NSA FUD. Ain't acronyms fun?

NSA FUD. Ain't acronyms fun?

Probably more information in this article on the NSA surveillance issue than many of you are interested in reading, but I couldn't help pointing out Bruce Schneier's agreement with my Security Basic #5: If someone wants to "get" you, they will. Bruce puts it this way:

"These are hacker tools designed by hackers with an essentially unlimited budget. What I took away from reading the Snowden documents was that if the NSA wants in to your computer, it's in. Period."

Read More

Security Concept 5 (of 5)

Security Concept 5 (of 5)

Concept 5: If someone wants to "get" you, they will. This is the most difficult reality that most never want to consider. Having worked in the area of IT (Info Tech) security for over 20 years and especially working in selling internet security products, I've been in hundreds of meetings where security discussions dive down the "make us perfectly secure" rabbit-hole. The best way to stop such madness inducing explorations is to point out that all security eventually comes down to physical security. How's that?

Read More

Security Concept 4 (of 5)

Security Concept 4 (of 5)

Concept 4: There is no "silver bullet" of security. Security like staying warm is best accomplished in layers. Consider your favorite heist movie. Financial institutions physically protect assets with locked doors, security guards, video cameras, motion detectors (infra-red, lasers, etc.), dye-packs (video), seriously hardened vaults with still more keys including time release controls, etc. Some of these are not just purely preventative, but:

  • Predictive: Identify threat before it penetrates further layers, and
  • Forensic: Given Concept 1, it is good to have a leg up in recovering stolen goods.
Read More

Security Concept 3 (of 5)

Security Concept 3 (of 5)

Concept 3: You have to trust someone. This is true in both the physical and electronic world.

  • You put letters in the mailbox trusting your neighbors and the USPS to do and not do what they are supposed to do.
  • Ever get in a car and drive down the street with oncoming traffic? Those yellow lines actually protect you from those cars or are you trusting complete strangers? 
  • We all make phone calls communicating the most intimate details of our lives to others. Countless phone company employees have the ability to capture or monitor these calls illegally using the same functions legally used by law enforcement with warrants. Not that tough for someone to hack into calls from the phone boxes in your neighborhood.
  • Got a bank account? A credit card account? Your funds are more electronic than anything else accessible to dozens if not hundreds of financial institution employees. 

Phone companies, cable companies, health care organizations, financial institutions, internet service providers, etc. are all regulated and have dizzying arrays of security controls in place. Problem is that they are staffed by humans and humans are immoral, easily tempted beings, which is why the regulations and security controls are in place. Controls are just that. See Concept 1, above. The postman can easily steal your checks, a phone technician can easily bug your calls, a bank employee can easily transfer your funds elsewhere.

Read More