dc0de’s & friends notes…

Simply put,

“Using java to manage a security device is like putting a pedophile in charge of a day-care center.”

Consumer borrowing declines for 10th straight month | Business | Chron.com – Houston Chronicle.

Is it any wonder? How about reporting on the OTHER side, BANKS AREN’T LOANING MONEY unless you have a near perfect credit score, and everyone related or friends with you co-signs.

WASHINGTON — Americans borrowed less for a 10th consecutive month in November, with total credit and borrowing on credit cards falling by the largest amounts on records going back nearly seven decades.

Could it be that Americans are finally learning NOT to live in debt?  I hope so… Moreover, if it hurts the banks, great.  They’ve long forgotten who their customer was with all of the spurious charges they dream up.  Add to that the increased transaction fees, long check clearing hold times, and general apathy by the bank employees to your needs, and *poof*, they’ve lost another customer.

I’ve moved all of my financial management to Credit Unions, where they actually care that you exist.  Find a small one in your area, and join it today.  You’ll be amazed at the customer service, rates, and “YES” attitude.

That is all.

Pi calculated to massive 2.7 trillion digits | NetworkWorld.com Community.

I just had to send this out… I love Pi!

A Delta Airlines pilot threatened to throw a passenger off of an aircraft today, 30 minutes prior to it’s departure.

Delta Airlines flight 1047 from Atlanta to San Diego was originally scheduled to depart ATL at 6:55pm Eastern on 1/3/2009, on a 767 aircraft.  When passengers got to the gate, they were not informed of any delays or changes.  However, when boarding the aircraft, the Delta gate agent informed the waiting passengers that their seats had all been re-assigned, as there had been an equipment change.  The gate agent did not call this a “last minute” change, as the 757-200 had arrived from San Diego and had unloaded it’s passengers while most of the departing passengers were waiting to board. It is apparent that Delta had planned to use the 757-200 for several hours prior to the aircraft’s arrival, and simply did not care enough about it’s passengers to notify them ahead of their scheduled departure.

Many of the passengers were surprised as they boarded that their seat assignments had been changed, and one gentleman was almost removed from the plane for asking why they hadn’t been informed earlier of the equipment change.  One flight attendant was heard saying, “You are going to have to speak with the Captain about this”, and when the Captain and the passenger spoke, the Captain told the passenger, “We’re one step from throwing you off this flight”.  At no time did the passenger become unruly or violent, he was simply frustrated by Delta’s apparent lack of courtesy to it’s paying customers.

Also overheard from the Captain’s discussion, were the following:

“Are you going to be calm for this flight?” (the passenger was calm)

“We will not stand for passengers raising their voice or cursing” (the passenger didn’t raise his voice)

“With the recent events, we have to be extra careful” (the passenger went through security, didn’t have any incendiary sewn in his underwear, and was not exhibiting any violent actions)

So, now it seems that freedom of speech is also forbidden, on these, “Friendly Skies”.

The passenger in question first had an exit row seat, then was moved to a middle seat on the 757-200 replacement aircraft, and finally, after being threatened, was given an aisle seat near the rear of the aircraft.

Delta Airlines has not yet commented on our story.

Gartner in two-factor authentication warning – V3.co.uk – formerly vnunet.com.

Apparently, Gartner has caught up with the rest of the Information Security world, and is now pressing for Two-Factor authentication everywhere.

(Gartner is a laugh a minute… really… )

Gee.  What was their first clue?

Let’s set the “wayback” machine to February 2000, when Wave Systems Corporation published their paper on Encrypting hard drives…

Let’s take a look at the landscape back then… just focusing on Access Controls…

Taking the data out of the table, and creating one here…

Now, here is the rub… the above table was published in February of 2000!!!

It is but ONE example of the discussions that Information Security Professionals have had with enterprises, banks, credit unions, and virtually every other business that has a web presence.

Ebay/Paypal got it right years ago, when they started the program to sell you a Vasco Security Token for login to your Paypal account.  Why banks and credit unions haven’t followed suit is beyond me.  Most large enterprises use them internally, but won’t provide them to their customers, even if requested.

So, now, we have Gartner, (the slowest on the uptake) to join in our chant… I guess I should be happy, at least the brain-dead zombies who listen to their diatribe will finally be spoon fed some COMMON SENSE!.

