Sunday, May 22, 2016

Strategies to Mitigate Cyber intrusions

Published by the Australian Signals Directorate, their version of the NSA, the first four mitigations are mandatory for all Australian government computers.  For my (non-existent) readers application whitelisting may be a bit beyond your scope but the other 3 are definitely something that you should be doing:



Secunia is an excellent program for handling item (2) and windows update covers (3) if you you use Windows.  Over the next couple days I will put up some instructions on how to deal with all these, but for now something to think about.  Even though you probably aren't actually being targeted specifically it's just a good idea to take some basic precautions especially in the era of things like Ransomware.


Saturday, May 07, 2016

Regrets

So last night we were chatting about people we know and things we regret, someone made the comment about high school being full of regrets.  I don't really see it that way - life is filled with things that I wish I had done differently, but that's different than regrets.  Regrets are the things that keep you up at night wondering what might have been.  I have very few of those.  The way I look at it I am mostly happy with myself and I am the sum of the things that have happened in my life so why worry about what might have been.  Anything that happened happened, anything that I am unhappy about now I can change.

Anyway a free philosophy lesson all so I could post this video of high schoolers doing high school stuff




Some how (personal idiocy) the wrong video got posted. Here is the one I meant to post:

Wednesday, May 04, 2016

Disrupted by Throwing Rocks at the Google Bus in Silicon Valley

Finished Disrupted by Dan Lyons ( @realdanlyons ) yesterday, as well as Throwing Rocks at the Google Bus. by Douglas Rushkoff.

It was kind of a weird juxtaposition.  I had just finished the chapters of TRatGB that dealt with the economics of Silicon Valley start ups when I watched S3E2 of Silicon Valley


It was weird because the two thing fit so well together.  Rushkoff was explaining the out of control valuations of companies like Uber, or previously Facebook, twitter, Snapchat, etc. and then Silicon Valley put it up on screen, albeit in a far more enjoyable fashion.  Tobolowsky explaining the conjoined triangles of success is a classic and I can't be the only one who noticed that :

a) Engineering / Manufacturing and Sales  / Growth are diametrically opposed.
b) Growth is the base of the entire thing.

What that tells me is that in the world of Silicon Valley (both real life and TV show) growth is everything.  The product is an after thought.  In fact at one point Tobolowsky (as Action Jack Barker) breaks the news to Richard (the former CEO, creative genius and now CTO) that the product isn't even really the "product" it's the stock and the hype surrounding it. Of course if you have ever worked in a start up (I have twice, three times if you count when they split us into business divisions and put us in "start up mode" which basically meant making horrible business decisions and refusing to sell product until the company shut us down.) none of this was surprise.

Immediately after Silicon Valley, Disrupted popped up in my Amazon suggestions.  I had seen Lyons on TWiT (I think) a couple times and occasionally read his Fake Steve Jobs twitter feed so I took s shot on it.  Immediately it seemed familiar.  Of course it did.  Lyons is one of the writers for Silicon Valley.  The book dovetailed perfectly Rushkoff and the TV show and was extremely enjoyable, although I felt Lyons pain,   The discussion of the CTOs business philosophies (i.e. delightion) has to strike a cord with anyone who has ever had to sit thru one of those bullshit corporate team building exercises.  Not only that but Lyons nails the economics behind start up culture on the head and does it in a far more entertaining fashion, at points referring to various venture capitalists as braying jackasses (I think) and buffoons (I'm sure)..

In case you didn't pick up on it I am highly recommending Disrupted.  My only real complaint was that he could have done more to explore the role of tech journalism in all this, but then again that would have made it a different book.

Speaking of different books - a Business book by Action Jack Barker would be hilarious.

Throwing Rocks at the Google Bus, was a bunch of Picketty-ish nonsense for the most part but the bits about Silicon Valley were pretty good.  I don't recommend it so much.

No it is on to Naked Money by Charles Whelan.

