Tag Archives: Security

“Hackback”: A New Approach

Today we read about the likely death in a drone attack of an ISIS hacker/warrior/cyber-jihadist:

http://www.forbes.com/sites/seanlawson/2015/09/12/with-drone-strike-on-isis-hacker-u-s-escalates-its-response-to-cyber-attacks/

In the infosecurity world, we’ve heard for years about the idea of “hackback“, basically an offensive response to an offensive action. Every couple of years this idea comes back around as someone gets frustrated with feeling like the attackers have all the advantages (and fun) and wants to take the fight back to them.

It’s an understandable idea. And, in some measured cases may even make sense. But as a blanket rule, no it’s not a good idea.

This latest development shows that “hackback” doesn’t need to be contained to computer tactics: a physical or kinetic response is just as (if not more) effective.

The bigger story though is how this shows that the idea of “infosecurity” is more and more an empty concept and that it’s all just “security”.

Comment Article on the Clinton Email Server Issue

My latest posting over at Geekwire is my analysis and commentary on why Hillary Clinton using a “homebrew” email server is a major security problem.

http://www.geekwire.com/2015/why-the-clinton-email-server-story-matters-and-why-it-may-be-worse-than-you-think/

Comments on the Stratos Digital Wallet Card

I got to talk with KIRO Radio here in Seattle recently about some of the risks with new, untested digital wallet cards like the new offering from Stratos. Plus, my comments on how cash may make a comeback.

http://mynorthwest.com/11/2723041/Digital-payment-is-waiting-in-line-for-when-credit-cards-die

A Trip to the Doctor

Or, more accurately, the local urgent care clinic.

I had to make a trip there today to get looked at for the latest crud that I’ve been battling for the last week.

My check-in was a good example of how you have to be assertive to protect your security and privacy these days. Sometimes, very uncomfortably so.

While I was doing the usual check-in paperwork, the admissions clerk asked me, “Can I get your driver’s license to scan please?”

I asked, “why do you need that?”

She replied, “Because the copy we have is expired.”

I looked puzzled and she rotated her monitor for me to see the black and white scanned copy of my old, expired license.

It’s been years since I’ve been here, but I don’t remember them ever telling me they were taking a scan of my driver’s license on check-in. Probably one time when I was sick I wasn’t paying enough attention to ask my usual “Why do you need it, what are you going to do with it” questions.

I explained to her that I wasn’t comfortable with her taking a scan. I was happy, I said, to show it to them, but not to retain a copy.

She then said that the point was to protect my identity. I said, I understand but holding that information is itself a threat to my identity. I said, when this clinic’s information is stolen like Anthem’s was it will be harder to steal my identity since they won’t have my drivers’ license.

She said she understood and we moved on in the check-in process.

Later, I was chatting about identity theft to try and lighten things after having to say “no”. While we were talking she told me how she was herself the victim of identity theft. Someone stole mail out of her mailbox and was able to steal her identity. She said it was finally cleared up but it took years and included a knock at the door at 3AM from a sheriff looking to serve a warrant on her meant for the identity thief.

It was a good exercise in real world security and privacy protection. It underscores how you have to be active and sometimes push back, even to the point of seeming like you’re being difficult. It underscores too how you have to always be paying attention since I can’t recall how they got my old driver’s license into the system in the first place. And it also shows that identity theft is very real, very prevalent, very hard to untangle, and has nasty consequences. Finally, it reminds me that we can’t just focus on the digital side of things. Physical mail theft and phone scams are old but still delivering; so they’re still active threats.

It really reinforces the fact that I think real-time identity theft monitoring and monthly checking of accounts and records are critical for all of us.

It really is dangerous out there. It really is hard to do the right thing, even when you know what it is.

At least some of us have job security.

Interviews on the Anthem Data Breach

I had a chance recently to talk with reporters from the Associated Press and the Hill about the recent Anthem data breach and what that means for online security and privacy for healthcare and what people need to know about it.

Is your doctor’s office the most dangerous place for data?