Oi… that was cathartic.

AT&T moves closer to usage-based fees for data.

Boy, I’m sure happy I fired ATT.

I may not have an iPhone (I really don’t want one)

I don’t have crazy pricing (I’m on Sprint’s Simply Everything plan)

I have internet, tethered modem, email, and one thing that the ATT / iPhone people don’t.  Security.

My Blackberry is secured, so that you can’t steal my data, nor can you use it without the passwords.  Hey, even steal my micro-SD card.  it’s encrypted too.

Oh, wait, can you use SD cards in an iPhone?

*meh*…

I’m waiting for the droid to hit Sprint’s network if I’m going to change from Blackberry, but I don’t see that happening for several years.  My Blackberry simply WORKS.  and coupled with Sprint’s Simply Everything plan, It works, and works, and works.

For those of you on ATT, check out Sprint.  They have amazing customer service, you’re greeted by a person who tells you their name, and where they are currently located.  Both of my last two calls to Customer Service were fielded out of North Carolina, and I had pleasant & positive experiences.  It’s truly a joy.  (unlike calling ATT).

Oh, and did I mention that Sprint’s customer service is open 24×7x365?  So you don’t have to wait the long weekend to call to make a change, or to get tech support, or any other reason you would want to contact your cellular carrier.

I could go on for days…

Lastly, I travel for work, and I have yet to find a location where I don’t have coverage to make a phone call, however, I’ve been standing in several locations recently, where my iPhone burdened brethren were not only without data connectivity, but also without the ability to get dial tone.  Sadly, they still think that ATT is a good provider.

Some people must enjoy being screwed and constantly frustrated.  I simply want things to work.

Thank you Sprint, and Thank You Blackberry.

ATM Fraud: New Skimming Scheme Spreads.

Here we are again, coming up on the Holiday Season.  Hanukkah starts this Friday, December 11th, Christmas, and a few fake holidays are in December as well.  (See Festivus, and others… )

Of course, we want to go out and Spend!, Spend!, Spend! to stimulate the “bad economy”.  Well, there are a large group of people who want to stimulate their own pockets as well.  No, I don’t mean the Retail Giants, they’re getting theirs… I’m talking about criminals, who really don’t want to work too hard to get your money.

If you are out, and need some quick cash, you’re better off going to a drug store, or other retail chain, where you can use your Check Card/Debit Card to purchase a pack of gum and get a quick $20.  Using an ATM is getting increasingly more dangerous.  ATM Card Skimmers are getting harder and harder to spot. (Link to Google images of skimmers)

The main message? If you are not using the same ATM every time you pull money out of your account, look closely at the ATM.  Are there any new moldings or trim around it? Does anything look out of place?  Touch every surface of the ATM, and wiggle pieces, if they’re loose, report it to the Telephone number ON THE BACK OF YOUR CARD!  Don’t believe that the telephone number on the ATM is correct.  You may be calling the thieves to tell them you spotted their device.  Here’s my prevention tip of the year… Don’t use an ATM or ATM Card.  They’ll save you money in the long run.  Move back to Cash.  It works.

Either way, Please have a safe and secure Holiday Season.  Oh, and a Very Merry Christmas!

–

dc0de

Security Fix – Apple issues security updates for Mac OS X.

How can this be?  My father recently went to the Apple Store outside Chattanooga TN, and they told him, “Apple doesn’t need any anti-virus, or other security software.  It’s just secure.”

Apple’s Advertising program makes it out to be impervious to the threats that all of the other computers might also have

Even Brian Krebs (While I like and respect him), stated in his blog a few weeks back that to be secure on the internet, you should do your online transactions on a Mac.

Well… something seems to be amiss.

