I don’t understand it – one would really like to think our lawmakers would have security in mind, on all levels and from all angles, when devising new policies about security. One would (ok at least I would) especially like to think that recommendations for policies provided by the NSA would be even more concerned with all levels of security. Well, it looks like that’s not necessarily the case. See Susan Landau’s Washington Post article about our new wiretapping law for the story. Is the NSA the new CIA?
September 25, 2007
September 14, 2007
Water Tables, Wasps, Web & Warfare
I can’t keep track of everything going on, but amidst trying to order a water play table for my daughter, keep wasps (actually yellow jackets, I guess) away from her swingset, and follow news about how the Chinese are planning to attack us online (wtf?) along with all of the SVMoms’ political activity after a week in the North Woods, I’m feeling a bit overwhelmed.
It’s all thrilling, but I get off the plane going through email on my iPhone just trying to keep up on the most urgent. Honestly I feel like I’m in the middle of a Presidential campaign again. (Yeah, I know we are, but I’m not working 100 hours a week just on that this time around… at least not right now.)
Watching how the campaigns are doing, it’s all good – Hillary is rocking in the print magazines, Edwards’ online campaign is on fire, Barack is getting the newspapers going, and I’m hearing more about Thompson and Giuliani every day (although I might add that the Elle magazine article I read on the plane about Rudy’s ways with women wasn’t all that positive.) Keep up with the tech news about the campaigns at TechPresident or Politics Online. And in terms of national security, Gary Hart has launched a new organization – the American Security Project. I’m very excited about this. I’ll blog more about it soon.
Back in the parenting world, plastics are everywhere and although the sky isn’t falling, the oceans may be. My dad gave me this frightening chapter from Alan Weisman’s book to read while I was in Minnesota. Our oceans are literally drowning in these toxic plastics everybody’s ranting about being dangerous to children and fertility, affecting our planetary water table.
July 21, 2007
E-Mail Security Flap in Nevada Governor’s Office
>This is classic… according to Declan McCullagh of the Politech mailing list & CNET News, someone in the Nevada governor’s office I’ll only assume accidentally posted the password to the official Governor’s email list and Outlook account password on the gubernatorial web site via a MS Word document that instructed aides on how to send out weekly email updates.
The current Governor, Jim Gibbons, a Republican, must not have much in terms of tech-savvy staff since (this is my favorite part) the password on the account was ‘kennyc’, the name of the former Republican governor, Kenny C. Guinn. (Note: the old password was weak, let alone the fact that it’s how old?)
The full story details the instructional document and a few additional related facts. As Declan notes, it’s possible that there’s a firewall or some sort of security above and beyond the password “protection” in their system, so had someone attempted to use that password from the outside to hack in, it may not have worked… we can only assume they’ve changed it by now having heard about this post. Still, this is one of the most embarrassing political computer security stories I’ve ever heard.
July 8, 2007
Not Quite Robin Hood – ID Theft Scams and Nonprofits
According to this Slashdot post (via Symantec), a new identity theft tactic is to test out stolen credit card numbers on nonprofit web sites to determine whether accounts are valid before going on to use the cards elsewhere. Although it might sound like a Robin Hood scheme at first – giving money to charity – it’s just another scam.
June 10, 2007
>BigFix Presidential Campaign Winning Online
>According to an article in the San Francisco Chronicle, BigFix, an Emeryville-based IT Security & Compliance Provider, is running a faux viral presidential campaign online to gain traffic and interest in the site. It’s working… their pretend candidate, Ray Hopewood, is on Flickr, MySpace, and everywhere in-between. Check out his web site. It’s pretty good.
March 11, 2007
>Hillary Clinton’s Promise
>I saw Hillary Clinton speak a couple of weeks ago in San Francisco. She packed a ballroom at the Sheraton Palace Hotel full of people for lunch. Most in the audience were women who heard about the event through word of mouth and womens’ political organizations in the area, since the event was organized by Susie Tompkins Buell and Emily’s List. I don’t know how much money the event raised but it must’ve been in the hundreds of thousands of dollars.
I’ve blogged before about how wonderful it is that a woman is finally a viable candidate both with respect to qualifications and fund raising, but I had no particular knowledge of Hillary Rodham Clinton’s skills as an orator or policy maker beyond what I’ve read in the news before the SF event. What surprised me that afternoon as I sat eating sushi shoulder-to-shoulder with some of the Bay Area’s most powerful women, was not what I expected. In fact, I tried very hard to go into the event with no expectations at all, but with an open mind to consider this person as a candidate in her own right – not as the wife of Bill Clinton, but as someone with deep policy experience, a Senator, lawyer, wife, mother, and someone who spent 8 years working closely with the President in the White House. I knew she was savvy politically and I knew she has gained a reputation for working across the aisle in Congress. What I didn’t know was how impressed I would be.