Monday, May 02, 2016

The Tech Elite Are Moving Left - What I am reading 4/2/2016

Week 2 begins at the new job, and it's a new week in the world of news - let's see what we find:

Wired - Flaws in Samsung’s ‘Smart’ Home Let Hackers Unlock Doors and Set Off Fire Alarms -
The security research community has been loudly warning for years that the so-called Internet of Things—and particularly networked home appliances—would introduce a deluge of new hackable vulnerabilities into everyday objects. Now one group of researchers at the University of Michigan and Microsoft have published what they call the first in-depth security analysis of one such “smart home” platform that allows anyone to control their home appliances from light bulbs to locks with a PC or smartphone. They discovered they could pull off disturbing tricks over the internet, from triggering a smoke detector at will to planting a “backdoor” PIN code in a digital lock that offers silent access to your home, all of which they plan to present at the IEEE Symposium on Security and Privacy later this month.
The simple rule is if it is connected to the internet it can be hacked.  Plan your life accordingly.

Router Freak - Cisco ASA as DHCP Server with Multiple Internal LANs -

Not really anything anyone besides me cares about.  Well me and the good people at router freak, but these are the kind of thing I used to deal with.

Tech Crunch - The tech elite are moving left this election cycle -

This election cycle, the tech elite are almost exclusively backing liberals: Tesla’s Elon Musk donated to Hillary Clinton, Facebook’s Mark Zuckerberg gave handsomely to the San Francisco Democratic Party organization, and Microsoft’s Bill Gates gave to three Democratic congressmen.
...
I think the more likely explanation is that the nation’s new industrial titans are pro-government.

Google, Facebook, and most Internet titans are fueled by government projects: the Internet began in a defense department lab, public universities educate a skilled workforce and environmental policies benefit high tech green industries. The CEO of Uber, Travis Kalanick, is a fan of Obamacare, which helps his entrepreneurial drivers keep their health insurance as they transition between jobs.
In other words, the Democratic party is good for emerging industries and billionaires recognize it. Donald Trump is a candidate known to go after major figures in tech; a trend that may further the Democrats friendship with new industrial titans.

Perhaps more importantly, I’ve argued that the modern emerging workforce of Silicon Valley, urbanized professionals, and “gig economy” laborers all represent an entirely new political demographic redefining the Democratic party to be more about education, research and entrepreneurship, and less about regulations and labor unions. 


I am not sure why this is considered surprising.  Silicon Valley has always been overwhelmingly Democrat.  While there are some outlier donations to the GOP and the occassional crank who espouses Ayn Rand and Ron Paul as saviors of the American way of life I am 100% positive that the data would show that at least in my lifetime Democrats have dominated in that area.  Jeez just look at who their congressperson is.








Friday, April 29, 2016

So week 1 comes to an end AND weird dream alert

First week at the new job is coming to an end.  I'm not going to say much about it, at this point. Check with me again next week.

On the other hand - had a weird dream last night.  I was back at Avocent doing something, not sure what but it wasn't working in test, because they wanted me back there, but every cool person I have ever worked with was there, as well as every girl I have ever dated, who all also seemed to work there.    Weirdly it was all very pleasant because I am not the type of person who ends relationships well.  So anyway there I am and they tell me I am going to be working back in the test department again and it's like a big party, and oh by the way the building is huge, like a giant office building but its just packed, and coincidentally(?) there is a huge barbecue going on.  like we have to walk through a mile of parking lot to get to it but the ribs are super good, being smoked over and there is a ton of free beer.  So i am sitting there with all these former girlfriends drinking beer and eating ribs and everyone is having a good time and telling me how great I am (which really clued me into the dream status) and then the damn alarm goes off.

So that's where my life sits at the moment.

One more thing - saw the trailer for the new Snowden movie holy crap it looks shitty


Tuesday, April 26, 2016

Report on the first day at the new job

So it wasn't quite what was described to me but not horribly different.  The job title is Information Security Analyst but the department I am working in is Systems Assurance.  Basically we are supposed to evaluate the different systems and make sure they comply with the requirements of NIST 800-53 and ISO 27000 series.  I was reading over some of the documentation which seems relatively straightforward. 

The guy next to me has been there about 2 months and is already pretty jaded but by his telling he is an old time security pro, being a new time security amateur I think I can hold out for 3 months :-)

Seems like we will get to access a number of the SecOps guys tools.  QRadar is the one I hadn't heard of.  SolarWinds Network Monitor, which we evaluated at BPA nd decided we preferred Cisco Prime.  A few others that we used at other jobs.

I am trying very hard to not walk in and try and be a know it all so if I have an anuerysm sometime in the next couple weeks you will know why.