Let’s be clear here:

All Operating systems:

• Are flawed
• Will be attacked
• Need some sort of Anti-Virus
• Need a client based Firewall
• Need constant care and attention

The major issue with most operating systems is the User.  Most users, of any operating system, fiddle with the configuration.  This is similar to saying that “All drivers of a car, modify their car”.  This is somewhat true.  Let’s explore this for a minute:

Types of modifications drivers do to their cars:

• Seat Covers
• Floor Mats
• Rims / hub caps
• Exterior and Interior Trim
• Stereo System/GPS
• Tires
• Engine Modifications/Upgrades
• Suspension Modifications/Upgrades

Except for the last three items, most of these things, in moderation, are harmless to the driving safety of the vehicle.  However, if you don’t know what you’re doing, and you make some or all of the last three changes, you’re going to fall into one of the following categories:

• Outside your ability to drive the vehicle
• Creating an unsafe engine
• Creating an unstable vehicle to drive

Now, taking this analogy back to computers, if you make modifications on your computer system, like installing software un-proven software, or installing many of the gazillion web toys to play games online (for example, flash-based games), you’re inviting your system to be taken over.  When you add any of the other high risk behaviors that we’ve been asking people not to do for the past 12+ years on the internet, (e.g. surfing porn, downloading music and movies, file sharing, opening un-requested emails, not having a firewall, not having Anti-Virus & Anti-Spyware tools, etc…) you have a recipe for disaster.

I think that it is high time that we hold the software manufacturers accountable.  (Including Apple)  Software manufacturers have to OWN the risk, and share the risk with the general public.  After all, if you purchased an automobile that was prone to blowing up while you used it normally, wouldn’t it be recalled?  Couldn’t you sue the manufacturer?  It’s high time that companies get with the program, and start making software that is SECURE BY DEFAULT, instead of bolting on thousands of “patches”, “fixes”, and even stating, “We rely on third party companies to provide that functionality”.

Apple is the biggest failure in Truth in Advertising, and since there are so many Apple Fan Bois, (sic), it doesn’t seem to be happening.  Sorry, I’m not falling for the smoke screen.  Sadly, many of you are.

How about you “Man Up”, and ask your wonderful Apple manufacturer to be truthful?

That’s my 2¢, YMMV.

-

dc0de.

Climate Emails Stoke Debate – WSJ.com.

Scientists’ Leaked Correspondence Illustrates Bitter Feud over Global Warming

As I’ve been saying for many years, Global Warming hasn’t been proven and there hasn’t been an open discourse of scientific fact relating to the climate and “Global Warming”.

IMHO, the problem here isn’t one of Global Warming or not, it’s the loss of objectivity in the sciences.

Some emails also refer to efforts by scientists who believe man is causing global warming to exclude contrary views from important scientific publications.

…

The emails include discussions of apparent efforts to make sure that reports from the Intergovernmental Panel on Climate Change, a United Nations group that monitors climate science, include their own views and exclude others. In addition, emails show that climate scientists declined to make their data available to scientists whose views they disagreed with.

This is the same group of people that are pushing for Trillions of dollars of changes to every country’s infrastructure, without so much as equal time for scientific objectivity.  This truly sad.  Now, the majority of the populous of the United States, the UK, and many Asian and European countries believe for a FACT that Global Warming exists…

So now what?

In Congress, a call to review internal cybersecurity policies – washingtonpost.com.

It’s not so nice when it happens to “Them”!!!

“The ethics committee operates in secrecy and has its own policy governing the handling of materials involving investigations. Under committee protocols, material generated by the panel is supposed to be stored in secure areas that are not accessible to anyone other than committee staff members. That goes for computer files and printouts of committee documents.”

The article goes on to describe how the members of Congress who were under investigation responded, and how shocked everyone was that the data was “at large”.

The laughable part, is that it was disclosed by a P2P application that was installed on a “Junior Member” of the Ethics committee.  I guess the Government doesn’t follow the same guidelines that the Commercial world does…

In the breach, the report was disclosed inadvertently by a junior committee staff member, who had apparently stored the file on a home computer with “peer-to-peer” software, congressional sources said. The popular software allows computer users to share music or other files and is easily available online. But it also allows anyone with the software on a computer to access documents of another user without permission, as long as the users are on a file-sharing network at the same time.

Now I have to question, how much more data was released?  What else was on this member’s shared folders?

It’s time that people wake up and smell the coffee… we’ve been PREACHING about these types of weaknesses, there are hundreds of products that can prevent these types of breaches, and what is being done about it?

Apparently, nothing.  Thanks everyone… it’s been fun… I’m going to bake some biscuits.