First of all, I’ve seen a lot of candidates speak. She has skills that match the best of them. But more importantly, she did a few things to surprise me. A) She listened to her audience, without just talkinig about her agenda. She spoke about issues that concerned us. B) She responded to questions with detailed answers, not just canned sound bites. She talked for at least ten minutes about how to improve education and gave actual examples and thought-out policy changes. I’ve never seen a politician give such detail before. She spoke a lot about how important pre-school is, for example. It really made me think more about that issue than I ever had before. C) She admitted her mistakes – particularly regarding her attempts to work on universal healthcare in the past.
As someone who has worked for the government in security, I’m always concerned about any details that relate to security detail and the other thing that interested me about this event was the level of Secret Service attachment Senator Clinton has. I assumed there would be some, but as a Senator, presidential candidate and former first lady, she has a serious security staff and motorcade. This got me thinking about another issue that I don’t think most people have considered with respect to her run: she’s a huge target. So many people dislike her for a variety of reasons, so she needs that security. And on top of that, she’s taking a major additional risk becoming a presidential candidate. People can say what they want about her political agenda and formulating a path to run for president for years, but it takes a lot of courage to put up with the kind of criticism and risk.
The question on everybody’s minds, of course, is: Can she WIN? This is an incredibly unique case, so my answer still is that I don’t know. Of course Bill Clinton and political pundits with experience say she can, but they have to say that. Hillary herself says: “we won’t know until we try.” (She was referring to getting a woman elected in general, but since she’s the only woman with a chance right now, she’s our sample.) I just don’t know. It’s a numbers game and she has to convince enough moderate and liberal voters to vote for her. Most conservatives detest her and will never consider voting for her and will fight tooth and nail to defeat her. But it is theoretically possible that if she swung enough moderates who see her work across the aisle that she could do it. And if she could capture the majority of the women’s vote (which I think she can), that will be huge. That’s assuming she can win the Democratic nomination, which I believe she can. I don’t know if she will, of course, but she’s definitely a strong enough candidate that she’s viable in that area – unlike Joe Biden, for example, who just doesn’t have a chance at this point. We’ll have to see how the debates play out with Barack Obama, the youthful favorite, and Chris Dodd, who I believe is a dark horse.
The bottom line is that Hillary Clinton is worth considering. Take a look at her site. Don’t count her out. Read about her policy plans. Go see her speak next time she’s in town. The one thing that I took from the event was that day 1 in the White House, she will hit the ground running and make major policy changes to improve the environment, education, health care, and foreign policy. Whether she can lead as well as she can collaborate remains to be seen, but she definitely has promise.
March 8, 2007
>Treading Carefully Online & "Good Morning America"/ABC News How-Tos
>Internet defamation is hardly new, but the way it can happen to younger people in situations where they are hurt before even entering the workplace is a serious issue. “Good Morning America” put up a segment on this today and I was shown as an Internet privacy expert.
The ABC News video lasts 5 minutes and 22 seconds, of which I’m on for about 6 seconds (1:38-1:44). What’s interesting is actually the advice delivered by Tory Johnson slightly later in the segment, also repeated in an article on the ABC News site. The article is entitled “How to Avoid Cyberspace” but that’s not really a practical or realistic piece of advice in itself – I’m not sure why they called it that. She’s not advocating avoiding the Internet and we all realize that’s impossible. She does provide some good tips on fighting and preventing defamatory remarks.
Also, as noted by Kurt Opsahl in yesterday’s Washington Post piece, you can sue and you can fight the negative information by posting positive information. I would add to that it’s almost easier to post it in other locations on the web rather than getting into direct confrontations on the site in question. The Internet, unlike tabloids, is a 2-way street so you can control the information out there about you to some extent.
Other things I explained to the interviewer:
1) I advise my clients – even those who are not political – to think of themselves as candidates when they go online and only put up limited information about themselves that shows them in the most positive light.
2) Treat the people who are causing the trouble like hackers or school bullies – you can’t completely avoid them, but you can ignore them – what they really crave is attention.
3) Remember that this type of damage fades over time and whatever’s most popular and current out there on the web is going to be what comes up first in search engines.
4) Don’t attack the search companies like Google and don’t blame the Internet – they are merely vehicles for information and do not have any malicious intent.
5) You can make a difference with what companies do when they are pre-screening potential employees by contacting them and asking them to avoid certain sites.