Anthem hack raises ObamaCare concerns

Ten Years After Bill Gates’ Trustworthy Computing Memo

Ten years ago yesterday, Bill Gates sent out his Trustworthy Computing memo that marked a significant change in the culture at Microsoft and put security, privacy and reliability at the center of the company as ideals.

I was at Microsoft as part of the Microsoft Security Response Center when that came out. And until I left Microsoft in December 2010, I was involved in security and privacy. So I have a former insider’s long-term view of what that was all like.

As my former colleagues are marking the occasion I’m sharing my own thoughts on what it meant then and what it means for the future.

Here are my comments in Robert X. Cringly’s article “PC security: We’ve come a long way, baby“. And a longer write-up by me over at Betanews “10 years after Bill Gates’ Trustworthy Computing memo: What it meant for Microsoft and why every tech company needs one“.

It was something to be a part of, but the world is different today. Part of my take on it is how this is still relevant in this different world.

The Lamb Lies Down on Broadway: A Reflection and Memoir

Music.

Memory.

For me the two are inexorably linked. There is no easier way for me to go into the closet of my life and pull out an old version of my self, put it on, remember what it was like to wear that self every day, and feel where and how that self does and doesn’t fit any more than to put something on from the past. In particular with pieces that become part of my emotional history like I talked about in Mood Music.

One album (and I use album specifically because it’s so tied to that now-archaic form) that falls into this category is the last full album by the Peter Gabriel-fronted GenesisThe Lamb Lies Down on Broadway. For me, this is an album that I associate very closely with winters during both my freshman and sophomore years of college at Oberlin. I happen to be listening to this today and as I listen to it, all the history and meaning associated with this album come back to me.

When I talk about this blog as a travelogue about my experience of music, the story of how I came to be listening to the Lamb Lies Down on Broadway so much during those years is an example of what I mean. The path to those days tromping through the snows of Oberlin, listening to Peter Gabriel regale us with the fantastic tale of Rael and his experiences in a nether-world copy of mid 1970’s New York City on my cassette Walkman is a round-about one that passes through so much of my personal musical history.

To get to those days, you have to start even further back and understand first, that up through seventh grade, under the influence of my fairly strict Catholic upbringing, I was convinced that any music other than classical music was, truly, music of the Devil. Ironically, my mother was a huge Beatles fan: this was a case of me being more conservative than my mother like Alex on Family Ties (though I would secretly, guiltily listen to some of her Beatles albums when home alone, but that’s another post). Even once I had drifted some from the Church, that bias was sublimated and transformed by way of some classical music snobbery to conclude that while it may not be the Devil’s music, non-classical music, most especially Rock and Pop forms, had no redeeming artistic merit.

My stance on music would be changed by the chance meeting one day on a bus from summer school classes between seventh and eighth grade. I was taking a class on computers (itself a foreshadow of my later life) and happened to meet a kid named Chad Clark. Chad has since gone on to a successful life in music starting several bands over the years including currently Beauty Pill and running his own studio. This meeting though was before Chad started to pursue his interest in music seriously. Even so, he was much more familiar with non-classical music than I was and found my outright rejection of it all as closed minded and rather silly.

Chad was a very important person for me: after that meeting he became my best friend and was the first non-Catholic friend I ever had.  He would also go on to be best man at my wedding. He challenged the bedrock of pretty much everything that I believed at that time. Not least of which was my rejection of non-classical music.

Over the course of the next few years, as Chad’s interest in music increased and my mind opened up, I would be receptive to more and more possibilities around non-classical music. I could come to accept that at least some of it could be fun to listen to. But my stance on the artistic merit of it compared to classical music was still intact.

And then, sometime around my freshman or sophomore years in high school (it was over 20+ years ago so dates get fuzzy) Chad introduced me to Peter Gabriel’s solo work and made the case that here was someone that put real thought and gravity into his lyrics and music. The first album I ever heard of his was Security. Peter Gabriel’s lyrics are always deeply thought out and the encounter with Peter Gabriel would have deep and profound effect on me in many, many ways (again, for future posts). Here, the key thing is that Peter Gabriel convinced me that there could be intellectual and artistic merit to non-classical music, though I generally considered him to be the only one to merit that gravity and respect.

