

In defense, it is a well-known principle that you determine your critical infrastructure, and then harden those defenses—to protect it.

This is also called risk-based management, because you determine your high impact assets and the probability that they will be “hit” and deem those the high risks ones that need to be most protected.

In buttressing the defenses of our critical infrastructure, we make sure to only let in trusted agents. That’s what firewalls, anti-virus, spyware, and intrusion prevention systems are all about.

In so-called “social engineering” scams, we have become familiar with phony e-mails that contain links to devastating computer viruses. And we are on the lookout for whether these e-mails are coming from trusted agents or people we don’t know and are just trying to scam us.

What happens though when like the Trojan Horse in Greek times, the malware comes in from one of the very trusted agents that you know and rely on, for example, like from a software vendor sending you updates for your regular operating system or antivirus software?

ComputerWorld, 10 May 2010, reports that a “faulty update, released on April 21, [by McAfee] had corporate IT administrators scrambling when the new signatures [from a faulty antivirus update] quarantined a critical Windows systems file, causing some computers running Windows XP Service Pack 3 to crash and reboot repeatedly.”

While this particular flawed security file wasn’t the result of an action by a cyber-criminal, terrorist or hostile nation state, but rather a “failure of their quality control process,” it begs the question what if it was malicious rather than accidental?

The ultimate Trojan Horse for our corporate and personal computer systems are the regular updates we get from the vendors to “patch” or upgrade or systems. The doors of our systems are flung open to these updates. And the strategic placement of a virus into these updates that have open rein to our core systems could cause unbelievable havoc.

Statistics show that the greatest vulnerability to systems is by the “insider threat”—a disgruntled employee, a disturbed worker, or perhaps someone unscrupulous that has somehow circumvented or deceived their way past the security clearance process (or not) on employees and contractors and now has access from the inside.

Any well-placed “insider” in any of our major software providers could potentially place that Trojan Horse in the very updates that we embrace to keep our organizations secure.

Amrit Williams, the CTO of BIGFIX Inc. stated with regards to the faulty McAfee update last month, “You’re not talking about some obscure file from a random third party; you’re talking about a critical Windows file. The fact that it wasn’t found is extremely troubling.”

I too find this scenario unnerving and believe that our trusted software vendors must increase their quality assurance and security controls to ensure that we are not laid bare like the ancient city of Troy.

Additionally, we assume that the profit motive of our software vendors themselves will keep them as organizations “honest” and collaborative, but what if the “payoff” from crippling our systems is somehow greater than our annual license fees to them (e.g., terrorism)?

For those familiar with the science fiction television series BattleStar Galactica, what if there is a “Baltar” out there ready and willing to bring down our defenses to some lurking computer virus—whether for some distorted ideological reason, a fanatical drive to revenge, or a belief in some magnanimous payoff.

“Trust but verify” seems the operative principle for us all when it comes to the safety and security of our people, country and way of life—and this applies even to our software vendors who send us the updates we rely on.

Ideally, we need to get to the point where we have the time and resources to test the updates that we get prior to deploying them throughout our organizations.