6) The market drives this activity to a certain extent – if sites get a bad reputation for hosting misinformation, they will lose traffic and other sites will take over the dominant spot in the social networking sphere.
7) Utilize anonymity if necessary, but sparingly – it can still sometimes be traced.
February 19, 2007
>Online Account Nonsense
>About once a week, I find myself creating a hand full of new accounts for various sites that I may or may not ever use again. And then there are the couple that expired or were purged that I have to renew. Of course also we can’t forget the passwords that need to be changed – which I’ll admit even as a security professional, I’m not as on top of as I should be.
Today, I decided to count all of the accounts I have for sites that I have to date. Not including client accounts or ISP/telephony – just things like containerstore.com and blogger.com – I have over 225. As someone who learned about e-commerce before it existed, I’m still mind-boggled by this. Who can keep track of these things in a secure, organized fashion without being overwhelmed?
Options?
a) Use a site that aggregates passwords that better be damn secure if you have any kind of financial or personal data in it
b) Save passwords in an insecure but easily accessible location
c) Use the same password for multiple accounts
d) Create fake email accounts that are really anonymous or have pseudonyms to use for as many as possible
These still each have their own problems. But what’s the alternative? Don’t read news online, don’t conduct business transactions online, don’t use your own identification for your searching? It’s tiresome…
February 2, 2007
>Dolphins Stadium Site Wide Open For Hackers
>I don’t want to say I’m glad that something Superbowl related got hacked, but here’s the thing: when major web sites like Dolphins Stadium get hit with known attacks for Windows security holes, it raises awareness. And frankly, this is such small potatoes in the scheme of things – it wasn’t our water system hacked or our electrical infrastructure or something controlling train lines that could kill people. Sure, it’s inconvenient for the people running the site and for the fans who visit the site, but they should have updated their web servers months ago in preparation for this event. If it teaches them a lesson and gets others in corporations and government better educated about security, then something good will come out of this. Thinking about the big picture and preventing real terrorist threats is much more important. Here’s the story from ZDNet.
December 3, 2006
>TSA Has A Long Way To Go
>I would like to believe that all of the tax dollars going toward the Transportation Security Administration are making a difference in our national security, but they just can’t seem to do anything right.
Recently, I traveled and pre-travel, I brought up their site on my Mac to learn more about this whole 3oz. liquid thing and the site crashed Safari, didn’t work in Mozilla or Mac ie. So I basically got nowhere. I was able to read one file that was somewhat pertiment about what’s allowed and what’s not. Meat cleavers are not. This doesn’t really affect me, but it got me to chuckle.
Next step was to pack for the trip. I had to put everything in the wrong bag in order to fit the stupid ziplock with all of the liquids into one of my carry-ons. (Yes, I had multiple. I have an infant – it’s nearly impossible to travel without multiple carry-ons with an infant in tow.) Anyway, I dealt with that and made it to the gate.
Best news of the day – TSA let us fast track through security with first class since we had a kid in a stroller. Then we got stuck behind some stuck-up goth-laden rockers carrying Louis Vuitton bags and had to wait seemingly forever. Anyway after they were moving on, the TSA people actually asked me to take off my cardigan sweater to make sure there was nothing underneath – while I was carrying my baby. Like these other people with their black jackets wouldn’t be hiding something more serious than my limp little cardigan? We looked at the TSA staff like they were nuts so they let us through. We bought water in the terminal before boarding the plane so we would have enough for the 3 of us, formula, and other needs while in flight.
On the flight back, we were leaving Kansas City which doesn’t have shops inside security so we couldn’t buy water. I brought a few extra bottles anyway to see what they would let us have. The guy explained that the more liquid formula you bring, the less water you’re allowed to take, but he allowed me to bring one bottle of water because I had a few dry packets and only one can of the liquid. Come on… and to top it off, he gave me this look like “here, you can get away with more water if you bring more packets!” Like he was doing me some favor? If this is really a security risk, why would he be telling me this? Please.
I’m not afraid of flying, airplanes, or terrorists. Maybe I should be, but I’m not. What I am afraid of is stupidity, disorganization, loopholes, wasting time and money, and above all, poor management when it comes to security. I’ve been through a real clearance process that was much more rigorous, I’m willing to bet, than most of the TSA employees at airports have. Security should be serious. You don’t bend the rules when it comes to true security. Ever. You don’t keep changing them either. And you don’t waste anybody’s time. You look out for what’s a realistic threat and you keep your eye on the ball. (And it wouldn’t hurt to have a web site that didn’t crash browsers either.)