During the next couple of years, I would collect all of Peter Gabriel’s albums (and even use his haircut as a model for my own!). I would eventually come to understand that he had been the singer for Genesis before Phil Collins. But it was a real brain-cramp for me to understand how someone this smart and who thought so deeply about things could have been the singer for the band that was at that time fronted by someone inflicting Sussudio on the world at that time.

At some point, though, Chad started to tell me how “Old Genesis” was very different from what we were hearing now. He told me how when Peter Gabriel was part of the band, they would do concept albums with underlying themes and that Peter Gabriel would narrate, tell stories, play roles and be in costumes. Sometime during these talks, he introduced me to the phrase “progressive rock” to denote Old Genesis and other rock groups who were trying to make meaningful, mature music that had more in common with the classical tradition than with Sussudio.

Taking a chance, I went ahead at one point and bought a cassette of Nursery Cryme. As the tape started playing “The Musical Box”

and I heard the detailed guitar work, the flute, the lyrics with their echo of legend and myth, and a full story being told, I realized that there was something new here, something far more thoughtful than Sussudio.

I would continue my explorations, learning about King Crimson and collecting as much of their stuff and Old Genesis as I could lay my hands on, building a decent (though hardly complete) collection by the time of my freshman year at Oberlin. I even had bought a cheap keyboard off of Chad to take with me to school, with vague thoughts about composing music along the lines of Peter Gabriel, Old Genesis and King Crimson.

As my first semester at Oberlin came to a close, I finally got myself a copy of The Lamb Lies Down on Broadway at Sarge’s Records, the one record store in town. I bought it on vinyl, one of the last actual vinyl albums I would ever buy. I promptly recorded it over to cassette and added it to my walkman walking music around campus.

While an extremely odd album, I was in love with it nonetheless. Songs like Carpet Crawlers

and Anyway

had a certain lyrical quality and delicate quality that suited them well to the cold, snowy winters at Oberlin. Many was the time I would put the 120 minute tape in my walkman and walk, thinking about life and love now that I was nineteen and through my first semester of college and life on my own.

The coming twelve months would turn out to be hugely transformative for me. I would lose a friend I cared about deeply to suicide, see my last high school romance end (even though we carried it on while I was in college, it was still a high school romance), and start my first adult romance. I  shed my vague thoughts about pursuing music (going to a school with a professional quality conservatory will burn any such thoughts out of you quickly) and decided to make a shift in my path and follow my bliss (as Joseph Campbell would say) by becoming a comparative religion major (which itself was somewhat influenced by Peter Gabriel).

Another change was that this was actually the last new material from Old Genesis I bought: everything else I’ve gotten ever since has either been live albums, my replacing albums in new formats, or getting the post-Peter Gabriel albums that still had Steve Hackett on them (A Trick of the Tail and Wind & Wuthering which lack the lyrical depth but still are musically interesting and not yet the pop nightmare that would mark the Phil Collins era of Genesis). My period of progressive rock exploration would downshift in its importance for me after this.

Certainly, there were many other changes during those twelve months too: you grow up a lot fast those first couple of years of college.

By the time winter rolled around again the next year, my sophomore year, my natural sense of nostalgia returned and I found myself playing The Lamb Lies Down on Broadway once more to mark the changes of the year. I had a very real sense when listening to it of what had changed, of how late adolescence had closed and early adulthood had started somewhere in the intervening twelve months. The music was still wonderful, lovely, still had that winter quality I loved. But now, it wasn’t alive and vibrant like it had been: now it was rather a reminder, a museum piece.

Today, twenty two years later, more time has passed than I had been alive when I was listening to this and marking those changes. As I’m in the midst of changes in my life, as I have a very real sense that adulthood is becoming true middle age, I find myself listening, feeling the memories of those early freshman days, feeling the memories of those sophomore days, recalling the sense of nostalgia I felt that sophomore year for my freshman year and understanding now that I had no idea what the press of memory and nostalgia can really be like.

I still love this album, but it will always be a marker of the past, of two different selves that I can go back to when I want. But there are no more memories to be made with this album, it’s already carrying all the memory it possibly can.