July 25, 2012

Why this blog?

During a previous performance review, I was told I need to work on my written communication skills. While my supervisor at the time failed to mention any specifics on how to accomplish this (I guess his communication skills could have used some refining), I looked at ways in improving this skill set. I mean the whole point of a performance evaluation is take it under consideration and improve, right?

My organization would not pay for any writing training, since the budget was tight due to the economy. I certainly was not going to pay out of my own pocket to torture myself with writing lessons, so I started blogging to torture others...I mean to EDUCATE others. It provides a great way to practice my writing, and tangible evidence to show my boss I took his suggestion seriously. The only way to get better at writing is to keep writing. Plus it was within my price range...FREE! There will be grammatical mistakes as I continue to work on my written communication skills, but I will try my best to minimize them. With each post, I improve... well that's the theory.

I have been working in the security field for a number of years. Ever the proverbial “jack of all trades,” I dabble in all the security disciplines without really specializing in one particular area (i.e. personnel, physical, antiterrorism, information). At times I come across as a know-it-all, but I’m really not. I just really like to share information and my passion with others (another reason for the blog).

It is a scary world out there. Security does not always require high tech gadgets or living under a rock. All it really takes are some simple common sense steps. With this blog I hope to educate others on how to use simple steps in keeping themselves secure.

July 24, 2012

New Security Shoe Insole

A recent Associated Press article, "New lab working on security shoe sole to ID people" looks at the new development of shoe insoles that analyzes and reads your gait. According to Wikipedia (the unauthorized resource for all college students), gait "style can be used as a biometric identifier to identify individual people." It is only a fancy way of saying your walk is uniquely you.

These security shoe soles contain "[s]ensors in the bio-soles [that] check the pressure of feet, monitor gait, and use a microcomputer to compare the patterns to a master file for that person. If the patterns [don't match]... a wireless alarm message can go out."

For those thinking, how would these new shoes work when you hurt yourself, and start gimping, the lab has you covered. The bio-soles are being designed to detect variances of an individual's gait due to injuries and other factors, which temporarily change a persons gait.

Considering the U.S. Department of Defense and the Chinese conducted previous research in gait analysis for access control, it is not too far fetch of an idea. If the lab is successful in reaching the intended design, they would end up being just one of many biometrics options for security, such as retina scans, and finger print scan.

The article states the Carnegie Mellon University's new Pedo-Biometrics Lab in Pittsburgh, PA "is working to perfect special shoe insoles that can help monitor access to high-security areas, like nuclear power plants or special military bases." Since some military restricted areas do not permit wireless alarms due to security concerns, the shoe insoles may have a smaller buying sector than originally thought.

As a security practitioner, I am leery about whether these devices would be worth the price (installation and maintenance) and manpower involved. Retina and finger print scanning have been around for a number of years, and I find them to be more trouble than they are really worth. Don't get me wrong, they look AWESOME in the spy movies, but that doesn't always transfer over well into the real world. The equipment (software, readers and other hardware) are typically sensitive to the elements and prone to extensive maintenance upkeep. In a tough economy, where organizations are seeing shrinking budgets, I would really conduct a benefits analysis before investing in biometrics. Considering part of Pedo-Biometrics Lab's targeted clientale, "special military bases" typically are exposed to the harsh elements of mother nature, how do they intend to make the bio-sole more reliable?

Privacy Concern.
Of course any biometrics device has privacy advocates concerned, since these devices can be looked at as tracking devices. According to Lee Tien, an attorney at the free speech and privacy issue nonprofit  Electronic Frontier Foundation, potentially these biometric shoe insoles could covertly be implanted into shoes to spy on people. (Associated Press, 2012)

While this certainly provides good fodder for late night conspiracy theorists, I highly doubt these bio-soles would be massed produced to the level of tracking people. As a privacy lawyer, you would think he would be more concerned about facial recognition software (currently available), than some future gadget that may never make it out of the demonstration mode.

July 23, 2012

Facebook Phishing Trip

Image from blog How to Hack Facebook Accounts
The popular social media website, Facebook is riddled with security concerns, and with a large following (according to Check Facebook, there are over 800 million accounts) cybercriminals are finding creative ways to exploit them. According to a July 9, 2012  Hoax-Slayer update, cybercrooks added a new twist to the old phishing email scams of a decade ago, by combining it with social media.

The approach: an unsuspecting Facebook user receives a message (can be a wall posting, instant message or email) about a new Facebook site with erotic content. Does anybody else notice that most spam have an erotic appeal to it? I guess there are the spam messages from the rich lady or long lost relative in a foreign country, but I'm getting off topic.

When the user clicks on a link in the message, they're directed to a fake site set up to look like a typical Facebook page, BUT WAIT! This page quickly takes you to a spoofed Facebook login page. The scam goes a bit further, because users that try to login with their Facebook credentials are "taken to a typical survey scam site that promises them free items or prize entries in exchange for participating in various surveys or offers. Login details submitted on the fake page can be collected by scammers and used to hijack the user's real Facebook page. Users will never receive the promised gift or prize entry no matter how many surveys or offers they complete." (Christensen, 2012)

If you fell victim to this particular spoof, I have two pieces of advice for you.
First and foremost, change your password NOW. Do it while you still have access to your account.

Second, will you stop clicking on messages promising erotic delights. It's only going to get you in trouble, and I'm not just talking about computer problems. Think about it!

What cybercrooks plan to do with your hijacked Facebook account? It is hard to say, but I'm certain it is not to update your friends about what's for dinner. Perhaps they plan to use your account for another type of Facebook scam mentioned in our January post, "Scammed by Facebook Security?" Or use the information gleaned from your account for more nefarious plots, such as the one mentioned in our May post, "Exploiting Technology: 3 Methods Identity Thieves Use." Yeah, stealing your identity!

July 10, 2012

A Shredder Review

Today Yahoo featured an article from Good House Keeping on the best paper shredder. Link: http://shopping.yahoo.com/news/best-paper-shredders.html

It is really nice to see them featuring a helpful article, rather than the typical cheesy, pop culture entertainment stories that run rampant.

Identity theft is a very real threat, especially in today's cash strapped society. As previously mentioned in our post Identity Theft, Part II, shredding documents with sensitive information can save you from dealing with this major headache. The information identity thieves use can typically be found in our tras,h or for my eco-friendly readers, recycling bin.

Our shredder basic recommendation is use cross-cut, also known as confetti cut shredders. The smaller the confetti, the more better. This is far more secure than strip cut shredders, which in my opinion, is a waste of money. I guess the good people at Good House Keeping, didn't really have this basic in mind when testing "the best paper shredder," since their main criteria for being the best was how many pieces of paper it could handle.

If you are in the market for an office shredder, then that might be an important deciding factor. Honestly for home use, it shouldn't be that big of a deal. Considering most of their "best" were over $50, the average home user could get away with a cheaper shredder...a cross-cut one!

While I certainly see this featured article as a step in raising our collective security awareness, it still missing some basics.